Workpaper Issues

Support for Isolation Determination

In order for a deficiency in a system review to be considered isolated, information must be presented in the SRM (or the MFC) to indicate steps taken to determine that the issue was isolated. For example, assume that one cash flow statement was missing from comparable year financial statements. In order to reach a conclusion that the problem was isolated, the reviewer would need to expand the scope of the review to look at other comparable financial statements to determine that both cash flow statements were present. It would be incorrect to say the problem was isolated if the expanded review included only single year financial statements. The expanded review should be documented to support the conclusion. To assist in performing the expanded review, the peer reviewer could ask the firm to identify other engagements where the item in question was handled correctly.

Excluding Deficiencies

When not including a deficiency in a LOC, reviewers have sometimes stated in the MFC that the deficiency did not make the financial statement misleading or that the documentation that was missing did not make the engagement substandard. While such rationale is justification for not categorizing the particular engagement as substandard, it is not an acceptable explanation for excluding the deficiency from a LOC. Therefore, when not including a noted deficiency in a LOC (or in the case of a report review as a comment), reviewers must clearly state their reasoning.

Dates on Firm’s Representation Letters

There has been some confusion as to the correct date to be used on the firm’s representation letter to the peer reviewer. According to the standards, for system peer reviews the firm’s representation letter to the peer reviewer should be dated the same date as the peer review report. However, for engagement and report peer reviews, the firm’s representation letter to the peer reviewer should be dated the same day as when the firm submitted the listing of engagements (Summary Engagement Form) to the reviewer.

Engagement Summary Forms for Engagement and Report Reviews

The AICPA Peer Review Program Manual requires that firms sign and date an Engagement Summary Form for engagement and report reviews. This form must be submitted to the administering entity along with other work papers for each engagement/report review. This is an important document as it supports the firm’s representation concerning the engagements performed during the peer review year and is the basis for the selection of engagements to be reviewed. However, there continues to be a number of problems with the correct completion of this form.

Frequently the form is not signed or dated, the period is not indicated or is not the same as the peer review period, or the engagements are not broken down by partner. The technical reviewer must then determine whether a firm’s representation was adequately supported and whether the reviewer’s scope was adequate, which can delay the completion of the review.

Maintaining Documentation

Some reviewers have been sending us their only copies of their peer review workpapers (SRM, MFCs, Reviewer’s Checklist, etc.) This causes problems if there are technical review notes or notes from an oversight. Reviewers should send us legible copies of the required workpapers and retain copies for their file. The destruction policy is 90 days after the final acceptance letter unless otherwise notified. If there is follow up action, the final letter is after follow up is completed.

Bookkeeping Hours

For system reviews, one of the criteria used by team captains to determine if there has been adequate scope selection of engagements is to consider the percentage of accounting and auditing hours they have peer reviewed. This information is documented in the SRMs. Accounting and auditing hours do not include time for tax preparation or bookkeeping. When compiling engagements statistics, firms often include bookkeeping and tax preparation hours. Reviewers should advise firms to estimate the time spent to apply professional standards to a compilation – a common range is 1 to 5 hours. If the estimate is 2 hours, an annual engagement would be 2 hours and monthly engagements would be 24 hours. Firms will appreciate receiving this information as it will streamline the time spent compiling the data and reviewers will obtain more accurate scope information.

Timely Submission of Peer Review Documents

The Peer Review Manual specially states that peer review documents should be submitted to this office no later than 30 days after the exit conference for system peer reviews and 30 days after the date of the report for engagement and report peer reviews. There is no provision for an extension of time on submission of these documents after the reviewer has held the exit conference or completed the review. If documents are not submitted timely, reviewers will be requested to provide an explanation to the the Peer Review Committee as to the reason for the delay in submitting the documents. Accordingly, please insure that all peer review documents are submitted in accordance with these requirements.

System Review Risk Assessment

When evaluating a peer review, committee members must consider whether the risk assessment documentation in the Summary Review Memorandum (SRM) is adequate.  The questions in the SRM addressing risk assessment do not provide much guidance on content to include in the risk assessment documentation.  Guidance can be found, however, in the AICPA Consolidation of Peer Reviewers’ Alerts (Consolidated Alert), including factors that should be considered and documented in the risk assessment process. An easy way to document risk assessment is in a memo referenced in the SRM as an attachment.  In addition, the AICPA recently issued a practitioner tool kit that included an excel spread sheet that you may use to document risk.  For convenience, we have added this worksheet to our peer review web site under the reviewer section.  We have also included a sample memo at our website that you may download and use as a template, modifying it as appropriate for each peer review.  You may also continue to document risk assessment by using the questions in the SRM but you must include enough information about the risk factors identified in the Consolidated Alert.  The committee has advised our technical reviewers to emphasize risk assessment documentation in their reviews, so you could receive a technical reviewer feedback form if additional information is needed regarding this matter.

Audit Checklist

A member of the California Peer Review Committee, Dave Vaughn, has developed a helpful checklist for reviewing audit files during a peer review. This does not replace the peer review checklists but is an interim tool. The checklist is available at our peer review web site.

Exit Conference Documentation in the Summary Review Memorandum

The AICPA Peer Reviewer’s Alert 08-01 describes requirements for documenting the exit conference. Based on the guidance in the alert, we’ve noted that some peer reviewers are not adequately documenting matters discussed during the exit conference. Although question H in the summary review memorandum does not clearly explain these documentation requirements, peer reviewers must comply with the additional information supplied in the peer reviewer alerts. We have created aform to assist peer reviewers with exit conference documentation that can be found on our website under “Reviewer Resources”.