Close

3 Attributes for Higher Quality Audits and Reviews

This article is a guide to three significant attributes that can help CPAs improve audit quality and minimize exposure to professional liability.

For a bit of background, the auditing and accounting profession has focused on reducing exposure to professional liability since the profession’s beginning. Errors and omissions insurers offer guidance to CPA firms on how to minimize professional liability, even personal practice consultations. In addition, the AICPA and the FASB continue to clarify auditing and accounting standards to improve the quality of engagements.

In spite of these efforts, negative peer review findings and third-party adversarial challenges to CPA firms indicate some practitioners are not getting the message. Is it because they have focused on the detail suggestions of errors and omissions insurers? Perhaps, in part, but it is more likely they have designed and applied basic attributes for success to all functional areas of their practice.

Three Significant Attributes for Higher Quality Audits and Reviews

1. Create the right client portfolio for your CPA firm

To comply with professional standards, and to prevent association with risky and difficult clients, the audit engagement partner should make an investigation of new clients and their management personnel prior to accepting or continuing all functional engagements. Many CPA firms have created a framework to evaluate new and existing clients in accordance with the future plans of the CPA firm.

While making these investigations, the CPA firm leaders should determine that:

  • The CPA firm and its personnel are independent in fact and in appearance
  • The CPA firm is qualified to undertake the engagement
  • Management of the reporting entity is honest and not involved in illegal acts

The prospective client’s financial reporting system can provide, and management intends to provide, financial statements that are fairly presented. Client acceptance and continuance practice aids should be used to facilitate and document new and continuing engagements’ investigations.

Because circumstances change over time, particularly in the event of a pandemic or other uncertainties, these forms should be reviewed and updated annually to evaluate continued association with a client and an engagement.

2. Design a quality management system relative to the nature, size, and complexity of your CPA firm engagements

QC section 10 of the AICPA Professional Standards, A Firm’s System of Quality Control, requires firms providing attest engagements to establish and maintain a system of quality control to provide reasonable assurance that:

a. The firm and its personnel comply with professional standards and applicable legal and regulatory requirements and

b. Reports issued by the firm are appropriate in the circumstances.

For CPA firms that perform audits, reviews and/or compilations, state boards of accountancy generally require peer reviews every three years to monitor compliance with this standard.

AU-C Section 220 of the Clarified Auditing Standards, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards, is based on QC section 10. A functioning system of quality control, therefore, is a foundational attribute for quality audits and reviews. But, there is more.

In response to deficiencies revealed in the peer review process, and the profession’s desire for higher levels of quality, the AICPA’s Auditing Standards Board has issued three proposed standards addressing quality management:

  • Proposed Statement on Quality Management Standards: A Firm’s System of Quality Management
  • Proposed Statement on Quality Management Standards Engagement: Quality Reviews
  • Proposed Statement on Auditing Standards: Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards

These proposed standards clarify the purposes of QC section 10 but, when issued, will likely require some changes in CPA firm practices, particularly for smaller CPA firms. Assessment of specific risks applicable individual firms’ practices, and possible requirements of independent partner quality reviews, may cost time and money. These proposed standards can be downloaded and reviewed here.

3. Carefully evaluate potential threats to violation of ethics rules before accepting engagements

The AICPA Code of Professional Conduct (Code) is applicable to AICPA members serving non-public entities in business and in public practice. Some state accountancy laws incorporate the Code by reference or are similar in content.

The Code is structured around a risk-based framework of threats and safeguards. As a part of client acceptance and continuance decision-making and related risk assessment procedures, early evaluation of potential threats can prevent significant risks of material misstatements and possible ethics violations arising during the performance of attest engagements.

For consideration and discussion when an engagement leader presents an engagement letter to management of a reporting entity, these threats are as follows:

Adverse Interest Threat

This is the threat that a CPA will not act with objectivity because of interests contrary to a client’s interests. Legal actions by a client against the CPA firm or personal investments by CPA firm leaders in businesses or products competing with a client are examples.

Advocacy Threat

This threat is that a CPA will serve as an advocate for a client to the point that the CPA’s objectivity or independence is compromised. Examples may include providing services to a client in a lawsuit, providing investment advice or services or holding a financial interest in a client.

Familiarity Threat

This threat may result from a long or close relationship with a client. It may cause a CPA’s professional judgment and/or professional skepticism to be less than required by engagement circumstances. This threat may occur when a member of a CPA’s family is employed by a client, a former professional employee of the CPA firm accepts a key position in a client, or senior personnel in the CPA firm have a long personal or professional relationship with a client.

Self-Interest Threat

The threat that a CPA could benefit personally from a relationship with a client. Self-interest threats may include when a CPA has a financial interest in a client and the fair value of that interest could be affected by the outcome of a professional services engagement. An example of a self-interest threat would be when a CPA firm relies excessively on revenue from one client.

Self-Review Threat

This is a threat that a CPA will not appropriately evaluate the results of a previous judgment or service performed or supervised by the CPA or another firm member and relies on that judgement or service in performing another engagement. This could occur when a CPA performs bookkeeping services for a client or when a partner in the CPA’s office was previously employed by the client.

Undue Influence Threat

This is the threat that a CPA may subordinate his/her professional judgment to client personnel or any relevant third party because of the persons’ reputation or dominate personality. Threats to terminate the CPA from current and future engagements if the CPA disagrees with the client’s financial reporting or tax positions.

Management Participation Threat

This threat can occur when a CPA agrees to perform management responsibilities when providing attest services. Serving on the board of governance of an attest client, performing non-attest services, and designing or participating in a client’s system of internal control while providing attest services can be examples of the management participation threat.

Safeguards Against Threats

During engagement planning, a CPA should consider and apply appropriate safeguards that will eliminate or reduce threats to a low level. Safeguards outlined in the Code can be created by the profession, legislation or regulation, by reporting entities or by CPA firms.

If a threat is so significant that it cannot be eliminated or adequately reduced by safeguards, a CPA should consider whether to decline or discontinue professional services. To prevent increases in professional liability from arising as a result accepting an engagement containing a significant threat, a CPA must consider the substance, not just the form, of available safeguards.

The Beginning and End of it All

There are, of course, additional attributes for high quality audits, reviews and compilations, such as the importance of performing thorough risk assessment procedures particularly considering the newly released Statement on Auditing Standard No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, as well as AR-C sections of the AICPA Professional Standards, covering review, compilation and preparation of financial statements engagements.

As clearly defined in AU-C section 200 of the Clarified Auditing Standards, an auditor’s or accountant’s professional judgment and professional skepticism is at the heart of every attribute contributing to high quality attest engagements.

Considering the end from the beginning of each engagement as auditors and accountants plan for complying with all applicable professional standards can only have one result: minimizing professional liability.