The most common matters and deficiencies I see in a peer review are:
The firm did not have a policy related to monitoring and inspections or they had a policy but they weren’t following it (No documentation of any inspections performed)
Not establishing appropriate engagement quality control review criteria (EQCR)
Not having a policy to ensure staff had adequate CPE. Insufficient CPE hours in Yellow Book and ERISA.
Having a policy that states the firm uses a particular third party practice aid (such as PPC) and then only using some of it which causes key audit and review items to be missed.
Related to FASB, SSARS, and the clarified auditing standards
- Auditors’ report did not conform to the new clarified standards. (This is automatically a deficiency and results in a Pass With Deficiency rating pursuant to AICPA peer review standards. Currently there are no exceptions to this)
- No disclosure of tax years that remain subject to examination by major tax jurisdictions
- No disclosure of the date through which subsequent events were evaluated
- Failure to implement SSARS 19 (e.g. no current engagement letters could be located and report changes have not been made or incorrectly made)
- Engagement letters or reports contain references to financial statements being prepared
- Failure to include a title on the accountant’s report (compilation, review and audit)
- The financial statement titles do not match those identified in the accountant’s report
- Failure to appropriately document planning procedures, including risk assessment, planning analytics, the auditor’s understanding of client internal control and IT environment.
- Representation letters that were dated incorrectly, did not cover the appropriate periods or were missing required representations
- In Reviewed financial statements, failure to document expectations and other analytical procedures.
- On A-133 (Single Audit) engagements, incorrect completion of the Schedule of Findings and Questioned Costs.
- On A-133 (Single Audit) engagements, not documenting or performing specific program and compliance risk in planning.
- On A-133 (Single Audit) engagements, incorrectly concluding that auditee is low-risk
- On A-133 (Single Audit) engagements failure to identify applicable compliance requirements and perform the testing
- Auditors’ report did not conform to the new clarified standards
- Insufficient procedures and documentation for reliance upon service organization reports in lieu of testing income allocations and investment options at the participant level
- Insufficient procedures and documentation related to benefit and claims payment testing and eligibility
- Failure to sufficiently perform and document reliance on SOC 1 reports
- Failure to sufficiently report on significant plan information
- Missing or insufficient fair value disclosures related to fair value hierarchy of investments, description of the levels, descriptions of the methods used and tabular presentation of amounts.
- Auditors’ report did not conform to the new clarified standards.
During our exit conference we will discuss additional methods that could help to keep your firm updated and reduce the risk that your firm will miss these items or future items. Contact me about your next peer review.