Baker Tilly Comment Letter to the AICPA on the Enhancing Audit Quality Initiative

Susan S. Coffey, CPA, CGMA

Senior Vice President – Public Practice and Global Alliances

American Institute of Certified Public Accountants

1211 Avenue of the Americas 19th Floor

New York, NY 10036

Dear Ms Coffey:

We welcome the opportunity to provide feedback to the American Institute of Certified Public Accountants (AICPA) in connection with the Enhancing Audit Quality Initiative (EAQI). Baker Tilly Virchow Krause (Baker Tilly) is committed to audit quality and believes the delivery of high quality audits not only serves the public trust but enhances the value that we provide to our clients.

By way of background, Baker Tilly is a large accounting firm, providing audit, accounting, tax and consulting services from offices located in 11 states, primarily in the mid-Atlantic and mid-West. We have approximately 300 partners and over 2,500 team members and are ranked in the top 15 of American CPA firms. Our clients range from public companies to smaller family owned businesses and our industry concentrations include, commercial, construction, financial services, governments, health care, and not for profit entities.

Overview

The timing of the EAQI could not be better. The profession appears to be facing a crisis in confidence with respect to audit quality. The scrutiny placed on audit quality by regulators and the investing public is intense. Unfortunately in the face of that scrutiny, the profession continues to absorb negative quality events which are reported to the public. We understand that once again the DOL will be reporting on the results of its inspection process with poor marks for the profession. The PCAOB recently issued its third report on its inspection of broker-dealer audits with similarly negative results, with an exceedingly high percentage of audits being deficient. Even worse, a very high percentage of the inspections revealed independence violations, which of course is the foundation of audit quality.

Faced with these negative events, the profession needs a change before the users of audited financial begin to question the value of the audit report.

The balance of our letter will address the specific questions in the discussion paper.

1. How can the profession reinforce the importance of the Code and ensure that all CPAs performing private entity financial statement audits adhere to the due care and competence requirements?

Perhaps one consideration should be to pay more attention to the root cause of negative quality events. While there is much information on what is wrong happening within audits, there is little attention paid, at a deep level to causal factors leading to the negative quality events.

2. What are CPAs’ challenges and obstacles in exercising due care?

As noted in the discussion paper, there are several, including:

• Failure to understand the scope and requirements to complete an audit in accordance with professional standards and consequently failing to charge an adequate fee.
• Compression during busy season; not enough resources, not enough time. In some situations, these constraints when coupled with an inadequate fee, could lead to cutting corners when performing the engagement.
• Too many auditors are willing to take on engagements in industries where they lack sufficient training and experience. They dabble in risky industries and accept one-off engagements and unfortunately in many cases they expose themselves to regulatory oversight without a sufficient understanding of the expectations.
• Financial reporting complexity: too many practitioners are caught between keeping up with the tax code as well as the accounting and auditing standards, and they are unable to serve each well.

3. Should the AICPA provide additional (specific) guidance on what it means to be competent? If so, in what areas? What suggestions do you have to define competence?

The paper makes mention of a competency assessment. Perhaps we need to explore this more critically. The current model wherein the only requirement for issuing an audit report is a CPA license may not be working. A model relying solely on input (CPE hours) as a measure of competency may not be adequate for the complex environment of today. We should consider revisions to the competency requirements that are specific to public interest entities.

4. What methods, other than existing ones, should the profession consider to facilitate the right match of competency with an audit engagement?

Consider special designations related to certain types of higher risk, public interest entity engagements, similar to CFA, CFP. CITP or CISA. Perhaps the profession could adopt the Securities licensing model where the CPAs start with the basic license but must pass other examinations for specialized areas of practice such as: SEC practice, government, and benefit plans. The AICPA should carefully monitor the trend in licensing wherein some states, including Pennsylvania, have dropped the A&A experience for licensure. How can individuals who are licensed based on tax experience only be capable of doing an audit? Relying solely on the Code of Conduct to prevent these people from issuing audit reports may not be sufficient.

5. Do you believe revisions should be made to the ASB’s auditing or firm quality control standards to improve audit quality in the near term? If so, what specific revisions would you propose and why do you believe they would improve audit quality?

With respect to the QC standards, implementation guidance may be the answer. Practitioners may be having a hard time in actually applying the QC standards within their practice. The recent IAASB paper on a framework for audit quality is useful for drilling down into the nuts and bolts. Perhaps the AICPA could create a scalable implementation guide that could be used by smaller firms.

We believe that in general the clarified audit standards provide a proper framework for conducting a high quality audit, when they are followed. However, there may be a need for more specific application guidance with respect to higher risk public interest entities.

6. Are revisions needed to the auditing or quality control standards to address specific industries or regulated areas? If so, what revisions are needed and what industries or areas should be addressed?

No changes are necessary to the standards.

7. What other guidance is needed to help practitioners apply the auditing and quality control standards to improve audit performance and quality?

Beyond the risk alerts and the industry audit guides, we do not see the need for any other specific guidance.

8. Based on your use of audit engagement training tools and resources, what additional authoritative publications or non-authoritative guidance, tools or training could be developed for audits of financial statements that would enhance competencies and drive quality engagement performance? For which industries or specialized topics is it difficult to obtain educational and professional resources?

The current suite of audit guides provides very useful information. As to access to relevant training, we believe that the current training options available are sufficient. However, there may be opportunities for more creative approaches to training, using new technology, interactive learning approaches, etc.

9. What advantages and challenges do these changes present? How could potential challenges or unintended consequences be minimized or avoided?

The proposed enhancements to the peer review program is a good start, although some of the concepts related to continuous practice monitoring seem quite ambitious. For the AICPA to externally monitor the higher risk engagements seems particularly difficult, given the sheer volume of practitioners.

Perhaps a better approach is to create a requirement that firms notify the AICPA when they are accepting an engagement for the first time, in one of the "must select" industries. In connection with the notification, the firm would need to provide contemporaneous documentation as to how the firm has complied with QC 10.27 (a) "is competent to perform the engagement and has the capabilities, including time and resources, to do so." Perhaps the AICPA could create a portal for the process and then have specific active monitoring protocols during the course of the engagement.

10. Will removal of poor performing peer reviewers and the suggested training programs increase reviewer quality? Why or why not?

Certainly holding peer reviewers more accountable and requiring enhanced training is likely to improve the quality of the reviews. The training, of course, should be output based rather than based only on the hours and content. Peer reviewers should be subject to a qualifying examination.

However, these enhancements need to be coupled with the right economic incentives for peer reviewers. Few will be interested in accepting the increased oversight (and risk) and cost of education without proper economic incentives.

11. What effect do you expect these requirements will have on the peer review program’s ability to maintain a sufficient number of qualified peer reviewers? If you expect them to have an adverse impact on the peer reviewer pool, what implementation steps could mitigate the impact?

Economic incentives need to be aligned. If performing peer reviews are worth the investment in improving competencies, the market should surface practitioners willing to participate in the program. As to implementation steps, the AICPA could provide frequent information updates for the practitioners, informing them of the increased cost, while reminding them of the associated benefits to their practice.

12. What effect do you expect these requirements will have on peer review stakeholders and on the peer review program as a whole? What should the PRB require of new peer reviewers to give reasonable assurance that they will develop and maintain the experience and expertise to perform high-quality peer reviews?

New peer reviewers should be thoroughly vetted by the PRB. There should be consideration given to an examination regime to qualify for peer review. Perhaps a separate professional designation such as is no offered for valuation and personal financial planning specialists should be developed. The certification would be subject to initial and continuing special educational requirements.

13. What are the advantages and disadvantages of these changes? Are there potential unintended consequences? How could they be avoided or minimized?

Changes like this are likely to create a difficult environment for both the practitioners and the reviewers. There will need to be an extensive campaign to explain the benefits and costs and consideration should be given to a phased implementation. The phased implementation can be carefully monitored with the goal of making necessary adjustments to enhance scalability.

14. Should these requirements extend to firms that audit five or fewer engagements in anyone industry (not just must-select industries)?

The peer review requirement should be scalable to the size of the firm and the associated audit practice, but no firm or practitioner should be scoped out if they are performing audits. To do so would imply that certain users of audited financial statements do not need to have a quality audit.

15. What are the advantages and disadvantages of this initiative? If there are potential disadvantages or unintended consequences, how can they be avoided or minimized?

As noted above this will be a dramatic change for the profession which is likely to have an economic impact, that may not be fully understood. A reference point may be the passage of the Sarbanes-Oxley act which was cited as a direct cause in dramatically increasing audit fees. While the audit fees have moderated since then, it is possible that a similar impact could occur in the non-issuer environment.

To make this transition there is a need for the user communities to align behind the AICPA. In other words, the GAO and DOL, can do more than just complain about poor audit quality. They can actively support the improvement initiative and communicate directly with the entities issuing financial statements informing them of the need for improvement and the fiduciary duty they have to support high quality audits. We would see the regulators' participation as having similar effect as how SOX requirements made audit committees a more active participant in the selection, compensation and termination of independent audit firms.

16. Peer reviewers currently review complete sets of engagement working papers in order to cover a reasonable cross section of the engagements performed by each firm. The PRB is considering a new approach where reviewers would still obtain a reasonable cross section but would only review those sections of engagements that represent particularly high risk. Which approach do you support and why?

We believe this is a better approach, more akin to how the PCAOB inspection process works. By focusing on high risk engagements and sections of the engagement that present higher risk, there is more likelihood of identifying quality issues and driving improvement. The PCAOB uses a risk based approach when selecting engagements for review, which could be applied in the peer reviews.

Along with the risk based approach, the peer reviewers should have deeper understanding of the reviewed firms QC system and make an assessment of its effectiveness. In particular focusing on areas such as client acceptance and continuance, engagement performance and human resources.

17. Are the targeted risk areas that the AICPA has identified for initial focus appropriate? What other high risk areas should the PRB consider?

Clearly the targeted industries must be addressed as a result of the negative quality issues cited by the regulators. But there are other industries which are complicated and in some regimes would be considered public interest entities, which should also merit attention. These include financial institutions, insurance, broker-dealers and other entities in the financial services sector. Complex industries such as oil & gas or construction should also be considered.

18. Recent changes were made to peer review practice aids to bring more attention to the completeness of the peer review population. These changes include revisions to the firm representation letter and additional questions in the Team Captain Checklist (System Reviews) and Review Captain Summary (Engagement Reviews). What other measures could ensure that peer reviewers receive complete information on the engagement population and that firms understand their responsibility to accurately report data?

Based on the nature of the exercise it appears that the accuracy of the information is dependent upon the integrity of the firms/practitioners to provide the proper information. However, there is, for instance, a way to access the DOL data base of audited EBP plans to perhaps data-mine for firms that do not report such audits. It is possible that other regulators could provide access for this purpose.

In any case if it is determined that relevant information was left out of the peer review population, such omission should be considered an ethical violation and be subject to appropriate investigation and sanctions.

19. How could the information provided be verified? What databases could be leveraged?

See comment above.

20. What are the advantages and challenges presented by these changes? How could related potential challenges or unintended consequences be minimized or avoided?

Discussed above.

21. What effect do you expect these requirements will have on the peer review program’s ability to maintain the current pool of peer reviewers and attract new ones? If you expect them to have an adverse impact, what implementation steps could mitigate the impact?

As noted above the incentives must be aligned. There needs to be messaging to the practitioners that the cost of peer reviews may and should go up, which is the price of admission for those seeking to perform audits. We should not leave it solely to the peer reviewers to explain why cost is increasing. We will need the direct and continuing support of the AICPA and the relevant regulators to accomplish the changes, much the same as the PCAOB board members spend time in public addressing audit quality. The AICPA should continually discuss audit quality. Additionally the AICPA should launch a campaign to continue to encourage practitioners capable of performing high quality peer reviews to get in the game.

22. What effect do you expect these requirements will have on other peer review stakeholders and on the peer review program as a whole?

For those using peer review findings, the improvements will be beneficial in making purchasing decisions; assuming that the regulators support and demand the improvements. Another potential savings for firms will be with PLI carriers. Receiving a good peer review report that has relevant information should lead to better underwriting.

Finally, enhancing audit quality, will help to remind the user community of the value of the audit and the relevance of the profession.

23. Are the current report rating grades (pass, pass with deficiencies, fail) clear and meaningful? Do you find these categories useful? If not, how would you change the report rating grades?

We think that this model is inherently flawed, because reviewers may be reluctant to provide less than passing grades due to the perceived negative perceptions. A revision of the current reporting framework would desirable.

There are elements of the current PCAOB inspection report that would be beneficial. In particular the demographic and statistical information about a firm. Items such as: number of offices, number of partners, number of professionals, a breakdown of the assurance practice including the number of designated public interest entities audited. Then further, information on the scope of the peer review could be provided, how many reviews and of what type of entities.

24. Finally, the actual results of the reviews by practice area could be noted, as to how many sub-standard engagements were noted. This information could also include specific information on QC system deficiencies.

This information would then lead to the peer reviewers opinion, which perhaps to more closely align with an auditors' report; an unqualified opinion; a qualified opinion, perhaps and "except for" type report citing information provided in the supplement; and finally an adverse opinion, once again citing the preponderance of sub-standard engagements, noted in the supplement.

25. What actions, if any, does your organization take when a firm receives a pass, pass with deficiencies or

fail report? What actions do you think should be taken by others?

We are user of peer review reports when considering component auditor competencies in accordance with AU-C 600. Any firm with less than a pass grade on their peer review would like cause us not to be able to place reliance on their work. It would be a risk management decision and depend upon the significance of the component.

Other users of peer review reports such as users of audited financial statements should use the reports to inform their purchasing decisions when considering audit firms. In particular those responsible for governance of public interest entities should be encouraged/required to consider the peer reviews. Here again, the cooperation of the relevant regulators in the improvement initiative is important.

26. What information about a firm would be useful in better understanding, evaluating and using its peer review report? How should it be made available?

Demographic information as to the number of audits performed and how many are in the designated industry as well as how many engagements the peer review team examined would be useful.

27. Which model do you find more helpful: the peer review reporting model (opinion on the overall system of quality control) or the reporting model used by many regulatory bodies (a list of engagements and

topics of deficiencies)? Could a hybrid model better meet your needs? If so, what would that model look like?

As we discussed above a hybrid type report with supplemental information, we think would be more useful and would be more likely to lead to systemic audit quality improvement.

28. Please share any other suggestions for enhancing the transparency and usability of peer review reporting. Explain how your suggestions would be helpful to you and what you will be able to do with the improved reporting.

Improved reporting will likely help rationalize the market for audit services and diminish the price competition. Buyers with better information on quality and encouragement from the users of their financial statements will perhaps place a higher value on quality audits and thus be willing to pay more.

29. How would your suggestions for improvement enhance audit quality? How will they be more beneficial for the users of the report?

We need to move the buyers of audit services to a place where they understand that a high quality audit helps them to meet their fiduciary duties to stakeholders. Focusing on audit quality can help to de-commoditize the service. The current state of peer review reinforces the commodity label because firms rarely get failing grades. An uniformed buyer will draw the easy conclusion that all firms and all CPAs are the same.

30. Beyond what is mentioned throughout the “Practice Monitoring” section of this paper, what other requirements should the AICPA Peer Review Program consider that would meaningfully impact audit quality?

One more consideration should be with respect to EQR. I think we need to have an AU-C devoted to EQR, similar to AS #7 and the peer reviewers should consider whether firms' use of EQR is in the spirit or intent of SQCS #8.

In conclusion, we commend the AICPA on initiating this important project to improve audit quality. It is of vital importance to the continued viability and strength of our profession. We must continue to reinforce the value of the audit.

Please do not hesitate to contact us, if you wish to discuss our comments further.

Sincerely,

Baker Tilly Virchow Krause, LLP