Susan S. Coffey, CPA, CGMA
Senior Vice President – Public Practice and Global Alliances
American Institute of Certified Public Accountants
1211 Avenue of the Americas 19th Floor
New York, NY 10036
Dear Ms Coffey:
We welcome the opportunity to provide feedback to the American Institute of Certified Public Accountants (AICPA) in connection with the Enhancing Audit Quality Initiative (EAQI). Baker Tilly Virchow Krause (Baker Tilly) is committed to audit quality and believes the delivery of high quality audits not only serves the public trust but enhances the value that we provide to our clients.
By way of background, Baker Tilly is a large accounting firm, providing audit, accounting, tax and consulting services from offices located in 11 states, primarily in the mid-Atlantic and mid-West. We have approximately 300 partners and over 2,500 team members and are ranked in the top 15 of American CPA firms. Our clients range from public companies to smaller family owned businesses and our industry concentrations include, commercial, construction, financial services, governments, health care, and not for profit entities.
The timing of the EAQI could not be better. The profession appears to be facing a crisis in confidence with respect to audit quality. The scrutiny placed on audit quality by regulators and the investing public is intense. Unfortunately in the face of that scrutiny, the profession continues to absorb negative quality events which are reported to the public. We understand that once again the DOL will be reporting on the results of its inspection process with poor marks for the profession. The PCAOB recently issued its third report on its inspection of broker-dealer audits with similarly negative results, with an exceedingly high percentage of audits being deficient. Even worse, a very high percentage of the inspections revealed independence violations, which of course is the foundation of audit quality.
Faced with these negative events, the profession needs a change before the users of audited financial begin to question the value of the audit report.
The balance of our letter will address the specific questions in the discussion paper.
Perhaps one consideration should be to pay more attention to the root cause of negative quality events. While there is much information on what is wrong happening within audits, there is little attention paid, at a deep level to causal factors leading to the negative quality events.
As noted in the discussion paper, there are several, including:
The paper makes mention of a competency assessment. Perhaps we need to explore this more critically. The current model wherein the only requirement for issuing an audit report is a CPA license may not be working. A model relying solely on input (CPE hours) as a measure of competency may not be adequate for the complex environment of today. We should consider revisions to the competency requirements that are specific to public interest entities.
Consider special designations related to certain types of higher risk, public interest entity engagements, similar to CFA, CFP. CITP or CISA. Perhaps the profession could adopt the Securities licensing model where the CPAs start with the basic license but must pass other examinations for specialized areas of practice such as: SEC practice, government, and benefit plans. The AICPA should carefully monitor the trend in licensing wherein some states, including Pennsylvania, have dropped the A&A experience for licensure. How can individuals who are licensed based on tax experience only be capable of doing an audit? Relying solely on the Code of Conduct to prevent these people from issuing audit reports may not be sufficient.
With respect to the QC standards, implementation guidance may be the answer. Practitioners may be having a hard time in actually applying the QC standards within their practice. The recent IAASB paper on a framework for audit quality is useful for drilling down into the nuts and bolts. Perhaps the AICPA could create a scalable implementation guide that could be used by smaller firms.
We believe that in general the clarified audit standards provide a proper framework for conducting a high quality audit, when they are followed. However, there may be a need for more specific application guidance with respect to higher risk public interest entities.
No changes are necessary to the standards.
Beyond the risk alerts and the industry audit guides, we do not see the need for any other specific guidance.
The current suite of audit guides provides very useful information. As to access to relevant training, we believe that the current training options available are sufficient. However, there may be opportunities for more creative approaches to training, using new technology, interactive learning approaches, etc.
The proposed enhancements to the peer review program is a good start, although some of the concepts related to continuous practice monitoring seem quite ambitious. For the AICPA to externally monitor the higher risk engagements seems particularly difficult, given the sheer volume of practitioners.
Perhaps a better approach is to create a requirement that firms notify the AICPA when they are accepting an engagement for the first time, in one of the "must select" industries. In connection with the notification, the firm would need to provide contemporaneous documentation as to how the firm has complied with QC 10.27 (a) "is competent to perform the engagement and has the capabilities, including time and resources, to do so." Perhaps the AICPA could create a portal for the process and then have specific active monitoring protocols during the course of the engagement.
Certainly holding peer reviewers more accountable and requiring enhanced training is likely to improve the quality of the reviews. The training, of course, should be output based rather than based only on the hours and content. Peer reviewers should be subject to a qualifying examination.
However, these enhancements need to be coupled with the right economic incentives for peer reviewers. Few will be interested in accepting the increased oversight (and risk) and cost of education without proper economic incentives.
Economic incentives need to be aligned. If performing peer reviews are worth the investment in improving competencies, the market should surface practitioners willing to participate in the program. As to implementation steps, the AICPA could provide frequent information updates for the practitioners, informing them of the increased cost, while reminding them of the associated benefits to their practice.
New peer reviewers should be thoroughly vetted by the PRB. There should be consideration given to an examination regime to qualify for peer review. Perhaps a separate professional designation such as is no offered for valuation and personal financial planning specialists should be developed. The certification would be subject to initial and continuing special educational requirements.
Changes like this are likely to create a difficult environment for both the practitioners and the reviewers. There will need to be an extensive campaign to explain the benefits and costs and consideration should be given to a phased implementation. The phased implementation can be carefully monitored with the goal of making necessary adjustments to enhance scalability.
The peer review requirement should be scalable to the size of the firm and the associated audit practice, but no firm or practitioner should be scoped out if they are performing audits. To do so would imply that certain users of audited financial statements do not need to have a quality audit.
As noted above this will be a dramatic change for the profession which is likely to have an economic impact, that may not be fully understood. A reference point may be the passage of the Sarbanes-Oxley act which was cited as a direct cause in dramatically increasing audit fees. While the audit fees have moderated since then, it is possible that a similar impact could occur in the non-issuer environment.
To make this transition there is a need for the user communities to align behind the AICPA. In other words, the GAO and DOL, can do more than just complain about poor audit quality. They can actively support the improvement initiative and communicate directly with the entities issuing financial statements informing them of the need for improvement and the fiduciary duty they have to support high quality audits. We would see the regulators' participation as having similar effect as how SOX requirements made audit committees a more active participant in the selection, compensation and termination of independent audit firms.
We believe this is a better approach, more akin to how the PCAOB inspection process works. By focusing on high risk engagements and sections of the engagement that present higher risk, there is more likelihood of identifying quality issues and driving improvement. The PCAOB uses a risk based approach when selecting engagements for review, which could be applied in the peer reviews.
Along with the risk based approach, the peer reviewers should have deeper understanding of the reviewed firms QC system and make an assessment of its effectiveness. In particular focusing on areas such as client acceptance and continuance, engagement performance and human resources.
Clearly the targeted industries must be addressed as a result of the negative quality issues cited by the regulators. But there are other industries which are complicated and in some regimes would be considered public interest entities, which should also merit attention. These include financial institutions, insurance, broker-dealers and other entities in the financial services sector. Complex industries such as oil & gas or construction should also be considered.
Based on the nature of the exercise it appears that the accuracy of the information is dependent upon the integrity of the firms/practitioners to provide the proper information. However, there is, for instance, a way to access the DOL data base of audited EBP plans to perhaps data-mine for firms that do not report such audits. It is possible that other regulators could provide access for this purpose.
In any case if it is determined that relevant information was left out of the peer review population, such omission should be considered an ethical violation and be subject to appropriate investigation and sanctions.
See comment above.
As noted above the incentives must be aligned. There needs to be messaging to the practitioners that the cost of peer reviews may and should go up, which is the price of admission for those seeking to perform audits. We should not leave it solely to the peer reviewers to explain why cost is increasing. We will need the direct and continuing support of the AICPA and the relevant regulators to accomplish the changes, much the same as the PCAOB board members spend time in public addressing audit quality. The AICPA should continually discuss audit quality. Additionally the AICPA should launch a campaign to continue to encourage practitioners capable of performing high quality peer reviews to get in the game.
For those using peer review findings, the improvements will be beneficial in making purchasing decisions; assuming that the regulators support and demand the improvements. Another potential savings for firms will be with PLI carriers. Receiving a good peer review report that has relevant information should lead to better underwriting.
Finally, enhancing audit quality, will help to remind the user community of the value of the audit and the relevance of the profession.
We think that this model is inherently flawed, because reviewers may be reluctant to provide less than passing grades due to the perceived negative perceptions. A revision of the current reporting framework would desirable.
There are elements of the current PCAOB inspection report that would be beneficial. In particular the demographic and statistical information about a firm. Items such as: number of offices, number of partners, number of professionals, a breakdown of the assurance practice including the number of designated public interest entities audited. Then further, information on the scope of the peer review could be provided, how many reviews and of what type of entities.
This information would then lead to the peer reviewers opinion, which perhaps to more closely align with an auditors' report; an unqualified opinion; a qualified opinion, perhaps and "except for" type report citing information provided in the supplement; and finally an adverse opinion, once again citing the preponderance of sub-standard engagements, noted in the supplement.
fail report? What actions do you think should be taken by others?
We are user of peer review reports when considering component auditor competencies in accordance with AU-C 600. Any firm with less than a pass grade on their peer review would like cause us not to be able to place reliance on their work. It would be a risk management decision and depend upon the significance of the component.
Other users of peer review reports such as users of audited financial statements should use the reports to inform their purchasing decisions when considering audit firms. In particular those responsible for governance of public interest entities should be encouraged/required to consider the peer reviews. Here again, the cooperation of the relevant regulators in the improvement initiative is important.
Demographic information as to the number of audits performed and how many are in the designated industry as well as how many engagements the peer review team examined would be useful.
topics of deficiencies)? Could a hybrid model better meet your needs? If so, what would that model look like?
As we discussed above a hybrid type report with supplemental information, we think would be more useful and would be more likely to lead to systemic audit quality improvement.
Improved reporting will likely help rationalize the market for audit services and diminish the price competition. Buyers with better information on quality and encouragement from the users of their financial statements will perhaps place a higher value on quality audits and thus be willing to pay more.
We need to move the buyers of audit services to a place where they understand that a high quality audit helps them to meet their fiduciary duties to stakeholders. Focusing on audit quality can help to de-commoditize the service. The current state of peer review reinforces the commodity label because firms rarely get failing grades. An uniformed buyer will draw the easy conclusion that all firms and all CPAs are the same.
One more consideration should be with respect to EQR. I think we need to have an AU-C devoted to EQR, similar to AS #7 and the peer reviewers should consider whether firms' use of EQR is in the spirit or intent of SQCS #8.
In conclusion, we commend the AICPA on initiating this important project to improve audit quality. It is of vital importance to the continued viability and strength of our profession. We must continue to reinforce the value of the audit.
Please do not hesitate to contact us, if you wish to discuss our comments further.
Baker Tilly Virchow Krause, LLP