Certified Public Accountants
May 30, 2007
To our peer review clients:
Annually we make an effort to highlight recent changes in professional standards for our peer review clients. We hope what follows is helpful to you in your accounting and auditing practice.
New Compilation and Review Standards
The AICPA has revised the suggested wording for compilation and review engagement letters. The most noticeable change is that the anticipated wording of the report is no longer included in the engagement letter.
New Quality Control Standards
An exposure draft has been issued that will establish new quality control standards that, among other things, require firms to:
put their quality control policies and procedures in writing,
obtain written independence confirmations from all personnel at least annually,
establish criteria to determine which engagements are subject to concurring review (e.g., second partner review), and
address leadership responsibilities (the tone at the top) in its quality control policies and procedures.
Peer Review Standards
The AICPA has issued an exposure draft revising the peer review standards with a likely effective date in 2009. The most noteworthy change in the standards will be the elimination of the letter of comments. The peer review program at this time is a confidential program and it is your decision whether you make your peer review documents, including the report and letter of comments, available to the public. However, in the wake of Enron, there has been increasing pressure on the profession to make the peer review documents public. It will require a vote of the AICPA membership to accomplish this. If there is no potential for the peer review process to generate a comment letter, there is perhaps the perception that the AICPA membership would be more likely to vote in favor of making peer review reports public.
Currently a firm whose accounting practice is limited to nondisclosure compilations may undergo a streamlined peer review. This type of peer review, called a “report review,” will be eliminated under the new standards and such firms will be subject to “engagement reviews.”
New Accounting Standards
SFAS No. 158 requires employers with defined benefit plans to record the plan assets and obligations in the statement of financial position for fiscal years ending after June 15, 2007.
Financial Accounting Standards Board Interpretation No. 48 has received a great deal of attention in the professional literature during the past year.
FIN 48 establishes a “more likely than not” threshold that an income tax position must exceed for any portion of the benefit associated with that position to be recognized on the statement of income. If the threshold isn't met, the related income tax benefit, or reduction of the tax provision, is reclassified to a liability account on the balance sheet (debit tax benefit, credit liability account). Even if the threshold is met, only the amount of the benefit that has a greater than 50% chance of being sustained may be booked.
A FIN 48 analysis will have to be performed when preparing GAAP financial statements, including financial statements for tax exempt entities with respect to their tax status and potential unrelated business income.
However, local firms do not tend to represent clients who take aggressive tax positions. According to the PPC Guide to Preparing Financial Statements : “As a practical matter, the tax positions of many small and midsize nonpublic entities are likely to be based on clear and unambiguous tax law and, thus, have a far greater than 50% change of being sustained upon examination.”
Even if FIN 48 does not have an impact on the financial statement presentation, there are disclosure requirements to consider. You should disclose the accounting policy regarding the income statement classifications of interest or penalties computed on income tax balances due, since FIN 48 permits you to classify interest on the underpayment of income tax as either income tax expense or interest expense, and the penalties as either income tax expense or other expense. In addition, you need to identify in the footnotes which tax years remain subject to examination by major tax jurisdictions.
In past letters we have recommended an approach to variable interest entities that is at variance with the discussion in the most recent edition of PPC's Guide to Compilation and Review Services . Based on advice provided by the AICPA in connection with implementing SFAS No. 142 on goodwill and other intangibles, we suggested one approach to FIN 46 might be to opt out of performing the analysis of variable interest entities required by FIN 46 and report the failure to conduct this analysis as a GAAP departure in the accountant's report. This is consistent with an approach to goodwill impairment recommended in the compilation and review alert published by the AICPA in the year SFAS No. 142 was implemented, an approach that continues to have the support of the AICPA Technical Hotline.
According to PPC, however, this is not a viable option on compilation and review engagements, because it results in a scope limitation. Under professional standards an accountant cannot issue a compilation or review report when there is a scope limitation. The PPC authors say that in order to avoid the scope limitation the analysis of variable interest entities must be performed. Once you have determined there are variable interest entities subject to consolidation you may disclose management's decision to forego consolidating them as a GAAP departure, but according to PPC a study must first be performed of potential variable interest entities.
A scope limitation is typically perceived to occur when management withholds data from the auditor or fails to create or retain records in support of the amounts reported in the financial statements, such as when fixed asset records have not been maintained. According to PPC, when management decides against applying certain abstract concepts to the financial data, this results in a scope limitation if professional standards require the application of those abstract concepts. For example, if management decides not to conduct the study required under SFAS 142 to determine whether goodwill has been impaired, this might result in a scope limitation if the amounts involved are material, and therefore the accountant would not be able to issue a compilation or review report on the financial statements. To put this in context, in relation to previous professional standards, it might help to review your approach to SFAS No. 13 on capital leases. SFAS 13 requires the application of abstract concepts to the terms of the lease agreement in determining whether the lease is operating or capital in nature. SFAS 13 is a long established standard and accountants are used to making a determination, or asking the client to make a determination, as to whether or not the lease is capital before issuing the financial statements. The PPC authors are suggesting we need to take the same approach to variable interest entities as we take with respect to capital leases. We will have to take care that our independence is not impaired in the process.
We contacted the PPC author responsible for establishing this approach to variable interest entities. During the course of our conversation we expressed our concern about the difficulty of applying FIN 46 given the complexity of the concepts involved and expressed a desire for more guidance from PPC, particularly for the common scenario where the shareholders in the operating company are also the members of the LLC that holds the office building and either the operating company or the shareholders, or both, guarantee the building mortgage. This PPC author has written an article for his state society that addresses this fact pattern and he provided us with a copy. This article demonstrates how you can make a case that the primary beneficiaries of the variable interest entity are the individual shareholders rather than the operating company, which avoids the consolidation. If you provide us with your email address we will transmit a copy of this article to you.
Even if the operating company is not the primary beneficiary, as long as it has a variable interest in the variable interest entity, there are footnote disclosure requirements. Just as with FIN No. 45 on guarantees, this disclosure requirement is an easy one to overlook.
Firms with Audit Clients
Issued in May 2006, SAS No. 112, Communicating Internal Control Related Matters Identified in an Audit is effective right now for periods ended on or after December 15, 2006. SAS 112 is a reworking of SAS 60, Communication of Internal Control Related Matters Noted in an Audit , on reportable conditions and material weaknesses, and re-emphasizes our responsibility as auditors to communicate with clients concerning control deficiencies.
There is some change in the terminology, with the term “reportable condition” replaced by “significant deficiency.” More importantly, under the new standard, you must communicate significant deficiencies and material weaknesses to the client in writing and, as long as those deficiencies persist, you must continue to report them in writing to the client, year after year.
A control deficiency may be deemed just a deficiency and not rise to the level of significant deficiency, but SAS 112 sets a low threshold for significant deficiency. If there is a “more than remote” likelihood that a misstatement of the entity's financial statements that is more than “inconsequential” will not be prevented or detected by the entity's internal controls, you have a significant deficiency. “Remote” is defined as even a “slight chance” and “inconsequential” might be deemed amounts under 20% of materiality.
Your first reaction to SAS 112 might be that your audit clients do not have significant deficiencies or material weaknesses, but the new standard clarifies that you have a responsibility to review your client's controls over financial reporting, and this is where it gets interesting. In the past, there was a tendency on the part of many auditors to believe their responsibility for reporting control deficiencies stopped at the general ledger. SAS 112 does a better job than SAS 60 in explaining that the auditor's responsibility to detect and report control weaknesses extends to the financial reporting level. The great majority of your small audit clients likely do not have adequate controls over financial reporting as described in SAS 112. The auditor prepares the financial statements and the client does not have qualified staff to review and interpret the financial statements. Therefore you will have to write a SAS 112 letter on this control deficiency. For small clients you will likely classify this as a material weakness.
You may believe that you are preparing the financial statements as a convenience for the client and nothing more. It is true that under the new standard you do not automatically write up a client for inadequate controls over financial reporting. If your client has a qualified CPA on staff who is competent to prepare the financial statements and who does in fact review the financial statements you prepare, there may not be a control deficiency. Or if the client has a qualified CPA on the board of directors who agrees to review the financial statements, there may not be a control deficiency. Also, the client could hire another CPA firm to prepare the financial statements, which might solve the problem.
Under Ethics Interpretation 101-3, Performance of Nonattest Services , the client must designate a suitably skilled and trained employee to interact with you on the engagement in order for you to maintain your independence. The definition of suitably skilled and trained in 101-3 was generous and might include a competent layperson with a general understating of what financial reporting involves. This generous definition does not apply to SAS 112. Under SAS 112, the client has to have, or hire, the expertise to prepare the financial statements, including the footnotes, or there is a control deficiency.
SAS 112 also impacts communications with the client when there is a lack of, or no, segregation of duties. Under SAS 60, many auditors would conclude that if there were compensating controls in place lack of segregation of duties did not represent a control deficiency. Those compensating controls usually involved participation by the board members, such as a board member opening the bank statement before it goes to the bookkeeper. This approach will work under SAS 112 too. However, the auditor will have to test the controls to determine they are operating in order to avoid reporting a control deficiency.
In addition, if a client does not adequately document the components of its internal control, this is deemed a control deficiency under SAS 112. The fact that you, as the auditor, document controls as part of the audit does not resolve this control deficiency. Although the level of documentation required under SAS No. 112 does not approach the requirements in Section 404 of Sarbanes-Oxley, there needs to be something. The client may, for example, have some documentation of controls in its policies and procedures manual.
SAS 112 represents a significant change in reporting control deficiencies to clients, but it does not mean you cannot still have a clean audit opinion even if you are reporting material weaknesses in your SAS 112 letter. Our clients may become accustomed to the SAS 112 letter and perceive it as just so much boilerplate.
SAS No. 103 supersedes SAS No. 96 on audit documentation and is effective for periods ending on or after December 15, 2006. This standard requires that audit documentation be sufficient to enable an “experienced auditor” having no previous connection to the engagement to understand procedures performed, audit evidence obtained and conclusions reached. This is a level of documentation comparable to that required by the GAO for audits performed under Government Auditing Standards. The standard increases the documentation required not only on audits of private sector companies, but also on audits of not-for-profit organizations and audits of the many smaller governmental units audited under the generally accepted auditing standards contained in the SAS. Although the most significant aspect of this standard is the requirement for increased audit documentation, much attention has been focused on the administrative matters addressed in the standard, including the guidance on dating the auditor's report and managing permanent files. Instead of dating the auditor's report as of the last day of fieldwork, the auditor will date the report on or shortly before the report release date. The report cannot be dated until after: a) management has reviewed the journal entries and the draft financial statements, b) the firm has performed its pre-issuance review of the financial statements and working papers, c) the firm has received the attorney letter, and d) the firm has read minutes or summaries of minutes for board meetings through the audit report date. The management representations should be as of the date of the auditor's report. Because under the new standard the auditor cannot alter the audit documentation after a 60 day period has run, there is a concern that audit evidence contained in the permanent file may be altered inadvertently on a subsequent audit. The standard does not specifically speak to permanent files, but auditors will need to exercise care to ensure that schedules and documents in the permanent file that serve as audit documentation on the annual engagement remain intact and unaltered.
SAS No. 104 through 111 concern the auditor's risk assessment process and consideration of internal control and are effective for periods ending after December 15, 2007. This “suite of SAS” provides a new framework for the audit of nonpublic companies and represents a comprehensive revision of audit standards and an end to “canned audits.”
These new SAS require you to document the linkage between assessed risks and the audit procedures performed in response to those risks. Audit programs will have to be tailored to be responsive to the risk of material misstatement. As noted in our letter last year, the concept of assessing risk “at the maximum” and taking a substantive approach to the audit is eliminated. There is too much ground covered in these new SAS to address in an annual update letter such as this one, but we touched on a few areas in last year's letter, and would like to highlight the following areas this year:
You will have to expand the documentation of materiality considerations to support, for example, your decision to use revenues instead of net income as your “base” in the materiality computations. In determining your base you have to ask yourself what the financial statement users' expectations are.
You will have to determine areas of “significant risk” and perform substantive procedures, or substantive and controls procedures, specifically directed to these areas. Analytical review alone is not deemed sufficient.
The audit team will have to conduct a risk assessment brainstorming session, though it may be conducted at the same time as the fraud risk brainstorming session required under SAS No. 99.
You have to identify the controls for the major transaction streams and determine that the client is implementing those controls.
The AICPA has an audit guide on these new SAS entitled Assessing and Responding to Audit Risk in a Financial Statement Audit , which is highly recommended. PPC has a product called “SMART e-Practice Aids” that will create a suggested audit program that is based on your risk assessment.
SAS No. 114, The Auditor's Communication with Those Charged with Governance , replaces SAS No.61 and requires communications with the board of directors if there is no audit committee. In other words, the lack of an audit committee does not remove the requirement for communication. Significant audit findings should be in writing if in the auditor's judgment oral communication would not be effective. If communications are made verbally, they must be documented with a memo to the file. This standard is effective for periods beginning on or after December 15, 2006.
Firms with Governmental Audit Clients
Although the GAO has issued a Yellow Book (downloadable at gao.gov), it is not effective until periods beginning on or after January 1, 2008. The existing Yellow Book continues to apply this audit season.
The following GASB Statements are effective for years ended June 30, 2007: No. 43 on OPEB for Phase I governments and the retroactive recording of infrastructure under No. 34 for Phase II governments.
On audits conducted in accordance with Government Auditing Standards (Yellow Book), the internal control and compliance report should be revised to properly reflect SAS 112. On a positive note, however, you will not have to issue a separate SAS 112 letter, since the control deficiencies will be addressed in the Yellow Book report. Additionally, the internal control and compliance report issued on single audits must include terminology consistent with SAS 112, as will the reports issued in connection with HUD audits. The sample A-133 reports in the 2007 edition of the PCC Guide to Audits of Local Governments have not been updated for SAS 112. You can find the updated reports on the Governmental Audit Quality Center web site, however, at:
Our Peer Review Clients
When scheduling your peer review with the state society, the scheduling form requests information about the firm you have hired to perform the peer review. This is the information you will need if you select our firm to perform your peer review:
Name of Reviewing Firm: Read & Bose, PC
This letter will be posted on our award-winning home page, along with additional guidance on peer reviews. Our web site address is:
Our email address if your wish to contact us about peer review is:
Please do not hesitate to contact us if you have any questions. We appreciate your business.
Very truly yours,
Read & Bose, PC