August 30, 2021
AICPA Auditing Standards Board
220 Leigh Farm Road
Durham, North Carolina 27707-8110
Submitted via email to: [email protected]
Re: Exposure Draft — Proposed Statement on Auditing Standards — Quality Management for an Engagement Conducted in Accordance with Generally Accepted
Dear Ms. Hazel:
The Virginia Society of CPAs (VSCPA) Accounting and Auditing Advisory Committee has reviewed the proposed Exposure Draft (ED), Proposed Statement on Auditing Standards — Quality Management for an Engagement Conducted in Accordance with Generally Accepted, issued by the American Institute of Certified Public Accountants Auditing Standards Board (ASB). The VSCPA is a leading professional association dedicated to enhancing the success of all CPAs and their profession by communicating information and vision, promoting professionalism, and advocating members' interests. The VSCPA membership consists of more than 13,000 individual members who actively work in public accounting, private industry, government, and education.
We acknowledge the ASB has issued the ED to increase stakeholder awareness of this particular topic as a part of its effort to improve assurance quality while converging with the International Auditing and Assurance Standards Board (IAASB). The Committee appreciates the ASB's work on this effort and the opportunity to respond to the ED.
The Committee offers the following comments related to the ED:
Question 1: Respondents are asked to provide their views on the preceding changes. In addition, the ASB is seeking respondents' views on whether the requirements in proposed SQMS No. 1 are clear and understandable and whether the application material is helpful in supporting the application of those requirements.
Risk Assessment Process
The Committee supports using a risk assessment process to help customize how firms approach their quality management system. Each firm faces unique challenges based on size, client base, and geographic location. Small firms that serve only nonpublic, nonissuer clients will have a much more simplistic framework than a larger firm that serves public and issuer clients. This problem holds true for niche firms that only serve clients in a specific industry.
As auditors, we currently use a risk-based auditing approach to help tailor our audit procedures to the areas most at risk to create a material misstatement on the financials. If we follow this same concept, many firms should reduce the amount of work needed to design and maintain their quality management system (in theory).
The Committee's main concern with implementing these new standards is the same issue we faced in developing a risk-based approach to our audits. That concern is related to over- or under-designing the framework of the quality management system. Auditors struggle with how much auditing is too much auditing vs. "have they addressed all risks." Without proper guidance, many firms will try to think of every possibility without determining the quality of the risk. This fear comes from the worry that the firm’s peer reviewer will second guess their judgment, resulting in comments or a non-clean peer review report.
Peer reviewer training will be crucial to the success of this project. If peer reviewers have the authority to second guess the judgment of the quality management team, the purpose of this proposed change will be lost. Firms will perform a “kitchen-sink” approach vs. a risk-based approach. The program will be more successful if peer reviewers are focused on the process taken and the documentation to support the identified quality risks and corresponding responses.
The Committee feels the iterative risk assessment process should emphasize that updating the firm's quality management system should not be overly burdensome while always being aware of new risks or changes to quality risk. If it becomes too onerous to maintain, firms will avoid the process. The guidance should emphasize that as deficiencies are noted through internal or external sources (inspections, changes in IT, etc.), consideration should be given to the need to update a firm's quality management system during the annual update. Of course, if a new quality risk is significant, immediate changes may be required, but those will take time to implement.
Governance and Leadership
The Committee supports the increased emphasis on governance and leadership (Par. 29) in the proposed quality management system. Having firms establish a "chain of command" while still emphasizing that the ultimate responsibility resides with the firm gives specific people ownership of the process, which usually leads to a better solution. The Committee's concern is small firms with limited staff having to maintain independence (Par. 29e). The current environment has put a tight ceiling on fees small firms can charge on assurance engagements. Adding costs to the process makes it more difficult for small firms to acquire talented staff and leadership. This potential loss of talent could have a more significant adverse effect on the quality of engagements than allowing an alternative for small firms to address the independence issue in Governance and Leadership.
Having a focus on accountability through performance evaluations and other means, if properly designed, will allow the leadership of a firm's quality management system to provide the resources needed (their time) to maintain a well-designed system. People will perform based on the reward system; therefore, if a proper plan is not used to reward those responsible for the quality management, the focus on that area will fade away.
Resource availability is the section that causes the most concern to the Committee. Suppose we look at resources as two buckets. The first bucket is guidance provided by the ASB and the AICPA and the second bucket is workpapers and checklists created by PPC and other publishers. We see the first will be crucial for understanding with little to no costs outside of gaining knowledge, and the second will be essential for implementation with possibly significant costs.
As noted above, smaller firms will incur the most significant hit to their bottom lines. In addition, they may lean too heavily on the resources provided by publishers and take the approach to answer every question and mark every checkbox to make sure they do not miss anything. This extra cost is both monetary and human. The desire to cover all bases will take considerable time, further pinching a firm's most valuable resource — time. Limited time means the first resource the ASB will need to provide is detailed guidance to help small firms feel comfortable doing less. As noted in Par. A29, smaller firms could exclude specific non-relevant requirements based on their facts and circumstances. Smaller firms would need help to ensure they do not include non-relevant areas and exclude relevant ones incorrectly.
Information and Communication
The Committee agrees with the emphasis on communication. Most failures are related to a lack of communication; therefore, making this a priority may help better identify quality risks and their pervasiveness within the system and better respond to pervasive quality risks. A well-maintained communication system combined with a robust, risk-based quality management system will save considerable time in the long run.
Monitoring and Remediation
The monitoring and remediation process requests that firms use a lot of judgment in determining what is a deficiency and the pervasiveness of that deficiency. The guidance states in Par. A155, "In a less complex firm, the monitoring activities may be simple because information about the monitoring and remediation process may be readily available in the form of leadership's knowledge, based on their frequent interaction with the system of quality management, of the nature, timing, and extent of the monitoring activities undertaken, the results of the monitoring activities, and the firm's actions to address the results." Given the standard of "if it is not documented, it did not happen," guidance should emphasize documenting the leadership's knowledge in a memo to allow others to access it without having to contact leadership repeatedly.
The Committee does agree with a cyclical rotation of inspecting each partner's engagements. This rotation will help create a team atmosphere and prevent avoiding a bad partner to avoid conflict.
The Committee feels there will be difficulty with implementation around networks. As noted in Par. 49-50, the firm will need to wait on their network to determine the quality risks and responses that the network feels all their network firms should address, then each firm will need to evaluate the information provided by the network to determine if and how much modification will be required to meet the firm's specific quality risk areas. We feel creating a risk-based quality management system to address each firm's individual situation could significantly reduce the value of network resources provided in this area. The requirement in Par. 52a to "understand the overall scope of the monitoring activities undertaken by the network across the network firms, including monitoring activities to determine those network requirements are appropriately implemented across the network firms, and how the network will communicate the results of its monitoring activities to the firm," puts a significant burden on small firms to oversee the network and other network firms. Many small firms join networks specifically to reduce their need to "recreate the wheel" on firm administration and practice. Many of these small firms may leave these networks to avoid having to perform this process.
The Committee feels the requirements in proposed SQMS No. 1 are clear and understandable. The application material is helpful; however, we believe significant implementation guidance will need to be provided, especially to smaller firms.
Question 2: Respondents are asked to provide their views on the scalability of the new quality management approach. In addition, the ASB is seeking respondents' views on specific requirements in proposed SQMS No. 1 that may inhibit scalability and requirements for which additional application material regarding scalability would be helpful.
As noted in many of the answers to question 1, scalability is a significant concern. In theory, allowing smaller firms to address quality management review risks specific to their small risk profile will enable smaller firms to reduce the amount of work they need to do to establish and maintain a quality management review system. However, in practice, the need to feel like you have covered every possible risk may drive some firms to over-document to meet the desire to cover all contingencies versus truly addressing only risks that have a reasonable chance of occurring. It will be critical to produce guidance for smaller firms, separate from larger firms, to help them create a quality management system that meets the requirements of SQMS No. 1.
Question 3: Respondents are asked to provide their views on the preceding changes. In addition, the ASB is seeking respondents' views on whether the requirements in proposed SQMS No. 2 are clear and understandable, and whether the application material is helpful in supporting the application of those requirements.
Why a Separate Standard?
The Committee agrees with having a separate standard on choosing an engagement quality reviewer and the performance of an engagement quality review. The separation provides clarity and distinction of the process from the design and operation of a quality management system.
Appointment and Eligibility of Reviewers
The Committee feels that there should be specific guidance on who is eligible to perform an engagement quality review; however, we have several concerns that some requirements will make meeting these requirements difficult. We feel there may be too much emphasis placed on the self-review threat (Par. A13). With the current shortage of accounting professionals, finding a reviewer outside the firm may be challenging with sufficient time (Par. 18a) to perform the review. We are also concerned that the Cooling-off period (Par. 19, A16-A17) is not necessary. This concern is also related to the ability of the firm to find enough eligible reviewers inside the firm. These restrictions combined with other independence requirements and the difficulty in finding external resources could force firms to incorrectly conclude an engagement is outside engagement quality review requirements to avoid violating eligibility guidelines.
Performance and Documentation of the EQ Review
The Committee agrees with the different aspects of the performance and documentation of the EQ review (Significant Judgments and Significant Matters, Time of the Review, and Documentation).
The Committee feels the requirements in proposed SQMS No. 2 are clear and understandable. The application material is helpful; however, we believe significant implementation guidance will need to be provided, especially to smaller firms.
Question 4: Respondents are asked to provide their views on the preceding changes. In addition, the ASB is seeking respondents' views on whether the requirements in the proposed QM SAS are clear and understandable, and whether the application material is helpful in supporting the application of those requirements.
Engagement Partner's Overall Responsibility for Managing Quality on Audits, Including Engagement Performance and Stand Back
The Committee agrees with the proposed changes in an engagement partner's overall responsibility for managing quality on audits. The timely review of documentation at appropriate stages, as discussed in Par. 30-31 and A91, provides excellent guidance on ensuring that review of documentation should occur throughout the engagement rather than at the end to better facilitate the report date being as close to the end of fieldwork as possible. Adding the Stand Back requirement Par. 40, properly adds emphasis to the engagement partner taking responsibility for an audit engagement. The Stand Bank requirement will help prevent the engagement partner from passing this responsibility to a manager or director unless it is documented that the partner has passed the engagement partner responsibility to someone who has the experience and knowledge to perform this responsibility.
The Committee has the most concern about maintaining the necessary human and intellectual resources for engagements performed by smaller firms. The public accounting industry is dealing with more and more areas requiring the use of resources while the pool of human and intellectual resources has been reducing. This lack of responsibility could cause difficulty finding and training enough CPAs to fulfill the requirements of the new standards.
Other New Requirements
The Committee feels the clarification added on what the engagement partner needs to review will help focus engagement partners on the things that matter at that level of review. With the reduced availability of staff, the engagement partner needs to be as efficient as possible in reviewing the most valuable sections of the audit versus looking over every workpaper.
The Committee feels the requirements in the proposed QM SAS are clear and understandable. The application material is helpful; however, we believe significant implementation guidance will need to be provided, especially to smaller firms.
Question 5: Respondents are asked to provide their views on whether the effective dates are clear.
The effective dates as laid out are clear for each section of the exposure draft.
Question 6: Respondents are asked to provide their views on whether an 18-month implementation period is appropriate. If that period is not appropriate, please explain why and what implementation period would be appropriate.
The Committee is concerned the 18-month implementation period may be insufficient to create the guidance necessary for proper implementation while allowing at least one cycle/year of engagements to be performed before a firm is subject to a peer review following these guidelines. In addition, peer reviewers would need some time to adjust how they perform peer reviews to ensure they can adequately evaluate the scalability sections in these standards.
The Committee recommends a 30-month implementation period to allow firms at least two years to prepare for a peer review subject to these new guidelines. We feel the need to re-think how a system of quality management functions under a quality risk format may take longer than expected. This feeling is from the experience of how long it has taken auditors to fully implement a risk-based audit approach and the peer review team's ability to accept judgments that, while well documented, do not always match the risks they feel might have existed in an audit.
Question 7: Respondents are asked whether they agree that inspection of completed engagements by those involved in the engagements should be precluded in order to enhance audit quality. If not, please explain why and provide examples of safeguards that could lower the self-review threat to an acceptable level.
The Committee does not agree that inspection of completed engagements by those involved in the engagement should be precluded for smaller, less complex firms.
The ASB has improperly interpreted ISQC 1. The ASB states that ISQC 1 Par. 48 prohibits engagement team members or the engagement quality reviewer from performing any inspection of that engagement, which is accurate as a standalone statement. However, the ASB proceeds to quote the application material in extant ISQC 1, which specifically allows small firms to use individuals responsible for the design and implementation of the firm's quality control or who may be involved in performing the engagement quality control review.
A68. In the case of small firms, monitoring procedures may need to be performed by individuals who are responsible for the design and implementation of the firm's quality control policies and procedures or who may be involved in performing the engagement quality control review.
The ASB should provide guidance for smaller firms similar to that of ISQC 1 to reduce the financial burden of the proposed standard on smaller firms.
The Committee believes a better standard would be harsher punishment for those firms that continuously fail peer review and for those peer reviewers who do not perform their duties with professional due care.
Question 8: Respondents are asked for their views on whether a cooling-off period should be required before a former engagement partner can serve as an engagement quality reviewer on that engagement, and (a) if so, the appropriate length of the required cooling-off period, or (b) if not, please explain why and provide examples of safeguards that could lower the objectivity threat to an acceptable level.
The Committee believes a cooling-off period would provide an undue burden on smaller and some medium-sized firms. As such, we do not think a cooling-off period should be required before a former engagement partner can serve as an engagement quality reviewer on that engagement.
A firm's system of quality control should be sufficiently implemented to ensure all practitioners practice objectivity at all times on all engagements.
We believe a better standard would be harsher punishment for those firms which continuously fail peer review and for those peer reviewers who do not perform their duties with professional due care.
Question 9: Respondents are asked for their views on whether the engagement quality review should be required to be completed before the report is dated, rather than before the report is released.
The Committee does not object to this proposed change. Dating the report after the ECR is completed is a common practice and would not significantly impact current practice.
Again, the Committee appreciates the opportunity to respond to this ED. Please direct any questions or concerns to VSCPA Vice President, Advocacy Emily Walker, CAE, at [email protected] or (804) 612-9428.
Tamara Greear, CPA
VSCPA Accounting & Auditing Advisory Committee
2021-22 VSCPA Accounting & Auditing Advisory Committee
Tamara Greear, CPA — Chair
George Crowell, CPA — Vice Chair
Zach Borgerding, CPA
Scott Davis, CPA
Bo Garner, CPA
Joshua M. Keene, CPA
Nick Kinsler, CPA
Daniel Martin, CPA
Michael Phillips, CPA
Chris Smith-Christian, CPA
Charles M. Valadez, CPA
Natalya Yashina, CPA