The AICPA has identified governmental engagements as a high-risk area. While governmental accounting is complex, the addition of Yellow Book and Single Audit standards (when applicable) make these engagements even more challenging.
I recall in the pre-GASB 34 days reviewing physical ledger sheets that contained all of the transactions for a local government. There were no Yellow Book or Single Audit requirements. Those idyllic days of simplicity are gone, and the complexity of governmental audits has increased a hundred-fold.
Governmental regulators have complained that CPAs are not performing these audits in conformity with professional standards. In addition, these regulators are saying that the present peer review process is not identifying non-conforming engagements.
AICPA’s Testing of Peer Review Process
In response to these concerns–and those related to other high-risk areas such as benefit plans–the AICPA performed enhanced oversights to gauge how well peer reviewers are performing.
Here are some of the key takeaways from the oversights performed on that initial sample of engagements:
- Approximately 40 percent of the engagements selected as part of this pilot program were identified as non-conforming with the applicable professional standards by the industry experts.
- The peer reviewers on these engagements had identified only around one out of ten as non-conforming.
- Over the 2012 to 2014 peer review cycle, 8 percent of the must-select engagements reviewed were identified as non-conforming by their reviewers.
Peer review statistics related to governmental engagements reflect similar dynamics:
- Significantly more GAGAS/single audit engagements were determined to be non-conforming by the oversighters and were not recognized as being non-conforming by the peer reviewers. There was an approximate 40 percent nonconforming rate for oversights of governmental engagements while none of these engagements were identified as nonconforming by the peer reviewers.
Governmental Engagement Deficiencies
The enhanced oversights identified the following governmental engagement deficiencies (many of these are related to Yellow Book and Single Audit):
- Compliance requirements documented as applicable, but no testing performed for the compliance requirement
- A lack of testing of internal controls over direct and material compliance requirements
- A lack of documentation of management’s skills, knowledge, and experience to effectively oversee nonaudit services performed by the auditor
- A lack of documentation or incomplete documentation related to the risk assessment of type A or type B programs
- A lack of documentation supporting the assessment that compliance requirements were not applicable for the identified major programs
- A lack of documentation showing the consideration of fraud risk regarding noncompliance for major programs
- A lack of documentation of the internal control assessment over the preparation of the Schedule of Federal Awards (SEFA)
- The Schedule of Findings and Questioned Costs missing required elements
- Financial statements presented under GAAP instead of GASB
- No materiality calculation on opinion units
- A lack of documentation detailing the risk of management override of controls.
- A lack of documentation to support the client’s designation as a low-risk auditee
- Type A programs that were designated as low risk when they did not meet all of the requirements
- An auditor’s report on internal control that did not include all required elements
- The report on compliance with requirements applicable to each major program and internal controls over compliance that did not contain all of the required elements
- A data collection form that did not properly summarize the auditor’s results
- A calculation of amounts tested as major programs that was incorrect
- The omission of a federal program from a cluster that should have been included when testing major programs
Expect increased peer review scrutiny of governmental engagements in peer reviews.
The CPA community must take these concerns seriously. If we don’t, we may end up with a complete change of the present peer review process. Without positive improvement, CPA firms could, one day, be reviewed by governmental regulators — think IRS audits. It is imperative that we self-regulate in an effective manner.