Continuing Professional Education

Annual Internal Inspection Procedures

Peer Review

Firm Quality Control Policies and Procedures

Continuing Professional Education

Q1. If a staff level professional performs the entire ERISA audit, subject to a partner’s review, is that individual considered an “individual managing ERISA employee benefit plan audit engagements” for purposes of this requirement?

A1.  Yes. Individuals managing the audit engagement are professional employees who have either continuing responsibility for the overall planning and supervision of the engagement or the authority to determine that an engagement is complete subject to final partner approval, unless the partner in charge of the engagement assumes the role of manager on the engagement.

Q2.  A firm has two partners who sign ERISA employee benefit plan audit opinions, and one individual who supervises all of the ERISA audit engagements. The firm’s CPE period is on a non-calendar year basis. The first CPE cycle ending after January 1, 2005, ends June 30, 2005. Does this mean that those individuals have until June 30, 2005, to obtain the initial 8 hour benefit plan-specific CPE?

A2.  Yes. After June 30, 2005, those individuals who do not have the required 8 hours of benefit plan-specific CPE should not be permitted to manage ERISA engagements or sign ERISA audit opinions until the requisite CPE is obtained.

Q3.  Are all partners of member firms required to have 8 hours of benefit plan-specific CPE every three years?

A3.  No. Only those partners who sign ERISA employee benefit plan audit opinions are required to meet the Center’s 8-hour benefit plan-specific CPE requirement.

Q4.  Are partners who perform concurring partner reviews of ERISA employee benefit plan audits required to meet the Center’s CPE requirement?

A4.  No. Concurring partners are not required to have the 8 hours of benefit plan-specific CPE. However, concurring partners would be required to possess current knowledge, appropriate to their level of involvement in the engagement, of applicable professional standards, rules and regulations for ERISA employee benefit plan audits.

Q5.  Where can a firm find qualifying CPE courses to meet this requirement?

A5.  AICPA offers two national employee benefit plans conferences each year, as well as various employee benefit plan related Webcasts and self-study CPE courses to assist you in meeting this requirement. For a listing of all conferences and courses, visit http://www.cpa2biz.com/. In addition, several state societies offer conferences and self-study courses for employee benefit plan auditors. If you live in a state where no such courses are offered, you may wish to encourage your state society to develop such programs.

 Back to top

Annual Internal Inspection Procedures

Q6.  Will a firm’s existing system of quality control satisfy this requirement?

A6.  In most cases, no. This requirement is intended to lead firms to do something extra in their system of quality control by focusing on the specific policies and procedures applicable to a firm's accounting and auditing practice for ERISA audits. Firms that do not have inspection procedures specific to their ERISA audit practice as a part of their normal monitoring procedures are required to implement such procedures.

Q7.  What inspection procedures would a firm need to perform related to its ERISA audit practice?

A7.  The nature of inspection procedures will vary based on the firm's quality control policies and procedures and the effectiveness and results of other monitoring procedures. The adequacy of and compliance with a firm's system of quality control are evaluated by performing such inspection procedures as:

·         Review of selected administrative and personnel records pertaining to the elements of quality control.

·         Review of ERISA audit engagement working papers, reports, and clients' financial statements.

·         Discussions with the firm's personnel.

·         Summarization of the findings from the ERISA audit inspection procedures, at least annually, and consideration of the systemic causes of findings that indicate improvements are needed.

·         Determination of any corrective actions to be taken or improvements to be made with respect to the specific ERISA audit engagements reviewed or the firm's quality control policies and procedures.

·         Communication of the identified findings to appropriate firm personnel, including the designated partner in charge of the firm’s ERISA audit practice.

·         Consideration of inspection findings by appropriate firm personnel who should also determine that any actions necessary, including necessary modifications to the system of quality control, are taken on a timely basis.

Q8.  Does the inspection need to be performed in the firm’s peer review year?

A8.  Yes. The inspection must be done annually, regardless of whether it is the firm’s peer review year. Ideally, in peer review years the inspection procedures would be completed before peer review fieldwork begins, but inspection procedures must be completed before the peer review team leaves the field.

Q9.  How would a small firm with one audit partner or a sole practitioner satisfies this requirement?

A9.  In small firms qualified individuals (partners or managers) may inspect their own work (on a post issuance basis only), as long as the requirements of the AICPA’s Quality Control Standards in QC Section 30, Paragraph 8, Sections A through D are met. That section states that post-issuance review procedures may constitute inspection procedures provided:

·         The review is sufficiently comprehensive to enable the firm to assess compliance with all applicable professional standards and the firm’s quality control policies and procedures.

·         Findings of such reviews that may indicate the need to improve compliance with or modify the firm’s quality control policies and procedures are periodically summarized, documented, and communicated to the firm’s management personnel having the responsibility and authority to make changes in those policies and procedures.

·         The firm’s management personnel consider on a timely basis the systemic causes of findings that indicate improvements are needed and determine appropriate actions to be taken.

·         The firm implements on a timely basis such planned actions, communicates changes to personnel who might be affected, and follows up to determine that the planned actions were taken.

Alternatively, some firms may choose to engage an outside-qualified inspector either annually or on a periodic basis.

Q10.   How should the firm select the ERISA audits to be inspected?

A10.  The selection of engagements for inspection should be focused on the firm’s ERISA practice only (that is, not influenced by the size of the ERISA practice in relation to the firm’s entire audit practice.) The number of engagements selected for inspection should be sufficient to provide the inspector with a reasonable basis for concluding whether the firm's system of quality control for its ERISA auditing practice is properly designed, and whether it was being complied with during the year. Engagements selected for review should provide a reasonable cross section of the firm's ERISA auditing practice with emphasis on engagements that are considered to have higher risk. Examples of the factors to consider when selecting engagements to inspect are:

·         Type of plan (e.g. defined benefit, defined contribution, health and welfare, multiemployer, ESOP)

·         Level of service (full scope or limited scope)

·         Experience of personnel assigned

·         Office where the engagement was performed

·         Initial year the ERISA audits are performed by the firm

The number of practice offices selected for inspection should be sufficient to provide the inspector with a reasonable basis for concluding whether the firm's quality control policies and procedures for its ERISA auditing practice are adequately complied with throughout the firm. Greater emphasis should be placed on selecting those offices with higher risk. Factors to consider when selecting offices include:

·         The number, size, and geographic distribution of offices

·         The degree of centralization of control and supervision of the firm’s ERISA auditing practice

·         Recently merged or recently opened offices.

Q11.  Does the firm need to prepare a separate inspection report for the ERISA audits inspected?

A11.  No. The firm may prepare a separate report on its inspection of ERISA engagements, or it may document the ERISA practice inspection scope and results in the firm’s general monitoring/inspection documentation.

Q12.  How long does a firm need to retain its reports on its inspection of ERISA engagements?

A12.  The report and/or documentation should be retained for a period of time sufficient to enable those performing monitoring procedures and a peer review to evaluate the extent of the firm's compliance with its quality control policies and procedures.

Q13.  Is there a checklist to help firms perform inspections?

A13.  Yes. Firms may use the Peer Review Employee Benefit Plan Engagement Checklist to assist them in conducting the inspections.

Q14.  Can a firm hire its peer reviewer to perform its annual ERISA audit practice internal inspection?

A14.  The firm may engage its peer reviewer to perform its annual ERISA audit practice internal inspection.  However, the firm should be aware that in a peer review year, the internal inspection must be a separate engagement from, and is beyond the scope of, the peer review.

Q15.  At what point during the firm’s fiscal year should the self inspection be performed?

A15.  The self inspection may be performed at any time during the year.  However, the firm must designate an annual self inspection period that is the same from year-to-year.  For simplicity, the firm may wish to consider using its peer review year-end. 

In determining its annual self inspection period, a firm also should be mindful of the related benefits provided by those inspections.  Ideally, the self inspection would be performed prior to the benefit plan audit season each year, so that information learned from the self inspection may be applied in the current year audits. 

Self inspections can provide important information about the composition of the firm’s benefit plans practice, and should point out areas where the firm is deficient.  Such information can help the firm more efficiently and effectively plan its ERISA audits, including determining timing of the engagements, staffing needs and availability, and necessary changes to audit plans and programs.  It also may assist firms in determining staff training needs.

Q16.  What plan year should be selected for the self inspection? 

A16.  The self inspection should be performed on the most recent plan year available.

Back to top

Peer Review

Q17.  What peer review information has the Executive Committee determined should be available to the public?

A17.  Center member firms must make publicly available information about their peer review as stipulated in Note 4 to the membership requirements.

Q18.  How does a firm make the peer review information available to the public?

A18.  Upon admission into the Center, if your firm is a member of the Center for Public Company Audit Firms and/or the PCPS, certain peer review information already is in the AICPA’s public file, so you don’t need to do anything.

If not, the you will need to forward the required information. You should e-mail the Center a copy of this information, which can be in the form of a Word or PDF file at or, if you prefer, fax it to us at 202-638-4512, within 30 days after joining the Center. Your files will be placed in the AICPA Peer Review Public File.

Q19.  If a peer reviewer’s firm is not a member of the Center, is the Center member firm now required to hire a new firm that is a Center member to perform its peer review?

A19.  Not necessarily, but it is suggested that you encourage your peer reviewer’s firm to join the Center. The Center’s membership requirement states that the employee benefit plan audits selected as part of the firm’s peer review be reviewed by individuals employed by a Center member firm. This requirement is intended to ensure that the member of the peer review team who reviews your ERISA engagements has specialized knowledge of the auditing and reporting requirements for ERISA engagements. It is this individual who must be employed by a Center member firm. Accordingly, if the firm you engage to perform your peer review is not a Center member, it may be possible for that firm to add a team member who is employed by a Center member firm for the sole purpose of reviewing your ERISA engagements, subject to the existing AICPA peer review team approval procedures.

Q20.  A firm’s peer review is due in 2004, and that firm has already engaged a firm that is not a member of the Center to perform the review. Now that the firm has joined the Center, does it have to find another firm to perform the review?

A20.  No. This requirement is effective for peer reviews commencing in 2005. However, you should discuss with your peer review firm your firm’s need to comply with the Center membership requirement and the alternatives to satisfying the requirement.

Q21.  Where can a firm find a listing of Center member firms in its state that perform peer reviews?

A21.  You can search the AICPA peer reviewer database and include Employee Benefit Plan Audit Quality Center as one of the search criteria.

Back to top

Firm Quality Control Policies and Procedures

Q22.  How does a firm satisfy the Center requirement to establish policies and procedures specific to the firm’s ERISA employee benefit plan audit practice to comply with the applicable professional standards and Center membership requirements? (Requirement effective on or before December 31, 2004)

A22.  The Center requirement to establish policies and procedures specific to the firm’s ERISA employee benefit plan audit practice to comply with the applicable professional standards is consistent with AICPA  Statement on Quality Control Standards No. 2: System of Quality Control For a CPA Firm’s Accounting and Auditing Practice, which broadly defines a system of quality control (QC System) as a "process to provide the firm with reasonable assurance that its personnel comply with applicable professional standards and the firm’s standards of quality." The Center requirement applies this same general quality control standard at the ERISA plan audit level. The firm's auditing policies and procedures should specifically address ERISA plan audits, including the five elements of the general quality control standard as they relate to the firm's ERISA audit practice.

Q23.  What are the five elements of the general quality control standard and how are they related to a firm’s ERISA plan audit practice?

A23. The policies and procedures should encompass the following five elements at the ERISA plan audit level:

1. Independence, Integrity and Objectivity: A firm’s system of quality control should provide reasonable assurance that personnel maintain independence in fact and in appearance. [Special consideration: In addition to the AICPA ethics standards, the DOL has issued guidelines (29 CFR 2509.75-9) for determining when an auditor is independent for purposes of auditing and rendering an opinion on the annual report.]

2. Personnel Management: The firm’s policies and procedures related to personnel management should provide that firm with reasonable assurance that:

·         Personnel hired have attributes that allow them to perform competently.

·         Work is assigned to those with the right amount of technical skill and training needed for the assignment.

·         Personnel participate in general and industry-specific continuing education and participate in professional development activities that enable them to fulfill their assigned responsibilities and the requirements of the AICPA and regulatory agencies.

·         Personnel selected for advancement possess the necessary qualifications needed to assume advanced responsibility if called upon to do so.

·         Personnel on engagements where the plan files under 11-k meet the independence requirements of the SEC and the PCAOB.

A firm’s policies and procedures related to the items noted above should be designed to provide a firm with reasonable assurance that audit staff possesses the kinds of competencies that are appropriate given the circumstances of the individual employee benefit plan audit engagement. A firm’s policies and procedures would ordinarily require audit staff to gain the necessary competencies through recent experience in employee benefit plan auditing. In some cases, however, audit staff will have obtained the necessary competencies through other disciplines, such as in relevant industry, governmental, and academic positions.

3. Acceptance and Continuance of Clients and Engagements: A firm’s system of quality control should provide reasonable assurance that the firm:

·         Only undertakes engagements that the firm can reasonably expect to be completed with professional competence, and
 

·         Appropriately considers risks associated with providing service in particular circumstances.

4. Engagement Performance: A firm should have in place policies and procedures that provide it with reasonable assurance that:

·         Engagement work meets professional standards, regulatory requirements and the firm’s standards of quality. 

·         All phases of the design and execution are covered, including planning, performing, supervising, reviewing, documenting, and communicating the results of the engagement.

·         Personnel have available and refer to authoritative references, whether literature or other sources, and consult when appropriate with individuals within or outside the firm who have the appropriate level of knowledge, competence, judgment and authority.

5. Monitoring: This standard requires all firms to monitor their system of quality control for suitability of design and effectiveness of application. Monitoring addresses four areas:

·         Relevance and adequacy of the firm’s policies and procedures.
 

·         Appropriateness of the firm’s guidance materials and practice aids.

·         Effectiveness of professional development programs.

·         Compliance with the firm’s policies and procedures

Q24.  Are there any additional matters that must be encompassed by the firm’s policies and procedures specific to the ERISA employee benefit plan audit practice?

A24.   Yes. The firm should establish policies and procedures to comply with Center membership requirements, including:

·         Designating an audit partner to have firm-wide responsibility for the quality of the firms ERISA employee benefit plan audit practice.  

·         Having all audit partners of the firm residing in the United States and eligible for AICPA membership be members of the AICPA. 

·         Establishing a program to ensure that all ERISA employee benefit plan audit engagement personnel possess current knowledge, appropriate to their level of involvement in the engagement, of applicable professional standards, rules and regulations for ERISA employee benefit plan audits; and minimum CPE requirements for an individual signing audit opinions and an individual managing ERISA employee benefit plan audit engagements. 

·         Performing annual internal inspection procedures that include a review of the firms ERISA employee benefit plan audit practice by individuals possessing current experience and knowledge of the accounting and auditing practices specific to ERISA employee benefit plan audits.

·         Making publicly available information about its most recently accepted peer review as determined by the Executive Committee.

·         Having its ERISA employee benefit plan audits selected as part of the firms peer review reviewed by individuals employed by a Center member firm.

Q25. What quality control policies and procedures should ordinarily be addressed with regard to the competencies for the individual who is responsible for supervising an ERISA audit engagement and signing or authorizing an individual to sign the accountants report on such engagement (the practitioner-in-charge)?

A25 Consistent with the general quality control standards (QC Section 40, Personnel Management Element of a Firm’s System of Quality Control- Competencies Required by a Practitioner-in-Charge of an Attest Engagement), the firm’s quality control policies and procedures should ordinarily address the following competencies for the practitioner-in-charge of an employee benefit plan audit engagement.

a. Understanding of the Role of a System of Quality Control and the Code of Professional Conduct—Practitioners-in-charge of an employee benefit plan audit engagement should possess an understanding of the role of a firm’s system of quality control and the AICPA’s Code of Professional Conduct, both of which play critical roles in assuring the integrity of the various kinds of accountant’s reports.

 

b. Understanding of the Service to be Performed—Practitioners-in-charge of an ERISA employee benefit plan engagement should possess an understanding of the performance, supervision, and reporting aspects of the engagement, which is normally gained through actual participation in an employee benefit plan audit.

 

c. Technical Proficiency—Practitioners-in-charge of an ERISA employee benefit plan audit engagement should possess an understanding of the applicable accounting and auditing professional standards including those standards directly related to the type of employee benefit plan and the kinds of transactions in which a plan engages.

 

d. Familiarity with the Industry—To the extent required by professional standards applicable to audits of ERISA employee benefit plans, practitioners-in-charge of an engagement should possess an understanding of the employee benefit plan industry. In performing an audit of financial statements, this understanding would include operating characteristics sufficient to identify areas of high or unusual risk associated with an engagement and to evaluate the reasonableness of industry specific estimates.

 

e. Professional Judgment—Practitioners-in-charge of an ERISA employee benefit plan engagement should possess skills that indicate sound professional judgment. In performing an audit of financial statements, such skills would typically include the ability to exercise professional skepticism and identify areas requiring special consideration including, for example, the evaluation of the reasonableness of estimates and representations made by management and the determination of the kind of report necessary in the circumstances.

 

f. Understanding the Organization’s Information Technology Systems— Practitioners-in-charge of an ERISA employee benefit plan audit engagement should have an understanding of how the organization is dependent on or enabled by information technologies; and the manner in which information systems are used to record and maintain financial information.

Q26.  A firm has a comprehensive quality control policies and procedures document already in place.  Is it necessary to amend the entire document to include specific wording covering the firm’s ERISA practice, or is it acceptable to issue an addendum that addresses how the ERISA practice quality control will be achieved and how it interfaces with the firm’s existing quality control document?