Change in GASB’s Hierarchy of GAAP

Currently authoritative guidance is provided by GASB Statement No. 55, The Hierarchy of Generally Accepted Accounting Principles for State and Local Governments. The GASB’s 2013 exposure draft (ED) of the same name proposes to alter the hierarchy of authoritative standards. The comment period for the ED ends on December 31, 2014.

Current Hierarchy

GASB Statement No. 55 currently provides for a four-level hierarchy of authoritative sources of GAAP, as follows:

  1. GASB Statements and Interpretations, National Council on Governmental Accounting (NCGA) Statement and Interpretations, and American Institute of Certified Public Accountants’ (AICPA) accounting and audit guide for state and local governments (as amended prior to the GASB beginning operations in July 1984);
  2. GASB Technical Bulletins (TBs), AICPA Audit and Accounting Guides (specifically applicable to state and local governments and cleared by the GASB), and AICPA Statements of Position (specifically applicable to state and local governments and cleared by the GASB);
  3. Accounting Standards Executive Committee (AcSEC) Practice Bulletins and GASB-sponsored Consensus Positions; and
  4. GASB Implementation Guides (IGs) and widely recognized and prevalent practice.

Proposed Hierarchy

The GASB has proposed a simple two-level hierarchy of authoritative guidance:

a. GASB Statements (to include all extant guidance from the current “Level 1”) and

b. GASB Technical Bulletins, GASB Implementation Guides, and AICPA guidance (specifically applicable to state and local governments and cleared by the GASB)

“Level a” guidance will require the majority of board members to vote in favor, whereas “Level b” will require only that the majority of board members not object to the guidance (“clearance”).

Notice that widely and prevalent practice (included in 4. of the present hierarchy) is relegated to a nonauthoritative status (since there is no practical means to identify it).

 

“Draft proposal: AICPA Peer Review Board discussing the inclusion of SSARS 21 Preparation Services in peer reviews. Some exceptions may be provided.”
@

SSARS 21 – A Video Overview of the Preparation Standard

 

I recently provided a slide deck overview of the new SSARS 21 Preparation standard. Here’s a video overview. (Sorry, no CPE credit provided, but I hope you find it helpful anyway.)

October 13, 2015, Update to Post

My new book, Preparation of Financial Statements and Compilation Engagement, is available on Amazon.com. Click here to see the book: Preparation of Financial Statements & Compilation Engagements.

The book includes sample financial statements using the preparation and compilation options. Sample engagement letters are also included. This book is a quick-reference guide that takes the mystery out of the new standards.

The New COSO Framework

See what changed in the new COSO Framework

Rita Crundwell, the former comptroller for Dixon, Illinois, stole over $53 million from a city of 16,000 people with an annual budget of $6 to $8 million. In the early 1990s, she opened a secret bank account in the name of the city and began transferring funds (disguised as payments to the Illinois DOT). The monies (in the secret account) were used by Rita to fund one of the nicest quarter horse ranches in the world.

The theft was simple. The damage was massive.

COSO Framework

Picture courtesy of DollarPhoto.com

Losses from fraud and other risks can happen to any organization that lacks sufficient internal controls. Therefore, it’s imperative that your business, government, or nonprofit create a sound working internal control system.

Why COSO?

Prior to 1992 (the year COSO’s internal control framework came into existence), internal control guidance was sparse. Accountants knew that controls were needed, but many had no model to follow.

COSO to the Rescue

The Committee of Sponsoring Organizations (COSO), consisting of five organizations, such as the AICPA, came together to develop an internal control framework that accountants could use in any organization. Those standards have served well over the last twenty years, but with many changes in technology (e.g., cloud computing), the uptick in laws and regulations (e.g., Sarbanes Oxley), the increase in outsourcing (e.g., payroll), and the higher incidence of fraud, it became apparent that the framework needed amendments. So the COSO did just that, releasing the updated framework in May 2013; the effective date of the guidance is December 15, 2014.

The Hip Bone Connected to the Leg Bone

COSO added greater definition and guidance in regard to the five internal control components created back in 1992:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring

As the 1992 framework states, these five components should be holistically integrated to create a healthy and safe control environment for business, nonprofits, and other organizations.

And what does this integration look like?

Every entity needs ethical leadership (the control environment). Those leaders identify key risk areas, usually in terms of likelihood and dollar impact. Once the risk areas are known, controls are designed and implemented (control activities) to ensure the creation of financial information (information and communication). Lastly, the organization monitors the system to ensure that it all works as planned (monitoring).

Most auditors (and those who design internal controls) usually emphasize the control activities component. The reason? Audit opinions relate to financial statements and deficiencies in control activities often allow misstatements to occur. The result? The reporting of significant deficiencies and material weaknesses. As auditors issue control deficiency letters, they tend to focus on control activities, though those communications can and should address deficiencies in the other four internal control components.

What changed in the new COSO framework?

Key changes in the 2013 framework include:

  • The addition of 17 principles (each related to one of the five control components listed above)
  • The addition of points of focus (each applicable to one of the 17 principles)
  • An increased focus on fraud
  • An increased focus on governance
  • An increased focus on information technology
  • An increased focus on compliance with laws and regulations

Why should I care about these changes?

Think of the COSO framework as the fountainhead of all that is good in internal control land. And once COSO speaks, other important bodies (e.g., the AICPA Auditing Standards Board) listen and absorb what is published. Remember SAS 109, Understanding the Entity and Its Control Environment, issued in 2006? Guess where the five control components (control environment, risk assessment, control activities, information and communication, and monitoring) came from? Don’t be surprised if you see the 17 new COSO principles–and possibly the points of interest–embedded in future audit standards.

In any event, the new COSO guidance is a great place for any business or organization to develop a control system that identifies and mitigates risks.

Then disasters–like the one in Dixon, Illinois–can be avoided.

Deeper Dive

If you are interested in more information about the new COSO guidance, consider purchasing the book Executive’s Guide to COSO Internal Controls by Robert Moeller. Mr. Moeller provides a nice summary of the framework along with implementation steps.

You can buy the COSO Framework here.

The New Preparation of Financial Statements Standard

The art of life is a constant readjustment to our surroundings. –Kakuzo Okakaura

Significant change has occurred in the compilation world.

  • The Accounting and Review Services Committee recently added a new twist to the standards that govern the preparation of financial statements. Now CPAs can issue financial statements without a compilation report. To do so, you need to follow the guidance in Section 70 (Preparation of Financial Statements) of SSARS 21. So let’s unwrap this package and see what’s inside.

First, when is the Preparation standard applicable?

Section 70 states it is not applicable when the accountant prepares financial statements:

  • and is engaged to perform an audit, review, or compilation of financial statements
  • solely for submission to taxing authorities
  • for inclusion in written personal financial plans
  • in conjunction with litigation services that involve pending or potential legal or regulatory proceedings, or
  • in conjunction with business valuation services

In other words, the standard applies when you create financial statements that are not for any of the above purposes.

If you create financial statements that will, for example, be used for litigation purposes, then Section 70 does not apply. If you create a balance sheet that is a part of a tax return, Section 70 is not applicable. If you are engaged to create financial statements as a part of a compilation, then, again, Section 70 doesn’t apply. (You will only issue a compilation report when you are engaged to do so. Under Section 70, no compilation report is issued. See my prior SSARS 21 post for more information.)

Difference in Preparation and Merely Assisting

The Preparation standard also makes a distinction between preparing financial statements and merely assisting in the preparation of financial statements.

Preparing refers to the creation of financial statements.

Merely assisting refers to bookkeeping services. Here are examples of accounting services that are not covered by Section 70:

  • Preparing or proposing certain adjustments, such as those applicable to deferred income taxes, depreciation, or leases
  • Drafting financial statement notes
  • Entering general ledger transactions or processing payments in accounting software

Independence Not Required

Bear in mind that the preparation of financial statements and related bookkeeping services (e.g., entering transactions into a general ledger) are both considered nonattest services. So you can do either without considering whether you are independent.

What does this mean? Well, I can process payments for a client (even sign checks or have custody of a client’s assets) and prepare financial statements. Am I independent? No. Does it matter? No, not if I am just preparing financial statements under the guidance of Section 70 (and not issuing a compilation report). Do I need to disclose my lack of independence? No. (If you do issue a compilation report, you need to disclose your lack of independence–as you have in the past.)

Must the accountant verify the accuracy or completeness of the information? No. Remember, however, that AICPA ethics rules prohibit a CPA from issuing financial statements that are intentionally misleading.

Required Wording or Disclaimer?

Each page of the financial statements should include, at a minimum, the words “no assurance is provided” or issue a disclaimer that makes clear that no assurance is provided.

The example disclaimer provided in .A12 of Section 70 reads as follows:

The accompanying financial statements of XYZ Company as of and for the year ended December 31, 20XX, were not subjected to an audit, review, or compilation engagement by me (us) and, accordingly, I (we) do not express an opinion, a conclusion, nor provide any assurance on them.

[Signature of accounting firm or accountant, as appropriate]

[Accountant’s city and state]

[Date]

Can the financial statements omit disclosures?

Yes.

The disclosure of the omission of substantially all disclosures may be made on the face of the financial statements or in a selected note to the financial statements. (Selected disclosure is permissible under Section 70.)

If disclosures are omitted and a special purpose framework is used, then the accountant should include a description of the financial reporting framework on the face of the financial statements.

Engagement Letter Required

An engagement letter is required by Section 70. Both the accountant and the client must sign the letter.

Documentation Requirements

The accountant should retain:

  • A copy of the financial statements
  • The signed engagement letter

That’s it: Nothing else is required.

The documentation may also include any significant consultations or professional judgments.

Subject to Peer Review?

My February 2015 AICPA Peer Review Update (newsletter) states the following:

On November 18, 2014, the Peer Review Board (PRB) issued an exposure draft, which proposed that firms that only perform preparation engagements under AR-C Section 70 – Preparation of Financial Statements (issued as part of Statement on Standards for Accounting and Review Services (SSARS) No. 21, Statement on Standards for Accounting and Review Services: Clarification and Recodification) would not be required to enroll in the AICPA peer review program (Program). However, it also proposed that a firm’s preparation engagements would be included in the scope of a peer review when the firm either elects to enroll in the program (e.g. to comply with licensing or other requirements) or is already enrolled due to other engagements it performs. This proposal was issued in order to address the effect of these engagements on the scope of the Program.

The PRB considered comments raised by the peer review community about the proposal and elected to adopt the proposed guidance changes. The changes are effective for peer reviews commencing on or after February 1, 2015.

The key points of this communication are:

  • Firms that only perform the Preparation of Financial Statement service under section 70 of SSARS 21 are not required to enroll in the AICPA peer review program.
  • Firms that are enrolled in the peer review program will have the Preparation of Financial Statements service included in the scope of their peer reviews.

Note that these are the AICPA rules. Peer review requirements may be more stringent in your state, possibly requiring a peer review–even if you only perform Preparation of Financial Statement engagements. Check with your state board of accountancy.

When can I apply Section 70 of SSARS 21?

Now, if early implemented.

When am I required to apply SSARS 21?

For periods ending on or after December 15, 2015.

Coming SSARS 21 Book

My SSARS 21 book will be available on Amazon in late April. It will be available in Kindle and paperback formats. The book will provide concise overviews of the Preparation and Compilation sections of the standard.