Category Archives for "Accounting and Auditing"

Gift a bribe
Oct 30

When is a Gift a Bribe?

By Charles Hall | Auditing , Corruption

When is a gift a bribe?

Vendors often give sporting event tickets to clients. Or maybe they take them out for a nice dinner. Others might pay for a trip to Vegas.

So, at what point does a gift become a bribe? A friend of mine recently asked me this question. He said, "I give football tickets to clients. Is that a bribe?" I responded, "Maybe not, but if you give them season-long tickets, probably yes." (Such tickets cost several thousand dollars.) My friend followed with, "What if I go to every game with them?" My answer was, "That makes no difference." And doing so could be worse.

Cozy Vendor Relationships

20% of the 2022 fraud cases in the ACFE's recent study revealed "unusually close association with a vendor" as a red flag.

I've lost count of the fraud cases involving close vendor-client relationships. For example, the vendor and client might take annual family vacations together (think Aspen ski trip), with the former footing the bill.

I once spoke at a conference with vendors in the audience. One of them asked, "What can vendors give?" I responded, "I can't give you a list, but I would never give cash." He wanted a list of acceptable gifts. So, here's one: planes, trains, and automobiles. Yes, I'm trying to be funny, though I know of one vacation home gifted to a CEO. Why? So, a construction company could win a bid.

Some presents (like a vacation home) are obviously a bribe, but lower-cost ones are more difficult to define.

Gifts as bribes

Gray Gift Decisions

You may wonder, "How can I know when a gift is okay?" There's no easy answer to this question. But consider these scenarios. A vendor offers one of the following to you:

-A sleeve of golf balls
-Takes you to play golf
-Pays for you to attend a PGA tournament at Pebble Beach and all expenses for a week-long trip (including your spouse and children)
-Pays your annual dues at your local country club (cost is $25,000 annually)

I'll take the sleeve of balls and play golf, but I'm uncomfortable with the other two.

Front Page Litmus Test

When there is a gray ethical decision, I always say, "Put it on the front page of the paper and see how you feel." If you're comfortable with it, you're probably okay. If not, then don't do it. Another step you might take is to ask an honest friend what they think, someone who has no vested interest. (If you're unwilling to ask your friend the question, your conscience is probably telling you, "This is not okay.")

Most vendors want to give gifts without crossing the line (they want to avoid going to jail). But the line is not usually defined, and naming particulars can be futile. After all, how many things could be on such a list? So, creating a list of proper (or improper) gifts may not work.

So, how do we know if a gift is a bribe?

Quid Pro Quo

In the context of bribery, the concept of "quid pro quo" plays a significant role. This Latin phrase means a direct exchange, where something is given with the expectation of receiving something in return. To determine if a gift can be considered a bribe, one key question is: Was the gift given with the expectation of receiving something in return?

It's easier to argue that a gift is not a bribe if it's small or of low value. In such cases, it may appear more like a token of appreciation than an inducement for a particular action. However, when a vendor gives an expensive gift, it becomes much more challenging to assert that there's no expectation of something in return. Expensive gifts raise red flags and make it more likely that the present is, in fact, a bribe.

So, your company should create a gift policy, defining what is acceptable and unacceptable.

Gift Policies

Gift policies should limit amounts to a specific dollar amount, such as $100 annually. As I said earlier, cash (at least, in my mind) is never an acceptable gift.

The gift policy might provide examples of proper activity with a vendor, such as playing golf together once or twice a year. It might also provide examples of improper actions, such as going on vacations with vendors.

You could list unacceptable gifts, but this is challenging. I would instead define inappropriate gifts in terms of dollars. Doing so is a blanket covering all types of activity.

Moreover, consider including actions the company might take if the employee violates the policy. You may want to say that violations could lead to the loss of their job. But, consult with your legal advisors about the written policy.

And remember to communicate the policy.

Communicate the Gift Policy

Give your written gift policy to new employees, and discuss the importance of transparency regarding vendor gifts. Additionally, remind existing employees of the policy. You might do so in annual training classes.

So, should companies require written disclosure of gifts received?

Gift Disclosure Forms

Companies might also require a signed disclosure form once a year where employees provide details of what they receive from vendors. (Here’s a sample disclosure form.) Additionally, provide such disclosures to your compliance department if you have one. If not, consider giving these to the company owner.

And who might you require to complete such a disclosure form? Anyone with the power to purchase, whether a person issuing a purchase order, a department head authorizing payments, or someone signing checks--anyone able to pay a vendor (or cause a vendor to be paid).

Again, consult with your legal advisors about your disclosure form and processes.

So, is bribery a significant threat to most businesses?

Bribery is Real

ACFE fraud surveys continue to reveal that bribery is one of the leading causes of fraud. 50% of the ACFE's 2022 fraud cases involved corruption (bribery is a form of corruption). Why is this so?

Because it's easy for employees to receive illegal payments (or gifts) without anyone's knowledge, but make no mistake: This activity adversely affects the employer. How? The vendors usually pass the bribe cost to the company through inflated prices or substandard goods. Strangely enough, the vendor often sees a bribe as a cost of doing business, albeit an illegal one.

monitoring and remediation
Oct 19

Understand Engagement Quality Reviews and Monitoring and Remediation

By Charles Hall | Auditing

The new quality management standards include (1) engagement quality reviews and (2) monitoring and remediation. So what are these, and how will they impact CPA firms? Will they require changes in how you operate? Will you need additional personnel? Can firms review their own work, or will you need external help?

In this post, I explain how engagement quality reviews (EQR) and monitoring are different and how they complement each other. We also look at the objectivity requirements for monitoring (which can be tricky, especially for small firms). 

SQMS No. 1, A Firm’s System of Quality Management, requires firms to create a monitoring and remediation process. That standard also requires an Engagement Quality Review for higher-risk engagements (as defined by the firm). SQMS No. 2, Engagement Quality Reviews, provides information about the reviewers’ appointments and responsibilities. 

So, how do EQRs relate to monitoring and remediation? 

To answer this question, let’s first look at a summary of these two functions. 

1. Engagement Quality Reviews

EQRs are at the engagement level. For example, a designated reviewer will review a completed audit file for compliance with standards and an appropriate audit report. The purpose of an EQR is to provide an objective evaluation of significant judgments and conclusions. The EQR will, if done appropriately, reduce the risk of noncompliance with professional standards and the risk of issuing improper reports. It is not, however, an evaluation of the entire engagement. 

Firms perform EQRs for selected (usually high-risk) engagements. SQMS No. 2 requires EQRs for two types of engagements:

  1. When laws or regulations require an EQR for an audit or other engagement (which is rare)
  2. When a firm determines that an EQR is an appropriate response to one or more quality risks (which is common)

The second engagement type is one most firms will encounter, especially if it audits more complex entities such as banks. Why? Because such entities have estimates with a high degree of estimation uncertainty, making it higher risk. Additionally, an entity with significant going concern uncertainties will usually need an EQR, another example of a higher risk engagement.

Next, we’ll look at EQR criteria. 

EQR Criteria

Firms must create EQR policies and procedures defining the engagements requiring such reviews. The firm’s EQR criteria (see SQMS No. 1, A145) might include the following:

  • Types of engagements (e.g., audits)
  • Types of reports (e.g., Single Audits)
  • Types of entities (e.g., employee benefit plans)
  • Engagements with a high level of complexity or judgment (e.g., banks)
  • Engagements with recurring internal or external inspection findings
  • Engagements involving regulatory filing information 
  • Entities in emerging industries (e.g., artificial intelligence)
  • Entities for which the firm has no prior experience
  • Entities with public accountability characteristics (e.g., benefit plans)
  • Governmental entities, if large or complex

So, consider these criteria as you define which engagements will require an EQR. Create a firm policy for this purpose. 

Now, let’s consider the monitoring and remediation requirements.

2. Monitoring and Remediation

Firms perform a monitoring and remediation process, a component of the engagement quality control system. Another component is the risk assessment process. The QM system also includes the following six components:

  • Governance and leadership
  • Relevant ethical requirements
  • Engagement performance
  • Acceptance and continuance
  • Information and communication
  • Resources  

As we saw in my previous QM post, firms create quality objectives, quality risks, and responses for these six components (as a part of their risk assessment process). Once those are in place, firms must monitor them–and remediate deficiencies when noted. 

Monitoring activities may include in-process engagements and should include the inspection of completed engagements. These reviews may include engagements not subject to an EQR, such as those with lower risk (e.g., a client with no estimates or complex accounting). 

In-Process Reviews (Optional)

So, why might a firm review a lower-risk job while it’s in process as a part of monitoring? To see if the QM system is working. For instance, the reviewer might look at risk assessment documentation if the previous inspection revealed problems in this area. Additionally, the firm may want to look at a particular engagement partner’s work if that person had prior deficiencies. 

Completed Engagement Reviews (Required)

Firms should also perform inspections of completed engagements. The firm should review at least one completed engagement for each engagement partner on a cyclical basis (e.g., once every three years). 

Remediation

If a firm notes deficiencies, it will remediate the issues by planning and performing corrective steps. For example, suppose Single Audit engagements reviewed in monitoring did not have appropriate major program determination documentation. In that case, the firm might require that a designated reviewer look at this part of each future Single Audit file. The purpose of the step is to cure the deficiency. 

So, what’s the difference between EQRs and monitoring?

Differences in EQRs and Monitoring 

Engagement risk triggers an EQR, but monitoring has a broader perspective, one focused on the QM system as a whole. 

Engagement Reviews

So, EQRs occur based on the firm’s policies and procedures that define higher-risk jobs. If a firm has only three audits that meet the firm’s EQR criteria (as we previously discussed), then only those are subject to an EQR. 

But even if a firm has no EQR engagements (which would be unusual), it still needs to monitor its QM system. And that may entail reviews of in-process jobs. 

Other Components Monitoring

Additionally, monitoring includes reviews of the QM responses to the six components listed above. (Remember, the firm establishes quality objectives, quality risks, and responses for each of the components.) 

For example, a firm could test its hiring practices for the resource component’s response to a related quality risk. Or a firm might see if peer review findings are being communicated to relevant firm members as a test of the information and communication component. Notice these monitoring examples do not focus on a particular engagement (as an EQR does). 

EQR Findings Affect Monitoring and Remediation

Firms should communicate EQR findings, if any, to firm members. Such findings might lead to remedial action. For example, if the EQRs discover a need for more documentation related to estimates, the firm might require a second partner review of specific estimates (e.g., a bank’s allowance for loan losses). Then, the firm might monitor the response to see if the second review takes place. 

Next, we will discuss the importance of objectivity. 

Maintaining Objectivity

Reviewers need to be objective, whether in an engagement quality review or when monitoring. 

SQMS No. 1 (paragraph 40) requires firms to create policies and procedures that address the objectivity of individuals performing monitoring activities. Objectivity is enhanced when someone monitoring does not review their prior work (such as (1) serving as a member of the engagement team or (2) as an engagement quality reviewer). 

Self Review Threat

A self-review threat exists if a monitoring person reviews their previous work. For example, if the quality management director serves as the EQR person in the audit of ABC Company and then checks that job in the monitoring process, she examines her own work. Such a situation can adversely affect her objectivity. It would be better for another person (someone not a part of the ABC Company audit engagement team or who did not serve as the engagement quality reviewer) to look at that engagement during monitoring. 

EQR in Stages

So, can the person performing the EQR do so at different engagement stages (e.g., beginning, middle, end) or only after the file is complete? You can do either. Consider doing that which lessens your risk the most. 

If the EQR person reviews the engagement at stages (e.g., beginning, middle, end), can they be objective? Yes, as long as they don’t make engagement decisions. For example, they can review and sign off on planning but can’t tell the engagement team how to plan the job. In another example, the EQR person can review risk assessment, but they can’t make those decisions.

Firms are not required to perform EQRs in stages, but they can. Alternatively, the firm might decide to do the EQRs once the engagement is finished. 

Safeguards

SQMS No. 1 states it does not preclude self-inspection. Nevertheless, it says self-review leads to a higher risk that noncompliance with policies and procedures may occur. It is best to remove self-inspection, but if this is not possible, the firm may provide safeguards (actions to reduce the self-review threat) such as the following:

  • Promote continuing professional education and provide training programs to ensure that personnel are current in accounting, auditing, and QM standards
  • Require the use of peer review or other inspection checklists in the monitoring work
  • Provide training about proper monitoring procedures
  • Perform the self-inspection after some time has passed since the completion of the engagement

Responses to Quality Risks

Additionally, the firm’s responses to certain quality risks (as developed in the risk assessment process) may be helpful, such as the following:

  • Develop strong client acceptance and continuance policies that require the firm to have the competence and time to perform the engagement
  • Create a consultation policy that requires the engagement team to consult with another person (e.g., external or internal CPA) when they encounter difficult accounting and auditing issues
  • Take corrective action to cure issues noted in internal monitoring, EQRs, peer review, or other outside reviews (e.g., DOL inspection)
  • Require the use of an outside service provider to perform EQRs when deficiencies were previously noted (e.g., in peer review) or the firm or its environment changes (e.g., the firm starts auditing a client in a new industry)
YouTube player

Summary

So, engagement characteristics trigger EQRs, and firms need to perform monitoring and remediation, regardless of the EQRs. Furthermore, firms perform EQRs at the engagement level, but monitoring and remediation focuses on the QM system as a whole. 

As you prepare for the new QM standards, consider if you have the personnel to perform the EQRs and monitoring. You may need to hire new staff or contract with external CPAs. 

Finally, if there are objectivity threats from self-review, your firm may need safeguards such as using a peer review checklist in performing a cold engagement review. Strong quality risk responses are also helpful.

quality management
Oct 13

AICPA Quality Management: Why You Need to Start Now

By Charles Hall | Auditing

All firms performing any engagement in an accounting and auditing practice must comply with the new Quality Management (QM) standards, including SQMS No. 1 and SQMS No. 2.

Your quality management system must be designed and implemented by December 15, 2025.

Then, after your new QM process is in place for one year, your managing partner (or other persons with ultimate QM system responsibility) will conclude whether the QM system provides reasonable assurance that objectives are being achieved.

Start your work on this implementation as soon as you can, especially if you perform more complex engagements such as audits and attestations. 

In this article, I explain why quality management is essential, and then I summarize SQMS No. 1 (the firm’s system of QM) and SQMS No. 2 (engagement quality reviews).

I also provide this video (an interview with Jennifer O’Neal) that provides an overview of the QM standards and information about how to get started. 

YouTube player

Why Quality Management?

The purpose of the QM Standards, issued by the American Institute of Certified Public Accountants (AICPA), is to assist accountants with compliance (with professional standards). The QM standards assist with the following:

  1. Compliance with professional standards and
  2. Issuance of appropriate engagement reports

And when firms comply with professional standards and issue correct reports, their peer review results should be good. 

An unstated benefit of the QM standards is risk management (avoiding loss through legal suits). These standards (when used appropriately) lessen the probability that a firm will be sued for deficient work. How? By helping firms identify QM system and engagement deficiencies. Thereafter, firms can create responses to improve their work.

My main point here is the QM standards help protect your accounting firm, lessening the potential for future harm (whether from peer review failures or legal loss).

QM Standards

The QM standards are made up of the following:

Standard Abbreviation Title
Statement of Quality Management Standards No. 1 SQMS No. 1 The Firm’s System of Quality Management
Statement of Quality Management Standards No. 2 SQMS No. 2 Engagement Quality Reviews
Statement of Quality Management Standards No. 3 SQMS No. 3 Amendments to QM Sections 10, A Firm’s System of Quality Management, and 20, Engagement Quality Reviews
Statement on Auditing Standards No. 146 SAS 146 Quality Management for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards
Statement on Standards for Accounting and Review Services 26 SSARS 26 Quality Management for an Engagement Conducted in Accordance With Statements on Standards for Accounting and Review Services

This article addresses SQMS No. 1 and SQMS No. 2.

SQMS No. 1 – The Firm’s System of QM

SQMS No. 1 addresses how a firm’s system of quality management operates and specifies eight components:

  1. Risk assessment process
  2. Governance and leadership
  3. Relevant ethical requirements
  4. Acceptance and continuance
  5. Engagement performance
  6. Resources
  7. Information and communication
  8. Monitoring and remediation process

(1) Risk assessment and (2) information and communication are new components; they were not included in the prior quality control standards. 

Risk assessment, as well as monitoring and remediation, are processes. So, you will not establish quality objectives, quality risks, and responses for these. 

Risk Assessment: Most Significant Change

The risk assessment component is the most significant change. Firms are required to do the following for the six components listed below:

  1. Establish quality objectives
  2. Identify and assess risks to achieving the quality objectives and
  3. Design and implement responses to address the quality risks

Here’s an example:

  1. A quality objective might be that consultation occurs when there are complex or contentious matters.
  2. The risk could be that firm personnel do not consult with persons in or outside the firm regarding complex or contentious issues.
  3. The risk response could be, for example, that the engagement partner is responsible for consultations and documentation.

SQMS No. 1 requires that firms establish quality objectives, quality risks, and responses (the risk assessment process) for the following components:

  1. Governance and leadership
  2. Relevant ethical requirements
  3. Acceptance and continuance
  4. Engagement performance
  5. Resources
  6. Information and communication

Monitoring and Remediation

After establishing objectives, risks, and responses for these six components, the firm will create a monitoring and remediation process. In doing so, firms will consider the reasons for quality risk assessments, the designed responses, changes in the QM system, the results of previous monitoring, and other relevant information such as peer review information.

Holistic QM System

The QM standards are a holistic approach to ensure (1) that firms comply with professional standards and (2) issue appropriate reports. Develop your objectives, risks, and responses in light of these objectives. The eight components should dovetail. In other words, they should work together.

Additionally, the QM system is organic (or at least, it should be). As changes occur in your firm’s accounting and auditing engagements or how it operates, you will reassess your overall system to see if it needs changing.

No longer will we create static quality control documents that sit on the shelf. Real-time changes make sense: your responses (actions to lessen risk) should change as your risks change.

Scalable QM System

The QM system is also scalable. For smaller firms with fewer risks, the QM documentation will be less than that of more complex CPA firms.

Think of a firm that does compilation engagements and nothing else; this firm’s chance of noncompliance with professional standards and issuing incorrect reports is generally less than that of a firm performing audits or attestation services. So, the smaller firm’s QM system will be simpler.

The QM system is like an accordion, expanding for more risk and compressing for less risk.

So, who is responsible for the QM system?

Persons Responsible for QM System

SQMS No. 1 states that your firm will assign ultimate responsibility and accountability to your managing partner, CEO, or managing board. This person or board will evaluate the QM system at a point in time (at least annually) and conclude whether the QM system provides reasonable assurance that objectives are being met.

The conclusion will include one of the following:

  1. The QM system provides reasonable assurance that the system’s objectives are being achieved.
  2. Except for matters related to identified deficiencies, the QM system provides reasonable assurance that the system’s objectives are being achieved.
  3. The QM system does not provide reasonable assurance that the objectives of the QM system are being achieved.

If 2. or 3. is in play, the firm should take prompt and appropriate action and communicate to engagement teams and QM personnel as needed.

SQMS No. 1 also says that firms will assign operational responsibility for the QM system to someone such as a QM partner or director. The person with operational responsibility oversees:

  • Compliance with independence standards
  • Monitoring and remediation process

So, does this person have to perform all QM duties? No, the person with operational responsibility can delegate specific responsibilities to other firm members, such as independence monitoring. Even so, the person with operational responsibility is still responsible for the QM system operations (in this example, independence monitoring).

The standard creates accountability by defining who is responsible for what. In most firms, the managing partner has ultimate responsibility, and the quality control partner/director has operational responsibility. Also, SQMS No. 1 states that the firm should perform periodic performance evaluations of these persons.

QM System Documentation

The firm should document its QM system, including:

  • Person(s) with ultimate responsibility
  • Person(s) with operational responsibility
  • Quality objectives
  • Quality risks
  • Responses
  • How quality risks are addressed
  • Monitoring activities
  • Evaluation of findings
  • Evaluation of identified deficiencies (and their root causes)
  • Remedial actions
  • Communications about monitoring and remediation
  • Conclusions reached
  • Basis for conclusion

This documentation should be retained long enough for the firm and its peer reviewer to monitor the QM system (and to meet any legal and regulatory requirements).

For higher-risk engagements, firms may need an engagement quality review.

Engagements Subject to Engagement Quality Reviews

SQMS No. 1 requires that firms establish policies and procedures that address engagement quality reviews in accordance with SQMS No. 2. Engagement quality reviews are required for the following:

  • Audits or other engagements requiring an engagement quality review due to laws or regulations
  • Audits or other engagements as a response to quality risks as defined by the firm

Not all engagements are subject to an engagement quality review. Riskier engagements (as defined by the firm; see SQMS No. 1 criteria) are more likely to be subject to an engagement quality review.

Next, we look at SQMS No. 2, Engagement Quality Reviews.

SQMS No. 2 – Engagement Quality Reviews

An engagement quality review (EQR) is an objective evaluation of the engagement team’s significant judgments and conclusions. It is not an evaluation of the entire engagement. The review is done at the engagement level, and an engagement quality reviewer performs the EQR before the engagement report is released.

So, who can be an engagement quality reviewer (EQ reviewer)? An engagement quality reviewer can be a:

  • Partner
  • Another individual in the firm, or
  • Someone external to the firm

EQ Reviewer Requirements

The EQ reviewer should understand SQMS No. 2 and apply the requirements. The firm will also define the EQ reviewer qualifications in its policies and procedures, namely that this person must have the competence, capability, and time to perform the review and that the person will be objective.

EQR Policies and Procedures

EQR policies and procedures should address the following:

  • Require the EQ reviewer to take overall responsibility for the EQR
  • Require the EQ reviewer to take overall responsibility for the supervision of persons assisting with the EQR
  • The EQ reviewer (and anyone assisting this person) can’t be a member of the audit team
  • The EQ reviewer (and anyone assisting this person) must have sufficient competence, capabilities, and time to perform their duties
  • The EQ reviewer (and anyone assisting this person) must comply with relevant ethical requirements and laws and regulations
  • Circumstances in which the EQ reviewer’s discussion with the engagement team gives rise to an objectivity threat and actions to take when this happens
  • Circumstances in which the EQ reviewer’s eligibility is impaired, including how a replacement reviewer will be chosen
  • Performance of EQRs during the engagement
  • A prohibition from releasing an engagement report until the EQ reviewer notifies the engagement partner that the EQR is complete

SQMS No. 2 also provides EQR performance requirements.

EQR Performance

The EQR performance should include the following:

  • EQ reviewer talks with the engagement partner (and team, if needed) about significant matters and significant judgments
  • EQ reviewer reviews communications regarding the nature and circumstances of the engagement and the entity
  • EQ reviewer considers the firm’s monitoring and remediation process, including deficiencies relating to significant judgment areas
  • EQ reviewer reviews significant judgment documentation, including the basis for the judgment, and determines:
  • Whether the documents support the conclusion
  • Whether the conclusions are appropriate
  • EQ reviewer evaluates the basis for the engagement partner’s independence determination when applicable
  • EQ reviewer should evaluate whether an appropriate consultation took place for difficult or contentious matters
  • EQ reviewer should determine whether the engagement partner was sufficiently involved when the engagement is subject to generally accepted auditing standards (if not, the engagement partner may not have a sufficient basis for determining that significant judgments and conclusions are appropriate)
  • EQ reviewer should review the financial statements and reports for audits and review engagements
  • EQ reviewer should review the engagement report and the subject matter information (when applicable) for engagements other than audits and review engagements
  • EQ reviewers should notify the engagement partner when they have concerns about significant judgments and conclusions
  • EQ reviewer should notify the engagement partner when the engagement review is complete

SQMS No. 2 includes documentation requirements. Let’s see what those are.

EQR Documentation

The EQR documentation should include:

  • Policies and procedures requiring the EQ reviewer to take responsibility
  • Evidence of the EQ review in the engagement file
  • Names of the EQ reviewers
  • Identification of the engagement reviewed
  • Whether the EQR complies with SQMS No. 2
  • Evidence that the engagement is complete
  • Notification that the reviewer has concerns about judgments and conclusions, if applicable
  • Notification from the EQ reviewer to the engagement partner that the review is complete

EQR Findings

It’s a good idea—though not required by standards—to capture EQR findings in a summary document (e.g., Excel or a database). Then, the firm can use this information in planning and performing its monitoring duties. 

EQR is Scalable

The EQR is scalable depending on the engagement, entity’s nature, and circumstances. Again, less risk will result in less work and documentation than riskier engagements. Fewer significant judgments will likely mean fewer EQR procedures.

Given the EQ reviewer’s involvement, can the engagement partner’s work be reduced? The short answer is no. 

EQR’s Effect on Engagement Partner Responsibilities

The EQR does not change the engagement partner’s responsibilities. For example, an engagement partner should review judgment areas such as complex estimates even though the EQ reviewer does the same.

How EQRs Relate to Monitoring and Remediation

You may be wondering how EQRs relate to monitoring and remediation. For instance, can the person performing an EQR also perform the monitoring on the same engagement? Find in this related article

Conclusion

In conclusion, the QM standards are no small change. As you can see from the above, you have a great deal of work before you. This is especially true if you perform riskier audits and attestation engagements. So, start working on this transition as soon as possible. That way, you’ll have everything in place by December 15, 2025.

The most challenging part of this change is the risk assessment process. You need to document your quality objectives, quality risks, and responses for the six components (those that are not processes, i.e., risk assessment and monitoring) listed above.

Finally, consider whom you will assign the QM system operational responsibility. This person must have the competence, capability, and time to comply with the standards. You may need to hire someone to fill this role or contract with someone outside your firm.

audit or tax
Aug 04

Audit or Tax, Which is the Better Job?

By Charles Hall | Accounting and Auditing , Auditing

Should you work in tax or audit?

If you're near graduation, you may wonder, "Which is best for me? Tax or audit?”

In this article, I provide questions and facts for you to consider as you decide. This decision is one of the most important ones you'll make in your career. 

Audit or tax decision

Tax and Audit Career Decision


Here are some thoughts about that decision:

1. Do you like subjectivity or objectivity? Audits tend to have more subjective elements like risk assessment. Tax, on the other hand, tends to be more objective (it's compliance-oriented).

2. Are you willing to work long hours for four months each year? Tax season is an annual marathon. Auditing also has busy seasons, depending on the industries your firm services, but you can more easily distribute your workload in audits.

3. Do you like to travel? Audits usually involve some travel. Tax CPAs spend most of their time in the office, though not all.

4. Do you like accounting? If you work in public accounting, you must understand accounting well to do audits (and other A&A work). You also need to understand accounting for tax purposes, but tax work is more compliance-oriented.

5. Do you like saving individuals and companies money? Tax allows you to have a direct impact on taxes paid (and your clients will love you if you can save them money).

6. Do you like short-term or long-term projects? Tax work tends to be short-term, and audit work tends to be long-term. For instance, you might complete a tax return in four or five hours (sometimes less). Audits can take several hundred hours.

7. Do you like technology? Audits can involve technology more than tax work, though this is a generalization. With audits, you might, for example, use data mining software or Excel for advanced purposes.

Tax and Audit Compensation


You may be wondering which field offers the more significant compensation opportunities. I've seen auditors and tax folks make plenty of money through the years. So, you can do well with either. But being in the field best suited to you will enhance your ability to generate income. Why? Because happy people are more productive and effective. That's one reason choosing the right field--tax or audit--is critical.

Tax and Audit Work Hours


If you've worked in public accounting, you've seen tax people working late into the evenings and on weekends throughout tax season. The tax deadlines lead to compressed work schedules, especially in the early part of the calendar year. But tax people usually get relief in the summer or late in the year.

Audit personnel tend to have steadier workloads, though their work can also be seasonal. For instance, if you work with a firm that does governmental audits, there may be a substantial number of engagements with June 30 and September 30 year-ends, leading to increased workloads later in the calendar year. So check with the firms you interview with to see how the audit workloads vary.

Talk to Auditors and Tax Persons

Talking to auditors and tax people with real-world experience will give you more insight than almost anything you can do. Make a list of questions and ask them as you interview prospective CPA firms.

Learn About Auditing

If you want to learn about auditing quickly, check out my book The Why and How of Auditing on Amazon. 

CECL’s Impact on Private Companies
Jun 24

CECL’s Impact on Private Nonbank Companies

By Charles Hall | Accounting and Auditing

What is CECL’s impact on private nonbank companies? 

This article provides an overview of how CECL might impact your nonpublic (private company) financial reporting including your numbers and disclosures.

CECL’s Impact on Private Companies

An Overview of CECL

The Current Expected Credit Losses (CECL) model was introduced by the Financial Accounting Standards Board (FASB) through Accounting Standards Update (ASU) No. 2016-13, "Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments."

ASU 2016-13 was issued in June 2016 and it replaced the previous incurred loss impairment methodology with the CECL methodology. The new model requires more timely recognition of credit losses associated with financial instruments.

Effect on Nonbank Entities

Most nonbank entities have financial instruments or other assets (such as trade receivables, lease receivables, and held-to-maturity debt securities) that are subject to the CECL model.

Because financial assets of nonbanks tend to be held for a shorter duration than those of banks, nonbanks will generally be less affected by the new CECL standard.

According to Deloitte, many nonbank entities have disclosed that the impact of the new CECL standard is immaterial to their financial statements or did not disclose the adoption of the new CECL standard at all.

Nonpublic companies may use simpler methods for estimating expected credit losses and making forecasts about the future (as compared to public companies), as long as those methods are reasonable and supportable. They may also have more flexibility in the types of information they consider and the ways they document their estimates.

However, they will still need to comply with the basic principles of the CECL model, including the requirement to estimate expected credit losses over the life of the financial instruments.

Changes in Disclosures

The CECL standard introduces principles-based disclosure requirements, giving entities flexibility to determine the nature and extent of the information to be disclosed.

Entities are required to provide sufficient information to enable users of their financial statements to understand the credit risk inherent in a portfolio, management's estimate of expected credit losses, and changes in the estimate of expected credit losses that have taken place during the period.

CECL

Changes in Allowance for Uncollectibles

Under the CECL model, an entity recognizes its estimate of expected credit losses as an allowance, which incorporates forward-looking information and eliminates barriers to the timely recognition of losses under legacy incurred loss models. This is a significant shift from the previous incurred loss model, which only recognized losses when they were incurred.

Effective Dates for CECL Standard

The guidance became effective on January 1, 2023, for private companies. Public business entities that meet the SEC’s definition of smaller reporting companies and have a calendar year-end have the same effective date, January 1, 2023.

>