AICPA Works on Fixing Employee Benefit Plan Audit Problems Ahead of Damaging Report
The American Institute of CPAs is pushing to improve the quality of employee benefit plan audits, in part by discouraging unqualified firms from offering the service, in advance of an upcoming report from the U.S. Department of Labor that is expected to find continuing problems with the quality of one-third of the audits.
The Labor Department is expected to issue a study of employee benefit plan audit quality sometime in the near future, according to AICPA officials who spoke with Accounting Today this month. Based on public comments that the DOL has made ahead of the release of the periodic report, the results will be disappointing for many of the CPA firms that specialize in such audits. But the AICPA stressed that it has been working to address those concerns, having established an Employee Benefit Plan Audit Quality Center over a decade ago to advise firms on how to improve their audits in accordance with the Employee Retirement Income Security Act of 1974, often referred to as ERISA audits.
“The Department of Labor performs audit quality studies periodically,” said AICPA senior vice president for public practice and global alliances Sue Coffey. “They’ve been doing it for several decades now. About 18 months ago, they began another one. We don’t know much about what the results are other than what they have publicly said, but they publicly stated that more than one-third of the audits they looked at have quality issues. At the AICPA poor audit work is always unacceptable. It’s something that we take very seriously. There’s a lot we’re doing to address the issue.”
The AICPA was aware of the latest study once the Labor Department undertook it, and for the past 18 months the Institute has been reviewing its own systems to identify potential improvements and reforms.
“Some of them began well before this study even started, and some admittedly are as a result of what we’ve heard from Labor in terms of their quality issues, and what we see in our peer review program and in our own ethics enforcement program,” said Coffey.
For example, the AICPA has been reviewing the CPA Exam to make sure it tests the appropriate knowledge and competencies of candidates.
“It’s not just the content, but also the technology around it, making sure we have the right technology to actually test for competency,” said Coffey. “Obviously we want the best and brightest people doing this type of work.”
The AICPA has been doing more training on ERISA audits and plans to issue a competency framework in the next few weeks for employee benefit plan auditing. There will also be related tools to help practitioners assess their level of competency and, where they might have shortcomings, fill in those gaps, according to Coffey. Early next year, the AICPA intends to launch a certificate program in this area of practice so practitioners can demonstrate their competency.
The AICPA prefers to help firms remediate their problems and build a quality practice in employee benefit plan auditing, while aggressively checking their work via follow-up visits. However, some firms come to realize that the work is just not for them. In instances where firms simply aren’t qualified and don’t have the capabilities to audit employee benefit plans, the AICPA will encourage them to move to other areas of practice.
In addition to the Employee Benefit Plan Audit Quality Center, the AICPA has established a Center for Plain English Accounting, which is designed for small firms to talk with other practitioners about the challenges they may be facing with various auditing and accounting issues, including employee benefit plan audits.
The AICPA has also been taking a closer look at its auditing and quality control standards. The Institute recently completed a years-long project of clarifying its auditing and quality control standards. It plans to assess the implementation of both sets of standards and see where greater specificity might be needed.
“That’s in the process now, and you’ll probably be seeing some interpretations coming out around engagement acceptance and competence in order to drive quality at the front end of an audit,” said Coffey.
The AICPA is stepping up its efforts in the practice-monitoring area as well. “We’ve got a number of things going on, both from a short-term and long-term perspective,” said Coffey. “Our short-term enhancements are primarily focused on firms that perform few audits in certain industries. We’ve identified high-risk industries of employee benefit plans and governments as well as a couple of others. We’re re-focusing our efforts on the greatest risks.”
Besides the risks inherent in employee benefit plans, there are risks in financial statements, such as assessing the fair value of some investments.
The AICPA has engaged experts who are helping evaluate the peer review process and doing more root cause analysis of both problems and achievements.
“When I’m talking about root cause, I’m actually looking at it from a good and a bad perspective,” said Coffey. “What are the areas that our members are particularly challenged in, but what are the good firms actually doing right and how can we take that and replicate it and help firms that are challenged do a better job?”
Last December the AICPA issued a concept paper on a new vision for practice monitoring that, as envisioned, would detect and correct deficiencies on more of a real-time basis and, in some instances, perhaps even before an audit report is issued. The paper is currently out for consultation with a comment period ending sometime in mid-June. The AICPA will then evaluate the feedback it receives and modify the concept to build more of a more real-time approach to how it actually evaluates the work of CPA firms, according to Coffey.
The AICPA’s Professional Ethics Division has a longstanding collaborative relationship with the Department of Labor in enforcing audit quality. “When they see issues, they make referrals to our Professional Ethics Division for evaluation,” said Coffey. “They are doing this with their audit quality findings, and we are aggressively and expeditiously investigating those referrals.”
She emphasized, however, that while the AICPA has been finding issues similar to the Department of Labor in terms of audit quality, it has not found any cases where the plan assets available to pay benefits are materially misstated. The DOL is expected to warn in its report that participants and plan assets may be at risk, but the AICPA disagrees.
Ian McKay, director of federal regulatory affairs at the AICPA’s D.C. office, who oversees the Employee Benefit Plan Audit Quality Center, acknowledged that the AICPA’s practice monitoring and peer review officials do see some troubling issues with audits of employee benefit plans. But he added that the AICPA has not seen instances where the assets that are reported in a plan’s financial statements that are available to pay benefits were materially misstated.
“They do find where auditors have not performed all of the steps that need to be done following the audit guide,” said McKay. “The nature of the findings will vary. Some are a few deficiencies, a few procedures not done, and some have done very little. It’s really important that the [plan] sponsor hire a quality auditor that knows how to audit their kind of plan. The types of benefit plans are quite different, between a defined benefit plan and a 401(k) plan, a health and welfare plan.”
Auditors need to have the proper training to handle various types of benefit plans. “There are some practitioners that just need our help to do it right, and other practitioners who just don’t understand the environment and they should probably not be hired to do a plan audit,” said McKay. “They may be very capable of doing the company audit, or maybe not. The nature of the deficiencies really relates to the required procedures in the guide, starting with planning, risk assessment, testing contributions, investments, benefits. It will really depend on the nature of the plan and how good of an auditor is doing the work.”
The AICPA’s Enhancing Audit Quality Initiative has a special focus on employee benefit plan audits, but also encompasses other types of audits.
The Public Company Accounting Oversight Board has been working on its own project for developing audit quality indicators and some officials have expressed reservations about the profession creating its own indicators, as the Center for Audit Quality has been doing. But the AICPA sees the need to improve audit quality through its own initiatives and peer review process, even though regulators like the PCAOB and the Labor Department are hesitant to go back to the pre-Sarbanes-Oxley days when the profession was simply regulating itself.
Coffey noted that during the peer review process, one firm is engaged by another to evaluate the design of its system of quality control and the firm’s compliance with it. But there are other oversight elements as well, she pointed out, including state boards of accountancy that oversee peer review programs in a given state.
The AICPA’s Employee Benefit Plan Audit Quality Center is a voluntary membership organization with approximately 2,300 firms as members. “Since its inception we have in place mandatory membership requirements,” said McKay. “One of them requires firms to do a self-inspection as part of their monitoring, and that’s unique. But we do terminate and have terminated hundreds of firms for not giving us assurances that they’re in compliance with the requirements or if they’re not in compliance.”
Recently, the AICPA was in the process of terminating 45 firms from the membership of the Audit Quality Center. “We want them to demonstrate their commitment to quality, and if they don’t, we don’t think they should be in the Quality Center,” said McKay.
He noted that the firms were not being terminated for audit deficiencies. “They’re being terminated because they’re not asserting their compliance with our requirements, which include inspections, public peer review reports, having specific quality policies for benefit plan practice, having a partner in charge of their benefit plan practice, having specific minimum CPE every CPE cycle, things of that sort,” he said.
Some firms opt to leave the Employee Benefit Plan Audit Quality Center because they have stopped their ERISA practice, McKay pointed out, in part because of the increasingly tougher standards for benefit plan audits. Currently more than 83,000 benefit plan audits are performed annually by approximately 7,300 firms.
While some of the new requirements are still under consideration and will be phased in over time, the AICPA already has several in place for this peer review season, which generally runs from May to December. This year, the AICPA will be focusing more on the firms that only do a handful of employee benefit plan audits, while also doing enhanced oversight, engaging experts to dig deeper into certain areas.
Among the issues that auditors need to watch for are signs of possible fraud. “Auditors can find fraud in benefit plans,” said McKay. “The Department of Labor has some interesting criminal cases of fraud investigations that we’ve summarized at the quality center. It’s fair to say, most of the criminal cases really relate to small plans, meaning they’re not audited. They’re under the threshold. The audit threshold for benefit plans under the ERISA statute is generally 100 participants. A lot of the fraud will occur in small plans owned by a small business or an owner. There are no controls, no segregation of duties, nor an audit.”
Some plans invest in risky types of assets. “That’s not necessarily fraud, but certainly plans have to follow the prudent rules of investment,” said McKay. “They’ll have a diverse portfolio, but more and more plans are getting into so-called ‘alternative’ investments, particularly in the defined benefit plans more so than traditional 401(k) plans, and they are difficult to value. In the benefit plan world, under the ERISA statute, there is a provision for something called a ‘limited scope audit,’ where the plan administrator can direct the auditor not to test those investments, if they are held by a regulated bank or insurance company and are certified, so nobody is really, from an external independent view, checking on the validity of those investments and if they’re properly reported, even the difficult to value investments.”
As part of the AICPA’s upcoming enhancements to the peer review process, Coffey noted, it is refocusing its efforts on those firms that only do a few engagements in very specialized areas, including employee benefit plan audits and governmental services. “Those efforts will look harder at the engagements and, where there are issues, will have very meaningful remediation efforts associated with them,” she said. “And if the firms don’t remediate, they would be expelled from the AICPA as an organization and a referral would be made to the state board of accountancy.”