Employee Benefit Plan Audit Peer Reviews

Transcription

1 Presenting a live 110-minute teleconference with interactive Q&A Employee Benefit Plan Audit Peer Reviews Preparing for Risk Assessment, Control Document Inspection, and Other Peer Reviewer Concerns THURSDAY, MAY 30, pm Eastern 12pm Central 11am Mountain 10am Pacific Today s faculty features: James Merklin, Partner, Bober Markey Fedorovich, Akron, Ohio Jessie Kanter, Manager, BlumShapiro, Providence, R.I. Rose Ann Abraham, Senior Manager, Baker Tilly Virchow Krause, Chicago For this program, attendees must listen to the audio over the telephone. Please refer to the instructions ed to the registrant for the dial-in information. Attendees can still view the presentation slides online. If you have any questions, please contact Customer Service at ext. 10.

2 Tips for Optimal Quality Sound Quality Call in on the telephone by dialing and enter your PIN when prompted. If you have any difficulties during the call, press *0 for assistance. You may also send us a chat or sound@straffordpub.com immediately so we can address the problem. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

3 Continuing Education Credits FOR LIVE EVENT ONLY Attendees must stay on the line throughout the program, including the Q & A session, in order to qualify for full continuing education credits. Strafford is required to monitor attendance. Record verification codes presented throughout the seminar. If you have not printed out the Official Record of Attendance, please print it now (see Handouts tab in Conference Materials box on left-hand side of your computer screen). To earn Continuing Education credits, you must write down the verification codes in the corresponding spaces found on the Official Record of Attendance form. Please refer to the instructions ed to the registrant for additional information. If you have any questions, please contact Customer Service at ext. 10.

4 Program Materials If you have not printed the conference materials for this program, please complete the following steps: Click on the + sign next to Conference Materials in the middle of the lefthand column on your screen. Click on the tab labeled Handouts that appears, and there you will see a PDF of the slides and the Official Record of Attendance for today's program. Double-click on the PDF and a separate page will open. Print the slides by clicking on the printer icon.

5 Employee Benefit Plan Audit Peer Reviews Seminar May 30, 2013 Jessie Kanter, BlumShapiro Rose Ann Abraham, Baker Tilly Virchow Krause James Merklin, Bober Markey Fedorovich

6 Today s Program Preparing For The Peer Review [Jessie Kanter and Rose Ann Abraham] Slide 8 Slide 23 Issues With Documentation [James Markey] Slide 24 Slide 36 Areas Of Common Errors And Deficiencies [Jessie Kanter] Slide 37 Slide 50 Approach With The Review Team [Rose Ann Abraham] Slide 51 Slide 61

7 Notice ANY TAX ADVICE IN THIS COMMUNICATION IS NOT INTENDED OR WRITTEN BY THE SPEAKERS FIRMS TO BE USED, AND CANNOT BE USED, BY A CLIENT OR ANY OTHER PERSON OR ENTITY FOR THE PURPOSE OF (i) AVOIDING PENALTIES THAT MAY BE IMPOSED ON ANY TAXPAYER OR (ii) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY MATTERS ADDRESSED HEREIN. You (and your employees, representatives, or agents) may disclose to any and all persons, without limitation, the tax treatment or tax structure, or both, of any transaction described in the associated materials we provide to you, including, but not limited to, any tax opinions, memoranda, or other tax analyses contained in those materials. The information contained herein is of a general nature and based on authorities that are subject to change. Applicability of the information to specific situations should be determined through consultation with your tax adviser.

8 Jessie Kanter, BlumShapiro Rose Ann Abraham, Baker Tilly Virchow Krause PREPARING FOR THE PEER REVIEW

9 DOL Emphasis On Deficiencies 80,000 plan audits 9,231 firms conducting audits $5.5 trillion in plan assets under audit 9

10 DOL Emphasis On Deficiencies (Cont.) Firms conducting >100 audits 83 CPA firms (less than 1%) 30,000 audits (38% of audits) $4.2 trillion in plan assets (76% of plan assets) 10

11 DOL Emphasis On Deficiencies (Cont.) Firms conducting <100 audits 9,148 CPA firms 50,000 audits $1.3 trillion in plan assets 11

12 DOL Emphasis On Deficiencies (Cont.) 12

13 DOL Emphasis On Deficiencies (Cont.) DOL has generally focused on gaining comfort on the largest percentage of plan assets as possible. They understand that most deficiencies occur within the dabblers. The emphasis has changed to focus more on the dabblers. 13

14 DOL Inspections Firm inspections Mini-inspections Small practice inspections (desk reviews) 14

15 DOL Inspections (Cont.) High-risk audit engagements Multi-employer plans (DC and DB) Defined benefit plans ESOPs Health and welfare plans 15

16 Unique Reporting Requirements I. Users of the financial statements A. Participants B. Plan sponsor C. Department of Labor D. IRS II. GAAP financial statements are required. However, there is an additional layer of regulatory reporting requirements. A. Department of Labor reporting requirements B. IRS reporting requirements III. Peer reviews require adherence to all of the above reporting requirements. 16

17 Unique Reporting Requirements: Peer Review Requirement I. General licensed firms have a peer review requirement II. A. The report acceptance body (RAB) is either: 1. State peer review committee 2. AICPA Peer Review Board s National Peer Review Committee B. SEC registrant s plans are not subject to peer review. C. All engagements subject to GAAS, SSARS, SSAE and GAGAS; and non-sec issuers are subject to peer review. Fiscal year-ends Peer review is due six months after FYE; this affects plans being reviewed. 17

18 Unique Reporting Requirements: General Comments Related To Peer Review III. AICPA Audit Quality Center: Peer review practice monitoring task force for employee benefit plans 18 A. Formed to focus specifically on enhancing the peer review quality for EBP audits, as these are considered high risk engagements B. Recent activities 1. Revised PRP Sect. 20,700 EBP audit engagement checklist (discussed later) 2. Approved 403(b) specific questions added to the engagements checklists 3. Additional CPE trainings and webinars offered C. AICPA staff meet with DOL representives on a quarterly basis.

19 Verification Code #1 TAXYEC Note: Answers MUST be submitted on your Official Record of Attendance form used for continuing education credit. If you have not already printed one, the form is posted in the Handouts tab in the Conference Materials box in the left-hand side of your screen.

20 Unique Reporting Requirements: Applicable Guidance Related To Peer Review I. Peer review guidance A. AICPA Revised Interpretation PR Sect. 9100: Standards for performing and reporting on peer reviews 2. Interpretations of Sect Systems review and engagement peer reviews B. Peer Review Alert 11-03: Enhanced peer review guidance for the review of employee benefit plan audit engagements II. AICPA Employee Benefit Plan Audit Quality Center A. Audit checklist B. Q&A 20

21 Unique Reporting Requirements: Applicable Guidance Related To Peer Review (Cont.) III. AICPA Revised Interpretation 59-1 Consideration for selection: A. Reasonable cross-section of the reviewed firm s accounting and auditing practice B. Emphasis on higher-risk practice areas 1. Risk of engagements and types of benefit plans as part of the selection criteria 2. Limited vs. full scope 3. Types of plans (DC, DB, H&W and 403(b) plans) C. Firm s length of experience and number of audits performed, member s experience and CPE/specialized training 21

22 Unique Reporting Requirements: Applicable Guidance Related To Peer Review (Cont.) IV. Peer Review Alert Unique risk associated with each type of plan A. Defined contribution B. Defined benefit C. Health and welfare 22

23 Unique Reporting Requirements: Applicable Guidance Related To Peer Review (Cont.) V. AICPA Employee Benefits Plan Audit Quality Center A. History DOL Office of Inspector General report finds 23% of audits fail to meet professional standards : Seemed that audit quality was getting worse and spreading to the largest CPA firms 3. EBPAQC established 2004 B. Resource for EBP auditors as well as clients C. Checklists for peer review 1. Tool used to evaluate engagements 2. Detail review for each section of the audit 23

24 James Markey, Bober Markey Fedorovich ISSUES WITH DOCUMENTATION

25 Issues With Documentation AU-C Sect. 230 (SAS 122/123) Clarified standards - effective for periods ending after 12/15/12 Purposes of audit documentation: Evidence of the auditor s basis for a conclusion about the achievement of the overall objectives Evidence that the audit was planned and performed in accordance with GAAS and applicable legal and regulatory requirements. Assisting members of the engagement team responsible for supervision to direct and supervise the audit work and to discharge their review responsibilities Enabling the engagement team to demonstrate that it is accountable for its work, by documenting the procedures performed 25

26 Issues With Documentation (Cont.) AU-C Sect. 230 (SAS 122/123), Cont. Retaining a record of matters of continuing significance to future audits of the same plan Enabling the conduct of quality control reviews and inspections Enabling the conduct of external inspections or peer reviews in accordance with applicable legal, regulatory or other requirements Assisting an auditor who reviews a predecessor auditor's audit documentation Assisting auditors in understanding the work performed in the prior year as an aid to planning and performing the current engagement 26

27 Issues With Documentation (Cont.) AU-C Sect. 230 (SAS 122/123), Cont. Audit documentation should document sufficiently to enable an experienced auditor having no previous connection to the audit to understand: The nature, timing and extent of audit procedures performed to comply with GAAS and applicable legal and regulatory requirements The results of the audit procedures performed and the audit evidence obtained Significant findings or issues arising during the audit, conclusions reached, and significant judgments made in reaching conclusions The identifying characteristics of the specific items or matters tested Who performed and reviewed the audit work, and the date such work was completed. 27

28 Issues With Documentation (Cont.) Written audit programs Important to note that one size does not fit all Tailor for specific types of plans Defined contribution (PS/401k/403b/ESOP/etc.) Health and welfare benefits (Taft-Hartley/other) Defined benefit pension Tailor for specific scope of plan audit ERISA limited-scope Full-scope If you have no written audit programs This will not pass peer review or DOL scrutiny. 28

29 Issues With Documentation (Cont.) End of engagement lock-down When documentation has been assembled at the conclusion of the engagement: Document the report release date in the audit files Assemble the audit documentation in audit file within 60 days following the report release date Any matters arising after the auditor s report date require specific documentation as to circumstances encountered, new or additional procedures performed, evidence obtained, conclusions reached and their effect on auditor s report, and when and by whom the resulting changes to audit documentation were made and reviewed. Beyond above, no changes to any documentation may be made. File retention is subject to laws or regulations, but a starting point would be five years. 29

30 Issues With Documentation (Cont.) System of quality controls Statement of Quality Control Standard No. 8 effective 1/1/2012 How does the firm ensure quality of engagement meets professional standards? Engagement quality control reviews Internal inspection program CPE requirements for benefit plan audits AICPA quality control standards: A firm s system of quality control Lays out requirements for quality control Independence (AICPA, DOL, SEC/PCAOB, etc.) Client acceptance and re-acceptance procedures 30

31 Issues With Documentation (Cont.) System of quality controls (Cont.) How does the firm measure that quality of engagement meets professional standards? Are inspection results disseminated to improve quality? Are CPE requirements tracked and compliance ensured? Is there a second partner or reviewer who does an independent review? Sole practitioners consider establishing a strategic affiliation 31

32 Verification Code #2 benefit Note: Answers MUST be submitted on your Official Record of Attendance form used for continuing education credit. If you have not already printed one, the form is posted in the Handouts tab in the Conference Materials box in the left-hand side of your screen.

33 Issues With Documentation (Cont.) Tools and templates Audit progams Standardized testing templates Examples: Sampling Participant data testing Eligibility Loans Distribution Full-scope investment SOC-1 service auditors report review 33

34 Issues With Documentation (Cont.) EBPAQC membership requirements Designated audit partner in charge of EBPA Partners must be members of AICPA System of quality control CPE (8 hours EBPA every 3 years) Establish P&L specific to EBP audits Monitoring program (internal inspections) Peer review report made public EBPs must be selected for peer review. Periodically file information about EBP practice Pay dues established by executive committee (very cost effective) 34

35 Issues With Documentation (Cont.) Inspection requirements Review of specific engagements Review of CPE records Review of training program (if applicable) Summarize and evaluate the findings Communicate inspection results Remediate issues as needed See AICPA EBPAQC tool on Web site 35

36 Issues With Documentation (Cont.) Inspection considerations Internal inspections are required annually, including in the year of the firm s peer review. Can be modified to avoid duplication Sole practitioners can satisfy the inspection requirement following the AICPA quality control standards You can send in your peer review report, and the EBPAQC will coordinated publishing in the peer review public file. 36

37 Jessie Kanter, BlumShapiro AREAS OF COMMON ERRORS AND DEFICIENCIES

38 Common Audit Areas For Deficiencies Participant data Investments Contributions Benefit payments Party-in-interest transactions 38

39 ESOPs More than 50% of plans subject to DOL inspection contained deficiencies. A. Failure to identify valuation of employer stock in the risk assessment B. Review of the work of the appraiser (full-scope audits) C. Testing the release of shares from the suspense account D. Testing benefit payments E. Obtaining and reviewing documentation of stock purchases 39

40 Participant Data: Audit Objective To provide the auditor with a reasonable basis for concluding (a) whether all covered employees have been properly included in employee eligibility records and, if applicable, in contribution reports; and (b) whether accurate participant data for eligible employees were supplied to the plan administrator and, if appropriate, to the plan actuary 40

41 Participant Data: Common Deficiencies I. No audit work performed or no audit documentation of testing participant data II. Testing of payroll data insufficient III. No testing of participant eligibility or forfeitures IV. No testing of investment income allocation to participants V. Inadequate or missing disclosures 41

42 Investments: Audit Objective Full scope audit To provide the auditor with a reasonable basis for concluding (a) whether all investments are recorded and exist; (b) whether investments are owned by the plan and are free of liens, pledges, and other security interest or, if not, whether the security interests are identified; (c) whether investment principal and income transactions are recorded and investments are properly valued in conformity with U.S. generally accepted accounting principles as promulgated by the Financial Accounting Standards Board (FASB) (GAAP) or a special purpose framework that is acceptable to the DOL, such as the modified cash basis of accounting; (d) whether information about investments is properly presented and disclosed; and (e) whether investment transactions are initiated in accordance with the established investment policies 42

43 Investments: Audit Objective (Cont.) Limited scope audit - The auditor s responsibilities for any assets covered by the limited scope exception are (1) to compare the information certified by the plan s trustees or custodian to the financial information contained in the plan s financial statements; (2) to perform the necessary procedures to become satisfied that any received or disbursed amounts reported by the trustee or custodian were determined in accordance with the plan provisions; and (3) whether information about investments is properly presented and disclosed. 43

44 Investments: Common Deficiencies I. No audit work performed or no audit documentation II. Failure to test end-of-year market values III. Failure to obtain proper certification for limited-scope audit IV. Inadequate or missing disclosures related to investments V. Failure to document the evaluation of investment contracts for benefit responsiveness VI. Failure to evaluate the guaranteed investment contract for benefit responsiveness 44

45 Contributions: Audit Objective To provide the auditor with a reasonable basis for concluding (a) whether the amounts received or due the plan have been determined and recorded and disclosed in the financial statements in conformity with plan documents and generally accepted accounting principles; and (b) whether an appropriate allowance has been made for uncollectible plan contributions receivable in conformity with GAAP or a special purpose framework 45

46 Contributions: Common Deficiencies I. No audit work performed or no audit documentation II. No audit program III. Insufficient testing on contributing employers for multiemployer plans IV. Failure to gain further understanding and/or test payroll controls V. Failure to test employee elective deferrals VI. Inappropriate reliance on SOC 1 VII.Timeliness of participant contributions not tested 46

47 Benefit Payments: Audit Objective Provide the auditor with a reasonable basis for concluding (a) whether the payments are in accordance with plan provisions and related documents; (b) whether the payments are made to or on behalf of persons entitled to them and only to such persons; and (c) whether transactions are recorded in the proper account, amount and period 47

48 Benefit Payments: Common Deficiencies I. No audit documentation or no audit work performed II. Failure to test participant eligibility to receive benefit payments III. Inappropriate reliance on SOC 1 IV. Failure to test approval of benefit payments 48

49 Verification Code #3 peer Note: Answers MUST be submitted on your Official Record of Attendance form used for continuing education credit. If you have not already printed one, the form is posted in the Handouts tab in the Conference Materials box in the left-hand side of your screen.

50 Other Areas: Common Deficiencies I. No audit documentation or no audit work performed for related-party and party-in-interest transactions II. No related parties noted in workpapers III. Failure to understand testing requirements on a limited-scope engagement IV. Improper use of limited-scope exemption, because financial institution did not qualify for such an exemption V. Inadequate disclosures related to participant-directed investment programs VI. Incomplete description of the plan and its provisions VII. Failure to properly report on and/or include the required supplemental schedules relating to ERISA and DOL 50

51 Rose Ann Abraham, Baker Tilly Virchow Krause APPROACH WITH THE REVIEW TEAM

52 Peer Review Approach I. Peer reviewers look at the firm as a whole and perform risk assessment. A. Understand the firm B. Commitment to the employee benefit plan practice C. Understand where the EBP practice fits in the overall firm s practice D. Approach to maintaining quality to employee benefit plans II. Based on findings, the product of the process is generally a recommendation for improvements. 52

53 Peer Review Process I. Gain an understanding of the firm and assesses risk II. Select engagements III. Review engagements - AICPA EBP audit engagement checklist A. Report and related disclosures B. General audit procedures C. Working paper areas D. Functional areas IV. Engagement team responds and clarifies any No answers. 53

54 Peer Review Process (Cont.) I. Categorization of issues 54 A. Matters 1. Most minor issues related to documentation, and no material misstatement 2. Communicated on MFC 3. Still a good audit with pass rating B. Findings 1. One or more matters that suggest quality control issues 2. Documented on a findings for further consideration (FFC) form 3. If conclusion is not a deficiency or significant deficiency, = a pass rating

55 Peer Review Process (Cont.) I. Categorization of issues (Cont.) C. Deficiencies 1. One or more findings that were material and/or not in conformity with the applicable professional standards requirements 2. Isolated instances of the above, and not indicative of systemic deficiencies 3. Rating pass with deficiencies report D. Significant deficiencies 1. Consistent findings of deficiencies 2. Inadequate or insufficient procedures performed 3. Material departures from applicable standards 4. Rating fail report 55

56 Peer Review Process (Cont.) I. Finalize and submit the report I. Read, review and respond to MFC and FFC carefully II. Understand the requirements imposed by the standards III. Final product of a peer review is the report sent to governing bodies. I. When you disagree with findings prior to issuance A. Consult with the AICPA technical review committee B. State society 56

57 Best Practices For Preparing For A Peer Review I. Establish organization structure for employee benefit plans A. Firm practice leader/technical resource B. Identify the engagement teams working on employee benefit plan audits C. Continuity in engagement practice teams I. Practice makes perfect - annual internal peer reviews A. Structure the internal reviews using AICPA checklists B. Require engagement teams to respond to findings C. Communicate the findings and remediate 57

58 Best Practices For Preparing For A Peer Review (Cont.) III. Use your client management system to separately track employee benefit plan audits 58 A. Track general data on the number, size and type of employee benefit plan audits 1. Peer reviewers generally select engagements that are considered to have added risk (e.g, full-scope audits, 403(b), ESOPs, H&W, initial engagements). 2. At least one plan from each type of employee benefit plan audit a. Defined contribution b. Defined benefit c. Heath and welfare

59 Verification Code #4 standard Note: Answers MUST be submitted on your Official Record of Attendance form used for continuing education credit. If you have not already printed one, the form is posted in the Handouts tab in the Conference Materials box in the left-hand side of your screen.

60 Best Practices For Preparing For A Peer Review (Cont.) IV. Pay extra attention to the riskier types of engagements, and ensure the documentation is complete and accurate A. SAS 103 documentation standards B. Special emphasis on documentation of consultations C. Include memos to document approach V. Maintain CPE records A. Ensure EBP specific CPE is being provided B. Monitor EBP CPE requirement 60

61 Best Practices For Preparing For A Peer Review (Cont.) VI. Coordinate the timing and offices to be visited by the peer review team, and ensure to communicate to your local offices VII. Identify and prepare those who will be involved in the peer review process A. Peer reviewers generally interview members of management, quality control and staff. B. Educate teams involved in peer review with process and rating scale VIII. Learn from past experience 61 VI. Address previous peer review comments with engagement teams VII. Address quality control issues VIII.Consider specialized training for your teams