Since the issuance 14 years ago of the current audit documentation standards [now AU-C 230 and PCAOB Auditing Standard (AS) 1215, respectively], which are more robust than their predecessors (see this author’s “Audit Documentation: It’s a Whole New World,” The CPA Journal, June 2005, http://bit.ly/2W43HWO), many auditors have held the mistaken belief that the standards require all workpapers to bear dated sign-offs of preparers and reviewers, and many firms have adopted this excessive practice as policy.
On the other side of the coin, another misconception that has been commonly observed in the peer review process was pointed out in an article by Ahava Goldman, Charles Landes, and Carl Mayes, Jr. (“Audit Documentation: Tips for Getting it Right,” Journal of Accountancy, June 2017, http://bit.ly/2XYezHs), namely that an audit program sign-off is sufficient to meet the documentation requirements of the standard. While an audit program sign-off “might address the nature of the procedure, who performed it [and when],” and thus, in some cases, may meet part of the specific requirements that are the main subject of this article, it ordinarily falls short of meeting the requirement to document who reviewed the work and when, as well as other more formidable requirements of the applicable documentation standard, such as documenting details of the items tested, results of the tests, significant findings, professional judgments applied, and conclusions reached.
What Do the Auditing Standards Actually Say?
In general, the auditing standards of the Auditing Standards Board (ASB) and of the PCAOB require firms to establish and maintain a system of quality control (QC) in compliance with the applicable QC standards (AU-C 220.03 or AS 1110.02). Pursuant to the QC standards, particularly those related to engagement performance, through a review of the audit documentation and discussions with others on the engagement team, the engagement partner must “be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued” (AU-C 220.19). The engagement partner “need not review all audit documentation” but should review all critical areas of judgment, especially those relating to difficult or contentious matters or significant risks identified during the engagement and other areas that he considers important, and “must document the extent and timing of the review” (AU-C 220.A17).
The audit supervision and documentation standards of both the ASB and the PCAOB require that the preparer and reviewer be identified in the audit documentation along with the date the work was performed (AU-C 230.09b-c or AS 1201.05c and AS 1215.06b); however, the standards do not require a second sign-off by a reviewer on every workpaper. “The requirement to document who reviewed the audit work performed and the extent of the review does not imply a need for each specific working paper to include evidence of review” (AU-C 230.A15).
When preparer/reviewer sign-offs relate to groups of work-papers, it should be clearly documented which workpapers they encompass.
It should be noted that the auditing standards cited above also apply to interim reviews conducted under AU-C 930 or AS 4105 for SEC issuers and other audit clients (AU-C 220.01 or AS 1215.01 and AS 4105.52, respectively), as well as all audit engagements.
When May the Engagement Partner (or a Qualified Designee) Be the Only Signer?
Occasionally (and especially on smaller engagements), a workpaper is prepared by the engagement partner (or by the client), and the partner or another key member of the engagement team is the only reviewer. Consistent with the applicable standards, it is recommended that if a document prepared by the engagement partner involves the application of any significant auditing procedures or complex analysis, the partner should sign as preparer, and the workpaper should be reviewed and approved by another appropriately experienced auditor (which need not be another partner). In fact, depending on its content, any auditor can be judged qualified to review any workpaper, regardless of who prepared it. For example, if the review entails only checking the math and tracing the data to its source, even an inexperienced auditor can do it. If there is a significant conclusion that entails substantial research or judgment, concurrence from the engagement quality reviewer (if any) or another partner or manager ordinarily should be obtained and documented on the workpaper or elsewhere, such as in a consultation memorandum, particularly for an interim review if it will affect the year-end audited financial statements.
Neither the engagement partner nor any other member of the engagement team should sign off as a reviewer of his or her own work but should sign as preparer, and the engagement partner (or a qualified designee) may determine judgmentally if a reviewer is necessary, based on risk and significance, subject to the concurrence of the external quality review (EQR) reviewer, if any. Either the engagement partner or a designee may sign off as a reviewer of a client-prepared or provided document.
Three Key Takeaways
- It is not necessary for every workpaper to have dated sign-offs of both preparer and reviewer. Discretion is permitted, based on risk and significance, as to which items require a documented review.
- When preparer/reviewer signoffs relate to groups of workpapers, it should be clearly documented which workpapers they encompass.
- Engagement partners should sign as preparer, not reviewer, on workpapers containing their own work, but may determine judgmentally, also based on risk and significance, if a review (which could be done by a manager or other qualified designee) is necessary.
To What Extent Do These Standards Apply to Engagements for Nonaudit Clients?
Review engagements for nonissuer clients and compilations are governed by the AICPA’s Statements on Standards for Accounting and Review Services (SSARS), which have broader, less specific documentation requirements than the auditing standards to be applied as deemed necessary to be consistent with the AICPA’s QC standards. Like audits, these engagements are to be conducted generally within the context of the firm’s system of QC maintained in conformity with the QC standards, particularly those related to engagement performance, and the firm’s practices must meet the objectives and principles set forth in the QC standards (QC 10.A34-.A35). There are, however, no specific requirements in the SSARS applicable to the nature and extent of engagement supervision, including workpaper review or the documentation thereof. Nevertheless, it is common to observe the same practices relative to preparer and reviewer signoffs for SSARS review engagements as for those covered by the auditing standards. As for compilation engagements, since no assurance is provided, the responsible engagement partner may be allowed greater discretion as to such matters, subject to the foregoing.