Get in line: CPAs face new set of CBA regs – Cover Story – California Board of Accountancy regulations for certified public accountants
CPA’s Across a Wide Spectrum of Practice Areas Are Facing a New Spate of Regulations from the California Board of Accountancy
What Do They Mean for You?
As the Sarbanes-Oxley Act flexes its muscles nationally, California CPAs also are weathering their own regulatory climate. The California Board of Accountancy is proposing new regulations that will effect CPAs across a spectrum of practice areas. For some, the regulations may spell changes, such as to a firm’s standard engagement letter or documentation practices. For others, it may mean exiting a market segment.
CHANGE IS A WAY OF LIFE
Nearly every aspect of a CPA’s practice has changed, is changing or is being reviewed for possible change, both nationally and at the state level, says Bruce Allen, CalCPAs director of government relations.
“California’s Board of Accountancy was already one of the strongest consumer-focused boards in the nation,” Allen says. “With the proposed regulations and recently passed statutes, it has a whole new set of requirements and tools at its discretion–and more are planned.”
Regulations concerning audit documentation, financial statement restatement reporting and non-CPA ownership recently passed by the CBA will take effect once approved by the Office of Administrative Law. The regulations clarify laws that have been in effect since Jan. 1, 2003.
Though the effect of these regulations on the profession remains to be seen, one thing is certain: These laws are on the books and cannot be ignored.
“To some degree, what’s being asked of the profession, maybe we should’ve come up with by ourselves a while ago,” says John Dodsworth, president, director and co-founder of CAMICO. “The public, the juries, they’re the people who really make the rules.”
And those rules “will be called a verdict,” says Ron Klein, JD, CFE and vice president of claims at CAMICO. “Some of these issues have been practice management issues that have been left up to the individual firms. But that freedom is now going away.”
HARSHER THAN SOX?
While Sarbanes-Qxley has received much attention, some believe that the CBA’s new regs may–in some instances–be tougher than SOX.
“My sense is that what appears to be California’s approach is probably going to be modestly harsher than the federal approach,” Dodsworth says.
Dodsworth should know a thing or two about avoiding risk. Manning the helm at CAMICO, the second-largest provider of professional liability insurance and risk management services in the country for accountants, he’s advised scores of CPA firms on issues of compliance.
Two areas strike Dodsworth as particularly significant: changes to the disciplinary process, or what is now a “reportable event,” and regulations dealing with audit documentation and retention.
Under the Business and Professions Code Sec. 5097, auditors must comply with an audit documentation standard that, if not met, creates a rebuttable presumption that the work wasn’t done. The burden of proof then falls on the auditor. This documentation must be retained for seven years from the report date.
“The profession hasn’t had any kind of common guidance on record retention and one could argue that should’ve been out there already,” says Dodsworth. “We’ve told firms for years you’ve got to do a better job on documentation because that’s what the public expects. The law didn’t require it, but public expectation did.”
Specifically, the rebuttable presumption is one area, “where California went further (than SOX),” Dodsworth says.
Regardless of whether you’re a global firm or a sole practitioner, the newly passed Regulation 68.5 states you must have a written audit documentation and destruction policy.
“It’s going to have to be a pretty comprehensive document to cover things like electronic records, e-mails, faxes, all forms of communication,” says Dodsworth.
The policy must include procedures to have back-up copies of electronic audit documentation; maintain documentation; approve changes to the documentation; and approve the destruction of documentation when it’s no longer required.
Firms may not want to relegate this practice to audit work only, Dodsworth says. “While these rules apply to audits, it won’t take long before somebody says, ‘Why shouldn’t the same standard apply to other kinds of documentation?”‘
This is no small task, especially for small firms, many of which usually don’t have written procedures, says CPA Linda McCrone, CalCPA’s director of technical services.
“There are some very specific things in here that auditors need to know,” McCrone says.
The types of documentation that must be kept include programs, analyses, memoranda, letters of confirmation and representation, copies or abstracts of company documents and schedules or commentaries prepared or obtained by the licensee.
According to the legislation, an experienced reviewer with no prior knowledge of the engagement should be able to understand the nature, timing, extent and results of the audit, as well as who performed and reviewed the work.
Additionally, Reg. 68.2 states that audit documentation must include an index or guide to the documentation. That documentation must provide the date the document or working paper was completed by the preparer and any reviewer, as well as identify the preparer and reviewer.
The CBA’s newly adopted Reg. 68.3(d) parallels the SEC requirement that documentation must be retained whether or not it supports the auditor’s conclusion.
Any changes in the documentation made more than 60 days after the date of issuance must identify the person making and approving the change, the date of and reason for the change, according to Reg. 68.4. These regulations apply to all audits performed by CPAs licensed in California, not just those of public companies.
DO OR DIE
Preparing audit documentation and destruction policies is “an exercise that’s going to take some time,” Klein says. “Some firms are assigning it to one person, or a firm administrator, and think they’ll just get it done, stick it in a drawer, end of story. But it may haunt you.”
Compliance to the documentation standards is a do or die situation for CPAs.
“What’s clear is you’re going to have to have a retention and destruction policy, and to the extent that you don’t follow it you could end up like Andersen,” Dodsworth says. “We tell people, you can be an Arthur Andersen, you can have an Enron in your firm. You don’t have to be that big. It’s just the behavior of the firm itself.”
EXPANDED SELF-REPORTING REQUIREMENTS
Changes to the disciplinary process also affect CPAs. What is now a “reportable event” has been expanded by changes to Business and Professions Code Sec. 5063, which took effect Jan. 1, 2003. The recent regulatory hearings clarified several misconceptions about the reporting requirements.
CPAs must report to the CBA:
* A restatement of a financial statement by the audit client;
* A civil settlement or arbitration award relating to the practice of public accounting against a CPA of $30,000 or more;
* The initiation of an SEC investigation;
* An SEC notice requesting a “Wells Submission;”
* An investigation by the PCAOB; and
* Certain civil judgments against the CPA.
CAPs were already required to report criminal convictions.
Misconceptions regarding these changes, especially about who the restatement requirements apply to, are many, Dodsworth says.
One misconception is that restatement requirements apply to all companies, including private ones. But Reg. Sec. 59 only applies to publicly traded companies required to file a tax return with the California Franchise Tax Board; government agencies located in California, where the amount of the restatement exceeds the planning materiality; and charitable organizations registered by the Attorney General, in which the restatement has resulted in an amended or superceding IRS Form 990 or 990PF.
“If a CPA has any reason to restate, they need to sit down and think this through,” Dodsworth says. “If they’re a CAMICO policyholder, we’d have somebody walk them through a process to determine whether they’re supposed to report or not.”
Another common misconception concerns the identity of the reporter.
“One question I’ve heard is ‘I’m not the guy who made the mistake, I’m a CPA that’s causing the restatement, do I still have to report?”‘ Dodsworth says. “The answer is yes.”
Reg. Sec. 59 states, the report will be made by the licensee issuing the report on the restatement, even if the licensee did not perform the original audit. The report must be received within 30 days of issuance of the restatement, signed by the licensee, and present the facts that constitute the reportable event, including the reason for the restatement.
One concern that Dodsworth has heard regards the consequences of reporting. For example, is reporting such an event to the CBA going to trigger an inquiry further down the line? Is it about the CPA making a mistake or is it about the entity?
“The advice we always give is when a CPA gets caught in a situation like this is, they’ve got to be on the right side of the issue,” Dodsworth says. “This is where a CPA has to exercise a lot of professional judgment and integrity.”
Any client pressure or individual fear of backlash must be ignored, Klein says. “You have to determine whether or not to restate based on the professional standards.”
Some confusion also exists concerning just who reports the settlement of a claim. “The way the rules are written seem to imply that you only had to report a settlement if you were uninsured,” Dodsworth says. “However, they also require your insurance company to report any settlement.”
If you’re not insured, you must report it yourself, he says.
CPAs also should be aware of a change in discipline standards, which have been lowered from gross negligence to multiple acts of negligence, which means committing a small mistake multiple times now can trigger a CBA investigation. No longer does Orange County have to go bankrupt to raise the red flag at the CBA.
SCHOOL DISTRICT AUDITS
AB 2834, effective Jan. 1, 2003, requires the rotation of auditor partners after six consecutive years of auditing the same school district. The law has been clarified so that if this requirement is a hardship for a local educational agency, it may request a waiver from the education audit appeal panel.
The law also requires:
* Adherence to GAO yellow book standards for school district consulting;
* State controller quality reviews of those firms that perform school district audits; and
* The state controller to develop a list of school district audit firms.
The requirement of a six-year rotation “will make it difficult for small firms to do this work, and they do a lot of it,” says Klein.
Small firms generally lack the resources to bring on that many niche auditors. Indeed, many small firms have just one audit partner qualified to sign off on yellow book audits.
NON-LICENSEE OWNERS & COMMISSIONS
Bryan Polster, managing partner of Frank, Rimerman & Co. LLP, says his firm has changed its engagement letters as a result of new regs concerning non-licensee ownership.
Reg. Sec. 51.1 requires any firm with a non-licensee owner or owners that has one or more offices in California to notify each client served by an office in California of the actual or potential involvement of a non-licensee owner or owners in any service to be provided to the client by the firm.
A copy of the statement, contract, engagement letter or proposal letter containing this notice must be kept by the accounting firm for at least five years from the date of notice.
“We have non-CPAs who are owners within our business,” says Polster. “We have an industrial engineer who heads up our systems consulting group, and he’s a partner in our firm.”
Polster’s firm also may be affected by the legislative change concerning commissions, AB 270, which prohibits the sale of services or products for a commission to an audit and review client, the officers or directors of those clients, or client sponsored retirement plans. Officers and directors of small businesses, or those under $10 million in revenue or under 100 employees, and nonprofits are exempt.
“We have another entity called Frank, Rimerman Advisors LLC, which is a registered investment adviser,” Polster says. “If we’re providing audit services to a client, we need to be certain that we’re not also providing any other services that may be construed as a fee paid in a commission. It’s just something that we now have to watch that we didn’t have to watch before.”
There are other changes to the law, including what’s known as the auditor cooling-off period. As of Jan. 1, 2003, a licensee that exercises “significant judgment” in the audit process cannot accept a position of significant authority with a publicly traded company or its affiliate for a year after the audit engagement.
For the full text of the regulations, visit the CBA’s website at www.dca.ca.gov/cba/notices/regnot7.pdf or CalCPA’s website at www.calcpa.org/members/GR.
Jerry Ascierto is CalCPA ‘s associate editor. You can reach him at email@example.com.
COPYRIGHT 2003 California Society of Certified Public Accountants
COPYRIGHT 2003 Gale Group