When performing peer reviews, reviewers document the areas in which firms struggle to comply with professional standards. The AICPA Peer Review Team compiles and periodically communicates these common areas of noncompliance so that other firms won’t make the same mistakes. This is just one of the many ways in which peer review benefits the profession.
Over the past few months, peer reviewers have reported that firms failed to properly assess risk and properly document IT risk assessments. Some of the most common areas of noncompliance with the risk assessment standards are listed below, along with some advice to help your firm prevent the same mistakes.