AICPA Peer Review Updates: Quality Management, New Standards, and More

The New QM Standards are Just Around the Corner – Are You Ready? 

The effective date of the new quality management standards continues to quickly approach. Recall that a firm’s system of quality management must be operational by December 15, 2025; therefore, firms will need to have identified and understood their firm’s individual risks and have implemented the appropriate risk responses. Additionally, SQMS No. 1 requires firm leadership to evaluate whether the firm is meeting its quality objectives within one year. 

The AICPA has refreshed the quality management area of its website in order to allow you to easily locate the most useful tools and resources to help you along on your journey. Be sure to take advantage of the AICPA resources on implementing the Statements on Quality Management Standards, including: 

• An updated free AICPA interactive practice aid, which includes considerations for both sole practitioners and small- and medium-sized firms. A free companion risk-and-response library tool is also available. 
• Numerous learning opportunities, including live and recorded dedicated webcasts and regular segments on our AICPA A&A Focus broadcasts. 
• A free AICPA comparison of changes, “Quality Management Standards: What’s Changing and What You Should Be Doing Now” to map SQCS No. 8 to SQMS No. 1. 
• Free AICPA executive summaries and “At-a Glance” documents for each of the standards in the quality management suite. 

Your Input Requested: Draft Peer Review QM Checklists 

The Peer Review Board recently discussed draft peer review checklists for the evaluation of the design and operating effectiveness of a firm’s system of quality management. Given these checklists are effective for peer reviews that have periods ending after December 15, 2025, the PRB is hopeful that users, between now and then, will take a look at the checklists and provide feedback. To facilitate this, users can complete this survey.  

New Functionality in PRIMA 

Recently, new functionality was added in PRIMA which allows you to view your firm’s enrollment/peer review information without having to update it to see or print it. You can view or print it by going to For Firms and then Enroll/Update PRI. 

New FSBA Resources 

Facilitated State Board Access (FSBA) is a system developed by the AICPA to provide state boards of accountancy with secure access to peer review information for firms they regulate. Created to address the evolving business and regulatory landscape and the need for greater transparency in the peer review process, the system enhances and streamlines the process of monitoring a firm’s compliance with peer review requirements. 

The AICPA and CPA state societies are working together to allow this process to become the primary means by which all state boards of accountancy obtain peer review results. This process will make the submission of your firm’s peer review information easier. New resources have been posted to the AICPA’s peer review website to help you better understand this process and the requirements in the states in which your firm is licensed. 

A&A Focus Broadcast Series Continues 

Our monthly one CPE hour A&A Focus broadcasts are going strong. These events are free for AICPA members. 

Each month, we highlight news and topics critical to accounting, auditing, and assurance practitioners, provide member-only resources, and curate additional information.  

Previous guests include the chairs of the Auditing Standards Board, Accounting and Review Services Committee, the Financial Accounting Standards Board and its Private Company Council and the Committee of Sponsoring Organizations (COSO). Topics range from broad accounting and auditing topics to narrow dives into topics such as revenue recognition, digital assets, not-for-profit areas, risk assessment, and quality management. 

With your registration, you will also receive our monthly recap via email. Our newsletter provides you with more information on the topics discussed, related resources and a look ahead to the next event. 

Visit aicpa-cima.com/AAFocus for more information and to register, as well as gain access to non-CPE replays of past events and highlighted resources.  

Attendance is free for AICPA members, and you only have to register for one event. Your single registration will grant you access to all remaining broadcasts.  

• July 2, 2025 – 1-2pm ET 
• August 6, 2025 – 1-2pm ET 
• September 10, 2025 – 1-2pm ET 
• October 8, 2025 – 1-2pm ET 
• November 5, 2025 – 1-2pm ET 
• December 3, 2025 – 1-2pm ET 

Get Ready! New Effective Dates for GAO Yellow and Green Books  

2024 Yellow Book

In 2024, the U.S. Government Accountability Office (GAO) released its highly anticipated revision of Government Auditing Standards, also referred to as GAGAS or the Yellow Book. The changes reflect a change in approach to quality management and a risk-based process for achieving the objectives of quality management.  

The 2024 revision of Government Auditing Standards supersedes the 2018 Revision Technical Update April 2021 (GAO-21-368G, April 2021). The new standards are effective for financial audits, attestation engagements, and reviews of financial statements for periods beginning on or after December 15, 2025, and for performance audits beginning on or after December 15, 2025. A system of quality management that complies with the Yellow Book is required to be designed and implemented by December 15, 2025. An audit organization should complete its evaluation of the system of quality management by December 15, 2026. Early implementation is permitted. 

See GAO’s Yellow Book web page for an electronic version of the 2024 Yellow Book and to learn more about the new standard. 

2025 Green Book

The GAO has also revised the Standards for Internal Control in the Federal Government, commonly known as the Green Book. The revision is in response to the issues identified by the pandemic and the rise in cyber-attacks. Updates include, but are not limited to, additional requirements, guidance, and resources for addressing risks related to fraud, improper payments, information security, and the implementation of new or substantially changed programs, including emergency assistance programs. The revision supersedes the September 2014 revision of the standards. The 2025 Green Book will be effective in FY 2026. Early implementation is allowed. Check out the Green Book web page, including a link to the 2025 Green Book. 

Resources to Help You Stay Compliant With SAS 145  

 

Peer reviewers continue to see where audit risk assessment procedures do not contain all the elements required by professional standards. Similar to prior years, documentation for the financial statement risk assessment requirements of Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, remains a focus for upcoming peer reviews. 

 

 

A sample of peer review issues noted include: 

• Not assessing inherent risk before the consideration of any controls 
• Not documenting inherent risk factors as now required by SAS 145  
• Not documenting understanding of controls, including information technology controls 
• Not documenting controls that address risks determined to be significant risks and controls over journal entries  
• Not properly documenting evaluation of the design of identified controls and determination of whether such controls have been implemented 
• Risk of material misstatement was not the same as inherent risk for those audit areas where control risk was assessed at the maximum level due to the auditor not testing the operating effectiveness of controls  

The AICPA has been busy producing content that can assist you in refining your risk assessment process to enhance audit quality. Be sure to check out these resources on SAS 145:  

• For guidance to help you document identified risks, risk assessment procedures performed, and the planned response to those risks, AICPA Audit Risk Assessment Resource  
• For examples of controls that could be implemented by entities of any size, Aid for identifying and testing controls at smaller entities 
• Watch this webcast as the speakers help you learn to navigate SAS 145 and examine new and updated concepts, Risk Assessment Under SAS No. 145  
• Watch this self-study course to learn the ins and outs of SAS 145, Applying and Scaling Audit Risk Assessment Procedures Under SAS No. 145 
• For an in-depth Journal of Accountancy article on how implementing SAS 145 has changed one firm’s documentation and brought about efficiencies, Lessons learned from the first year of SAS 145  
• For more information related to risk assessment under SAS 145, Audit Risk Assessment 

SOC 2® Resources 

SOC 2® reports are intended to meet the needs of a broad range of users who need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. Please refer to the following new resources related to these engagements: 

• How to perform proper vendor management and third-party risk assessment reviews: The purpose of this document is to highlight the critical elements of a vendor management process and, when applicable, discuss how the SOC 2® report aligns with that process. 

• Key elements of a SOC 2® report: This resource consists of a series of videos and a detailed checklist designed to help report users navigate a SOC 2 report. Both of these resources can be found on the AICPA website: aicpa-cima.com/resources/video/key-elements-of-a-soc-2-report-resources-for-management. 

Understanding the FASB’s Adoption of PCC Recommendations on Topic 326 

The Financial Accounting Standards Board (FASB) has recently adopted the Private Company Council (PCC) Recommendations on Topic 326, also known as the Current Expected Credit Loss (CECL) model, to current accounts receivable and current contract assets arising from revenue transactions. This development is significant for public accounting firms, especially those working with private companies. Here’s what you need to know:  

• Private companies may use historical loss data and assume current conditions persist, avoiding complex forecasting 
• A new policy election allows consideration of subsequent collections when estimating losses 
• The FASB Accounting Standards Update is expected in Q3 2025, effective for fiscal years beginning after Dec.15, 2025, with early adoption permitted 

Background on Topic 326

Topic 326 was introduced to enhance the transparency and timeliness of credit loss recognition. It requires entities to estimate expected credit losses over the life of financial assets, including trade receivables and contract assets, based on historical data, current conditions, and reasonable forecasts. 

The Role of the Private Company Council (PCC)

The PCC works to ensure that the needs of private companies are considered in the standard-setting process. Their recommendations aim to simplify the application of complex accounting standards for private companies, making them more relevant and less burdensome. 

Key Recommendations Adopted by the FASB

The FASB has adopted several key recommendations from the PCC to address the challenges private companies face when applying Topic 326 to current accounts receivable and contract assets: 

1. Simplified Approach for Private Companies: The PCC recommended a more straightforward approach for private companies to estimate expected credit losses. This includes allowing the use of practical expedients and simplified methods that align with the operational realities of smaller firms. 
2. Enhanced Disclosures: To balance the need for transparency with the burden of compliance, the PCC suggested enhanced disclosure requirements that provide users with relevant information without overwhelming private companies with extensive reporting obligations. 
3. Alignment with Existing Practices: The recommendations also emphasize aligning the new requirements with existing practices and frameworks used by private companies. This helps in minimizing the disruption and additional costs associated with implementing new standards. 

Implications for Public Accounting Firms

Public accounting firms need to be aware of these changes to effectively guide their private company clients through the transition. Here are some key considerations: 

• Training and Education: Ensure that your team is well-versed in the new requirements and the practical expedients available to private companies. This will help in providing accurate and efficient advisory services. 

• Client Communication: Proactively communicate with your clients about the changes and how they will impact their financial reporting. Offer workshops or informational sessions to help them understand and implement the new standards. 

Conclusion

The FASB’s adoption of the PCC’s recommendations for Topic 326 represents a significant step towards making credit loss accounting more manageable for private companies. Public accounting firms play a crucial role in facilitating this transition, ensuring that their clients can comply with the new standards while maintaining the integrity and usefulness of their financial reporting. 

By staying informed and proactive, public accounting firms can help their clients navigate these changes smoothly, ultimately contributing to more transparent and reliable financial reporting in the private sector. 

Navigating Revenue Recognition for Construction Contracts with Retainage Provisions: Insights from the FASB Staff Educational Paper 

The Financial Accounting Standards Board (FASB) recently released a Staff Educational Paper that provides clarity on applying revenue recognition guidance to construction contracts containing retainage provisions. The educational paper (a) explains the presentation and disclosure requirements in current GAAP about retainage and (b) provides examples of voluntary disclosures of retainage that would provide more information to users of construction company financial statements. This educational paper does not change or modify current GAAP and is not intended to be a comprehensive assessment of the accounting for retainage in accordance with Topic 606. However, it is important for public accounting firms, especially those serving clients in the construction industry. Here’s a comprehensive overview to help you understand and implement the guidance effectively. 

Understanding Retainage Provisions

Retainage, or retention, is a common practice in construction contracts where a portion of the payment is withheld by the customer until certain project milestones are met or the project is completed. This provision serves as a form of security for the customer, ensuring that the contractor fulfills their obligations.  

Key Points from the FASB Staff Educational Paper

The FASB Staff Educational Paper addresses several questions and provides detailed guidance on how to present and disclose retainage in financial statements. Here are the main takeaways: 

1. Presentation of Retainage:

• • Contract Assets and Liabilities: Topic 606, Revenue from Contracts with Customers, requires entities to present contract assets and contract liabilities on a net basis. A contract asset represents the entity’s right to consideration for goods or services transferred to a customer, conditioned on future performance. A contract liability represents the entity’s obligation to transfer goods or services for which it has received consideration. 

• • Receivables: A receivable is an entity’s unconditional right to consideration. Retainage should be presented as part of contract assets if the right to payment is conditional on future performance. 

2. Disclosure Requirements: 

• • Enhanced Disclosures: The paper suggests voluntary disclosures that provide more detailed information about retainage. These disclosures can help users of financial statements, such as sureties and lenders, better understand the financial position and performance of construction contractors. 

• • Example Disclosures: The paper includes illustrative examples of disclosures that construction contractors can use to provide clarity on retainage amounts and their impact on contract assets and liabilities. 

Practical Implications for Public Accounting Firms

Public accounting firms need to be proactive in helping their construction industry clients understand and implement these guidelines. Here are some steps to consider: 

1. Educate Your Team: Ensure that your team is familiar with the FASB Staff Educational Paper and the specific guidance on retainage. This will enable them to provide accurate advice and support to clients. 
2. Client Communication: Inform your clients about the new guidance and its implications. Offer workshops or informational sessions to help them understand how to apply the guidance to their contracts.

Digital Assets – Are You Up to Date with New Accounting Standards?

For the first time ever, the Financial Accounting Standards Board (FASB) has issued accounting standards specific to digital assets. In response to the issuance of FASB’s Accounting Standards Update (ASU) No. 2023-08, Intangibles – Goodwill and Other – Crypto Assets (Subtopic 350-60): Accounting for and Disclosure Of Crypto Assets, the Digital Assets Working Group has updated the AICPA practice aid, Accounting for and Auditing of Digital Assets (the Practice Aid).  

The January 2025 updates to the Practice Aid amend some of the existing guidance and add new content, addressing key accounting questions faced by those operating in the digital assets space.  

The updates provide clarity on topics such as whether: 

• Wrapped tokens or nonfungible tokens (NFTs) fall within the scope of FASB ASC 350-60 
• Transaction costs (for example, commissions, gas fees) to acquire crypto intangible assets are included in the initial measurement of the acquired asset 
• Gains and losses from the remeasurement and sale of in-scope crypto intangible assets are presented as operating or nonoperating items in the entity’s income statement 

Additionally, the updated Practice Aid introduces new terms such as “crypto intangible assets,” “in-scope crypto intangibles assets,” and “out-of-scope crypto intangibles assets.” These new terms have been defined and are now available in the AICPA Blockchain Universal Glossary. 

First Available Framework for Stablecoins

The wait is over for the stablecoin reporting criteria. The Assurance Services Executive Committee (ASEC) has published the 2025 Criteria for Stablecoin Reporting: Specific to Asset-Backed Fiat-Pegged Tokens. Stablecoins are a type of digital asset whose value is tied to the assets backing them, such as U.S. currency.  

Transparency is crucial for stakeholders, including investors and regulators, when token issuers report on these types of digital assets. These new criteria aim to enhance the comparability and consistency of reported information, forming the foundation for a more trusted stablecoin ecosystem.   

The 2025 Criteria for Stablecoin Reporting provides token issuers with a comprehensive framework for presenting and disclosing key information about the tokens they issue. This includes reporting on the availability of cash or other assets that back the tokens. 

The purpose of this new document is to provide a framework for presenting and disclosing information related to stablecoins in order to promote consistent reporting among token issuers. The reporting of this information is usually outside of the financial statements of the token issuer and not part of the financial statement audit.  However, token issuers may engage a practitioner to perform an attestation engagement on this information.  These guidelines can be used as criteria for the engagement.  

For more details, view the 2025 Criteria for Stablecoin Reporting: Specific to Asset-Backed Fiat-Pegged Tokens. To further explore stablecoin related resources, practitioners can view the stablecoin reporting and assurance page. 

SSARS No. 27 Clarifies the Applicability of AR-C Section 70 to Financial Statement Preparation as Part of a CAS Engagement 

When financial statements are prepared as part of a client advisory services engagement, accountants are not required to apply AR-C Section 70. 

Client advisory services (CAS), which include controllership and CFO services, have been an area of significant growth over the past several years. Many of these engagements entail an outside accountant taking on responsibilities that may include functioning as the client’s outsourced CFO. The AICPA’s Accounting and Review Services Committee (ARSC) undertook a project to consider clarifications to the applicability of AR-C section 70, Preparation of Financial Statements to address perceived misunderstanding regarding whether AR-C section 70 is required to be applied when controllership or CFO services are performed under CS section 100, Consulting Services: Definitions and Standards and financial statements are prepared as part of that engagement. 

As a result, in April 2025, the ARSC issued Statement on Standards for Accounting and Review Services (SSARS) No. 27, Applicability of AR-C Section 70 to Financial Statements Prepared as Part of a Consulting Services Engagement.  

SSARS No. 27 clarifies that an accountant is not required to apply AR-C Section 70 when the preparation of financial statements is not the primary objective of an engagement that is performed in accordance with CS section 100. It is important to note that the standard is a clarification of the applicability of AR-C section 70 and does not change the applicability of the section.

 

An accountant remains required to apply AR-C section 70 when the preparation of financial statements is the primary objective of the engagement. Additionally, SSARS No. 27 makes clear that an accountant may voluntarily apply certain requirements of AR-C section 70 in instances in which the section would not otherwise apply. For example, an accountant may include the statement required by AR-C section 70 that “no assurance is provided” on the financial statements without being required to perform the engagement in accordance with the entirety AR-C section 70.  In such instances, no other AR-C section 70 requirements would be required to be applied. 

In considering this clarification, ARSC determined that financial statements prepared as part of an engagement performed in accordance with CS section 100 present no harm to the users of those financial statements – in fact, users expect and value such financial statements. Further, services performed in accordance with both AR-C section 70 and CS section 100 are both nonattest services in which no opinion, conclusion, or any form of assurance is provided. Safeguards included in CS section 100 minimize the risk that a user would be misled by the accountant’s association with financial statements the accountant prepared as part of the consulting service. The accountant would continue to be required to comply with the AICPA’s Code of Professional Conduct. 

The practical implication of the performance of an engagement in accordance with CS section 100 is, unlike engagements performed in accordance with AR-C section 70, engagements performed in accordance with CS section 100 are not required to be subjected to firm’s system of quality management because engagements are outside of the firm’s accounting and auditing practice (as defined in QM section 10, A Firm’s System of Quality Management). Additionally, engagements performed in accordance with CS section 100 are excluded from engagements subject to peer review. The ARSC considered these implications in the development and issuance of SSARS No. 27.