What Are the AICPA Peer Review Requirements?

An AICPA peer review is a structured evaluation of a certified public accounting (CPA) firm’s accounting and auditing practice, conducted by another independent CPA firm. The purpose of this system is to promote a high standard of performance within the profession and enhance public confidence in the quality of services provided by CPA firms. By having an external party assess a firm’s adherence to professional standards, the process serves as a practice-monitoring program.

The peer review system is also designed to be educational. It provides firms with an opportunity to receive feedback from their peers and identify areas where they can improve their system of quality management, demonstrating a commitment to continuous improvement.

Determining Your Firm’s Peer Review Requirement

A firm’s obligation for a peer review stems from two sources: membership in the American Institute of Certified Public Accountants (AICPA) and state board of accountancy regulations. If a firm has at least one owner who is an AICPA member and performs services within the scope of peer review standards, it must enroll in a practice-monitoring program. The review cycle is every three years.

Many state licensing bodies also mandate peer review as a condition for firm licensure, irrespective of AICPA membership. A firm must enroll in a program and complete its first review within 18 months of issuing its initial engagement report that falls under review standards. The scope of the review covers a one-year period of the firm’s work.

The services that trigger the requirement are attest engagements performed under AICPA professional standards. This includes audits under Statements on Auditing Standards (SASs), reviews and compilations under Statements on Standards for Accounting and Review Services (SSARS), and other attestations under Statements on Standards for Attestation Engagements (SSAEs). Conversely, firms that exclusively provide services like tax preparation, bookkeeping, or management consulting are not required to undergo a peer review, as the focus is on the attest function where public reliance is most significant.

Understanding the Types of Peer Reviews

The AICPA Peer Review Program offers two types of reviews, and the one a firm undergoes depends on its accounting and auditing practice. The more comprehensive option is the System Review, which is required for firms performing engagements under the Statements on Auditing Standards (SASs) or Statements on Standards for Attestation Engagements (SSAEs).

A System Review is an in-depth evaluation of the firm’s system of quality management. The peer reviewer assesses if the system is adequately designed and if the firm complied with it, which includes interviewing personnel and examining administrative files. This evaluation covers eight components of quality management:

• The firm’s risk assessment process
• Governance and leadership
• Relevant ethical requirements
• Acceptance and continuance of client relationships and specific engagements
• Engagement performance
• Resources
• Information and communication
• The monitoring and remediation process

The second type is an Engagement Review, which is less in scope. This option is for firms whose highest level of service consists of compilations or reviews performed under Statements on Standards for Accounting and Review Services (SSARS). An Engagement Review focuses on the firm’s work product rather than its entire system. The reviewer selects a sample of engagements and assesses whether the reports and documentation comply with applicable professional standards.

Preparing for Your Firm’s Peer Review

Preparation begins with selecting a qualified reviewer and engaging an administering entity. Firms must choose an approved CPA firm with expertise in their specific industries and engagement types. The process is managed by an administering entity, usually a state CPA society, which oversees scheduling and final acceptance of the review. Firms can enroll through the AICPA’s online portal, the Peer Review Integrated Management Application (PRIMA).

A primary task is ensuring the firm’s system of quality management is properly designed and documented. Under new standards, firms must have their systems designed and implemented by December 15, 2025. This documentation serves as the blueprint for how the firm ensures compliance and is a primary basis for a System Review.

The firm must also compile a comprehensive list of all its attest engagements for the review year, categorized by type. From this list, the peer reviewer will select specific engagements for detailed examination, and the firm must provide the complete workpaper files for these selections. Additional documentation is required to demonstrate compliance in other areas, including:

• Records of the firm’s independence policies and annual confirmations
• Personnel management policies, such as hiring and performance evaluations
• Continuing professional education (CPE) records for all professional staff
• Policies for client acceptance and continuance

The Peer Review Process and Final Report

Once preparations are complete, the peer review fieldwork begins. For a System Review, the reviewer will visit the firm’s office to conduct interviews and inspect documents to assess the system of quality management in practice. For an Engagement Review, the process is conducted off-site, with the reviewer examining selected engagement files for compliance.

Throughout the review, the reviewer maintains open communication with the firm’s management. The fieldwork phase culminates in an exit conference where the reviewer presents preliminary findings, discusses any deficiencies, and gives the firm an opportunity to respond.

Following the exit conference, the reviewer drafts the final peer review report, which provides an opinion on the firm’s compliance. There are three possible ratings: Pass, Pass with Deficiencies, or Fail. A “Pass” rating indicates compliance, while “Pass with Deficiencies” means there are significant issues to correct. A “Fail” rating signifies pervasive problems in the firm’s ability to comply with professional standards.

The final steps involve formalizing the results. The reviewed firm may need to submit a letter of response detailing its plan for corrective action. The peer reviewer then assembles the complete package, including the final report and the firm’s response, which is submitted to the administering entity for formal acceptance.