AA Chapter 6 - Quality Management

What are the 3 serious consequences for failing to meet quality management standards?

1. It is an undesirable outcome for the profession

2. can have significant financial impact

3. can lead to damage of reputation

What does ISQM stand for?

International Standards on Quality Management

What does ISQM 1 set out?

the requirements for quality management for firms on any assurance engagement

What does ISQM 2 set out?

ISQM 2 covers engagement quality reviews for assurance engagements.

Who does ISA 220 apply to?

ISA 220 applies specifically to external audits.

Why should audit firms implement quality management procedures?

to ensure that assurance work is carried out to an acceptable standard, and ensure that the report issued is appropriate.

What are the benefits for good quality management for the client and the audit firm?

• the client should receive an acceptable level of service

• the firm should reduce audit risk to an acceptable level and therefore

• reduce the risk of negligence claims

• reduce the risk of disciplinary action

• maintain a strong reputation

Who monitors audit quality?

1. the FRC’s Audit Quality Review team (public interest entities and certain other entities)

2. the ICAEW’s Practice Assurance scheme

In which 4 ways do the FRC promote audit quality?

By:

• issuing ISAs, Ethical standards and additional guidance on important matters

• monitoring compliance through reviews of audit firms and making their findings public

• overseeing the regulatory activities of the professional accounting bodies

• investigating misconduct and taking action against firms

What type of approach is needed for quality standards?

a risk-based approach to quality management

SOQM (system of quality management)

What is a SOQM?

The system of quality management is a firm’s system which provides reasonable assurance that the firm is meeting its quality objectives.

What are the quality objectives?

• ‘the firm and its personnel fulfil their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements, AND

• engagement reports issued by the firm or engagement partners are appropriate in the circumstances

What are the 8 key components of a system of quality management?

1. The firm’s risk assessment process

2. Governance and leadership

3. Relevant ethical requirements

4. Engagement performance

5. Monitoring and remediation

6. Information and communication

7. Resources

8. Acceptance and continuance

Who is usually responsible for SOQM in an audit firm?

A firm’s managing partner but responsibility for the operational side can be delegated

The firm needs to assign the responsibilities to individuals within the firm.

What 2 roles and responsibilities must be assigned regarding SOQM?

In UK firms performing audits of financial statements, at least one individual who is eligible for appointment as a statutory auditor is assigned:

• ultimate responsibility and accountability for the SOQM, and

• operational responsibility for the SOQM

FRC guidance states that at least one of these individuals needs to hold an appropriate qualification to practice as an auditor

What are 3 steps to a firm’s risk assessment process?

1. Establish quality objectives

2. Identify risks

3. Respond to risks

Which areas of the SOQM do quality objectives relate to?

• governance and leadership

• relevant ethical requirements

• acceptance and continuance

• engagement performance

• resources

• information and communication.

What are the 6 areas ISQM deals with?

1. policies/procedures for ethical threats and reporting of ethical breaches

2. documentation of compliance with ethical requirements (obtained at least annually from personnel)

3. policies/procedures for complaints (regarding failure to comply with standards/regulation and/or SOQM)

4. policies/procedures to deal with complex client situations

5. policies/procedures for communication with audit clients about SOQM

6. policies/procedures for engagement quality reviewers’ conduct and ISQM 2 compliance.

What are the 5 quality objectives for governance and leadership?

1. the culture of the firm should recognise/reinforce: –

   -serving the public interest

   – the importance of professional ethics, values and attitudes

   – that quality is the responsibility of all staff

   – the importance of quality in strategic decisions and financial/operational priorities.

2. leadership is responsible and accountable for quality

3. leadership demonstrates a commitment to quality through actions/behaviours

4. the organisational structure supports the SOQM

5. resources needed are planned for and provided

What are the quality objectives for relevant ethical requirements?

for the firm and its staff to:

• fully understand, and

• fulfil their ethical responsibilities

What must the firm ensure when deciding whether to accept or continue with an engagement?

the firm must ensure that it does not sacrifice either quality or professional ethics for commercial benefit.

What are the quality objectives for accepting and/or continuing with an engagement?

• to judge acceptance decisions on:

  - whether the client has ethical values and integrity

  - if the firm has the ability to perform the engagement to the required standard (i.e. following ISAs and any other required professional standards)

• the firm’s financial/operational priorities do not lead to accepting/continuing engagements which it should not accept

What are the 6 quality objectives for engagement performance?

1. engagement teams need to understand and fulfil their responsibilities (including the partner’s overall responsibility for the work)

2. the nature, timing and extent of direction and supervision of engagement teams and review of the work performed must be appropriate

3. engagement teams exercise appropriate professional judgement/scepticism

4. consultation is undertaken on difficult or contentious issues

5. differences of opinion (within the engagement team) are brought to the attention of the firm and resolved.

6. documentation is assembled on a timely basis and retained to comply with relevant standards/laws

What 4 elements make up the engagement performance?

1. Direction

2. Supervision

3. Review

4. EQR

What is direction and what’s it’s relation with ISQM1?

This is the responsibility of the engagement partner, however, this duty may be passed to the most senior team member who is present at the location of the engagement

• the progress of the engagement should be tracked

• the engagement team needs to understand instructions provided

• the engagement team needs to work in line with the plan

• the planned approach needs to be modified as/when relevant matters arise

• matters which require consultation with more senior staff need to be identified

What is supervision and what’s it’s relation with ISQM1?

Supervision should be carried out closely enough so that mistakes are avoided, whilst allowing staff to demonstrate initiative through the work completed

What is review and what’s it’s relation with ISQM1?

Consideration of whether:

• the work has been performed in accordance with professional standards/law and the firm’s policies

• appropriate consultations have taken place

• there is a need to revise planned work

• the work performed supports the conclusions reached and is fully documented

• the evidence obtained is sufficient and appropriate to support the auditor's report

• the objectives of the engagement procedures have been achieved

The engagement partner should perform a review of critical areas of judgement, significant risks and other areas of importance throughout the audit.

The extent and timing of the partner's reviews should be documented.

Adequate documentation of all processes will allow the firm, or external bodies (such as the FRC or ICAEW), to evaluate the quality of work performed by the firm.

Which entities should be subject to an EQR?

Listed entities and other high-risk clients should be subject to an engagement quality review (EQR).

This is also referred to as a pre-issuance review or 'hot' review.

Who are high-risk clients?

Those which are in the public interest, those with unusual circumstances and risks, and those where laws or regulations require an EQR.

What is an EQR designed to do?

To provide an objective evaluation of the significant judgements made and conclusions reached in the final conclusions/report (like a second opinion)

What does a engagement quality reviewer do?

• understanding the nature and circumstances of the engagement

• discussion of significant matters/judgements with the engagement partner

• review of selected audit documentation relating to significant matters/judgements and conclusions reached

• evaluating the partner’s assessment of ethical independence

• evaluation of consultations/conclusions on difficult/contentious matter

What EQR matters should be considered for audits?

• the independence of the firm

• significant risks and responses to those risks

• judgements with respect to materiality and significant risks

• advice provided by external experts

• nature/scope of corrected and uncorrected misstatements

• subjects discussed with the audit committee

• whether documents support the audit opinion (in the proposed auditor’s report)

• evaluation of whether the partner has been involved throughout the audit.

When should an EQR be completed?

before the auditor’s report is signed

What are the 4 eligibility criteria for an engagement quality reviewer?

1. cannot be a member of the engagement team

2. must have competence and capabilities, including sufficient time, and the appropriate authority to perform the EQR

3. must comply with ethical requirements

4. must comply with provisions of law/regulation (if any are relevant)

What must the engagement quality reviewer be if the engagement is a statutory audit in the UK?

the reviewer must ‘be eligible for appointment as a statutory auditor

The individual needs to have an appropriate qualification to practice as an auditor (FRC)

What is the cooling off period before partners previously responsible for the engagement to become a engagement quality reviewer?

2 years

What are the 3 types of resources?

1. Human

2. Technological

3. Intellectual

Who must audit firms appoint for statutory audit work to meet UK legislation requirements?

Firms appoint one key audit partner for statutory audit work to meet UK legislation requirements, who is also an engagement partner.

Key audit partners must have:

• membership of a Recognised Supervisory Body (RSB) and be eligible for appointment (following RSB rules)

• an appropriate audit qualification and a practising certificate

• suitable statutory audit experience and CPD

What must Engagement team members be given?

sufficient time (by the firm) to consistently perform quality engagements

What are intellectual resources?

‘Intellectual resources include information the firm uses to enable the operation of the system of quality management and promote consistency in the performance of engagements’

What may intellectual resources include?

1. audit programmes

2. firm methodologies

3. subscriptions to websites that provide industry guides

What are the quality objectives for information and communication?

1. ‘the information system identifies, captures, processes and maintains relevant and reliable information that supports the SOQM

2. the culture of the firm recognises and reinforces the responsibility of personnel to exchange information with the firm and with one another

3. relevant and reliable information is exchanged throughout the firm and with engagement teams’

4. ‘relevant and reliable information is communicated to external parties’

What factors should be considered for quality objectives for information and communication?

1. technical factors

2. human factors.

What 4 areas are there with monitoring and remediation?

1. Monitor

2. Evaluate deficiencies

3. Remediate

4. Annual review

What MUST an audit firm do regarding monitoring and remediation?

• design/perform monitoring activities

• evaluate the severity of deficiencies and investigate the root cause of the deficiencies (and the effect on the SOQM)

• remediate deficiencies responsive to the root cause

Annual evaluation is required.

What is a cold review and why is it carried out?

Firms should carry out post-issuance or 'cold' reviews to ensure that quality procedures are adequate, relevant and operating effectively

What’s the purpose of a cold review?

To assess whether the firm's policies and procedures were implemented during an engagement and to identify any deficiencies therein.

It provides assurance that the SOQM within the firm is operating effectively.

When should a cold review take place?

After the auditor's report has been signed

Which files should a cold review take place on?

A sample of completed audit files.

Who should a cold review be conducted by?

A dedicated compliance or quality department/a qualified external consultant/an independent partner

What matters should be considered in a cold review?

Working papers should demonstrate that:

• sufficient appropriate evidence has been obtained

• all matters were resolved before issuing the auditor's report.

  All working papers should be:

• on file  completed

• signed as completed

• evidenced as reviewed.

  Compliance with the firm’s procedures, ISAs, ethical standards, legislation and audit regulations are considered.

What are the outcomes of a cold review?

A report of the results will be provided to the partners of the firm flagging deficiencies that require corrective action.

Recommendations will be made including:

• communication of findings

• additional quality reviews

• training

• changes to the firm's policies and procedures

• disciplinary action.

Who must evaluate a SOQM and when?

The individual who is responsible for the SOQM must evaluate it. This must be completed, at least annually

What are the 3 possible conclusions of an SOQM?

1. the SOQM provides the firm with reasonable assurance that its objectives are achieved

2. the SOQM provides the firm with reasonable assurance that its objectives are achieved, except for specific matter(s) identified

3. the SOQM does not provide the firm with reasonable assurance that the objectives are achieved

Where the objectives are not achieved, further action is necessary to manage quality risks

What does the UK Corporate Governance Code require audit committees of listed entities to do? How?

To review and monitor the external auditor’s:

• independence and objectivity

• effectiveness

This is often carried out with the use of questionnaires sent to members of the audit committee, directors, senior management and internal audit.

The external auditor is rated on factors such as communication, quality of reports, expertise, business understanding and value for money.

What are the 6 responsibilities for audit committees when seeking to manage the entity’s relationship with the external auditor? (UK Corp. Cov Code 2024)

1. being supportive of an open and competitive audit market

2. conducting the tender process for the external auditor

3. engaging with shareholders on the scope of the external audit

4. ensuring the external auditor has access to company records and staff members

5. review/monitoring the external auditor’s independence, objectivity, effectiveness (including the supply of non-audit services)

6. reporting to the board and shareholders on how these responsibilities have been discharged

What are the 3 auditor’s responsibilities for quality management ISQM1?

1. implement the firm’s responses to quality risks

2. establish if designing/implementing responses beyond the firm’s policies/procedures is required for the engagement

3. communicate all matters needed to support the firm’s SOQM

What is the objective of the auditor for managing audit quality?

The objective of the auditor is to manage quality at the engagement level.

Reasonable assurance must be obtained that quality is achieved and:

• responsibilities have been fulfilled whilst conducting the audit in line with legal requirements/professional standards

• an appropriate audit opinion has been issued

What are the leadership responsibilities for SOQM?

Ultimately it is the audit engagement partner who holds responsibility for:

• managing/achieving quality on the engagement

• creating a culture supporting the SOQM.

  They must be involved in the audit including the direction, supervision and regular communication work. They must demonstrate professional ethics and scepticism during the audit

What are the ethical requirements for engagement partner?

The engagement partner is responsible for understanding relevant ethical requirements and informing the engagement team of these and how these are addressed by the firm.

This can include:

• identifying, evaluating and addressing ethical threats (including independence)

• situations that could lead to a breach and suitable responses

• presenting the teams responsibilities regarding any non-compliance of laws/regulation issues.

  The engagement partner must monitor compliance with ethical requirements.

  Action needs to be taken (when needed) to reflect the firm’s policies/procedures, prior to the audit report being dated

What does the engagement partner need to do regarding acceptance and continuance?

The engagement partner needs to determine that the firm’s policies/procedures and auditing standards for planning/performing the audit have been correctly followed.

If the engagement team become aware of information which could cause the firm to decline the audit engagement, the engagement partner should communicate the details promptly to the firm.

The firm (and engagement partner) can then take the action required

What are the 5 engagement partner responsibilities?

1. Allocating sufficient appropriate resources

2. Directing/ supervising the team and reviewing work

3. Check EQR undertaken

4. Address and resolve any differing opinions within the engagement team

5. Check team consulted on difficult matters

How should feedback from monitoring and remediation be addressed?

Feedback relating to the conduct of the audit should be identified by the firm’s monitoring and remediation process.

The audit engagement partner should address the feedback and take any necessary action.

Who needs to take overall responsibility for the audit & when?

Before the audit report is dated, the engagement partner needs to take overall responsibility for the audit.

To do this, they must have dedicated sufficient time/attention to the engagement.

Who is responsible for documentation?

The engagement partner needs to ensure that all documentation is complete and includes all required details.