Quality Control in Auditing
Quality Control
Quality Control Requirements
Quality control is guided by standards such as International Standard on Quality Control 1 (ISQC1) and International Standard on Auditing 220 (ISA 220).
Quality Control Standards
ISQC1 and ISA 220 provide guidelines for establishing and maintaining quality control for audits of general-purpose financial statements.
International Standard on Quality Control (ISQC1)
ISQC1 is a quality control standard for firms performing audits and reviews of financial statements, as well as other assurance and related services engagements.
It applies to all professional accounting firms concerning audits and reviews of financial statements, and other assurance and related services engagements.
Definitions are outlined within the standard.
Objective of the Firm (ISQC1)
The firm aims to establish and maintain a quality control system that provides reasonable assurance that:
The firm and its personnel comply with professional standards and applicable legal and regulatory requirements.
Reports issued by the firm or engagement partners are appropriate for the circumstances.
Elements of a System of Quality Control (ISQC1)
Policies should address:
Leadership responsibilities for quality within the firm.
Relevant ethical requirements.
Acceptance and continuance of client relationships and specific engagements.
Human Resources (HR).
Engagement performance.
Monitoring.
Policies and procedures must be documented and communicated.
International Standard on Auditing 220 (ISA 220)
ISA 220 is a quality control standard addressing the specific responsibilities of the auditor regarding quality control procedures for an audit of financial statements.
Objective of ISA 220
The objective is for the auditor to implement quality control procedures at the engagement level, providing reasonable assurance that:
The auditor complies with professional standards and applicable legal and regulatory requirements.
The auditor’s report issued is appropriate in the circumstances.
Difference Between ISQC1 and ISA 220
ISQC1 deals with firms and their personnel complying with professional standards and regulatory/legal requirements.
ISA 220 sets out the quality control standards applied to individual audit engagements.
Requirements of ISA 220
Leadership responsibilities for quality on audits.
Relevant ethical requirements.
Acceptance and continuance of client relationships and audit engagements.
Assignment of engagement teams.
Engagement performance.
Monitoring.
Documentation.
ISA 220 must be read in conjunction with ISA 200, which covers the overall objectives of the independent auditor and the conduct of the audit in accordance with ISAs.
Relevant Ethical Requirements (ISQC1)
The firm shall establish policies and procedures to ensure compliance with ethical requirements, including independence and professional ethics.
Principles include:
Integrity.
Objectivity.
Professional Competence and due care.
Confidentiality.
Professional behavior.
Independence.
Ethical Requirements - Implementation
Communicate independence requirements to personnel.
Identify and evaluate relationships that create threats to independence, and take appropriate action.
Require engagement partners to provide relevant information about client engagements.
Personnel should promptly notify the firm of circumstances and relationships that could create a threat to independence.
Accumulate and communicate relevant information to appropriate personnel.
Ethical Requirements - Confirmation
The firm should obtain written confirmation (paper or electronic) from all personnel required to be independent, at least annually.
Engagement partners and individuals responsible for the engagement quality control review of audited listed companies should be rotated to comply with the IFAC Code and APB Ethical Standards.
Independence (ISQC1)
The firm shall establish policies and procedures designed to provide reasonable assurance that the firm, its personnel, and others subject to independence requirements are indeed independent.
Human Resources (ISQC1 Para 29 to 31)
ISQC1 requires firms to establish policies and procedures to ensure sufficient personnel with the capabilities, competence, and commitment to ethical principles to perform engagements in accordance with professional standards and regulatory/legal requirements.
Personnel Issues to Address
(a) Recruitment and performance evaluation:
Recruitment processes should select individuals with integrity and the capacity to develop necessary capabilities (ISQC 1 Para A24).
(b) Capabilities and competence:
Developed through professional education, work experience, and coaching (ISQC 1 Para A25).
(c) Career development:
Continuing competence relies on continuing professional development, knowledge maintenance, and performance evaluation; compensation and promotion also play a role.
Leadership Responsibilities for Quality (ISQC1)
The firm’s culture should recognize that quality is essential in performing engagements.
Quality control procedures should be communicated to all personnel (ISQC 1 Para 17).
Individuals assigned operational responsibility for the firm’s quality control system should possess sufficient experience, ability, and authority (ISQC 1 Para 19).
The engagement partner, managing partner, or a senior member of the firm responsible for quality control should have sufficient experience, ability, and authority and should assess their ability to continue in the role on an ongoing basis.
Leadership Emphasis
The firm should emphasize quality control and the requirement to:
Perform work complying with professional standards and applicable regulatory requirements.
Issue reports that are appropriate under the circumstances.
Engagement Performance (ISQC 1 paras 32 to 44)
The firm shall establish policies and procedures to ensure engagements are performed in accordance with professional standards and regulatory/legal requirements, and that the firm or engagement partner issues appropriate reports (ISQC 1 Para 32).
This is typically achieved using a standard audit program adapted for the specific entity being audited.
Policies and procedures should focus on promoting consistency, supervision, and review responsibilities.
Consistency in engagement quality is often maintained through manuals, software tools, standardized documentation, and subject-specific guidance materials.
Consultation (Engagement Performance)
Policies and procedures should promote:
Appropriate consultation on contentious matters.
Sufficient resources for appropriate consultation.
Documentation of the nature and scope of consultations.
Implementation of resulting conclusions.
Engagement Quality Control Review
Criteria for eligibility of quality control reviewers.
Documentation of the engagement quality control review.
Handling differences of opinion.
Engagement documentation.
Retention of engagement documentation.
Monitoring
Monitoring the firm’s quality control procedures.
Ongoing consideration and evaluation of the firm’s procedures.
Assigning responsibility for the monitoring process to a partner or persons with sufficient experience.
Evaluating, communicating, and remedying identified deficiencies.
Monitoring - System Requirements
The standard requires establishing policies and procedures to provide reasonable assurance that the quality control system is relevant, adequate, operating effectively, and complied with in practice.
Firms may operate as part of a network and implement monitoring procedures on a network basis for consistency.
When firms within a network operate under common monitoring policies and procedures:
The network communicates the overall scope, extent, and results of the monitoring process to appropriate individuals within the network firms annually.
Engagement partners in the network firms are entitled to rely on the results of the monitoring process implemented within the network, unless advised otherwise (ISQC 1 Para 54).
Documentation (ISQC1)
ISQC1 requires appropriate documentation to provide evidence of the operation of all elements of the quality control system.
Retention of documentation for a sufficient period or longer if required by law or regulation.
Documentation of complaints or allegations and their resolutions.
Documentation of the system of quality control.
Acceptance and Continuance
Address the element of acceptance and continuance of client relationships and specific engagements.
Ensure the personnel assigned consider the following matters:
Employ assessment criteria on the client’s integrity.
Discuss reasons for withdrawal and appropriate action with client management and those charged with governance.
Relevant Ethical Requirements (ISA 220)
Throughout the audit engagement, the engagement partner shall remain alert for evidence of non-compliance with relevant ethical requirements by team members.
If non-compliance is noted, the engagement partner, in consultation with others in the firm, shall determine the appropriate action.
Ethical Requirements - IFAC Code
Ethical requirements relating to audit engagements ordinarily comprise Parts A and B of the IFAC Code, along with more restrictive national requirements.
The IFAC Code establishes the fundamental principles of professional ethics:
Integrity.
Objectivity.
Professional competence and due care.
Confidentiality.
Professional behavior.
Independence.
Independence Conclusion (ISA 220)
The engagement partner shall form a conclusion on compliance with independence requirements.
Obtain relevant information from the firm and network firms to identify and evaluate circumstances and relationships that create threats to independence.
Evaluate information on identified breaches and take appropriate action to eliminate or reduce threats.
Leadership Responsibilities for Quality on Audits
The engagement partner is responsible for the overall quality of each assigned audit engagement.
The engagement partner sets an example regarding audit quality to the engagement team.
Leadership Actions
This example is provided through the actions of the engagement partner and through appropriate messages to the engagement team.
Such actions and messages emphasize:
The importance of:
Performing work that complies with professional standards and regulatory requirements.
Complying with the firm’s quality control policies.
The fact that quality is essential in performing audit engagements.
Acceptance and Continuance - Partner Responsibilities
The engagement partner shall be satisfied that appropriate procedures regarding acceptance and continuance have been followed and that conclusions reached are appropriate.
If the engagement partner obtains information that would have caused the firm to decline the audit engagement earlier, they should communicate that information promptly.
Assignment of Engagement Teams
The engagement partner shall be satisfied that the engagement team and any auditor’s experts have the appropriate competence and capabilities to:
Perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements.
Enable an auditor’s report that is appropriate in the circumstances to be issued.
Assignment Considerations
Consider matters such as:
Understanding the nature and complexity of the audit engagement through experience and training.
Understanding professional standards and the legal and regulatory framework.
Technical expertise in technology, accounting, and auditing.
Knowledge of the relevant industry.
Ability to apply professional judgment.
Understanding the firm’s quality control procedures.
Engagement Performance - Partner Responsibilities
The engagement partner is responsible for the direction, supervision, and performance of the audit engagement in compliance with professional standards and applicable legal and regulatory requirements; and for ensuring the auditor’s report is appropriate.
Engagement Performance - Reviews
The engagement partner is responsible for ensuring reviews are performed in accordance with the firm’s review policies and procedures. This should be done on or before the date of the auditor’s report.
Engagement Performance - Audit Evidence
Before the auditor’s report is issued, the engagement partner should be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued.
Consultation - Engagement Partner Responsibilities
The engagement partner shall take responsibility for the engagement team undertaking appropriate consultation on difficult or contentious matters.
The engagement partner must be satisfied that members of the engagement team have undertaken appropriate consultation and that conclusions are agreed upon and implemented.
Engagement Quality Control Review - Listed Entities
For audits of financial statements of listed entities, the engagement partner shall:
Determine that an engagement quality control reviewer has been appointed.
Discuss significant matters arising during the audit engagement with the engagement quality control reviewer.
Not date the auditor’s report until the completion of the engagement quality control review.
Differences of Opinion
If differences of opinion arise within the engagement team, the engagement team shall follow the firm’s policies and procedures for dealing with and resolving differences of opinion.
Monitoring - Engagement Partner Considerations
The engagement partner shall consider the results of the firm’s monitoring process.
Whether deficiencies noted in that information may affect the audit engagement.
Whether the measures the firm took to rectify the situation are sufficient in the context of that audit.
A deficiency in the firm’s system of quality control does not necessarily indicate that a particular audit engagement was not performed correctly or that the auditor’s report was not appropriate.
References
Auditing by L R Howard (latest edition).
Dynamic Auditing – student edition by Marx and van der Watt (latest edition).
International Standards on Auditing (ISAs/ SAAS).
IFAC-HANDBOOK 2010 Part I Auditing Standards.