QUALITY CONTROL OF AUDIT
WORK
Slovenian case
REPARIS Project in Macedonia
2009.04.01
Meta Duhovnik, Ph.D., SLOVENIAN INSTITUTE OF AUDITORS
Basic regulation
• EU basis:
– Directive 2006/43/ES on statutory audits of annual
accounts and consolidated accounts (Official Journal of
the EU, No. L 157 - 9. 6. 2006)
• Regulation enforced in Slovenia:
– Auditing Act (Official Journal of the Republic of Slovenia,
No. 65/2008 – 30. 6. 2008; hereinafter Zrev-2)
– ISQC 1: Quality Control for Firms that Perform Audits
and Reviews of Historical Financial Information, and
other Assurance and Related Services Engagements
2009.04.01
Meta Duhovnik, Ph.D.
Basic regulation
• Regulation enforced in Slovenia (continuation):
– ISA 220: Quality Control for an Audit of Financial
Statements
– Code of Ethics for Professional Accountants (IFAC)
– Code of Professional Conduct (Slovenian)
2009.04.01
Meta Duhovnik, Ph.D.
HIERARCHY OF THE AUDITING RULES
AUDITING ACT
(ZRev-2)
BASIC AUDITING
PRINCIPLES
CODE OF
PROPFESSIONAL
CONDUCT
PRONOUNCEMENTS OF THE
INTERNATIONAL FEDERATION
OF ACCOUNTANTS
(IFAC)
INTERPRETATION OF THE
AUDITING ACT
(SLOVENIAN AUDITING
STANDARDS)
ISQC 1
POSITIONS OF THE
AUDITING COUNCIL
EXPLANATIONS AND
GUIDELINES OF THE
AUDITING COUNCIL
METHODICAL MATERIAL OF
THE INSTITUTE
PROFESSIONAL LITERATURE
ISA 220
GENERALLY ACCEPTED
AUDITING ACTIONS IN
FOREIGN PRACTICE
1
Meta Duhovnik, Ph.D.
2009.04.01
CODE OF ETHICS
FOR PROFESSIONAL
ACCOUNTANTS
Quality control of audit work
• Quality control system of the audit
company
• External quality control
2009.04.01
Meta Duhovnik, Ph.D.
Quality control system of the audit
company in Slovenia
Auditing rules:
ISQC 1: Quality Control for Firms that Perform Audits
and Reviews of Financial Statements, and other
Assurance and Related Services Engagements
ISA 220: Quality Control for an Audit of Financial
Statements
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Engagement partner
• The partner or other person in the firm who is responsible
for the engagement and its performance, and for the report
that is issued on behalf of the firm, and who, where
required, has the appropriate authority from a professional,
legal or regulatory body.
• Engagement quality control review
• A process designed to provide an objective evaluation, on or
before the date of the report, of the significant judgments
the engagement team made and the conclusions it reached
in formulating the report.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Engagement quality control reviewer
• A partner, other person in the firm, suitably qualified
external person, or a team made up of such individuals,
none of whom is part of the engagement team, with
sufficient and appropriate experience and authority to
objectively evaluate the significant judgments the
engagement team made and the conclusions it reached in
formulating the report.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Engagement team
• All partners and staff performing the engagement, and any
individuals engaged by the firm or a network firm who
perform procedures on the engagement. This excludes
external experts engaged by the firm or a network firm.
• Firm
• A sole practitioner, partnership or corporation or other entity
of professional accountants.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Inspection
• In relation to completed engagements, procedures
designed to provide evidence of compliance by
engagement teams with the firm’s quality control
policies and procedures.
• Listed entity
• An entity whose shares, stock or debt are quoted or
listed on a recognized stock exchange, or are marketed
under the regulations of a recognized stock exchange or
other equivalent body.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Monitoring
• A process comprising an ongoing consideration and
evaluation of the firm’s system of quality control, including a
periodic inspection of a selection of completed engagements,
designed to provide the firm with reasonable assurance that
its system of quality control is operating effectively.
• Network firm
• A firm or entity that belongs to a network.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Network
– A larger structure:
• that is aimed at cooperation, and
• that is clearly aimed at profit or cost-sharing or shares
common ownership, control or management, common
quality control policies and procedures, common business
strategy, the use of a common brand name, or a significant
part of professional resources.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Partner
• Any individual with authority to bind the firm with
respect to the performance of a professional services
engagement.
• Personnel
• Partners and staff.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Professional standards
• IAASB Engagement Standards, as defined in the IAASB’s
Preface to the International Standards on Quality Control,
Auditing, Review, Other Assurance and Related Services,
and relevant ethical requirements.
• Relevant ethical requirements
• Ethical requirements to which the engagement team and
engagement quality control reviewer are subject, which
ordinarily comprise Parts A and B of the International
Federation of Accountants’ Code of Ethics for Professional
Accountants (IFAC Code) together with national
requirements that are more restrictive.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Reasonable assurance
• In the context of ISQC, a high, but not absolute,
level of assurance.
• Staff
• Professionals, other than partners, including any
experts the firm employs.
2009.04.01
Meta Duhovnik, Ph.D.
Definitions
• Suitably qualified external person
• An individual outside the firm with the competence
and capabilities to act as an engagement partner, for
example a partner of another firm, or an employee
(with appropriate experience) of either a professional
accountancy body whose members may perform
audits and reviews of historical financial information,
or other assurance or related services engagements, or
of an organization that provides relevant quality
control services.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1 compared with ISA 220
ISQC 1
ISA 220
• The quality control
policies and procedures
which are documented
and communicated to
the firms personnel.
2009.04.01
• Quality control
procedures that are
applicable to the
individual audit
engagement.
Meta Duhovnik, Ph.D.
Elements of a system of quality
control
ISQC 1
ISA 220
• Leadership responsibilities for
quality within the firm
• Relevant ethical requirements
• Acceptance and continuance of
client relationships and specific
engagements
• Human resources
• Engagement performance
• Monitoring
2009.04.01
• Leadership responsibilities for
quality on audits
• Relevant ethical requirements
• Acceptance and continuance of
client relationships and audit
engagements
• Assignment of engagement
teams
• Engagement performance
• Monitoring
Meta Duhovnik, Ph.D.
Leadership responsibilities
ISQC 1
ISA 220
• The firm’s chief executive
officer (or equivalent), or, if
appropriate, the firm’s
managing board of partners (or
equivalent) should assume
ultimate responsibility for the
firm’s system of quality control.
2009.04.01
• The engagement partner is
responsible for the overall
quality on each audit
engagement to which that
partner is assigned.
Meta Duhovnik, Ph.D.
Leadership responsibilities
ISQC 1
 Establishment of policies and procedures that address
performance evaluation, compensation, and promotion
(including incentive systems) with regard to its personnel, in
order to demonstrate the firm’s overriding commitment to
quality.
 Assignment of management responsibilities so that commercial
considerations do not override the quality of work performed.
 Provision of sufficient resources for the development,
documentation and support of quality control policies and
procedures.
2009.04.01
Meta Duhovnik, Ph.D.
Leadership responsibilities
ISA 220
 Engagement partner is taking care of importance to audit
quality of:
 performing work that complies with professional standards
and applicable legal and regulatory requirements;
 complying with the firm’s quality control policies and
procedures as applicable;
 issuing auditor’s reports that are appropriate in the
circumstances; and
 the engagement team’s ability to raise concerns without fear
of reprisals.
2009.04.01
Meta Duhovnik, Ph.D.
Leadership responsibilities
ISQC 1
• Any person assigned operational
responsibility for the firm’s system
of quality control by the firm’s
chief executive officer or
managing board of partners
should have sufficient and
appropriate experience and
ability, and the necessary
authority, to assume that
responsibility.
2009.04.01
Meta Duhovnik, Ph.D.
Ethical requirements
ISQC 1
ISA 220
Ethical requirements ordinarily
comprise Parts A and B of the
IFAC Code together with
national requirements that are
more restrictive.
2009.04.01
Meta Duhovnik, Ph.D.
Ethical requirements
The fundamental principles of
professional ethics, which include:
Integrity
Objectivity
Professional competence and due care
Confidentiality
Professional behavior
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements
The firm shall establish policies and procedures
designed to provide it with reasonable assurance that
the firm and its personnel comply with relevant ethical
requirements.
ISA 220: Ethical requirements
Throughout the audit engagement, the engagement
partner shall remain alert, through observation and
making inquiries as necessary, for evidence of noncompliance with relevant ethical requirements by
members of the engagement team.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements –
independence
 The firm establishes policies and procedures designed to provide it with
reasonable assurance that the firm, its personnel and, where applicable,
others subject to independence requirements (including network firm
personnel) maintain independence where required by relevant ethical
requirements.
 Such policies and procedures shall enable the firm to:
– communicate its independence requirements to its personnel and, where
applicable, others subject to them;
– identify and evaluate circumstances and relationships that create threats to
independence, and to take appropriate action to eliminate those threats or reduce
them to an acceptable level by applying safeguards, or, if considered appropriate, to
withdraw from the engagement, where withdrawal is permitted by law or
regulation.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements –
independence
 At least annually, the firm obtains written confirmation of compliance
with its policies and procedures on independence from all firm
personnel required to be independent by relevant ethical requirements.
 Relevant policies and procedures to assure independence are:
– setting out criteria for determining the need for safeguards to reduce the
familiarity threat to an acceptable level when using the same senior personnel
on an assurance engagement over a long period of time; and
– requiring, for audits of financial statements of listed entities, the rotation of the
engagement partner and the individuals responsible for engagement quality
control review, and where applicable, others subject to rotation requirements,
after a specified period in compliance with relevant ethical requirements.
2009.04.01
Meta Duhovnik, Ph.D.
ISA 220: Ethical requirements –
independence
 The engagement partner has to:
 obtain relevant information from the firm and, where applicable, network
firms, to identify and evaluate circumstances and relationships that create
threats to independence;
 evaluate information on identified breaches, if any, of the firm’s
independence policies and procedures to determine whether they create a
threat to independence for the audit engagement;
 take appropriate action to eliminate such threats or reduce them to an
acceptable level by applying safeguards, or, if considered appropriate, to
withdraw from the audit engagement, where withdrawal is possible under
applicable law or regulation.
 The engagement partner shall promptly report to the firm any
inability to resolve the matter for appropriate action.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Independence requires:
 independence of mind
 The state of mind that permits the expression of a
conclusion without being affected by influences that
compromise professional judgment.
 independence of appearance
 The avoidance of facts and circumstances that are so
significant that a reasonable and informed third party ,
having knowledge of all relevant information, including
safeguards applied, would reasonably conclude a firm’s or
auditor’s independence had been compromised.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Possible threats to independence
 Self-interest threat
 Self-review threat
 Advocacy threat
 Familiarity threat
 Intimidation threat
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Self-interest threat
 Self-interest threat may occur as a result of the
financial or other interests of a professional
accountant or of an immediate or close family
member.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Self-review threat
 Self-review threat may occur when a previous
judgment needs to be re-evaluated by the
professional accountant responsible for that
judgment.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Advocacy threat
 Advocacy threat may occur when a professional
accountant promotes a position or opinion to
the point that subsequent objectivity may be
compromised.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Familiarity threat
 Familiarity threats may occur when, because of a
close relationship, a professional accountant
becomes too sympathetic to the interests of
others.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Intimidation threat
 Intimidation threat may occur when a
professional accountant may be deterred from
acting objectively by threats, actual or
perceived.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Safeguards
Two broad categories:
Safeguards created by the profession,
legislation or regulation.
Safeguards in the work environment.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Safeguards created by the profession,
legislation or regulation include
 Educational, training and experience requirements for entry into the
profession.
 Continuing professional development requirements.
 Corporate governance regulations.
 Professional standards.
 Professional or regulatory monitoring and disciplinary procedures.
 External review by a legally empowered third party of the reports,
returns, communications and information produced by a professional
accountant.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Safeguards in the work environment include
Depending on the circumstances
Firm – wide safeguards
Engagement specific safeguards
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Firm-wide safeguards in the work
environment may include:
 Leadership of the firm that stresses the importance of
compliance with the fundamental principles;
 Leadership of the firm that establishes the expectation
that members of an assurance team will act in the
public interest;
 Policies and procedures to implement and monitor
quality control of engagements;
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Firm-wide safeguards (continuation 1)
 Documented policies regarding:
 the identification of threats to compliance with the fundamental
principles,
 the evaluation of the significance of these threats and
 the identification and the application of safeguards to eliminate or
reduce the threats to an acceptable level;
 For firms that perform assurance engagements,
documented independence policies regarding:
 the identification of threats to independence,
 the evaluation of the significance of these threats and
 the evaluation and application of safeguards to eliminate or reduce
the threats to an acceptable level;
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Firm-wide safeguards (continuation 2)
 Documented internal policies and procedures requiring
compliance with the fundamental principles;
 Policies and procedures that will enable the
identification of interests or relationships between the
firm or members of engagement teams and clients;
 Policies and procedures to monitor and, if necessary,
manage the reliance on revenue received from a single
client;
 Using different partners and engagement teams with
separate reporting lines for the provision of nonassurance services to an assurance client;
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Firm-wide safeguards (continuation 3)
 Policies and procedures to prohibit individuals who are
not members of an engagement team from
inappropriately influencing the outcome of the
engagement;
 Timely communication of a firm’s policies and
procedures, including any changes to them, to all
partners and professional staff, and appropriate training
and education on such policies and procedures;
 Designating a member of senior management to be
responsible for overseeing the adequate functioning of
the firm’s quality control system;
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Firm-wide safeguards (continuation 4)
 Advising partners and professional staff of those
assurance clients and related entities from which they
must be independent;
 A disciplinary mechanism to promote compliance with
policies and procedures;
 Published policies and procedures to encourage and
empower staff to communicate to senior levels within
the firm any issue relating to compliance with the
fundamental principles that concerns them.
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Engagement-specific safeguards in the work
environment may include:
 Involving an additional professional accountant to
review the work done or otherwise advise as
necessary;
 Consulting an independent third party, such as a
committee of independent directors, a professional
regulatory body or another professional accountant;
 Discussing ethical issues with those charged with
governance of the client;
2009.04.01
Meta Duhovnik, Ph.D.
IFAC Code
Engagement-specific safeguards (continuation 1)
 Disclosing to those charged with governance of the
client the nature of services provided and extent of
fees charged;
 Involving another firm to perform or re-perform part of
the engagement;
 Rotating senior assurance team personnel.
2009.04.01
Meta Duhovnik, Ph.D.
National regulation
•
•
•
•
•
Auditing Act
Code of Professional Conduct
Basic Auditing Principles
Guidelines for setting the fees
Guidelines for the Operation of the Audit
Companies
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 45(1))
 An audit company is not allowed to audit an
individual legal person if (1):
it holds investments in that legal person;
that legal person holds investments in the audit company;
the persons related to the legal person are:
close family members of the members of the management or
supervisory board or the certified auditors of an audit company,
joint indirect or direct holders of a qualifying (10%) holding in the
audit company;
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 45(1))
An audit company is not allowed to audit an
individual legal person if (2):
the audit company or any organizational unit in the
network it belongs to, or person connected with the
audit company performs or has performed in the two
years prior to concluding an agreement on the auditing
of a legal person's financial statements:
any type of accounting or bookkeeping services,
valuation services for the purpose of financial reporting that
could affect the items in the financial statements,
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 45(1))
An audit company is not allowed to audit an
individual legal person if (3):
tax consultation services that could affect items in the financial
statements,
agency services in tax and judicial procedures regarding tax
matters,
internal auditing services,
services involving the set-up or introduction of an information
system that includes the area of accounting or the generation
of information included in the financial statements of a legal
person,
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 45(1))
 An audit company is not allowed to audit an individual
legal person if (4):
business and financial services that affect items in the financial
statements and business and financial services that include
advertising, trading or guarantees for the equity and debt securities of
a legal person,
legal services,
any other services that could affect the items in the financial
statements;
it is connected with a legal person in some other way and
doubt regarding the independence and objectivity of auditing
may exist due to this connection.
2009.04.01
More restrictive national requirements –
Auditing Act (Article 45(2))
A certified auditor is not allowed to audit an
individual legal person if (1):
he/she has, as key audit partner, audited the financial
statements of a legal person for seven consecutive years
following the date of his/her first appointment, and if
following the last audit, two years have not passed for
which another key audit partner audited the financial
statements;
he/she holds investments in that legal person;
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 45(2))
A certified auditor is not allowed to audit an
individual legal person if (2):
he/she is connected with a legal person in some other
way, and doubt regarding the independence and
objectivity of auditing may exist due to this connection;
he/she performs or has performed services affecting the
financial statements in the two years prior to carrying
out auditing tasks.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 46)
A certified auditor or key audit partner that
audits financial statements may not assume the
function of member or consultant of a
management body or head of an accounting
and/or financial department at the legal person
being audited until at least two years have
passed following the cessation of audit work as a
certified auditor or key audit partner.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 47(4))
The price for auditing services shall not
be conditional on the provision of
additional services for the audited legal
person or
dependent on any other conditions.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 9(2))
One of the tasks and competencies of the
Institute in the field of auditing and other
specialist fields related to auditing:
defining guidelines for setting the fees for
auditing services and corporate, real
estate, machines and equipment
valuation services.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national recommendations –
Guidelines for Setting the Fees
Guidelines:
The fee has to be adequate to the nature, timing and
extent of the work performed.
The recommended prices:
assistant
auditor
manager
certified auditor
engagement partner
between 34,92 and 43,65 €
between 56,74 and 69,84 €
between 78,57 and 104,76 €
between 104,76 and 126,58 €
between 135,31 and 161,50 €
The invoice has to be paid within 8 days after receipt.
No more than 60 % can be required in advance.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements – Code
of Professional Conduct
Rule 1 (Independence)
The audit firm is not allowed to gain the
majority of the revenue from only one source.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Guidelines for the Operation of the Audit Companies
Any action that could threaten the
independence of personnel
for example employment offering, or
 service offering,
is forbidden.
2009.04.01
Meta Duhovnik, Ph.D.
Acceptance and continuance of client relationships and
specific engagements
ISQC 1
 The firm has to establish policies and procedures for the
acceptance and continuance of client relationships and specific
engagements, designed to provide the firm with reasonable
assurance that it will only undertake or continue relationships
and engagements where the firm:
 is competent to perform the engagement and has the
capabilities, including time and resources, to do so;
 can comply with relevant ethical requirements; and
 has considered the integrity of the client, and does not have
information that would lead it to conclude that the client
lacks integrity.
2009.04.01
Meta Duhovnik, Ph.D.
Client relationships
ISQC 1
The firm has to obtain such information as
it considers necessary in the circumstances
before accepting an engagement with a new
client, when deciding whether to continue
an existing engagement, and when
considering acceptance of a new
engagement with an existing client.
2009.04.01
Meta Duhovnik, Ph.D.
Client relationships
ISQC 1
If issues have been identified, and the
firm decides to accept or continue the
client relationship or a specific
engagement, the firm has to document
how the issues were resolved.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Client relationships
 The firm has to establish policies and procedures on continuing
an engagement and the client relationship, addressing the
circumstances where the firm obtains information that would
have caused it to decline the engagement had that information
been available earlier. Such policies and procedures shall include
consideration of:
 the professional and legal responsibilities that apply to the
circumstances, including whether there is a requirement for the
firm to report to the person or persons who made the
appointment or, in some cases, to regulatory authorities; and
 the possibility of withdrawing from the engagement or from both
the engagement and the client relationship.
2009.04.01
Meta Duhovnik, Ph.D.
ISA 220
Client relationships
• The engagement partner has to
 assure that appropriate procedures regarding the
acceptance and continuance of client
relationships and audit engagements have been
followed, and
 determine that conclusions reached in this regard
are appropriate.
2009.04.01
Meta Duhovnik, Ph.D.
ISA 220
Client relationships
 If the engagement partner obtains information
that would have caused the firm to decline the
audit engagement had that information been
available earlier, the engagement partner has to
communicate that information promptly to the
firm, so that the firm and the engagement
partner can take the necessary action.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Human resources
 The firm has to establish policies and procedures designed
to provide it with reasonable assurance that it has
sufficient personnel with the competence, capabilities, and
commitment to ethical principles necessary to
 perform engagements in accordance with professional
standards and applicable legal and regulatory
requirements; and
 enable the firm or engagement partners to issue reports
that are appropriate in the circumstances.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Human resources
 Personnel issues relevant to the firm’s policies and
procedures related to human resources include, for
example:








Recruitment
Performance evaluation
Capabilities, including time to perform assignments
Competence
Career development
Promotion
Compensation
The estimation of personnel needs
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Human resources
Competence is the knowledge and
skills necessary to accomplish tasks
that define the individual’s job.
Competence can be developed through a
variety of methods, including the following:




Professional education
Continuing professional development, including training
Work experience
Coaching by more experienced staff, for example, other
members of the engagement team
 Independence education for personnel who are required to
be independent
2009.04.01
Meta Duhovnik, Ph.D.
Assignment of engagement teams
MSR 220
• The engagement partner has to assure that the
engagement team, and any auditor’s experts who
are not part of the engagement team, collectively
have the appropriate competence and capabilities
to:
 perform the audit engagement in accordance with
professional standards and applicable legal and
regulatory requirements; and
 enable an auditor to issue a report that is appropriate
in the circumstances.
2009.04.01
Meta Duhovnik, Ph.D.
MSR 220
Engagement teams
• The engagement partner may take into consideration
such matters as the team’s:
 understanding of, and practical experience with, audit
engagements of a similar nature and complexity through
appropriate training and participation;
 understanding of professional standards and legal and regulatory
requirements;
 technical expertise, including expertise with relevant information
technology and specialized areas of accounting or auditing;
 knowledge of relevant industries in which the client operates;
 ability to apply professional judgment;
 understanding of the firm’s quality control policies and
procedures.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance
 The firm has to establish policies and procedures
designed to provide it with reasonable assurance that
 engagements are performed in accordance with
professional standards and applicable legal and
regulatory requirements, and
 the firm or the engagement partner issue reports that
are appropriate in the circumstances.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance
Such policies and procedures have to include:
 matters relevant to promoting consistency in the
quality of engagement performance;
 supervision responsibilities;
 review responsibilities.
 The firm’s review responsibility policies and
procedures have to be determined on the basis that
work of less experienced team members is reviewed by
more experienced engagement team members.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance - consultation
The policies and procedures of the firm have to
assure that:
 appropriate consultation takes place on difficult or
contentious matters;
 sufficient resources are available to enable appropriate
consultation to take place;
 the nature and scope of, and conclusions resulting from, such
consultations are documented and are agreed by both the
individual seeking consultation and the individual consulted;
and
 conclusions resulting from consultations are implemented.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Engagement quality control
review
The firm has to establish policies and
procedures requiring, for appropriate
engagements, an engagement quality control
review that provides an objective evaluation of
the significant judgments made by the
engagement team and the conclusions reached
in formulating the report.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Engagement quality control
review
Policies and procedures have to:
 require an engagement quality control review for all
audits of financial statements of listed entities;
 set out criteria against which all other audits and reviews
of historical financial information and other assurance
and related services engagements shall be evaluated to
determine whether an engagement quality control review
should be performed; and
 require an engagement quality control review for all
engagements, if any, meeting the criteria established.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Engagement quality control
review
 The firm has to establish policies and procedures
setting out the
 nature,
 timing and
 extent
of an engagement quality control review. Such policies
and procedures require that the engagement report not
be dated until the completion of the engagement
quality control review.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Engagement quality control
review
 The firm has to establish policies and procedures on
documentation of the engagement quality control
review which require documentation that:
 the procedures required by the firm’s policies on engagement
quality control review have been performed;
 the engagement quality control review has been completed on or
before the date of the report; and
 the reviewer is not aware of any unresolved matters that would
cause the reviewer to believe that the significant judgments the
engagement team made and the conclusions it reached were not
appropriate.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Differences of opinion
 The firm has to establish policies and procedures for
dealing with and resolving differences of opinion
within the engagement team, with those consulted
and, where applicable, between the engagement
partner and the engagement quality control reviewer.
 Conclusions reached have to be documented and
implemented.
 The report must not be dated until the matter is
resolved.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Engagement performance – Engagement documentation
 The firm has to establish policies and procedures for
 engagement teams to complete the assembly of final
engagement files on a timely basis after the engagement
reports have been finalized;
 In the case of an audit such a time limit would ordinarily not
be more than 60 days after the date of the auditor’s report.
 the retention of engagement documentation for a period
sufficient to meet the needs of the firm or as required by law
or regulation.
 In the specific case of audit engagements, the retention period
would ordinarily be no shorter than five years from the date of
the auditor’s report, or, if later, the date of the group auditor’s
report.
2009.04.01
Meta Duhovnik, Ph.D.
More restrictive national requirements –
Auditing Act (Article 39 (2))
When auditing financial statements, the audit
company must ensure that:
 the certified auditor who signs the audit report on financial
statements, participates in at least 15% of total audit time;
 the total number of working hours of the assistants of the
certified auditor with more than two years of audit
experience account for at least 60% of total audit time;
 the total number of working hours of other persons in the
audit group account for a maximum of 25% of total audit
time.
2009.04.01
Meta Duhovnik, Ph.D.
National requirements – Auditing Act (Article
39 (5))
The audit company shall store the audit
documentation for six years following the
completion of an audit.
2009.04.01
Meta Duhovnik, Ph.D.
ISA 220
Engagement performance
• The engagement partner has to take responsibility for:
 the direction, supervision and performance of the audit engagement in
compliance with professional standards and applicable legal and
regulatory requirements;
 the auditor’s report being appropriate in the circumstances;
 reviews being performed in accordance with the firm’s review policies
and procedures;
 the engagement team undertaking appropriate consultation on difficult or
contentious matters;
 not dating the auditor’s report until the completion of the engagement
quality control review (where applicable);
 following the firm’s policies and procedures for dealing with and
resolving differences of opinion within the engagement team, with those
consulted or, where applicable, between the engagement partner and the
engagement quality control reviewer.
2009.04.01
Meta Duhovnik, Ph.D.
National requirements – Auditing
Act (Article 37 (3))
• Engagement performance – consultation
Whenever the testing and assessment of
individual items in the financial statements
require professional knowledge not available
to a certified auditor, the legal person has to,
at the request of the audit company, obtain an
expert opinion or appraisal from a certified
appraiser.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Monitoring
The firm has to establish a monitoring
process designed to provide it with
reasonable assurance that the policies and
procedures relating to the system of quality
control are relevant, adequate, and operating
effectively.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Monitoring
The monitoring process has to:
include an ongoing consideration and evaluation of the
firm’s system of quality control including, on a cyclical
basis, inspection of at least one completed engagement
for each engagement partner;
require responsibility for the monitoring process to be
assigned to a partner or partners or other persons with
sufficient and appropriate experience and authority in
the firm to assume that responsibility;
require that those performing the engagement or the
engagement quality control review are not involved in
inspecting the engagements.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Monitoring
• The firm has to evaluate the effect of deficiencies noted
as a result of the monitoring process and determine
whether they are either:
– instances that do not necessarily indicate that the firm’s
system of quality control is insufficient to provide it with
reasonable assurance that it complies with professional
standards and applicable legal and regulatory requirements,
and that the reports issued by the firm or engagement
partners are appropriate in the circumstances;
– systemic, repetitive or other significant deficiencies that
require prompt corrective action.
2009.04.01
Meta Duhovnik, Ph.D.
ISQC 1
Monitoring – Documentation of the
System of Quality Control
• The firm has to establish policies and procedures
requiring
– appropriate documentation to provide evidence of the operation
of each element of its system of quality control,
– retention of documentation for a period of time sufficient to
permit those performing monitoring procedures to evaluate the
firm’s compliance with its system of quality control, or for a
longer period if required by law or regulation,
– documentation of complaints and allegations and the responses
to them.
2009.04.01
Meta Duhovnik, Ph.D.
ISA 220
Monitoring
 The engagement partner has to consider
 the results of the firm’s monitoring process as
evidenced in the latest information circulated by the
firm and, if applicable, other network firms and
 whether deficiencies noted in that information may
affect the audit engagement.
 A deficiency in the firm’s system of quality control does not
necessarily indicate that a particular audit engagement was not
performed in accordance with professional standards and
applicable legal and regulatory requirements, or that the auditor’s
report was not appropriate.
2009.04.01
Meta Duhovnik, Ph.D.
External quality control
• Main objectives:
to ensure auditors meet their obligation to society to provide
work of the highest quality;
to fulfill the need to sustain public confidence in the profession
by demonstrating a concern for maintaining high standards of
professional work;
to avoid the adverse consequences of sub-standard work and
loss of public confidence;
to encourage, educate and assist members and member audit
firms in achieving the highest standards of professional work,
consistently throughout the profession.
2009.04.01
Meta Duhovnik, Ph.D.
Legal basis
 Auditing Act
 IFAC pronouncements
 Institute’s auditing rules
2009.04.01
Meta Duhovnik, Ph.D.
The basis for disciplinary
procedure
• Zrev-2
• Act on general administrative
procedure
2009.04.01
Meta Duhovnik, Ph.D.
Competence for external
quality control
• Institute – Auditing Council
– The president of the Auditing Council represents the Institute in the
procedures to be performed by the Auditing Council under public
authorization given to the Auditing Council by the Auditing Act.
• Agency for the Public Oversight of Auditing
(hereinafter Agency) – Expert Council
2009.04.01
Meta Duhovnik, Ph.D.
Auditing Council
• decides about the issue of licences for auditing
firms and certified auditors;
• supervises the auditing;
• adopts the auditing rules;
• defines the criteria for obtaining the certificate of
a certified auditor;
• performs other professional tasks related to the
development of the auditing profession.
2009.04.01
Meta Duhovnik, Ph.D.
Auditing Council
• Seven members:
– the director of the Institute;
– four members with the license of a certified
auditor;
– two representatives of the interested public
with appropriate knowledge and experience
in the field of accountancy and finance.
• Appointed for a term of four years.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control
• Audit companies
• Certified auditors
2009.04.01
Meta Duhovnik, Ph.D.
Monitoring
• Carried out by experts:
– authorized by the Director of the Institute
and employed at the Institute:
• 3 certified auditors and 1 lawyer;
– authorized by the Agency.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Audit companies
• verification of whether individual entities meet the
conditions for the issue of a license to provide
auditing services:
– Institute – directly, Agency – indirectly;
• continuous verification of whether certified
auditors and audit companies meet the conditions
for entry in the appropriate register;
– Institute – directly, Agency – indirectly;
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Audit companies
(continuation)
• monitoring, collection and verification of reports and
notifications of audit companies and other persons that
are obliged to report to or notify the Institute with regard
to individual facts and circumstances in accordance with
the provisions of Zrev-2 and other acts:
– Institute and Agency;
• examinations of the operations of audit companies:
– Institute and Agency;
• imposing measures of supervision in accordance with
ZRev-2:
– Agency.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Audit companies
• Examinations of the operations of audit
companies have to be carried out:
– at least every three years for audit companies
carrying out statutory audits of entities whose
securities are traded on the regulated securities
market of any Member State;
– at least every six years for other audit
companies.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Audit companies
• The supervision of an audit company includes:
• an examination of the quality control system at the audit
company;
• verification of the independence of the certified auditors from
the audit clients;
• verification of the compliance of auditing procedures with
auditing rules;
• an assessment of the quality and quantity of factors used
(composition of the auditing team and working hours);
• an examination of the auditing services charged;
• direct supervision of certified auditors.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Certified auditors
• Direct supervision of certified auditors is carried
out in a way that the quality of their work is
verified (during the supervision of the audit
company) with an examination of the complete
audit documentation related to the audit of at
least one client in the period since the last
supervision was carried out.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control – Supervisors
• A person carrying out the supervision of audit companies and the
tasks performed by a certified auditor has to
– be a certified auditor;
– possess a high level of active knowledge of the Slovenian language;
– fulfill the special ethical requirements (no conviction of a crime
against property or an economic crime that has yet to expunged
from the record).
• A supervisor has to prepare a written report on the examination
of the quality of auditing that shall contain the main findings of
the review.
2009.04.01
Meta Duhovnik, Ph.D.
Disciplinary sanctions for
certified auditors
• withdrawal of the licence;
• public warning.
2009.04.01
Meta Duhovnik, Ph.D.
Withdrawal of the licence
• the license was obtained by stating false data;
• the conditions required (Article 48 of Zrev-2) were not fulfilled upon
acquisition of the license;
• certified auditor has been convicted of a commercial or property crime;
• certified auditor holds investments in the client;
• certified auditor is connected with the client in another manner that could
give rise to a doubt as to the independence and objectivity of auditing;
• certified auditor violates the auditing rules, which results in a deficient and
misleading audit report;
• certified auditor violates the duty to protect confidential data;
• certified auditor repeatedly violates other provisions of auditing rules.
2009.04.01
Meta Duhovnik, Ph.D.
Conditional withdrawal of the licence
The Agency may provide that the withdrawal will not
be implemented if within the time limit set by the
Agency of no less that six months and not exceeding
two years, the certified auditor refrains from
committing another violation giving rise to the
withdrawal of the license or a public warning.
2009.04.01
Meta Duhovnik, Ph.D.
Public warning
• violation of the auditing rules;
• no grounds for withdrawal or conditional
withdrawal of the licence.
2009.04.01
Meta Duhovnik, Ph.D.
Disciplinary sanctions for
auditing firms
• order for elimination of violation;
• imposition of additional measures;
• withdrawal of the licence.
2009.04.01
Meta Duhovnik, Ph.D.
Order for elimination of violation
• The audit company
–
–
–
–
–
violates the prohibition connected with the investments;
carries out the activities prohibited under Zrev-2;
is organized as a joint-stock company but it has not issued registered shares;
violates the duty of reporting and notification;
fails to publish transparency report (if applicable) on its website within three
months of the conclusion of each financial year;
– fails to meet any of the conditions for the issue of a license to provide
auditing services;
– violates other auditing rules.
2009.04.01
Meta Duhovnik, Ph.D.
Imposition of additional measures
• Serious violation of auditing rules.
• Measures:
• the improvement of procedures of internal supervision of
auditing;
• the improvement of procedures of internal supervision
concerning the flow of confidential data;
• the change of internal structure of the auditing firm;
• other measures required for implementation of the
auditing rules.
2009.04.01
Meta Duhovnik, Ph.D.
Withdrawal of the licence
• the licence was obtained by stating false
data;
• additional measure was imposed on the
auditing firm, and the competent body (old
or newly appointed) failed to eliminate the
violations and/or to take additional
measures.
2009.04.01
Meta Duhovnik, Ph.D.
Quality control
• Financial resources:
– Institute
• tariff (fee for the supervisory function)
– Agency
• main source: state budget
• sanctions and offences: tariff
2009.04.01
Meta Duhovnik, Ph.D.
Reporting under Zrev-2 (Article 77)
An audit company has to:
• notify the Institute of all changes regarding all facts and
circumstances, based on which it obtained a license to provide
auditing services, within ten days;
• once a year until the end of May of the current year, report data
regarding the following to the Institute and Agency:
– holders of the audit company's shares and the acquisition of or changes to
qualifying holdings;
– investments based on which the audit company has indirectly or directly
acquired a qualifying holding in another legal person, and any subsequent
investments in that legal person;
– changes to the articles of association or memorandum of association and all
other acts of the audit company;
2009.04.01
Meta Duhovnik, Ph.D.
Reporting under Zrev-2 (Article 77)
• reporting once a year (continuation):
– changes to a cooperation agreement with another audit company or the
conclusion of a new cooperation agreement with another audit company;
– the method of calculating the amount of auditor's liability insurance and the
method of insuring the auditor's liability;
– employees;
– all contracts on the auditing of financial statements that the audit company
concluded with clients from the previous accounting period and all contracts
that the audit company concluded for other assurance engagements and
agreed-upon procedures engagements;
– number of planned and actual hours for each member of the audit team for
each individual audit of financial statements;
– number of audit reports signed by an individual certified auditor.
2009.04.01
Meta Duhovnik, Ph.D.
Reporting under Zrev-2 (Article 77)
• The audit company is obliged to report to the Agency and
Institute the number of audit reports an individual
certified auditor employed or in a contractual relationship
with the audit company signed in connection with audits
performed of individual and consolidated financial
statements and the contents of concluded contracts on
the auditing of financial statements in the manner, to the
extent and by deadlines defined by the Agency in special
regulations.
2009.04.01
Meta Duhovnik, Ph.D.
Reporting under Zrev-2 (Article 77)
• An audit company has to inform the Institute and Agency
in writing about the dismissal or resignation of an audit
company during a period for which it has been appointed,
and appropriately explain the reasons for dismissal or
resignation.
• If requested by the Institute or Agency, an audit company
has to submit reports and information on all issues
relevant to supervision or to carrying out other
competencies and tasks of the Institute or Agency.
2009.04.01
Meta Duhovnik, Ph.D.
Rules of the Auditing Council
• Internal (more detailed) rules regarding the
procedure of supervision.
• Written statement regarding independence
and objectivity of the members.
2009.04.01
Meta Duhovnik, Ph.D.
Auditing of the financial statements
• Commercial sector
– statutory audit according to the Companies Act and
Auditing Act
• Public sector
– statutory audit according to the Accounting Act and
Public Finance Act
– internal audit according to the Public Finance Act
– supervision of the Court of Audit
2009.04.01
Meta Duhovnik, Ph.D.
The Accounting Profession
Commercial Sector
• Statutory audit:
– large and medium-sized companies
– dual companies
– small listed companies
– companies obliged to draw up consolidated financial
statements
– banks
– insurance companies
2009.04.01
Meta Duhovnik, Ph.D.
The Accounting Profession
Public Sector
• Audit under the Accounting Act:
– mandatory for large legal entities that provide
public services
– possible (minister’s or mayor’s requirement)
• for the financial statements of the legal entities with at
least 15% state or municipality ownership
• Internal audit under the Public Finance Act
– mandatory for all direct and indirect Budget users
2009.04.01
Meta Duhovnik, Ph.D.
The Auditing Profession
• The period 1996 - 2001
– the first Slovenian Auditing Act
• the Institute is responsible for the monitoring of
statutory audits
– special rules accepted by the Council of Experts
• peer review system
– 43 auditing firms
– 100 statutory auditors - practitioners
2009.04.01
Meta Duhovnik, Ph.D.
The Auditing Profession
• The period 2002 - 2008
– the second Slovenian Auditing Act
• the quality control procedure is prescribed in details by
the act
– monitoring system
• the experts of the Institute
– one lawyer
– four certified auditors
– 42 auditing firms
– 130 statutory auditors - practitioners
2009.04.01
Meta Duhovnik, Ph.D.
The Auditing Profession
• The period 2008 – The third Slovenian Auditing Act
• the quality control procedure is prescribed in details by the
act
– monitoring system
• the experts of the Institute
– one lawyer
– three certified auditors
• the experts of the Agency
– 50 auditing firms
– 115 statutory auditors - practitioners
2009.04.01
Meta Duhovnik, Ph.D.
The Auditing Profession
Certified auditor
Non-practitioner
• who at least three years prior
• university degree
to the involvement in the
• a minimum of five years
public oversight system
working experience (minimum
of three years in auditing)
– has not carried out
• professional examination of
statutory audits
certified auditor
– has not held voting rights in
• no previous withdrawal of a
an auditing firm
license
– has not been a member of
• no conviction of a commercial or
the administrative or
property crime
management body of an
• knowledge of the Slovenian
audit firm
language
– has not been employed or
• the license is not tied up to the
otherwise associated with
performance of audits
an auditing firm
2009.04.01
Meta Duhovnik, Ph.D.
The Auditing Profession
Disciplinary measures on the basis of the
Auditing Act issued in 2001
Year
2003
Year
2004
Year
2005
Year
2006
Year
2007
Year
2008
Total
Public warnings
9
6
2
3
4
2
26

final
9
6
1
3
–
1
20

Suits at the Supreme
Court of the Republic of
Slovenia
–
–
1
–
4
1
6
Withdrawal (final)
1
–
–
–
–
–
1
Orders for elimination of
the violation
–
–
–
–
–
1
1
Certified auditors
Audit companies
Orders for elimination of
4
3
10
7
3
3
30*
the violation
*Two orders for elimination of the violation were issued before 2003; one in 2001 and one in
2002.
2009.04.01
Meta Duhovnik, Ph.D.
Publishing of final sanctions
The summarised decision is to be published in
the professional journal of the Institute
(Revizor - The Auditor).
2009.04.02
Meta Duhovnik, Ph.D.
meta.duhovnik@si-revizija.si
SLOVENIAN INSTITUTE OF
AUDITORS
Tel.: +386 568 55 54
www.si-revizija.si
2009.04.01
Meta Duhovnik, Ph.D.