Quality Audit to Uphold Public Interest –
the ISQC Way
Presentation by Bill Palmer – ICAA (The Institute of Chartered
Accountants in Australia)
In the context of the theme of the conference – “The new Economic Model –
Value Chain Transformation” and Tack A “Professionalism” the requirements of
International Standards on Quality Control essentially translate into sensible
business risk management.
The objective is that firms who perform audits and other assurance engagements
should establish and maintain a system of quality control that provides
reasonable assurance that:
>
>
The firm and its personnel comply with professional standards and
applicable legal and regulatory requirements
Reports issued by the firm or engagement partners are appropriate in the
circumstances
The Standard requires that these objectives be
achieved by requiring the:
>
>
>
Establishment
Documentation; and
Communication to personnel
of policies and procedures which cover the elements of:
>
>
>
>
>
>
Leadership responsibilities for quality within the firm
Relevant ethical requirements
Acceptance and continuance of client relationships and
specific engagements
Human resources
Engagement performance
Monitoring
What I propose to share with you
today is…
Our experience with implementing these requirements from the
perspective of:
>
>
>
Practitioners; both large and small
ICAA as a professional body
Regulators
Quality Audit to Uphold Public Interest – the ISQC way
Practitioners
Large practices
>
Documented policies and procedures not always followed
Small practices
>
Lack of documentation and difficulty with application especially for one
partner practices
Professional Body - ICAA
>
Tools to assist members meet requirements
>
Quality review program
Regulators
>
Force of law auditing standards
>
Inspections
ICAA in Asia
>
>
>
Relationship with MICPA
Activities with MIA
Malaysian members group
Practitioners
Large
>
>
>
>
>
Concerns about force of law – Post Enron reforms
Preamble to standards
Duplication of reviews
Regulator inspections (tone at the top, partner earnings
PCAOB
Small
>
>
>
>
One size fits all
Too complex
General practice
Application of ISQC
Response from ICAA
>
>
>
>
Toolkits
Practice model alternatives
Reporting thresholds
Alternate services – differential audit
Tools to assist members meet
requirements
>
>
>
>
>
>
>
>
>
Australia adopted ISQC1 in 2006
ICAA produced Quality Control Guide
Guide incorporates pro-forma documentation which can be
downloaded and tailored to individual firms
Auditing toolkit
IFAC Guide to Quality Control for Small and Medium sized
Firms
ICAA Independence Checklist
ICAA Handbook updated online every 8 weeks
ICAA weekly technical newsletters
Using Malaysian Standards on Auditing in the Audits of small
and medium sized entities
Quality Review Program
>
>
>
>
>
>
>
>
>
>
>
>
>
Covers the 5 elements of ISQC1
Are procedures and practices in place?
Are they documented?
How are they communicated?
Review manuals and work papers
Select cross section of engagement files to assess whether
quality control is being followed – Do not second guess
opinion
Reviewer is selected and contracted to ICAA but a working
practitioner
Institute review team ensure consistency
Cycle – every 3 years
Risk based approach – listed clients and results of prior
reviews
Report – findings and suggestions
Categories of report
Annual report findings
Quality Review Findings
Documentation
>
Insufficient audit evidence to support the audit opinion
>
Insufficient documentation in a particular audit area
>
Terms of engagement
>
Planning
>
Understanding the Entity and Its Environment and
Assessing the risks of material misstatement
>
Consideration of fraud
>
Analytical procedures
>
Subsequent events
>
Going concern
Quality Review Findings
Independence
>
No or inadequate documentation when considering threats
to independence
>
Appropriate safeguards not applied when carrying out audit
and accounting functions for a client
Quality Control
>
System of control not documented
>
System not adequately documented
>
Consideration of client relationship not documented before
commencing work
>
No written annual confirmation of compliance on
independence
Training and Development
>
Minimum required hours not completed
Regulator
Monitor audit quality by:
>
Registration of who can act as a registered company auditor
>
>
>
90% of registered company auditors are sole
practitioners
>
65% have been registered for 20 years or more
>
Big 4 equates to 46% of all listed companies
>
97% by market capitalisation of the top 300
Review systems of quality control to ensure compliance with law, auditing
standards and professional and ethical standards (top down approach)
Engagement file reviews, as part of a second round top down approach and also
for review of smaller firms by way of risk assessment
Regulator Findings
>
>
>
>
>
>
Categorise firms as A, B or C
Categories according to whether previously inspected
Category A generally at the smaller end of the top 15-20
Some category A firms have been found to not be taking a
sufficiently proactive approach to planning and implementing
effective policies, systems and processes to ensure
compliance with legislation and professional and ethical
standards for independence and quality
Engagement file reviews indicated in some instances a lack
of sufficient evidence to support certain audit assertions and
need to reinforce compliance with mandatory audit
standards
Failure to record all the work performed. The assumption is
that if it is not written down, it has not been done
Outcomes
>
>
>
>
>
Concentration
Specialisation
Assurance framework for Climate Change opportunities
Attractiveness of the profession
Liability capping
Observations from Overseas
Inspectors
>
>
>
>
>
>
>
UK – FRC Professional Oversight Board
US – Public Company Oversight Board
Singapore – Accounting & Corporate Regulatory Authority
Extent & involvement of concurring partner
Documentation of thought process underlying significant
audit judgment
Analytical review – investigation of variances
Use of the work of specialists
Larger Firms
> Implementation of systems of quality control
Smaller Firms
> Comprehensiveness of system of quality control
Quality Control
Implementation Assistance
MIA – CCH Quality Control Manual
Guide for Establishing and Maintaining a System of QC
for an Accounting and Auditing Practice
IFAC Guide
Guide to Quality Control for Small and Medium Sized
Practices
Audit Quality Rating Portal
UK Auditing Practices Board
Guidance on smaller Entity Audit Documentation
(Exposure Draft)
Financial Reporting Supply Chain
Quality Control
Public Interest
Capital Markets
Creditability
Financial Statements
Prepared in accordance
with IFRS
Audit undertaken in accordance with
IAS by ISQCI compliant auditor
International Standards
Audits & Ethics
International Audit
Standards
Using International
Auditing Standards in the
Audits of Small & Medium
sized Entities
Toolkit Working
Papers
Quality Review
SMO1
Quality Assurance program
Documentation
Quality Control
ISQCI
Quality Control
Guide
Implementation Guide
IFAC
The Code of Ethics for
Professional
Accountants
Independence Check List
Quality Control
Member Body
SMO 1
Requires Member
Member
Requires Member body to
ISQC 1
Establish review process
Regulator or
oversight
body
Member Inspection
Member body
ISQC 1
SMO 1
ISQC1
>
>
>
>
>
>
Commitment from the Top – Culture
Specific person responsible with CEO mandate
Independence
Acceptance and continuance – good risk management
Skill and competence of engagement team
Engagement performance – review of consultation
> Engagement quality review – listed only
> Monitoring – profession body program
> Documentation – not written down, not done