GREAT ZIMBABWE UNIVERSITY
DEPARTMENT OF ACCOUNTING AND INFORMATION SYSTEM
COURSE CODE: MAAC511/MPAC525
APPLIED AUDITING & ASSURANCE SERVICES
NOTES
CHAPTER 4
Quality control
Subtopics
Principles and purpose
Quality control at a firm level
Quality control on an individual audit
Introduction
The role performed by auditors represents an activity of significant public interest. Quality independent audit is
crucial, both to users and to the audit profession as a whole. Poor audit quality damages the reputation of the
firm and may lead to loss of clients and thus fees, as well as an increased risk of litigation concomitant
professional insurance costs. Although there are specific standards giving guidance on how auditors should
perform their work with satisfactory quality, these can never cater for every situation. Two standards deal with
quality at a general level. These are ISQC 1 Quality control for firms that perform audits and reviews of
financial statements, and other assurance and related services engagements, and ISA 220 Quality control for
an audit of financial statements
Principles and purpose
Audit quality is not defined in law or through regulations, and neither do auditing standards provide a simple
definition. Although each stakeholder in the audit will give a different meaning to audit quality, at its heart it is
about delivering an appropriate professional opinion supported by the necessary evidence and judgements.
Many principles contribute to audit quality; including good leadership, experienced judgement, technical
competence, ethical values and appropriate client relationships, proper working practices and effective quality
control and monitoring review processes. The standards on audit quality provide guidance to firms on how to
achieve these principles.
Quality control at a firm level
The International Standard on Quality Control (ISQC 1) helps audit firms to establish quality standards for
their business.
The fact that auditors follow international auditing standards provides a general quality control framework
within which audits should be conducted. There are also specific quality control standards.
Purpose of ISQC 1
ISQC 1.11
The objective of the firm is to establish and maintain a system of quality control to provide it with reasonable
assurance that:
(a) The firm and its personnel comply with professional standards and applicable legal and regulatory
requirements; and
(b) Reports issued by the firm or engagement partners are appropriate in the circumstances.
We shall now consider the requirements of the rest of the standard, which fall into the following areas.
Page 1 of 8




Firm and leadership responsibilities for quality within the firm
Human resources
Engagement performance (see also below, the requirements of ISA 220)
Monitoring
Firm and leadership responsibilities for quality within the firm
ISQC 1.13
Personnel within the firm responsible for establishing and maintaining the firm's system of quality control shall
have an understanding of the entire text of this ISQC, including its application and other explanatory material,
to understand its objective and to apply its requirements properly.
Firms are required to ensure that the appropriate training is provided to ensure there is complete understanding
of the objectives and procedures under ISQC 1. The standard stipulates further that some firms may need to
apply additional procedures (beyond those of the standard) to ensure that the objectives are met.
The standard requires that the firm implements policies such that the internal culture of the firm is one where
quality is considered to be essential. Such a culture must be inspired by the leaders of the firm, who must
promote this culture by the example of their actions and messages. In other words, the entire business strategy
of the audit firm should be driven by the need for quality in its operations.
The firm may appoint an individual or group of individuals to oversee quality in the firm. Such individuals
must have:
 Sufficient and appropriate experience
 The ability to carry out the job
 The necessary authority to carry out the job
Human resources
The firm's overriding desire for quality will necessitate policies and procedures on ensuring excellence in its
staff, to provide the firm with 'reasonable assurance that it has sufficient personnel with the capabilities,
competence, and commitment to ethical principles necessary to perform its engagements in accordance with
professional standards and regulatory and legal requirements, and to enable the firm or engagement partners to
issue reports that are appropriate in the circumstances'.
These will cover the following issues.
 Recruitment
 Performance evaluation
 Capabilities
 Competence
 Career development
 Promotion
 Compensation
 The estimation of personnel needs
The firm is responsible for the ongoing excellence of its staff, through continuing professional development,
education, work experience and coaching by more experienced staff.
Assignment of engagement teams
The assignment of engagement teams is an important matter in ensuring the quality of an individual
assignment.
This responsibility is given to the audit engagement partner. The firm should have policies and procedures in
place to ensure that:
 Key members of client staff and those charged with governance are aware of the identity of the audit
engagement partner
 The engagement partner has appropriate capabilities, competence, authority and time to perform the
role
 The engagement partner is aware of their responsibilities as engagement partner
Page 2 of 8
The engagement partner should ensure that they assign staff with sufficient capabilities, competence and time
to individual assignments so that they will be able to issue an appropriate report.
Engagement performance
The firm should take steps to ensure that engagements are performed correctly, that is, in accordance with
standards and guidance. Firms often produce a manual of standard engagement procedures to give to all
staff so that they know the standards they are working towards. These may be in an electronic format.
Ensuring good engagement performance involves a number of issues:
 Direction
 Consultation
 Supervision
 Resolution of disputes
 Review
Many of these issues will be discussed in the context of an individual audit assignment.
ISQC 1.34
The firm shall establish policies and procedures designed to provide it with reasonable assurance that:
(a) Appropriate consultation takes place on difficult or contentious matters
(b) Sufficient resources are available to enable appropriate consultation to take place
(c) The nature and scope of, and conclusions resulting from, such consultations are documented and are
agreed by both the individual seeking consultation and the individual consulted
(d) Conclusions resulting from consultations are implemented
This may involve consulting externally, for example with other firms, or the related professional body
particularly when the firm involved is small. When there are differences of opinion on an engagement team, a
report should not be issued until the dispute has been resolved. This may involve the intervention of the quality
control reviewer.
A peer review is a review of an audit file carried out by another partner in the assurance firm.
A hot review (also known as a pre-issuance review) is a peer review carried out before the audit report is
signed.
A cold review (also known as a post-issuance review) is a peer review carried out after the audit report is
signed.
The firm should have policies and procedures to determine when a quality control reviewer will be necessary
for an engagement. This will include all audits of financial statements for listed companies.
When required, such a review must be completed before the report is signed.
The firm must also have standards as to what constitutes a suitable quality control review (the nature, timing
and extent of such a review, the criteria for eligibility of reviewers and documentation requirements).
Quality control reviews
Nature, timing and extent - It ordinarily includes discussion with the engagement partner, review of the
financial statements/other subject matter information and the report, and consideration of whether the report is
appropriate. It will also involve a selective review of working papers relating to significant judgements made.
Eligibility - The reviewer must have sufficient technical expertise and be objective towards the assignment.
Documentation - Documentation showing that the firm's requirements for a review have been met, that the
review was completed before the report was issued and a conclusion that the reviewer is not aware of any
unresolved issues.
Listed companies - The review should include:
 The engagement team's evaluation of the firm's independence in relation to the specific engagement
 Significant risks identified during the engagement and the responses to those risks
 Judgements made, particularly with respect to materiality and significant risks
 Whether appropriate consultation has taken place on matters involving differences of opinion or other
difficult or contentious matters, and the conclusions arising from those consultations
Page 3 of 8




The significance and disposition of corrected and uncorrected misstatements identified during the
engagement
The matters to be communicated to management and those charged with governance and, where
applicable, other parties such as regulatory bodies
Whether working papers selected for review reflect the work performed in relation to the significant
judgements and support the conclusions reached
The appropriateness of the report to be issued
Monitoring
The standard states that firms must have policies in place to ensure that their quality control procedures are:
 Relevant
 Operating effectively
 Adequate
 Complied with
In other words, they must monitor their system of quality control. Monitoring activity should be reported to the
management of the firm on an annual basis.
There are two types of monitoring activity, an ongoing evaluation of the system of quality control and periodic
inspection of a selection of completed engagements. An ongoing evaluation might include such questions as,
'have we kept up to date with regulatory requirements?'
A periodic inspection cycle would usually fall over a period such as three years, in which time at least one
engagement per engagement partner would be reviewed. The people monitoring the system are required to
evaluate the effect of any deficiencies found. These deficiencies might be one-offs. Monitors will be more
concerned with systematic or repetitive deficiencies that require corrective action. When evidence is
gathered that an inappropriate report might have been issued, the audit firm may want to take legal advice.
Corrective action
 Remedial action with an individual
 Communication of findings with the training department
 Changes in the quality control policies and procedures
 Disciplinary action, if necessary
Quality control on an individual audit
ISA 220 requires firms to implement quality control procedures over individual audit engagements.
The requirements concerning quality control on individual audits are found in ISA 220 Quality control for an
audit of financial statements. This international auditing standard (ISA) applies the general principles of the
ISQC we looked at in the previous section to an individual audit.
ISA 220.6
The objective of the auditor is to implement quality control procedures at the engagement level that provide
the auditor with reasonable assurance that:
(a) The audit complies with professional standards and applicable legal and regulatory requirements; and
(b) The auditor's report issued is appropriate in the circumstances.
The burden of this falls on the audit engagement partner, who is responsible for the audit and the ultimate
conclusion.
Leadership responsibilities
The engagement partner is required to set an example with regard to the importance of quality.
ISA 220.8
The engagement partner shall take responsibility for the overall quality on each audit engagement to which
that partner is assigned.
Page 4 of 8
Ethical requirements
ISA 220.9
Throughout the audit engagement, the engagement partner shall remain alert, through observation and
making inquiries as necessary, for evidence of non-compliance with relevant ethical requirements by members
of the engagement team.
ISA 220.11
The engagement partner shall form a conclusion on compliance with independence requirements that apply to
the audit engagement. In doing so, the engagement partner shall:
(a) Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate
circumstances and relationships that create threats to independence;
(b) Evaluate information on identified breaches, if any, of the firm's independence policies and procedures to
determine whether they create a threat to independence for the audit engagement; and
(c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying
safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is
possible under applicable law and regulation. The engagement partner shall promptly report to the firm any
inability to resolve the matter for appropriate action.
ISA 220.24
The auditor shall include in the audit documentation … conclusions on compliance with independence
requirements that apply to the audit engagement, and any relevant discussions with the firm that support these
conclusions.
Acceptance/continuance of client relationships and specific audit engagements
The partner is required to ensure that the requirements of ISQC 1 in respect of accepting and continuing with
the audit are followed. If the engagement partner obtains information that would have caused them to decline
the audit in the first place they should communicate that information to the firm so that swift action may be
taken. They must document conclusions reached about accepting and continuing the audit.
Assignment of engagement teams
As discussed in the previous section, this is also the responsibility of the audit engagement partner. They must
ensure that the team is appropriately qualified and experienced as a unit.
Engagement performance
Several factors are involved in engagement performance, as discussed above.
Direction
The partner directs the audit. They are required by other auditing standards to hold a meeting with the audit
team to discuss the audit, in particular the risks associated with the audit. This ISA suggests that direction
includes 'informing members of the engagement team of:
(a) Their responsibilities (including objectivity of mind and professional scepticism)
(b) Responsibilities of respective partners where more than one partner is involved in the conduct of the audit
engagement
(c) The objectives of the work to be performed
(d) The nature of the entity's business
(e) Risk-related issues
(f) Problems that may arise
(g) The detailed approach to the performance of the engagement'
Supervision
The audit is supervised overall by the engagement partner, but more practical supervision is given within the
audit team by senior staff to more junior staff, as is also the case with review. It includes:
 Tracking the progress of the audit engagement
 Considering the capabilities and competence of individual members of the team, and whether they
Page 5 of 8



have sufficient time and understanding to carry out their work
Addressing significant issues arising during the audit engagement and modifying the planned approach
appropriately
Identifying matters for consultation or consideration by more experienced engagement team members
during the audit engagement
Review
Review includes consideration of whether:
 The work has been performed in accordance with professional standards and regulatory and legal
requirements
 Significant matters have been raised for further consideration
 Appropriate consultations have taken place and the resulting conclusions have been documented and
implemented
 There is a need to revise the nature, timing and extent of work performed
 The work performed supports the conclusions reached and is appropriately documented
 The evidence obtained is sufficient and appropriate to support the auditor's report
 The objectives of the engagement procedures have been achieved
Before the audit report is issued, the engagement partner must be sure that sufficient and appropriate audit
evidence has been obtained to support the audit opinion. The audit engagement partner need not review all
audit documentation, but may do so. They should review critical areas of judgement, significant risks and other
important matters.
Consultation
The partner is also responsible for ensuring that if difficult or contentious matters arise the team takes
appropriate consultation on the matter and that such matter and conclusions are properly recorded. If
differences of opinion arise between the engagement partner and the team, or between the engagement partner
and the quality control reviewer, these differences should be resolved according to the firm's policy for such
differences of opinion.
Quality control review
The audit engagement partner is responsible for appointing a reviewer, if one is required. They are then
responsible for discussing significant matters that arise with the reviewer and for not issuing the audit report
until the quality control review has been completed.
A quality control review should include:
 An evaluation of the significant judgements made by the engagement team
 An evaluation of the conclusions reached in formulating the auditor's report ISA 220.25
The engagement quality control reviewer shall document, for the audit engagement reviewed, that:
(a) The procedures required by the firm's policies on engagement quality control review have been performed;
(b) The engagement quality control review has been completed on or before the date of the auditor's report; and
(c) The reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the
significant judgements the engagement team made and the conclusions it reached were not appropriate.
A quality control review for a listed entity will include a review of:
 Discussion of significant matters with the engagement partner
 Review of financial statements and the proposed report
 Review of selected audit documentation relating to significant audit judgements made by the audit team
and the conclusions reached
 Evaluation of the conclusions reached in formulating the auditor's report and consideration of whether
the auditor's report is appropriate
 The engagement team's evaluation of the firm's independence towards the audit
 Whether appropriate consultations have taken place on differences of opinion/contentious matters and
the conclusions drawn
Page 6 of 8

Whether the audit documentation selected for review reflects the work performed in relation to
significant judgements/supports the conclusions reached
Other matters relevant to evaluating significant judgements made by the audit team are likely to be:
 The significant risks identified during the engagement and the responses to those risks (including
assessment of, and response to, fraud)
 Judgements made, particularly with respect to materiality and significant risks
 Significance of corrected and uncorrected misstatements identified during the audit
 Matters to be communicated with management / those charged with governance
Monitoring
The audit engagement partner is required to consider the results of monitoring of the firm's (or network firm's)
quality control systems and consider whether they have any impact on the specific audit they are conducting.
Question
You are an audit senior working for the firm Addystone Fish. You are currently carrying out the audit of
Wicker Co, a manufacturer of waste paper bins. You are unhappy with Wicker's inventory valuation policy and
have raised the issue several times with the audit manager. They have dealt with the client for a number of
years and do not see what you are making a fuss about. They have refused to meet you on site to discuss these
issues.
The former engagement partner to Wicker retired two months ago. As the audit manager had dealt with
Wicker for so many years, the other partners have decided to leave the audit of Wicker in their capable hands.
Required
Comment on the situation outlined above.
Answer
Several quality control issues are raised in the above scenario:
Engagement partner
An engagement partner is usually appointed to each audit engagement undertaken by the firm, to take
responsibility for the engagement on behalf of the firm. Assigning the audit to the experienced audit manager
is not sufficient.
The lack of an audit engagement partner also means that several of the requirements of ISA 220 about
ensuring that arrangements in relation to independence and directing, supervising and reviewing the audit are
not in place.
Conflicting views
In this scenario the audit manager and senior have conflicting views about the valuation of inventory. This
does not appear to have been handled well, with the manager refusing to discuss the issue with the senior.
ISA 220 requires that the audit engagement partner takes responsibility for settling disputes in accordance
with the firm's policy in respect of resolution of disputes as required by ISQC 1. In this case, the lack of
engagement partner may have contributed to this failure to resolve the disputes. In any event, at best, the
failure to resolve the dispute is a breach of the firm's policy under ISQC 1. At worst, it indicates that the firm
does not have a suitable policy concerning such disputes as required by ISQC 1
Applying ISQC 1 proportionately with the nature and size of a firm
The International Auditing and Assurance Standards Board has issued guidance for small firms in applying
ISQC 1 in the form of a 'Questions & Answers' document. Small firms do have to apply ISQC 1 in full, but this
should not result in 'standards overload' because ISQC 1 is drafted in such a way that it can be applied
proportionately.
Only comply with relevant requirements
Importantly, firms only have to comply with requirements that are relevant to them and to the services they
are providing.
ISQC 1.14
Page 7 of 8
The firm shall comply with each requirement of this ISQC unless, in the circumstances of the firm, the
requirement is not relevant to the services provided in respect of audits and reviews of financial statements,
and other assurance and related services engagements. So a small practitioner who does not provide audit
services would clearly not be required to follow ISQC 1's requirements in relation to audit services.
Structure and formality is proportionate
Smaller firms may use less structured means and simpler processes to comply with ISQC 1. Communications
may be more informal than in a larger firm. Smaller firms still need to read ISQC 1, but they may legitimately
use their judgement in tailoring it to their circumstances. For example, it would not be necessary for a sole
practitioner to establish an explicit process for assigning personnel to engagement teams (because the 'process'
in this case would be the nonsensical statement that there is no process because there are no teams).
Using external resources
In order to comply with ISQC 1's requirements, it may be necessary to make use of the services of another
organisation, such as another firm or a professional or regulatory body. This may be particularly helpful where
ISQC 1 requires an engagement quality control review, or where there is a need for monitoring processes
which could be carried out by an external person or firm.
Documentation
ISQC 1 does require all firms to document the operation of its system of quality control. However, the form
and content of this documentation is a matter of judgement and would depend on the size of the firm and
complexity of its organisation. Smaller firms would therefore have less to document, and could make use of
less formal methods of documentation such as manual notes and checklists.
Page 8 of 8