Syllabus and Study Guide

Quality control
a) Explain the principles and purpose of quality control of audit and other assurance
engagements.
b) Describe the elements of a system of quality control relevant to a given firm.
c) Select and justify quality control procedures that are applicable to a given audit
engagement.
d) Assess whether an engagement has been planned and performed in accordance with
professional standards and whether reports issued are appropriate in the
circumstances.
 Exam Focus
Quality control is one of the professional issues that must be considered
before acceptance of a new client. In addition, a common requirement in
the P7 exam is to critically evaluate the audit work already performed on
an engagement and identify if the audit has been carried out to the
required standard of quality.
You could be asked to suggest quality control procedures that a firm
should implement in specific circumstances; to review a firm's procedure
and assess their adequacy; or to assess procedures planned or performed,
and evidence obtained, for a specific engagement.
 Introduction
 There is no simple definition of audit quality because there is no one 'correct' way to audit.
It is often a matter of conducting an audit in line with the spirit as well as the letter of
professional guidance.
 Although each stakeholder in the audit will give a different meaning to audit quality, at its
heart it is about delivering an appropriate professional opinion supported by the
necessary evidence and judgements.
 In order to assess the quality of the audit you should consider factors such as:
 Is there any evidence that ISAs have not been complied with?
 Has the work been allocated to the appropriate level of staff?
 Has the audit been time pressured and potentially rushed resulting in insufficient work
being performed?
 Has the appropriate type of evidence been obtained?
 What actually the firm is trying to achieve?
 In other words, quality control ensures that an assurance engagement is completed to
an appropriate standard, and that the risk to the firm is reduced to an acceptable level.
 In order to achieve this, quality control procedures are based on a number of key
principles, including:
 Strong and ethical leadership, and ethical behaviour by all of a firm's employees.
 Only 'suitable' clients and engagements are accepted and retained.
 A firm and its employees have the necessary knowledge, technical competence, and
experience.
 A firm and its employees follow proper working practices.
 Effective communication, including briefing team members before, and supervising team
members during each engagement.
 Professional scepticism and professional judgement.
 Continuous improvement through adequate monitoring.
 Quality control standards
There are two standards that set out the responsibilities of auditors
regarding quality control:
 ISQC 1 Quality Control for Firms that Perform Audits and Reviews of
Financial Statements, and Other Assurance and Related Services
Engagements.
 ISA 220 Quality Control for an Audit of Financial Statements.
 ISQC 1
The objective of the firm is to establish and maintain a system of quality
control to provide it with reasonable assurance that:
a) The firm and its personnel comply with professional standards and
applicable legal and regulatory requirements; and
b) Reports issued by the firm or engagement partners are appropriate in the
circumstances.
 Six building blocks
ISQC1 identifies six building blocks of a firm’s system of quality control.
In this chapter we will focus on the remaining four ‘building blocks’.
 Leadership
 Firms must establish policies and procedures to promote an internal culture that recognises
the importance of quality in performing engagements. This requires the firm's management
team (i.e. managing partners) to assume ultimate responsibility for the system of quality
control.
 In accordance with ISQC 1 this requires:
 Establishing policies and procedures to address performance evaluation, compensation
an promotion to demonstrate commitment to quality.
 Assignment of management responsibility so that commercial consideration does not
override quality.
 Provision of resources sufficient for the development, documentation and support of
quality control procedures.
 Assignment of operational responsibility to those with sufficient and appropriate
experience, ability and authority to implement those quality control procedures.
Leadership (Communicating the message)
 The promotion of quality depends on clear, consistent and frequent actions and
messages from all levels of the firm's management that emphasise the firm's
quality control policies and procedures. This can be achieved via:
 training seminars
 meetings
 formal or informal dialogue
 mission statements
 newsletters
 briefing memoranda
 training materials
 partner and staff appraisals.
 Human resources
The firm's overriding desire for quality will necessitate policies and
procedures on ensuring excellence in its staff, to provide the firm with
'reasonable assurance that it has sufficient personnel with the
capabilities, competence, and commitment to ethical principles
necessary to perform its engagements in accordance with professional
standards and regulatory and legal requirements, and to enable the firm
or engagement partners to issue reports that are appropriate in the
circumstances'.
 Human resources
The standard stresses that if a firm wants quality flowing through all
levels of staff it must go through the steps outlined below.
 Human resource management
 Recruiting the right people:
 What vacancies/weaknesses exist within the firm?
 What entry level skills should new recruits possess?
 Development of personnel:
 Identification of training needs for career enhancement/development.
 Appraisal and performance evaluation.
 Development of capabilities and competences through education, training and
professional development.
 Reward systems:
 Appraisal and performance evaluation.
 Career development opportunities/promotion.
 Appropriate remuneration/compensation.
 Assignment of engagement teams
 The assignment of engagement teams is an important matter in ensuring the quality of an individual
assignment.
 This responsibility is given to the audit engagement partner. The firm should have policies and
procedures in place to ensure that:
 Key members of client staff and those charged with governance are aware of the identity of the
audit engagement partner
 The engagement partner has appropriate capabilities, competence, authority and time to perform
the role
 The engagement partner is aware of their responsibilities as engagement partner
 The engagement partner should ensure that they assign staff with sufficient capabilities, competence
and time to individual assignments so that they will be able to issue an appropriate report.
 People
The engagement partner should then ensure the right people are allocated
to the engagement team, including considering:
 Do they have the necessary levels of training for this engagement?
 Do they have sufficient knowledge of the client?
 Do they have sufficient experience of this type of engagement?
 Do they have sufficient technical knowledge?
 Have they been briefed?
 Engagement performance
Engagement performance
ISQC1 requires firms to establish policies and procedures designed to
provide it with reasonable assurance that engagements are performed in
accordance with professional standards and applicable legal frameworks,
and that the reports issued are appropriate in the circumstances.
ISQC 1 identifies three areas of policy and procedure relevant to the
performance of an engagement:
 Matters relevant to promoting consistency in the quality of engagements.
 Supervision responsibilities.
 Review responsibilities.
 Consistency in the quality of engagement
performance
 Firms promote consistency through their policies and procedures. This is often
accomplished through written manuals, software tools and standardised
documentation. Particular matters that can be addressed include:
 How engagement teams are briefed to obtain an understanding of the engagement
and their objectives.
 Processes for complying with engagement standards.
 Processes of engagement supervision, training and coaching.
 Methods of reviewing work, judgements and reports issued.
 Documentation of work performed and the timing and extent of reviews.
 Processes to keep policies and procedures current and relevant.
 Supervision responsibilities
 Supervision responsibilities include:
 Tracking the progress of the engagement.
 Considering the competence and capabilities of the team members.
 Addressing significant matters that arise during the engagement.
 Identifying matters for consultation.

 The delegation problem

 The hardest thing about supervision is knowing how tight or loose control
should be.
 Supervise too closely and you risk demotivating staff or even causing disruption.
 Supervise too loosely and things could go badly wrong before you are aware of it.
 Review responsibilities
 Work of less experienced team members should be reviewed by more experienced team members to
identify whether:
 The work has been properly performed.
 Appropriate conclusions have been reached.
 The work has been properly documented.
 The evidence is sufficient and appropriate to achieve the objectives of the engagement.
 All reviews should be timetabled in advance to enable timely completion. This includes identifying
the need to perform second partner or 'hot' reviews.
 A peer review is a review of an audit file carried out by another partner in the assurance firm.
 A hot review (also known as a pre-issuance review) is a peer review carried out before the audit
report is signed.
 A cold review (also known as a post-issuance review) is a peer review carried out after the audit
report is signed.
 Good quality review
The role of review is to consider whether:
 Work has been performed in accordance with identified standards.
 Significant matters have been raised for further consideration.
 Appropriate consultations have taken place and been documented.
 There is a need to revise the nature, timing and extent of procedures.
 The work performed supports the conclusions reached and is appropriately
documented.
 The evidence obtained is sufficient and appropriate to support the report.
 The objectives of the engagement procedures have been achieved.
Monitoring
 Monitoring
 Quality control policies alone do not ensure good quality work. They must be
implemented effectively. Therefore firms need systems to evaluate:
 • Adherence to professional standards and regulatory/legal requirements.
 • Whether quality controls have been implemented on a day to day basis.
 • Whether the firm’s quality control policies and procedures are effective so that
reports issued by the firm are appropriate in the circumstances.
 Firms should establish policies and procedures for performing engagement
quality (“hot”) reviews for all listed clients and for other risky, public interest
engagements, as appropriate.
 In addition, firms should carry out ("cold") reviews to ensure that quality control
procedures are adequate and relevant, are operating effectively and are complied
with.
 Monitoring
Hot review Cold review
Purpose... To enhance the quality of assurance work. Monitoring, i.e. to assess whether policies
and procedures were put into place
during an engagement and to identify
any deficiencies therein.
When... Before the firm's report is issued/finalised. After an engagement has been
completed.
Which files... Listed clients; public interest engagements; or A selection of completed engagements.
engagements where there are particular risks.
Each partner should have some of their
engagements reviewed.
 Monitoring
Hot review Cold review
Who by... An independent partner (or senior manager). A dedicated compliance or quality
department/team; a qualified
external consultant; or an
independent partner.
What considered... Processes underpinning judgements made. Wholesale review of all working
papers on an audit file.
Specifically... Processes underpinning judgements about: To ensure that all working
 Significant risks and responses to them papers are:
 Matters requiring consultation  On file
 Materiality  Complete
 Independence  Signed as completed
 Conclusions  Evidenced as reviewed
 Corrected and uncorrected mistatements  The work undertaken is sufficient
 The audit opinion and has been documented
 Matters to be communicated to management and appropriately.
those charged with governance.
 Monitoring
Hot review Cold review
Outcomes... A reduction in audit risk, i.e. the risk that the An annual report of the results will be
auditor expresses an inappropriate audit provided to the partners in a firm
opinion when the financial statements are flagging systemic deficiencies that
materially misstated. require corrective action.
Recommendations will be made
including (as appropriate):
 Additional quality control reviews
 Training
 Communication of findings
 Changes to the firm's policies and
procedures
 Disciplinary action.
 Documentation
In addition to the main elements of quality control identified in the
previous sections, ISA 220 also requires auditors to document certain
matters:
 Issues with respect to ethical requirements and how they were resolved.
 Conclusions on compliance with independence requirements.
 Conclusions reached regarding the acceptance and continuance of
engagements.
 The nature, scope and conclusions resulting from consultations undertaken
during the course of the audit.
 Documentation
During completion of the audit the engagement quality reviewer has to
document:
 The procedures required by the firm's engagement quality review
procedures.
 That the engagement quality review has been completed (on or before the
date of the auditor's report).
 That the reviewer is not aware of any unresolved matters that would cause
the reviewer to believe that the significant judgements of the team were not
appropriate.
Applying ISQC 1 proportionately with the size
and nature of a firm
The International Auditing and Assurance Standards Board has issued
guidance for small firms in applying ISQC 1 in the form of a 'Questions &
Answers' document. Small firms do have to apply ISQC 1 in full, but this
should not result in 'standards overload' because ISQC 1 is drafted in such
a way that it can be applied proportionately.
Only comply with relevant requirements
Importantly, firms only have to comply with requirements that are
relevant to them and to the services they are providing.
ISQC 1.14
The firm shall comply with each requirement of this ISQC unless, in the
circumstances of the firm, the requirement is not relevant to th
services provided in respect of audits and reviews of financial statements,
and other assurance and related services engagements.
So a small practitioner who does not provide audit services would clearly
not be required to follow ISQC 1's requirements in relation to audit
services.
Structure and formality is proportionate
 Smaller firms may use less structured means and simpler processes to comply
with ISQC 1.
 Communications may be more informal than in a larger firm.
 Smaller firms still need to read ISQC 1, but they may legitimately use their
judgement in tailoring it to their circumstances. For example, it would not be
necessary for a sole practitioner to establish an explicit process for assigning
personnel to engagement teams (because the 'process' in this case would be the
nonsensical statement that there is no process because there are no teams).
 Using external resources
In order to comply with ISQC 1's requirements, it may be necessary to
make use of the services of another organisation, such as another firm or a
professional or regulatory body. This may be particularly helpful where
ISQC 1 requires an engagement quality control review, or where there
is a need for monitoring processes which could be carried out by an
external person or firm.
 Documentation
ISQC 1 does require all firms to document the operation of its system of
quality control. However, the form and content of this documentation is a
matter of judgement and would depend on the size of the firm and
complexity of its organisation. Smaller firms would therefore have less to
document, and could make use of less formal methods of documentation
such as manual notes and checklists.
 A framework for audit quality
The objectives of the Framework of Audit Quality include:
 Raising awareness of the key elements of audit quality.
 Encouraging key stakeholders to explore ways to improve audit quality.
 Facilitating greater dialogue between key stakeholders on the topic.
 A framework for audit quality
 The IAASB believes that such a Framework is in the public interest as it will:
 Encourage firms and professional accountancy organisations to reflect on how to
improve audit quality and better communicate information about audit quality.
 Raise the level of awareness and understanding among stakeholders of the elements
of audit quality.
 Enable stakeholders to recognise factors which require priority to enhance audit
quality.
 Assist standard setting, both nationally and internationally.
 Facilitate dialogue between the IAASB and key stakeholders.
 Stimulate academic research.
 Assist auditing students to understand the fundamentals of the profession.
 A framework for audit quality
A quality audit is likely to have been achieved by an engagement team that
has:
 Exhibited appropriate values, ethics and attitudes.
 Was sufficiently knowledgeable, skilled and experienced and had sufficient
time allocated.
 Applied a rigorous audit process and audit quality control procedures
compliant with law, regulation and applicable standards.
 Provided useful and timely reports.
 Interacted appropriately with relevant stakeholders.
 Elements of the framework
The Framework contains the following elements:
(1) Inputs
 The values, ethics and attitudes of auditors.
2) Process
 The rigor of the audit process and quality control procedures that impact
audit quality. The firm's audit methodology should evolve with changes in
professional standards. Whilst methodologies enable an efficient and
effective audit to take place, there is a risk that insufficient emphasis will be
given to tailoring the audit procedures to the specific circumstances of the
client. Therefore a firm's methodologies should be flexible and adapted to
each client to ensure a quality audit is performed.
 Elements of the framework
 (3) Outputs
 The reports and information that are formally prepared and presented by one party
to another. The outputs from the audit are often determined by the context,
including legislative requirements.
 (4) Key interactions within the financial reporting supply chain
 The formal and informal communications between stakeholders groups. Audit
quality will be affected by the frequency of communication and the nature of the
information communicated. Expectations can be managed through effective
communication.
 (5) Contextual factors
 These are environmental factors such as laws and regulations and corporate
governance which have the potential to impact the nature and quality of financial
reporting and therefore audit quality