Quality management of audit work:

ISQM 1 & 2
NOVEMBER 2022
Introduction

• Benefits of ISQM 1 & 2

Raising audit
quality

Risk Audit
management efficiency
Key changes from ISQC1 to ISQM
The new framework:
• Increases firm leadership responsibilities and accountability, and improves firm governance
• A risk-based approach focused on achieving quality objectives
• Modernizes standards to address technology, networks, and the use of external service
providers
• Increases focus on the continual flow of information and appropriate communication internally
and externally
• Proactive monitoring of quality management systems and timely and effective remediation of
deficiencies
• Enhances engagement partner’s responsibility for audit engagement leadership and audit
quality
• Clarifies and strengthens requirements for a more robust engagement quality review
ISQM 1
ISQM 2 – Engagement Quality Reviews
8 elements of ISQM 1 and 2

• The elements additional to

ISQC1 are:
- Firm’s risk assessment
process
- Information and
communication
Additional requirements

Other requirements comprise:

• the roles and responsibilities
for the system,
• leadership’s overall evaluation
of the system,
• network requirements or
network services, and
• documentation.
Scalability
Firm’s risk assessment process (1)
Firm’s risk assessment process (2)
Governance and Leadership
• Leadership is essential to promote a
culture of quality
• Management of the firm is responsible
for quality
• Sufficient resources are required
• Good communication of audit quality
requirements and training/appraisals
are important
• Commercial factors are secondary to
quality
Governance and Leadership

MULTI PARTNER FIRM SOLE PRACTITIONER

SENIOR PARTNER HAS SOLE PRACTITIONER

RESPONSIBILITY TAKES RESPONSIBILITY

PARTNERS TOGETHER
DECIDE AUDIT STRATEGY

AUDIT QUALITY IS
INCLUDED IN PARTNER
APPRAISALS/IMPACT ON
PROFIT SHARE
Leadership - staff management

Management of staff Appraisal of staff

• Include audit technical ability • Focus on audit quality when
• Reward good audit work reviewing work
• Financial performance must not be • Audit does not suffer if hours are
at the expense of quality over budget
• Realistic budgets: take on additional
resources/more experienced staff
where necessary
Problem areas - leadership
⮚ If a firm’s strategy is focused on
cutting audit cost and producing
more income from non-audit
services
⮚ If inexperienced partners are
responsible for audit quality and
ethics
Relevant ethical requirements
✔ Independence
✔ Firms should always act ethically in accordance with professional and other standards
✔ IFAC Code
✔ Integrity
✔ Objectivity
✔ Professional competence and due care
✔ Confidentiality
✔ Professional behaviour
✔ Annual written confirmation of independence from all partners/staff
Ethical requirements - what do you do on
ethics/independence?
Multi partner firm Sole practitioner
✔ Training for staff ✔ Training for staff

✔ Monitor long association ✔ Monitor long association

✔ Annual declarations ✔ Annual declarations

✔ Formal procedure for partners and staff to ✔ Informal procedure for changes (for
inform the firm of changes example shareholdings, relationships)

✔ May have a partner responsible for ethics

consultation and training
Ethical requirements
- discussion
• How do you train your staff on the
IFAC Code?
• How do you monitor compliance?
• Do you have any current
difficulties with compliance?
• What changes do you think you
will need to make to your
procedures?
Problem areas - ethics

• Insufficient attention to ethical

requirements

• Lack of procedures over

independence declarations
Acceptance and continuance of audit
engagements
• Clear policies and procedures
required
• Does the firm have the competence
and resources to perform work?
• Can the firm comply with ethical
requirements?
• Does the client have integrity?
• What about information becoming
available after acceptance?
Acceptance and continuance - timing and
responsibility
All sizes of firm:
⮚ Need to identify and assess risks
prior to commencement
⮚ Reconsider acceptance before
signing the audit report
⮚ Partner responsible for approval
of acceptance and continuance
Problem areas: acceptance & continuance

• Lack of audit acceptance procedures

• Overlooking potential threats:
- Fee dependency
- Long association
- Non-audit services
Resources
Human Resources - the people

Need to have capable and competent

partners and staff:
✔ Recruitment
✔ Training
✔ Staff appraisal
✔ Career development and promotion
✔ Salary and benefits
✔ Using the right people on each audit
Human Resources - differences between
sole practitioners and multi partner firms
Multi partner firm Sole practitioner
• Regular compulsory audit updates • Training plans for staff - internal and
external sources
• Technical support / helpline
• Access to technical support/specialist
• Industry specialists industry knowledge
• Defined career progression • Annual appraisals
• Annual objectives for staff

• Bonus structure includes audit

quality measures
Problem areas - Human Resources

• Lack of staff training

• No career progression
• Poor assignment of audit work
Engagement performance

• Standard and consistency of quality is vital

• Quality of audit work programme is the basis
• Importance of engagement control, supervision and review
• Requirement to consult on difficult/contentious matters and record this and the
resolution of differences of opinion
• Need for separate Engagement Quality Review (EQR) (independent partner ‘hot’
review) before an audit report issued
 Engagement performance
Larger multi partner firm Small firm
• Audit programmes with versions for • Standard Simplified Company Audit
specialist audits system
• Technical partner for consultation • Extra audit guidance for staff on
specialist audits
• Access to external support for
consultation
ISQM 2 - Outcome
ISQM 2 - Scope of EQR
ISQM 2 – EQ Reviewers
ISQM 2 – EQ Reviews
ISQM 2 – EQ Reviews

• EQR should consider

⮚ Independence of the firm
⮚ Planning and evaluation of risks
⮚ Whether working papers evidence work and support conclusions
⮚ Judgements on significant/material matters
⮚ Treatment of misstatements
⮚ Truth and fairness of financial statements
⮚ Reporting to management
⮚ Sole practitioners
ISQM 2 – EQR documentation
Engagement
performance -
discussion
• What audit programmes do
you use?
• How do you keep the
programmes up to date?
• What are your consultation
procedures?
Problem areas – engagement performance

Inadequate audit programmes or poor use of programmes

No consultation and use of technical experts

Inadequate review (including EQR) especially in areas of

judgement
Proactive Monitoring
Proactive Monitoring
Other aspects of monitoring
Monitoring (1 of 2)
• Annual monitoring quality control
systems
• Considering application of procedures
throughout the firm, for example:
- Client acceptance and continuance
- Independence declarations
- Training
- Complaints procedures
• ‘Cold’ file reviews
Monitoring (2 of 2)
• Results of reviews to be reported
and action plans drawn up

• Standard review programmes are

desirable

• Firm’s management to take

responsibility for the review process

• Reviews may be done internally or

externally
Monitoring -
discussion
• Do you do any annual
monitoring?
• Who should review
completed engagements,
and how many reviews will
you need to do?
• How will you manage the
review (staff, timing, action
plans and feedback)?
Problem areas - monitoring
• Lack of monitoring reviews
• No review of ISQM 1 procedures
• Lack of feedback and no follow up
of issues
Information and Communication (new in
ISQM 1)
Documentation (1 of 2)

• The quality management system should be documented

• The ISQM-compliant policies and procedures should be clearly set out
• For a sole practitioner, a brief document may be enough if
cross-referenced to other documents
Documentation (2 of 2)
• Audits should be fully documented
• See PSA 230 paragraph 8 - Audit Documentation
- An experienced auditor with no connection to the engagement should understand the nature,
timing, extent and results of audit procedures
- Audit evidence

- Significant matters and conclusions thereon

• Audit files should be retained for as long as is required by law

Documentation case study

Multi partner firm Sole practitioner

• Completed audit files stored at • Completed audit files stored in
[name], an offsite warehouse locked office cupboards
• Stored for [x] years after the date of • Stored indefinitely
the audit report and then securely
• When the firm runs out of storage
destroyed
capacity, files that are at least [x]
years old will be removed and
destroyed
Problem areas - documentation

• Audit work not recorded

• Poor control over audit file
archiving
Wrap up – ISQM 1 & 2
Questions?