Chapter 3 Quality control Flashcards
1.1 The need for quality control
ISQC sets out the requirements for quality control on any assurance engagement. ISA 220 applies specifically to external audits. Quality control procedures ensure that assurance work is carried out to an acceptable standard. This has benefits for the client and the firm:
- The client should receive an acceptable level of service
- The firm should reduce audit risk to ana acceptable level and therefore reduce the risk of negligence claims, reduce the risk of disciplinary action, and maintain a strong reputation
1.2 Quality control at the professional level
Audit quality is monitored by the FRC’s audit quality review committee and the ICAEW’s practice assurance scheme. The FRC promotes audit quality by:
- Issuing ISAs, ethical standards, and occasional briefing papers on matters like professional scepticism
- Monitoring compliance through reviews of audit firms and making their findings public
- Overseeing the regulatory activities of the professional accounting bodies
- Investigating misconduct and taking action against firms
2.1 Components of a system of quality control
ISQC 1 and IAS 220 set out the following elements of a firm’s system of quality control. The six pillars are:
- Leadership responsibilities for quality within the firm
- Ethical requirements
- Acceptance and continuance considerations
- Human resources
- Engagement performance
- Monitoring
In additional the standards set requirements for documentation.
2.2 Leadership
The engagement partner should take responsibility for quality on each audit. Commercial considerations should not override the quality of work performed.
2.3 Acceptance and continuance considerations
Auditor should consider management integrity, competence time and resources, compliance with ethical standards and significant matters that have arisen during the current or previous audit engagement when considering accepting or continuing an audit engagement.
2.5 Human resources
The engagement partner should ensure appropriate members of staff are allocated to the engagement team (relevant knowledge and experience). ISQC 1 sets the necessary policies and procedures to ensure a firm employs and retains staff with the capabilities, competence, and commitment to ethical principles necessary to perform engagements. This covers recruitment, performance evaluation, career development and promotion and compensation.
2.6 Engagement performance
The audit partner should ensure adequate direction, supervision, and review of the engagement team.
- Direction of the team, informing them of their responsibilities, nature of the business, audit risks and audit approach
- Appropriate teamwork and training of less experienced members of the team
- Supervision of individual team members
- Addressing significant matters arising during the engagement
- Review the work of less experienced members of the team
2.7 Documentation
Adequate documentation of the audit process will allow the firm, or external bodies such as the FRC or ICAEW, to evaluate the quality of the work performed by the firm.
3.1 Review and monitoring
ISQC 1 and ISA 200 require the firm to monitor that quality control procedures are relevant, adequate, and operating effectively. Partners in the firm should receive a report at least annually, of the results of quality control monitoring activities.
3.2 Comparison of engagement quality control review and monitoring
- Sometimes called: for engagement quality control this is a hot review or pre-issuance review. Monitoring is a cold review or post issuance review
- Purpose: engagement quality controls purpose is the independent evaluation of independence, significant judgements made, and conclusions reached in forming the audit opinion. The aim is to prevent an inappropriate opinion being issued. Monitoring’s purpose is to ensure compliance with the firms procedures and ISAs, ethical standards, and other regulation. Also identify areas for improvement
- When: EQCR is before the opinion is issued. Monitoring is an on-going basis
- Which clients: EQCR is for listed and high risk clients. Monitoring is for a sample of audit files
3.3 UK Corporate governance code requirements
Requires audit committees of listed companies to review and monitor the external auditor’s independent and objectivity and the effectiveness. This is often carried out with questionnaires sent to members of the audit committee, directors, senior management, and internal audit. The external auditor is rated on factors such as communication, quality of reports, expertise, business understanding and value for money.
4.1 Consequences of poor quality control
ICAEW can issue fines, disciplinary actions, and withdrawal of the firm’s authorisation to carry out audits. Other consequences include being sued for negligence, loss of reputation clients and key staff, collapse of the assurance firm and prosecution for the criminal offence under Companies Act 2006 for knowingly or recklessly causing an auditor’s report on company accounts to include any matter that is misleading, false, or deceptive (penalty is a fine).
4.2 Limiting liability
Professional indemnity insurance: all firms must carry this; the insurance will pay out for settlements in negligence cases. The firm may still bear significant costs in legal fees, partner time and the less measurable impact on reputation.
Limited liability partnerships: since 2001 UK law has allowed firms to incorporate in a limited way. Individual partners do not face unlimited liability for claims against the firms.
Liability caps: Companies Act 2006 introduced a provision allowing auditors to agree a limit to their liability to companies on statutory audits. For an agreement to be valid it can only cover one financial year, must be approved by the company’s shareholders and must be fair and reasonable or a court could override the agreement. The auditor and client can agree how to set the liability cap. Based on the auditor’s proportionate share of the responsibility for any loss, using a monetary amount or agreed formal and by reference to the fair and reasonable test. The auditor cannot unilaterally impose a liability cap, the shareholders must approve it.
Mid-tier firms are concerned if they impose a liability cap, they will win less large company audit engagements.