quality management Flashcards
new team
no kick off meeting
partner 9 yrs same client
significant govt contract
revenue high risk
revenue procedures performed by associate
partner reviewed on last day
no significant review points
no further reviews
no kick off meeting + new team, they will not be aware of issues and risks, tests performed may not have been accurate
associate may not be experienced enough to do a high risk area - misstatements may be overlooked
only 1 day is not enough, lack of professional competence and due care-
no further review:
9 yrs partner - familarity threat - safeguard lacking - independent partner review
cold review must be done to improve audit quality
what are ISQM 1 and 2
quality standards issued by IAASB to support firms to achieve the aim of effective audits that maintain public trust
key principles of quality standards ISQMs
-public interest (addressing past audit failures)
-professional skepticism is emphasized (critical evaluation of client judgement and estimates)
-competent and supported auditors so they can perform effectively without fear of repercussions
-proactive rather than tick box approach (scalable)
-adaptable to technological and business advancements for continuous improvement.
-enhanced monitoring and communication with stakeholders like reg bodies and govt
ISQM 1 name and what it says
it tells firms to establish a tailored SOQM
principles driven
scalable so firms can address their unique circumstancesand risks effectively
purpose of quality management
-reliability and accuracy of audit info
-compliance with standards
-stakeholder trust
-risk management, helps reduce errors
-continuous improvement for firms
SOQM full form
System of quality management
Elements of a SOQM
1- risk assessment process
2- governance and leadership
3- relevant ethical requirements
4- acceptance and continuance of client relationships
5- engagement performance
6- resources
7- information and communication
8- monitoring and remediation
risk assessment process
firm must establish a risk assessment process - considering the firm size, client types, technology, network, external service providers, etc.
-ongoing monitoring process
-this ensures the right engagement and audit report decisions (cuz competent ppl, audit partner more empowered to iissue modified report)
governance and leadership
-establish a firmwide culture of commitment to quality and ethics
-managing partner shud be resp for SOQM
-tone at the top
-recognition of responsibility of serving public interest
-this ensures leadership accountability for SoQM and prioritizing quality over client retention and profit
-audit partners can challenge client judgements without fear of losing revenue
relevant ethical requirements for
firms should make policies to ensure compliance with ethical standards
tailor to firm size and client portfolio
train staff plus ensure component auditors are also compliant
go beyond minimum requirements to mitigate ethical risks effectively.
there may be legal requirements other than the code
acceptance and continuance of client relationships
-do we have necessary technical competence
-sufficient resources?
-any ethical or independence issues
-new client risks, money laundering, PEPs,etc
-client integrity and ethical values
-reference for entity’s directors?
-clearance from outgoing auditors
-terms of engagements agreed?
engagement performance
-quality audit
-supervise newbies
-involve partner sufficiently and apptly
-skepticism
-disagreements in team and points raised by eqcr must be addressed
resources
ensure appt resources are available
employees with required competence, training, experience
-independent experts consideration
information and communicatin
ensure effective communication of policies and audit information within the firm and externally with stakeholders like TCWG and regulators, integral to SoQM operation.
monitoring and remediation
-establish process to ensure SOQM effectiveness, ensure deficiencies r identifeid timely
what is ISQM 2
engagement quality reviews
-eqr is integral to audit process of many audits
-always specify which engagement
-avoid hot review /partner review etc. say EQR.
ISQM aims to ensure right person is appointed for review. it also clarifies the responsibilities
who requires EQRs?
ISQM requires:
-listed companies
-if required by law
or if firm thinks there is a quality risk
for eg:
-high level of complexity or judgement eg. banks, oil exploration
-audits where significant issues have been encountered eg. last yr’s FS are found to be materially misstated
-unusual circumstances like disagreement with last year’s auditor
-high degree of judgement for regulatory finding
-new client, no prior experience
-use of EQCR to mitigate ethical threats
who should be appointed as a Engagement quality reviewer
-not a member of audit team so they r objective
-2 yr cooling off period if reviewer was audit partner before
-reviewer must be competent
-understand the policies of firm of EQR
-experience of performing and documenting EQR
-appropriate authority to challenge audit partner - culture of respect- no pressure from audit partner
-may be internal or external from firm
-ethical requirements must be fulfilled, no intimidation from client or partner
responsibilities of the engagement control reviewer
-perform procedures at diff times during engagement so reviewer is present in planning stage as well
-review and understand significant judgements. assess documents to see if the assumptions are appropriate, confirm that team has used professional skepticism
also evaluate:
-engagement partner’s independence requirement has been fulfilled
-has appropriate consultation take place
-is partner sufficiently involved
also a stand back requirement
- requires the reviewer to step back and ensure all EQR requirements are met and the review is finished. The audit report can only be dated after confirming the review process is complete.
documentation of EQR
-reviewer is responsible to document EQR
-It must be sufficient to allow an experienced practitioner to understand the EQR procedures
-firms may have their own EQR policies
importance of EQR
-firm level responsibility
-improve audit quality
-assess skepticism
-assess whether audit evidence confirms conclusions
difference between ISQM and ISA220
-ISA has limited scope, ISQM is firm wide
-engagement team and partner r responsible to follow ISA
ISA 220 says audit team is responsible for:
-implementing firm’s policies in response to quality risks
-determine whether additional policies should be applied
-communicate to firm any info that is required by firm policies eg. timesheets, independence confirmation
what does ISA220 say about engagement resources?
-Partner is responsible for ensuring sufficient and appropriate resources are available to the engagement team in a timely manner and in line with the firms policies and procedures.
-This includes changes to resources required as circumstances change during the audit.
-The partner is also responsible for ensuring the engagement team and any external expert and internal auditors providing direct assistance to the team have appropriate COMPETENCE to perform their assigned roles.
Situation: audit supervisor was off work for health reasons and the audit engagement manager was too busy to help out the team performing the audit fieldwork. As a result, the audit juniors have been left to perform all the audit procedures on their own including the impairment of properties which were identified as high-risk during planning.
-high level of judgement required when assessing management estimates
-subjective
-junior may not have technical knowledge
-too scared to challenge management
-junior wont be able to consult on difficulties
-lack of supervision means problems may not be identified in a timely manner
-risk that insufficient or inappropriate evidence is obtained
what guidance does ISA 220 give us on engagement performance?
Responsibilities of the Audit Engagement Partner:
- Direct and supervise the engagement team’s work.
- Ensure the audit is planned and performed according to:
- Firm’s policies and procedures,
- Professional standards,
- Applicable legal and regulatory requirements.
- Adjust resources as needed based on changing circumstances.
Review Responsibilities:
- Review audit documentation on:
- Significant matters and judgments,
- Contentious issues,
- Conclusions reached by the team.
- Conduct reviews at appropriate stages of the audit.
Materiality Determination:
- Review determination of materiality during the planning stage.
- Reassess materiality if circumstances change during the audit.
- Evidence Collection:
- Ensure sufficient appropriate evidence is obtained before issuing the audit report.
- Consultation Requirement:
- Facilitate consultation on difficult and contentious matters:
- Within the audit team,
- Within the firm (with experts and specialists),
- External to the firm as necessary.
- Facilitate consultation on difficult and contentious matters:
- Engagement Quality Review (EQR):
- Ensure appointment of an EQR where necessary.
- Ensure cooperation of the engagement team with the EQR.
- Discuss all significant matters and judgments with the EQR.
- Do not date the audit report until EQR is complete and any differences of opinion are resolved.
Materiality was determined at planning stage and used throughout the audit, no evidence that the threshold has been reviewed throughout the audit.
-this is not appropriate
-auditor must determine materiality as a whole at planning stage, then revise it as the audit progresses, as new facts and info become available which impact materiality.
it is possible that revising initially determined materiality may not be necessary but a review should have taken place and documented in audit working papers.
The machine has not been physically verified by audit TEAM, plus its on premises of a third party,
the invoice of the machine bought was obtained to confirm existence
cost of the audit is material, carrying amount is slightly less than materiality threshold
not enough SAE. as the cost is material, there is a risk of material misstatement. even if CV is less than materiality threshold (probably due to depcn) SAE must be obtained.
physical verification must have been done
to confirm existence, and operating effectiveness. also imp to know that there has been no damage or hints of impairment.
machine on premises of third party, and a written confirmation has been obtained from third party that machine is at their premise and in working order
relying on third party evidence is not appropriate
evidence obtained by the audit team directly is more reliable than evidence obtained indirectly.
confirmations can be used to provide evidence but it is to CORROBORATE the evidence already gathered by auditor. not to be relied on as the only source of evidence
also understand the relation between the third party. are they related parties? this would impact whether or not the external confirmation can be relied upon as a source of evidence
inventory is material
at inventory count, test counts performed by audit team states that the count of some items perfomed by the company’s staff are incorrect
working paper states: inventory count was not well organised, however discrepancies are immaterial so no further work is required
-discrepancies should be discussed with management as they could indicate more widespread problems of the inventory count, like some items left and instructions not followed.
-ISA says that the auditor present at the inventory count should evaluate management instructions and procedures for inventory count.
-auditor present at inventory count should have raised concern over there, and assessed if a recount of inventory was required.
-training must be provided so the audit team knows their role at inventory count and can deal with issues appropriately.
-further audit work: extrapolate test count results on entire population. then evaluate result as per ISA, which requires that misstatements must be accumulated by auditor and discussed with management
-also a control deficiency, raise with TCWG.
audit partner and manager reviewed WP on same day and on the completion date of audit fieldwork
-review should be hierarchial, manager shud have reviewed before partner
-review shud have happened on regular, timely basis to identify any issues and resolution timely
audit partner asked senior if any issues, he said no issues, partner took quick look at wp and signed off
-proper review not done
-not all evidence needs to be reviwed but quick look means thorough review has not taken place. risky and judgemental areas must be reviewed in sufficient detail.
ISA says partner must review thoroughly and be satisfied that SAE has been obtained in order to reach conclusion and sign audit report
partner advised client to use services of brother (management consultant) found in meeting minutes
asked team to not record in WPs and not discuss with anyone
potential threat to objectivity
self interest threat as brother recieves income from client
significant risk because of his position of influence. might even be getting commission
partner of ethics in firm should be informed, and they should evaluate the threat
confirm amount paid, whether its market rate,and whether any other service providers considered.
comments of not discusisng shows lack of integrity, indicating P has something to hide. increases objectivity threat
partner may need to be removed and his work reviewed.
terms of audit engagements
accept an audit only if:
-preconditions are present
-common understanding between auditor , management and TCWG is present regarding the terms of the audit
if not present (not acceptable FR frameowrk, not accepting responsibilities, limiation of scope of audit by TCWG) then dont accept audit
preconditions of an audit
management understands and accepts responsibiltiy for:
-preparing and presenting FS in accordance with applicable FR framework
-management is responsible to implement internal control system for the FS to give true and fair view
- and for providing auditor with access to all relevant info and explanations
terms of audit in recurring audit
auditor must assess if circumstances have changed so that engagement terms need to be changed.
also assess if entity needs to be reminded of existing terms
no need to send new EL for each letter unless evidence of misunderstanding by client
who can use ACCA with their name
-acca members (associates or fellows) may use ACCA or FCCA after their names
-a firm may call itself a firm of CHARTERED CERITFIED ACCOUNTANS where:
-at least half the partners are ACCA members
-those partners hold atleast 51% of voting rights under the partnership agreement
such a firm can use acca logo on stationary and website
a firm which has firms audit certificate from ACCA can call itself “registered auditors”
firm with all partners who are chartered ceritifed accountants can use “member of ACCA”
a firm can not use member of acca in its registered practice name.
