Week 4 - Quality Management Flashcards
ISQM1 & ISQM2?
set out the requirements for quality management for assurance engagements
what is the need for quality management?
to ensure that audit work is completed to an acceptable standard
to ensure audit risk is reduced to an acceptable level
- this reduces the risk of negligence claims, disciplinary action and maintains a strong reputation
who monitors audit quality?
- the FRC’s audit quality team
- the ICAEW’s practice assurance scheme
how do the FRC promote audit quality?
- issuing ISAs, ethical standards and briefing papers on important matters
- monitoring compliance through
- investigate misconduct
quality standards require the firm to have what type of approach?
a risk-based approach to quality management
difference between ISQM1 & ISQM2?
ISQM1 = general guidance on quality management systems
ISQM2 = specific requirement for an independent partner to enforce quality management
quality objectives of an audit firm?
- to ensure the firm and its personnel fulfil their responsibilities
- to ensure engagement reports issued are appropriate
who is usually responsible for the SOQM?
the firm’s managing partner
what does the risk assessment process part of quality management consist of?
- establish quality objectives
- identify risks
- respond to risks
which objectives relate to the establishment of quality objectives?
- governance and leadership
- relevant ethical requirements
- acceptance & continuance
- engagement performance
- resources
- information & communication
‘identifying & responding to risks’ part of the risk assessment process?
considering the risks or threats to quality objectives
the firm will then respond to the risks within each area of the SOQM
examples of responses to risks to quality management?
- policies/procedures for ethical threats & reporting of ethical breaches
- documentation of compliance w/ ethical requirements
- policies/procedures for complaints
- policies/procedures to deal with complex situations
- policies/procedures for communication w/ clients regarding the SOQM
- policies/procedures for EQRs
what does the ‘governance & leadership’ part of quality management consist of?
- culture of the firm must serve public interest, emphasise the importance of ethics, emphasise quality being the responsibility of all staff and the importance of quality in strategic decisions
- leadership is responsible and accountable for quality
- leadership demonstrates commitment to quality through actions
- the organisational structure supports the SOQM
what does the ‘relevant ethical requirements’ part of quality management entail?
- the quality objective of the firm is to understand and fulfil their ethical responsibilities
- may include staff training and establishing policies/procedures
what does the ‘acceptance and continuance’ part of quality management entail?
- judge acceptance decisions on the client’s ethics and integrity
- judge acceptance on whether the firm has the ability to perform the engagement
what are the quality objectives for the ‘engagement performance’ part of quality management entail?
- engagement teams must understand their responsibilities
- direction & supervision of the team must be reviewed
- pro scepticism must be exercised
- consultation must be undertaken on contentious matters
- differences of opinion are resolved
- documentation is assembled on a timely basis
what 4 pillars does engagement performance consist of?
- direction
- supervision
- review
- EQR
what do the 4 pillars of engagement performance mean?
direction = staff must be directed
supervision = staff must be supervised
review = staff work must be reviewed
EQR = pre-issuance/hot review of engagement performance
examples of what a ‘review’ constitutes?
consideration of whether:
- the work has been performed in accordance with pro standards/law/firm policies
- appropriate consultations have taken place
- there’s a need to revise planned work
- the work performed supports the conclusions reached
- evidence obtained is sufficient and appropriate
- engagement objectives have been achieved
- EP should review critical areas of judgement
- extent & timing of partner’s reviews should be documented
who requires an EQR?
listed entities and other high risk clients
high risk clients include public interest entities and clients with unusual circumstances/risks
what does the work of an engagement quality reviewer include?
- understanding the nature/circumstances of the engagement
- discussing significant matters
what should be considered in an EQR of an audit?
- independence of the firm
- significant risks and responses to them
- advice provided by experts
- evaluate whether partner has been involved throughout the audit
eligibility criteria for an engagement quality reviewer?
- can’t be a member of the audit team
- must be competent
- must comply with ethical requirements
- must comply with laws/regs
can partners previously responsible for an engagement be an engagement quality reviewer?
after a 2 year cooling off period, yes
types of resources?
human, technological and intellectual resources
what does the ‘resources’ part of quality management entail?
quality management standards require a firm to have adequate resources to ensure quality is kept to a high standard
human resources?
technological resources?
intellectual resources?
HR = personnel must be capable
TR = tech aids audit efficiency
IR = info the firm uses to enable the SOQM
what are the quality objectives for the ‘info & communication’ part of quality management?
- info system identifies and maintains relevant info
- culture reinforces the importance of the exchange of information with the firm and one another
- relevant & reliable info is exchanged throughout the firm, audit teams and 3rd parties
risks to information and communication?
technical and human risks
what does the ‘monitoring and remediation’ part of quality management consist of?
- monitor
- evaluate deficiencies
- remediate
- annual review
cold review / post-issuance review purpose?
to assess whether the firm’s policies and procedures were implemented during an engagement
also to identify any deficiencies
when is a cold review conducted?
after the audit report has been issued
which files are cold reviews conducted on?
a selection of completed audit files
who conducts a cold review?
- a dedicated compliance/quality department
- an external consultant
- an independent partner
which matters are considered in a cold review?
- working paper must demonstrate that sufficient/appropriate evidence has been obtained
- all matters were resolved
- all working papers must be on file, completed and signed off
what is the outcome of a cold review?
- a report of the results are relayed to the firm flagging deficiencies that require corrective action
e.g., training, disciplinary action, changes to the firm’s policies/procedures
how often does a firm evaluate their SOQM?
at least annually
three types of conclusions when evaluating the SOQM?
- SOQM provides reasonable assurance that objectives are achieved
- SOQM provides reasonable assurance, except for on certain matters
- SOQM doesn’t provide reasonable assurance that objectives are achieved
what does the UK corporate governance code require companies to do?
the audit committees must review and monitor the external auditor’s:
- independence & objectivity
- effectiveness
who needs to follow the UK corporate governance code?
PLCs
which factors may an audit committee use to evaluate external auditors?
- communication
- quality of reports
- expertise
- value for money
ISA220?
sets out the requirements for quality management
objective is to
- ensure responsibilities have been fulfilled
- ensure an appropriate audit opinion has been issued
responsibilities of the audit partner?
- allocate sufficient resources
- direct/supervise the team & review their work
- check EQR undertaken
- address/resolve differing opinions
- check team consulted on difficult matters
