Quality Control (QC)
(1) SQC 1 “Quality Control for Firms that Perform Audits & Reviews of Historical Financial Information, and Other Assurance & Related Services Engagements”
Purpose of SQC
Firm should establish a system of QC to provide it with reasonable assurance that:
(a) firm and its personnel comply with professional standards and regulatory and legal requirements, and (b) reports issued by firm or EP(s) are appropriate.
Elements of a System of QC
Firm’s system of QC should include policies and procedures addressing each of the following elements:
(a) Leadership responsibilities for quality within the firm.
(b) Ethical requirements.
(c) Acceptance and continuance of client relationships and specific engagements.
(d) Human resources.
(e) Engagement performance.
(f) Monitoring.
QC policies & procedures should be documented & communicated to firm’s personnel.
Leadership Responsibilities
Firm should establish policies and procedures designed to promote an internal culture based on recognition that quality is essential in performing engagements. Such policies and procedures should require firm’s CEO or managing partners to assume ultimate responsibility for the firm’s system of QC.
Any person assigned operational responsibility for firm’s QC system by firm’s CEO or managing board of partners should have sufficient & appropriate experience; ability, and necessary authority, to assume that responsibility.
Considerations to be taken into account while upholding quality of firm
(i) Firm assigns its management responsibilities so that commercial considerations do not override quality of work performed.
(ii) Firm’s policies and procedures addressing performance evaluation, compensation and promotion (Including incentive systems) in relation to its personnel are designed to demonstrate its overriding commitment to quality.
(iii)Firm devotes sufficient resources for development & documentation of its QC policies and procedures.
(iv)Firm before accepting an engagement should acquire vital information about the client.
Such information help firm to decide about integrity of Client, promoters and KMP, competence (including capabilities, time & resources) to perform engagement and compliance with ethical requirements.
Ethical
requirements
Firm should establish policies and procedures designed to provide it with reasonable assurance that firm and its personnel comply with relevant ethical requirements.
Independence
Firm should establish policies and procedures designed to provide it with reasonable assurance that firm, its personnel and others maintain independence.
Such policies and procedures should enable the firm to:
(a) Communicate its independence requirements to its personnel & others.
(b) Identify & evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement.
There should exist a mechanism by which EPs promptly notify firm of circumstances & relationships that create a threat to independence. All breaches of independence should be promptly notified to firm for appropriate action.
At least annually, firm should obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel.
Chapter 1 Quality Control
Firm should establish criteria for determining need for safeguards to address the familiarity threat. In determining appropriate criteria, firm considers:
(a) nature of engagement, including extent to which it involves a matter of public interest and
(b) length of service of the senior personnel on the engagement.
Examples of safeguards: Rotating senior personnel or requiring an EQC review (EQCR).
Familiarity Threat is particularly relevant in context of audits of listed entities.
For these audits, EP should be rotated after a pre - defined period, normally not more than 7 years.
Acceptance and Continuance of Client Relationships & Specific Engagements
A firm before accepting an engagement should acquire vital information about client. Such information help firm to decide about:
(a) Integrity of Client, promoters and KMP.
(b) Competence (including capabilities, time and resources) to perform engagement.
(c) Compliance with ethical requirements.
Firm should obtain necessary information:
(a) before accepting an engagement with a new client,
(b) when deciding whether to continue an existing engagement, and
(c) when considering acceptance of a new engagement with an existing client. Where issues have been identified, & firm decides to accept or continue client relationship or a specific engagement, it should document how the issues were resolved.
Establish Policies w.r.t. withdrawal from engagement & communication requirements, if circumstances warrant. Policies & procedures address issues that include:
(a) Discussing with appropriate level of mngt. & TCWG regarding the appropriate action that firm might take based on the relevant facts and circumstances.
(b) If the firm determines that it is appropriate to withdraw, discussing with appropriate level of management and TCWG withdrawal from the engagement or from both engagement and client relationship, and reasons for withdrawal.
(c) Considering whether there is a professional, regulatory or legal requirement for the firm to remain in place, or to report the withdrawal to regulatory authorities.
(d) Documenting significant issues, consultations, conclusions & basis for conclusions.
Considerations as to integrity of clients
(1) Identity & business reputation of client’s principal owners, key management, related parties and TCWG.
(2) Nature of client’s operations, including its business practices.
(3) Information concerning attitude of client’s principal owners, key mngt. and TCWG towards matters such as aggressive interpretation of ASs & IC environment.
(4) Whether client is aggressively concerned with maintaining firm’s fees as low as possible.
(5) Indications of an inappropriate limitation in the scope of work.
(6) Indications that client might be involved in money laundering or criminal activities.
(7) Reasons for proposed appointment of firm and non-reappointment of previous firm.
Matters to be considered to determine whether firm has the capabilities, competence, time and resources to undertake an engagement
(1) Firm personnel have knowledge of relevant industries or subject matters;
(2) Firm personnel have experience with relevant regulatory or reporting requirements, or the ability to gain the necessary skills and knowledge effectively;
(3) The firm has sufficient personnel with the necessary capabilities and competence;
(4) Experts are available, if needed;
(5) Individuals meeting criteria & eligibility requirements to perform EQCR are available;
(6) Firm would be able to complete the engagement within the reporting deadline.
Human Resources
Firm should establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with capabilities, competence & commitment to ethical principles necessary to perform its engagements in accordance with professional standards and regulatory and legal requirements, and to enable firm or EPs to issue reports that are appropriate in the circumstances.
Firm should establish policies and procedures requiring that:
(a) Identity and role of EP are communicated to key members of mngt. and TCWG;
(b) EP has appropriate capabilities, competence, authority & time to perform the role;
(c) Responsibilities of EP are clearly defined and communicated to that partner.
Chapter 1 Quality Control
Engagement Performance
(A) Consultation:
• Consultation should take place in difficult matters pertaining to an engagement and includes discussion, with individuals having specialized expertise for resolution.
• Consultation procedures require consultation on significant technical, ethical & other matters; appropriate documentation and implementation of conclusions.
• A firm needing to consult externally, may take advantage of advisory services provided by other firms or professional & regulatory bodies.
• Complete and proper documentation should be maintained on issues involved and results of consultation.
(B) Engagement Quality Control Review (EQCR)
• Significant judgments made in an engagement should be reviewed by EQC reviewer.
• Extent of review depends on complexity of engagement and risk that report might not be appropriate. Review does not reduce responsibilities of EP.
• EQCR is mandatory for all audits of F.S. of listed entities.
Matters to be considered in an EQCR for audits of F.S. of listed entities
(1) ET evaluation of firm’s independence in relation to the specific engagement.
(2) Significant risks identified during the engagement and responses to those risks.
(3) Judgments made, particularly with respect to materiality & significant risks.
(4) Whether appropriate consultation taken place on matters involving differences of opinion or other difficult matters & conclusions from those consultations.
(5) Significance & disposition of corrected and uncorrected misstatements.
(6) Matters to be communicated to management and TCWG and regulatory bodies.
(7) Whether working papers selected for review reflect the work performed in relation to the significant judgments and support the conclusions reached.
(8) Appropriateness of the report to be issued.
Engagement Quality Control Reviewer (EQC Reviewer)
Should be a suitably qualified external person such as a partner or employee (who should be member of ICAI) or can be from another firm similar background.
Maintain objectivity of EQC reviewer. Therefore, participation in engagement or making decisions for ET is to be avoided at all costs.
Firm’s policies should provide for replacement of EQC reviewer where the ability to perform an objective review may be impaired.
(C) Differences of opinion
There might be difference of opinion within ET, with those consulted & between EP & EQC reviewer. Report should be issued after resolution of such differences. In case, recommendations of EQC reviewer are not accepted by EP and matter is not resolved to reviewer’s satisfaction, matter should be resolved by consulting with another practitioner or firm, or a professional or regulatory body.
(D) Engagement documentation
❖ Engagement files should be completed in not more than 60 days after date of auditor’s report.
❖ Establish policies & procedures designed to maintain confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation.
❖ Unless otherwise specified by law or regulation, engagement documentation is property of firm. Firm may, at its discretion, make portions of, or extracts from, engagement documentation available to clients, provided such disclosure does not undermine validity of work performed, or independence of firm or its personnel.
❖ Engagement documentation to be retained for a sufficient period. In specific case of audit engagements, retention period ordinarily is no shorter than 7 years from date of auditor’s report.
Policies and procedures on documentation of EQCR
Policies & procedures on documentation of EQCR should require documentation that:
(a) Procedures required by firm’s policies on EQCR have been performed.
(b) EQCR has been completed before the report is issued and
(c) Reviewer is not aware of any unresolved matters that would cause reviewer to believe that significant judgments the ET made and conclusions they reached were not appropriate.
Chapter 1 Quality Control
Monitoring
Firm should establish policies & procedures designed to provide it with reasonable assurance that policies & procedures w.r.t. QC system are relevant, adequate & operating effectively. Such policies and procedures should include an ongoing consideration & evaluation of firm’s system of QC, including a periodic inspection of a selection of completed engagements.
Factors to be considered in monitoring of QC of engagements
(i) Deciding whether QC system of firm has been appropriately designed & effectively implemented.
(ii) Examining whether new developments in professional standards, legal & regulatory requirements have been reflected in QC policies.
(iii) Conducting monitoring by entrusting responsibility of monitoring process to a partner or other persons with sufficient and appropriate experience & authority.
(iv) Dealing with complaints & allegations against firm or its employees, of non-compliance with professional standards or regulatory requirements.
(v) Taking remedial actions against personnel who did not conform to QC policies.
(vi) Taking action when deficiencies in design or operation of firm’s QC policies and procedures, or non-compliance with firm’s system of QC are identified.
(2) SA 220 “Quality Control for an Audit of F.S.”
Objectives of the auditor
To implement QC procedures at engagement level that provide the auditor with reasonable assurance that:
(a) Audit complies with professional standards and regulatory & legal requirements; &
(b) Auditor’s report issued is appropriate in the circumstances.
Note: SA-220 is premised on the basis that firm is subject to SQC 1. Within context of firm’s system of QC, ETs have a responsibility to implement QC procedures that are applicable to the audit engagement.
Leadership Responsibilities for Quality in Audits
EP is to take responsibility for overall quality on each audit engagement. As a part of this responsibility, EP should emphasize following to engagement team (ET):
❖ Compliance with professional Standards and regulatory and legal requirements.
Quality Control Chapter 1
❖ Compliance with firm’s Quality Control Policies and procedures as applicable.
❖ Issuance of appropriate audit report.
❖ Ability to raise concerns without fear.
❖ Quality is essential & indispensable in engagement performance.
Relevant Ethical requirements
In relation to ethical requirements in an audit engagement, EP is responsible for:
• Identifying a threat to independence that safeguards may not be able to eliminate or reduce to an acceptable level.
• Reporting by EP to relevant persons within the firm to determine appropriate action, which may include eliminating the activity or interest that creates the threat, or withdrawing from the audit engagement, where withdrawal is legally permitted.
Independence
EP shall form a conclusion on compliance with independence requirements that apply to audit engagement. In doing so, EP shall obtain relevant information from firm &, where applicable, network firms, to identify & evaluate circumstances and relationships that create threats to independence.
Acceptance & Continuance of Client Relationship & audit Engagement
Responsibility of EP is on lines of SQC 1 which requires that firm should obtain such information as it considers necessary
before accepting an engagement with a new client,
when deciding whether to continue an existing engagement, &
when considering acceptance of a new engagement with an existing client.
EP shall be satisfied that appropriate procedures regarding acceptance & continuance of client relationships and audit engagements have been followed, and shall determine that conclusions reached in this regard are appropriate.
If EP obtains information that would have caused firm to decline audit engagement had that information been available earlier, EP shall communicate that information promptly to firm, so that firm and EP can take the necessary action.
Chapter 1
Examples of information which may cause the firm to withdraw
Integrity of principal owners, key management and TCWG of the entity;
Competency of ET to perform the audit engagement and availability of necessary capabilities, including time and resources;
Compliance with relevant ethical requirements by firm and the ET; and
Significant matters that have arisen during current or previous audit engagement, and their implications for continuing the relationship.
Engagement Quality Control Review (EQCR)
For audits of F.S. of listed entities, & those other audit engagements, if any, for which firm has determined that an EQCR is required, EP shall:
(a) Determine that an EQC reviewer has been appointed.
(b) Discuss significant matters arising during the audit engagement, including those identified during the EQCR, with the EQC reviewer.
(c) Not date the auditor’s report until the completion of the EQCR.
Matters to be evaluated by EQC Reviewer
EQC reviewer shall perform an objective evaluation of significant judgments made by the ET, and conclusions reached in formulating auditor’s report. This evaluation shall involve:
(a) Discussion of significant matters with the EP.
(b) Review of F.S. and the proposed auditor’s report.
(c) Review of selected audit documentation relating to the significant judgments the ET made and the conclusions it reached and
(d) Evaluation of conclusions reached in formulating auditor’s report and consideration of whether the proposed auditor’s report is appropriate.
Additional Considerations in audit of F.S. of Listed Entities:
❖ ET’s evaluation of firm’s independence in relation to audit engagement.
❖ Whether appropriate consultation has taken place on matters involving differences of opinion/difficult matters & conclusions arising from consultations.
❖ Whether audit documentation selected for review reflects the work performed w.r.t. significant judgments made & supports the conclusions reached.
Note: Performance of EQCR does not reduce the responsibilities of the EP for the audit engagement and its performance.
Quality Control Chapter 1
SQC 1 vs. SA 220
1
1 Applies to entire firm & fix responsibility of firm to be assumed by CEO/Managing partners. Applies to a particular audit engagement & EP takes responsibility of the same.
2 Applicable to audits, reviews of historical financial Information, other assurance & related services engagements. Applicable to audit engagements only.
3 SQC 1 relates to setting up of a quality control system consisting of policies and procedures for firm as a whole.
4 SQC 1 pertains to establishing a system of QC designed to provide firm with a reasonable assurance that a firm and its personnel comply with professional standards & regulatory & legal requirements so that reports issued by firm/EPs are appropriate.
(3) Mechanisms for review of Quality Control
(A) Peer Review Board (PRB)
SA 220 deals with responsibilities of ETs to implement QC procedures that are applicable to audit engagements.
SA 220 is premised on basis that firm is subject to SQC 1. Hence, SQC 1 is sine qua non for applicability of SA 220. It is within overall context of a firm’s system of QC, ETs implement QC procedures applicable to audit engagements.
PRB is constituted by Council of ICAI. Main objective of PRB is to ensure that, in carrying out assurance assignments:
(a) Technical, professional & ethical standards including regulatory requirements are complied with by members of ICAI.
(b) Proper systems are in place including documentation thereof which amply demonstrate quality of assurance services provided by members.
Points to remember
Peer review - Examination and review of systems & procedures to determine whether same have been put in place by Practice Unit for ensuring quality of assurance services as envisaged by the technical, professional & ethical Standards or any other regulatory requirements.
