ISA (UK) 220: Quality Control for an Audit of Financial Statements

 

The auditor is responsible for the quality control of the audit of financial statements. This responsibility is not solely outlined through ISA 220, but also through ISQC 1 and is further to be corroborated through the applicable ethical requirements. Each audit firm is responsible for the implementation and maintenance of a quality control system in order to ensure that the firm and its personnel comply with the ethical, legal, and regulatory requirements [L&RR] and that the audit reports issued by the firm are appropriate.

Responsibilities of an Engagement Partner

Being the leader of the audit team, the engagement partner observes a higher need for the maintenance of quality control throughout the audit. He, being responsible for the overall quality of the audit engagement, should stay alert and skeptical for any instance of non-compliance with the ethical and regulatory requirements by any member of the audit team.

Ethical Requirements

While the ethical requirements may vary from jurisdiction to jurisdiction, the fundamental principles of ethics laid down by the IESBA Code of Ethics include Integrity, Objectivity, Professional Competence, Confidentiality, and Professional Behavior. Additional ethical requirements may be imposed on an auditor through the local codes of conduct prevalent in different jurisdictions.

Engagement Team and Performance

The engagement partner must ensure that the team deployed on the audit of financial statements under his audit engagement is competent and capable enough to comply with the professional standards and applicable L&RR. The audit team must have the necessary competence to enable an audit report under the given circumstances.

The responsibility for the audit report and its validity, however, rests with the engagement partner. He is also responsible for the direction, oversight, and performance of the audit engagement in accordance with the applicable LR&R and professional standards.

Practice

While accepting or continuing an audit engagement, an engagement partner shall obtain information from the firm and network firms to identify any potential threats of non-compliance with the applicable quality control requirements. In the instance of identifying any such threat, an auditor is advised to immediately report the matter in his reporting line, or seek the application of safeguards that reduce the threat to an acceptably low level, or where appropriate, withdraw from the audit engagement. Any inability to resolve a given matter should be disclosed to the firm immediately for appropriate action.

It is also advised to conduct a thorough and rigorous review of the audit documentation and working papers before or on the date of the audit report to be satisfied that sufficient and appropriate audit evidence has been obtained by the audit team to base the audit opinion on.

References:

https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

Comparison: Old vs Revised ISA (UK) 220

While the revised standard mandates application of the revised guidelines for the financial statement audits commencing on or after 15th December 2022, it has also allowed voluntary early application to ensure the quality of the audit is maintained throughout the audit engagement. Here’s a comparison of the old standard vs. revised standard on quality of audit for financial statements.

Old Vs. Revised ISA (UK) 230 - Key Differences

Particulars	Old Standard	Revised Standard
Focus	More focus on exercising control over the Quality of the audit engagement.	Focusing the overall Quality of the audit is Managed responsibly.
Audit Concern	The firm’s policy decides the process, objectives and controls of the audit engagement.	Considering each firm’s risks, the audit quality management, process, objectives, procedures, and control should be decided.
Emphasis	The audit engagement should be accurately and effectively adhere to the audit quality controls.	More accurate and complete information and communications to maintain the quality of the audit.
Specific Requirements	Overall leadership responsibilities.	Active participation from the key auditor as well as the team members emphasizing on the accountability as well.
Documentation of Processes	Documenting and testing of the processes is not specified.	Specifically requires processes to be documented and tested.
Reference to ‘Resources’	The resources refer to the Human only	Wider reference so as to include Humans, intellectual, technological components

 

Challenges on the Practical Implication 

• The main challenge will be of an overall application as there are a lot of requirements and making all of those work together would be a bit of a hardship.

• The revised standard requires documentation and testing of the processes, which is quite challenging as the methods might be in place but documenting them could be cumbersome.

• The requirement of the risk-based approach makes it complicated to set the objectives, procedures based on the individual firm’s risks and threats. Such an approach will then become too subjective.

The best strategy to manage the transition period would be to match your firm’s objectives with the revised standard and create policies and procedures that meet the standard’s requirements.

References: 

1. ISA (UK) 220_Revised July 2021_final

2. https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

3. New standards continue drive toward better audits

Quality Management for an Audit of Financial Statements

The ISA (UK) 220 (revised July 2021) on Quality Management for Audit of Financial Statements will be applicable for the audits of financial statements on or after 15 December 2022. The recent revision imposes significant responsibilities on the engagement partner (key auditor) to conduct the audits most effectively to maintain the audit quality so that the audit quality is maintained throughout. Let’s discuss these responsibilities in detail with the help of a practical example. 

Overview and the Purpose of this Standard

The standard focuses on the responsibilities carried out by the auditor to conduct the audit following the applicable professional standards, rules, and regulations. 

The standard requires from the key auditor the following to maintain the quality of the audits:

• Leadership responsibilities 

• Ethical compliances including independence of the auditor

• Determining policies and procedures to accept and continue the relationships with the clients and the audits  

• Availability of sufficient resources and the environment to the audit team from time to time

• Take responsibility to direct and supervise the work carried out by the audit team and review their work.

• Documentation, monitoring, and remediation related responsibilities 

Practical Implication with the Help of an Example

The Key Auditor and his team are conducting an audit of a stock broking company. To verify the transactions of such a vast company, the auditor will need a well-equipped Information Technology set-up at his firm. He will also need such an audit team that knows how to run verification reports. 

In the above example, the revised standard requires the key auditor of the firm to take leadership in maintaining the quality of the audit. His duty will be to direct and supervise the audit team members on how to verify the transactions of the stockbroking company and the understanding of how to conduct the entire audit effectively to ensure adherence to the standard. 

He is also responsible for making available necessary audit environment that enables the team members to conduct the audit more efficiently. The availability of sufficient IT infrastructure in the given example would be the responsibility of the key auditor. 

Thus, there have been substantial changes concerning the engagement partner’s responsibilities (key auditor) through the revised standard. The purpose is to maintain the utmost quality of the audit where the early adoption of the standard is also allowed.  

References:

1. ISA (UK) 220_Revised July 2021_final

2. The FRC's new requirements of auditors

Audit Method: Quality Review

ISA 220, deals with quality control for an audit of financial statements. Engagement teams have a responsibility to implement quality control procedures that are applicable to the audit engagement and that are within the context of the firm’s system of quality control. The objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that:

• The audit complies with professional standards and applicable legal and regulatory requirements; and
• The auditor’s report issued is appropriate in the circumstances.

ISQC 1, deals with the firm’s responsibilities to establish and maintain its system of quality control for audit engagements. The system of quality control includes policies and procedures that address each of the following elements:

• Leadership responsibilities for quality within the firm;
• Relevant ethical requirements;
• Acceptance and continuance of client relationships and specific engagements;
• Human resources;
• Engagement performance; and
• Monitoring.

For audits of financial statements of listed entities, and those other audit engagements, if any, for which the firm has determined that an engagement quality control review is required, the engagement partner shall:

• Determine that an engagement quality control reviewer has been appointed;
• Discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer; and
• Not date the auditor’s report until the completion of the engagement quality control review.

Practice

The engagement partner shall take responsibility for the overall quality on each audit engagement to which that partner is assigned. The engagement partner should ensure that

• Appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed;
• All ethical requirements are met;
• Independence criterion is met;
• Assignment of team members is appropriate;
• Overall direction, supervision and monitoring of the audit engagement is carried out.

Audit Method: Client Acceptance Procedure

This first step in an audit engagement of client acceptance is very crucial where the practicing firm has to decide whether to accept the new client relationship or in case of existing client a periodic review whether to continue with the existing relationship. The decision to accept or continue an audit engagement depends on the client evaluation and ethical considerations.

As per paragraph 26 of ISQC-1, “The firm shall establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide the firm with reasonable assurance that it will only undertake or continue relationships and engagements where the firm:

• Is competent to perform the engagement and has the capabilities, including time and resources, to do so;
• Can comply with relevant ethical requirements; and
• Has considered the integrity of the client”

If the issues have been identified, and the firm decides to accept or continue the client relationship or a specific engagement, the firm shall document how the issues were resolved.

As per paragraphs 12 and 13 of ISA-220 on Quality Control for an Audit of Financial Statements, the engagement partner shall be satisfied that the firm’s policies and procedures were duly followed in acceptance and continuation of client relationship and audit engagement and shall determine that the conclusions reached in this regard are appropriate.

The auditor shall be alert to and appropriately address the following threats while accepting a new engagement or continuing an existing one:

• Self interest
• Self-review
• Familiarity
• Intimidation
• Advocacy

Practice

The auditor is generally more careful about accepting the new client because of lack of previous experience with the management and those charged with the governance and knowledge of the business, transactions and associated risks affecting the financial statements. While certain assessment procedures for both the prospective and existing clients would be common, however, they may assume additional importance in case of a new client.