ISA (UK) 220: Quality Control for an Audit of Financial Statements

 

The auditor is responsible for the quality control of the audit of financial statements. This responsibility is not solely outlined through ISA 220, but also through ISQC 1 and is further to be corroborated through the applicable ethical requirements. Each audit firm is responsible for the implementation and maintenance of a quality control system in order to ensure that the firm and its personnel comply with the ethical, legal, and regulatory requirements [L&RR] and that the audit reports issued by the firm are appropriate.

Responsibilities of an Engagement Partner

Being the leader of the audit team, the engagement partner observes a higher need for the maintenance of quality control throughout the audit. He, being responsible for the overall quality of the audit engagement, should stay alert and skeptical for any instance of non-compliance with the ethical and regulatory requirements by any member of the audit team.

Ethical Requirements

While the ethical requirements may vary from jurisdiction to jurisdiction, the fundamental principles of ethics laid down by the IESBA Code of Ethics include Integrity, Objectivity, Professional Competence, Confidentiality, and Professional Behavior. Additional ethical requirements may be imposed on an auditor through the local codes of conduct prevalent in different jurisdictions.

Engagement Team and Performance

The engagement partner must ensure that the team deployed on the audit of financial statements under his audit engagement is competent and capable enough to comply with the professional standards and applicable L&RR. The audit team must have the necessary competence to enable an audit report under the given circumstances.

The responsibility for the audit report and its validity, however, rests with the engagement partner. He is also responsible for the direction, oversight, and performance of the audit engagement in accordance with the applicable LR&R and professional standards.

Practice

While accepting or continuing an audit engagement, an engagement partner shall obtain information from the firm and network firms to identify any potential threats of non-compliance with the applicable quality control requirements. In the instance of identifying any such threat, an auditor is advised to immediately report the matter in his reporting line, or seek the application of safeguards that reduce the threat to an acceptably low level, or where appropriate, withdraw from the audit engagement. Any inability to resolve a given matter should be disclosed to the firm immediately for appropriate action.

It is also advised to conduct a thorough and rigorous review of the audit documentation and working papers before or on the date of the audit report to be satisfied that sufficient and appropriate audit evidence has been obtained by the audit team to base the audit opinion on.

References:

https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

Comparison: Old vs Revised ISA (UK) 220

While the revised standard mandates application of the revised guidelines for the financial statement audits commencing on or after 15th December 2022, it has also allowed voluntary early application to ensure the quality of the audit is maintained throughout the audit engagement. Here’s a comparison of the old standard vs. revised standard on quality of audit for financial statements.

Old Vs. Revised ISA (UK) 230 - Key Differences

Particulars	Old Standard	Revised Standard
Focus	More focus on exercising control over the Quality of the audit engagement.	Focusing the overall Quality of the audit is Managed responsibly.
Audit Concern	The firm’s policy decides the process, objectives and controls of the audit engagement.	Considering each firm’s risks, the audit quality management, process, objectives, procedures, and control should be decided.
Emphasis	The audit engagement should be accurately and effectively adhere to the audit quality controls.	More accurate and complete information and communications to maintain the quality of the audit.
Specific Requirements	Overall leadership responsibilities.	Active participation from the key auditor as well as the team members emphasizing on the accountability as well.
Documentation of Processes	Documenting and testing of the processes is not specified.	Specifically requires processes to be documented and tested.
Reference to ‘Resources’	The resources refer to the Human only	Wider reference so as to include Humans, intellectual, technological components

 

Challenges on the Practical Implication 

• The main challenge will be of an overall application as there are a lot of requirements and making all of those work together would be a bit of a hardship.

• The revised standard requires documentation and testing of the processes, which is quite challenging as the methods might be in place but documenting them could be cumbersome.

• The requirement of the risk-based approach makes it complicated to set the objectives, procedures based on the individual firm’s risks and threats. Such an approach will then become too subjective.

The best strategy to manage the transition period would be to match your firm’s objectives with the revised standard and create policies and procedures that meet the standard’s requirements.

References: 

1. ISA (UK) 220_Revised July 2021_final

2. https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

3. New standards continue drive toward better audits

Quality Management for an Audit of Financial Statements

The ISA (UK) 220 (revised July 2021) on Quality Management for Audit of Financial Statements will be applicable for the audits of financial statements on or after 15 December 2022. The recent revision imposes significant responsibilities on the engagement partner (key auditor) to conduct the audits most effectively to maintain the audit quality so that the audit quality is maintained throughout. Let’s discuss these responsibilities in detail with the help of a practical example. 

Overview and the Purpose of this Standard

The standard focuses on the responsibilities carried out by the auditor to conduct the audit following the applicable professional standards, rules, and regulations. 

The standard requires from the key auditor the following to maintain the quality of the audits:

• Leadership responsibilities 

• Ethical compliances including independence of the auditor

• Determining policies and procedures to accept and continue the relationships with the clients and the audits  

• Availability of sufficient resources and the environment to the audit team from time to time

• Take responsibility to direct and supervise the work carried out by the audit team and review their work.

• Documentation, monitoring, and remediation related responsibilities 

Practical Implication with the Help of an Example

The Key Auditor and his team are conducting an audit of a stock broking company. To verify the transactions of such a vast company, the auditor will need a well-equipped Information Technology set-up at his firm. He will also need such an audit team that knows how to run verification reports. 

In the above example, the revised standard requires the key auditor of the firm to take leadership in maintaining the quality of the audit. His duty will be to direct and supervise the audit team members on how to verify the transactions of the stockbroking company and the understanding of how to conduct the entire audit effectively to ensure adherence to the standard. 

He is also responsible for making available necessary audit environment that enables the team members to conduct the audit more efficiently. The availability of sufficient IT infrastructure in the given example would be the responsibility of the key auditor. 

Thus, there have been substantial changes concerning the engagement partner’s responsibilities (key auditor) through the revised standard. The purpose is to maintain the utmost quality of the audit where the early adoption of the standard is also allowed.  

References:

1. ISA (UK) 220_Revised July 2021_final

2. The FRC's new requirements of auditors

Audit Method: Best practices in Audit Documentation

ISA 230, deal with the auditor’s responsibility to prepare the audit documentation. Audit Documentation is defined in ISA 230 as “The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached (terms such as “working papers” or “workpapers” are also sometimes used).” The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand

• ·         The nature, timing and extent of the audit procedures performed
• ·         The results of the audit procedures performed
• ·         Significant matters arising during the audit and the conclusions reached thereon

In documenting the nature, timing and extent of audit procedures performed, the auditor shall record:

• ·         The identifying characteristics of the specific items or matters tested;
• ·         Who performed the audit work and the date such work was completed; and
• ·         Who reviewed the audit work performed and the date and extent of such review.

The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis. After the assembly of the final audit file has been completed, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period.

Audit documentation may be recorded on paper or on electronic or other media. Examples of audit documentation include:

• ·         Audit programs.
• ·         Analyses.
• ·         Issues memoranda.
• ·         Summaries of significant matters.
• ·         Letters of confirmation and representation.
• ·         Checklists.
• ·         Correspondence (including e-mail) concerning significant matters.

However it should be kept in mind that neither auditing standards nor any audit firm policy prohibits the audit team members from including documentation in the file that they believe necessary to support their work.

Practice

Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at the time such work is performed. ISQC 1, requires firms to establish policies and procedures for the timely completion of the assembly of audit files. An appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report.

Audit Method: Quality Review

ISA 220, deals with quality control for an audit of financial statements. Engagement teams have a responsibility to implement quality control procedures that are applicable to the audit engagement and that are within the context of the firm’s system of quality control. The objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that:

• The audit complies with professional standards and applicable legal and regulatory requirements; and
• The auditor’s report issued is appropriate in the circumstances.

ISQC 1, deals with the firm’s responsibilities to establish and maintain its system of quality control for audit engagements. The system of quality control includes policies and procedures that address each of the following elements:

• Leadership responsibilities for quality within the firm;
• Relevant ethical requirements;
• Acceptance and continuance of client relationships and specific engagements;
• Human resources;
• Engagement performance; and
• Monitoring.

For audits of financial statements of listed entities, and those other audit engagements, if any, for which the firm has determined that an engagement quality control review is required, the engagement partner shall:

• Determine that an engagement quality control reviewer has been appointed;
• Discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer; and
• Not date the auditor’s report until the completion of the engagement quality control review.

Practice

The engagement partner shall take responsibility for the overall quality on each audit engagement to which that partner is assigned. The engagement partner should ensure that

• Appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed;
• All ethical requirements are met;
• Independence criterion is met;
• Assignment of team members is appropriate;
• Overall direction, supervision and monitoring of the audit engagement is carried out.

Audit News Briefing: 19 November 2015

Audit-is-cool is pleased to accumulate and provide its readers with the news on audit and related topics:

November 18, 2015

SBWire

Global IT Spending by Audit Firms Is Expected to Reach over USD 5 Billion Dollars in Revenues by 2019: ResearchMoz

Press Release: Technavios market research analysts predict the global IT spending by audit firms will witness a steady growth face, reaching over USD 5 billion dollars in revenues by 2019. The audit market is highly concentrated and dominated by the big four firms, including Deloitte, E&Y, KPMG, and PwC. But, mandatory auditor tendering and rotation reforms by various regulators across the globe had led to the entry of several audit firms in this market. Big Four firms are slowly losing their market share as these firms further intensify the competition. Also, audit services are highly regulated and commoditized, thereby reducing differentiation opportunities for audit firms. It is leading to the increased adoption of information technology by audit firms to provide differentiation in their offerings. Please follow link for details: http://www.sbwire.com/press-releases/industry-analysis/global-it-spending-by-audit-fi/release-642397.htm?utm_source=djournal&utm_medium=feed&utm_campaign=distribution

ResearchMoz latest research report is entitled "Global IT Spending by Audit Firms 2015-2019: Industry Research, Analysis, Shares, Size, Trends, Growth, Survey, Forecast".

November 17, 2015

CivilSociety.co.uk Finance

Audit firms 'missed fundamental risks' of Kids Company model, say MPs

Bernard Jenkin MP, chair of the Public Administration and Constitutional Affairs Committee said: The auditors missed the “fundamental risk” that Kids Company operated a “high risk model” of committing almost all its funding to helping its client. This should have been “taken more seriously”. This was the major issue pointed out when MPs have criticised auditors PwC, PKF Littlejohn and Kingston Smith for not scrutinising Kids Company properly and missing key indicators during their dealings with the charity before it folded. Please follow link for details: http://www.civilsociety.co.uk/finance/news/content/20782/audit_firms_missed_fundemental_risks_at_kids_company_say_mps

November 17, 2015

MarketWatch

Big Four audit quality can differ widely — even at the same firm

Board member, Lewis H. Ferguson of the Public Company Accounting Oversight Board (PCAOB) and chair of the global public policy committee working group of the International Forum of Independent Audit Regulators (IFIAR) – at MarketWatch – recently discussed about the significant roles of PCAOB as projected by the U.S. Congress and IFIAR in determining cross-border aspects of audits.

He emphasized that: “It would be a mistake to presume that an audit firm’s inspection results in the United States necessarily speak to the quality of its global network. There can be a real difference among audit deficiency findings for the firms in the United States and what we see at their affiliates around the globe.” In conclusion, “While these inspection results are not a scorecard or a stand-alone measure of audit quality, they do reflect differences in the inspection results among audit firms and in different countries. They may well represent differences in audit quality among firms. At the least, they reflect that each firm’s global network also faces different auditing challenges.”

Please follow link for details: http://www.marketwatch.com/story/big-four-audit-quality-can-differ-widely-even-at-the-same-firm-2015-11-17

Audit Firm: Audit Quality Indicators

The Public Company Accounting Oversight Board (PCAOB) is a nonprofit corporation in USA established by Congress to oversee the audits of public companies in order to protect investors and the public interest by promoting informative, accurate, and independent audit reports. The Sarbanes-Oxley Act of 2002, which created the PCAOB, required that auditors of U.S. public companies be subject to external and independent oversight.

The PCAOB has recently issued a concept release on Audit Quality Indicators (AQI). It has sought the public comment on the content and possible uses of a group of potential "audit quality indicators." The indicators are a potential portfolio of quantitative measures that may provide new insights about how to evaluate the quality of audits and how high quality audits are achieved.

The 28 potential Audit Quality Indicators are:

AUDIT PROFESSIONALS

Availability	Competence	Focus
1. Staffing Leverage 2.Partner Workload 3.Manager and Staff Workload 4.Technical Accounting and Auditing Resources 5.Persons with Specialized Skill and Knowledge	6.Experience of Audit Personnel 7.Industry Expertise of Audit Personnel 8.Turnoverof Audit Personnel 9.Amount of Audit Work Centralized at Service Centers10.Training Hours per Audit Professional	11.Audit Hours and Risk Areas 12.Allocation of Audit Hours to Phases of the Audit

AUDIT PROCESS

Tone at the Top and Leadership	Incentives	Independence	Infrastructure	Monitoring and Remediation
13.Results of Independent Survey of Firm Personnel	14.Quality Ratings and Compensation 15.Audit Fees, Effort, and Client Risk	16.Compliance with Independence Requirement	17.Investment in Infrastructure Supporting Quality Auditing	18.Audit Firms' Internal Quality Review Results 19.PCAOB Inspection Results 20.Technical Competency Testing

AUDIT RESULTS

Financial Statements	Internal Control	Going Concern	Communication between Auditors and Audit Committee	Enforcement and Litigation
21. Frequency and Impact of Financial Statement Restatements for Errors 22.Fraud and other Financial Reporting Misconduct 23.Inferring Audit Quality from Measures of Financial Reporting Quality	24.Timely Reporting of Internal Control Weaknesses	25.Timely Reporting of Going Concern Issues	26.Results of Independent Surveys of Audit Committee Members	27. Trends in PCAOB and SEC Enforcement Proceedings 28.Trends in Private Litigation

Additional Thoughts

Quality control for audit is very important as only with an effective Quality control mechanism, the public interest can be served through independence, integrity, ethics, objectivity and quality performance. The aforementioned quality indicators can prove to be a useful benchmark for auditors to gauge their performance.

Audit Firm: Message from Financial Reporting Council to the Big 4

The Financial Reporting Council is the UK’s independent regulator responsible for promoting high quality corporate governance. It recently issued Audit Quality Inspection Report for the year 2014/15.

The review of the firm’s policies and procedures supporting audit quality is undertaken by the Audit Quality Review team of the Financial Reporting Council (“the FRC”) and it covered aspects of the following areas: 

• Tone at the top and internal communications
• Transparency report
• Independence and ethics
• Performance evaluation and other human resource matters
• Audit methodology, training and guidance
• Client risk assessment and acceptance / continuance
• Consultation and review
• Audit quality monitoring
• Other firm-wide matters

 Some of the key messages given by the FRC to the Big 4 audit firms are as follows: 

• Improve the testing of management reports and other system generated information to obtain assurance on its reliability for audit purposes.
• Improve the testing of controls.
• Ensure that audit planning discussions are held with Audit Committees on a more timely basis to enable their input to be reflected appropriately in the audit plan.
• Ensure audit teams pay more attention to the nature and complexity of entities when determining the scope and extent of group and component audit procedures.
• Improve the audit approach in relation to the testing of journals including the selection of journals based on the characteristics of fraud risk
• Ensure that, when using the firm’s valuation and other specialists, audit teams obtain sufficient appropriate audit evidence to corroborate their conclusions.
• Take action to ensure that partners are notified promptly of new audited entities and dispose of any financial interests held in them on a timely basis.
• Ensure that the firm’s audit reports accurately describe the audit procedures performed to address the identified risks.

Additional Thoughts

The key messages given by the FRC to the audit firms can be used as guidelines by the firms to improve the quality of their audits. Firms should develop more stringent internal quality control review mechanisms to improve audit quality and deliver services to the complete satisfaction of all the stakeholders.