ifac smp-sme activities · other assurance and related service engagements became effective as of...
TRANSCRIPT
Page 1 | Confidential and Proprietary Information
IFAC SMP-SME ACTIVITIES
Monica Foerster
IFAC SMP Committee Chair
INCP Conference
August 23
Cartagena, Colombia
Page 2 | Confidential and Proprietary Information
Agenda
• Importance of Quality Control
• Key Standards
• Inspection Findings
• Back to Basics – ISQC 1 Requirements (QC Guide)
– Leadership responsibilities for quality within the firm
– Ethical Requirements
– Acceptance and continuance of client relationships & specific engagements
– Human Resources
– Engagement performance
– Monitoring
• IAASB Projects – new ISQC 1
Page 3 | Confidential and Proprietary Information
Importance of Quality Control
Benefits of Effective QC System
• Reduces risk of error
• Enhanced reputation and brand value in the marketplace
• Enhanced risk management
• Improved client relationships
• Improved recruitment and retention of employees
• Improved efficiencies in the provision of services
General Principles
• Firm & personnel comply with prof standard and reg req
• Reports issue are appropriate in the circumstances
Page 4 | Confidential and Proprietary Information
Key Standards
• ISQC1, Quality Control for Firms that Perform Audits
and Reviews of Historical Financial Information and
Other Assurance and Related Service Engagements
became effective as of December 15, 2009 (firm level)
• ISA 220, Quality Control for an Audit of Financial
Statements, effective for audits of financial statements for
periods beginning on or after December 15, 2009
(engagement level)
• Both being updated as part of current IAASB projects
• IESBA Code of Ethics for Professional Accountants
Page 5 | Confidential and Proprietary Information
Inspection Findings – IFIAR 2016 Survey I
Inspection Theme % of audit firms
with at least one
QC finding
2016 2015 2014
Engagement Performance 49% 59% 60%
Independence and Ethical
Requirements
40% 40% 48%
Human Resources 31% 36% 45%
Monitoring 28% 33% 34%
Client Risk Assessment,
Acceptance and Continuance
25% 30% 33%
Leadership Responsibilities for
Quality within the Firm
12% 12% 19%
Page 6 | Confidential and Proprietary Information
Guide to Quality Control for
SMPs
• Helps SMPs apply ISQC 1
proportionately and efficiently.
• Includes guidance, case study,
two sample QC manuals, and
checklists
Tools, Guidance and Standard Support I
Page 7 | Confidential and Proprietary Information
Leadership Responsibilities for Quality Within the
Firm
• Develop a culture of quality from top down
• Ultimate responsibility is with the firm’s managing board
• Underpinned by partner commitment to the firm’s quality
control policies and procedures
• Operational responsibilities for elements of the QC system
assigned to those with:
– sufficient and appropriate experience; and
– the necessary authority
• Commercial considerations should not over-ride
management responsibilities for quality (for example in
performance evaluations, setting compensation etc)
Page 8 | Confidential and Proprietary Information
Relevant Ethical Requirements
• Embed within the firm the fundamental principles of professional
ethics
• Understand the threats and safeguards to independence, set
out in the IESBA Code of Ethics
• Maintain policies and procedures to enable threats to
independence to be identified, documented and managed
appropriately, including:
– Firm level - annual written confirmations from all partners and professional
staff
– Engagement level – written confirmation by engagement team
• Identify and manage conflicts of interest
• Establish confidentiality procedures
Page 9 | Confidential and Proprietary Information
Acceptance and Continuance of Client
Relationships and Specific Engagements
Page 10 | Confidential and Proprietary Information
Human Resources
• Need sufficient personnel with the competence,
capabilities and commitment to ethical principles
necessary to do the work
• Focus on recruitment and retention relative to the needs of
the firm and its clients
• Ensure staff and partners are appropriately trained,
developed and maintain their competence
• Assign engagement teams with the necessary
competence and capabilities to do the work
• Establish a disciplinary process
Page 11 | Confidential and Proprietary Information
Engagement Performance
• Policies and procedures to ensure consistent quality
output across the firm
• Engagement partner has defined responsibilities
• Effective planning, supervision and review procedures
• Establish consultation procedures – when, who, how etc –
including external sources if necessary
• Establish procedures for resolving differences of opinion
Page 12 | Confidential and Proprietary Information
Engagement Performance
Engagement quality control reviews:
• Required for all audits of listed entities
• Establish criteria for other engagements where EQCR
would be desirable (e.g. high risk)
• Appoint suitable EQCR reviewer – internal or external
– Technically capable with necessary experience and authority
– Objective
• Defined scope of EQCR
Page 13 | Confidential and Proprietary Information
Monitoring
• Establish a monitoring program over the firm’s system of
quality control
• Inspection procedures:
– Consider nature and extent, but ensure coverage of at least one
engagement per partner at least every 3 years
– External inspections may be desirable (e.g. fresh perspective or
sharing of ideas) or necessary (if no suitable internal resource)
– Formal report
• Communicate deficiencies and take remedial actions
• Establish procedures for dealing with complaints and
allegations
Page 14 | Confidential and Proprietary Information
Back to Basics—Examining ISQC 1 Requirements
7 Key Actions
1. Always write it down – document, document,
document (ISQC 1.57)
2. Lead from the front giving consistent messages on
the importance of quality control (ISQC 1.18)
3. Always act ethically in accordance with the IESBA
Code of Ethics for Professional Accountants (ISQC
1.20)
4. Focus on the right clients being matched by the right
skills with an emphasis on integrity and
competencies (ISQC 1.31)
Page 15 | Confidential and Proprietary Information
Back to Basics—Examining ISQC 1 Requirements
7 Key Actions
5. Maintain capable and competent personnel giving
due attention to the firm’s human resources
policies and procedures (ISQC 1.29)
6. Delivery quality audits, consulting when needed
and meeting requirements for engagement quality
control review (ISQC 34 -35)
7. Monitor the firm’s system of quality control and
carry out a periodic objective inspection of a
selection of competed audit engagements (ISQC
1.48)
Page 16 | Confidential and Proprietary Information
Documentation – Real Problem
• Excessive documentation for compliance purposes is
real problem
• Largely a product of over-engineered and inefficient
audit methodologies – leading to under- or over-auditing
• Poor documentation by auditors – for example
– Keeping interesting but irrelevant information on the file
– Full documents rather than extracts
– Not making use of facilities for electronic cross-referencing
– Poor checklists used indiscriminately without thought
Page 17 | Confidential and Proprietary Information
Documentation – ISA 230
• ISA 230 on documentation is one of the shortest ISAs
– Only 9 requirements but another 22 specific requirements in other
ISAs listed in the appendix
• “A sufficient and appropriate
record of the basis for the
auditor’s report” (ISA 230 para 5)
• Evidence that the audit was planned and performed in
accordance with ISAs
• If it’s not documented … it wasn’t done!
Page 18 | Confidential and Proprietary Information
• Has a clear objective
• States the year/period end
• Details the full extent of the test
• When reference is made to another WP, the full
reference to the other WP
• States the results of the procedure/testing
• Conclusions reached that are consistent with the
results of the procedures/testing
• Initialed and dated by preparer and reviewer(s)
“Good” Documentation
Page 19 | Confidential and Proprietary Information
Quality Control at the Firm Level (ISQC 1) – New Quality Management Approach• New quality management
approach
– Risk-based and scalable
– Effective
– Proactive and preventative
– Tailored for the firm’s
circumstances
• Existing elements of ISQC 1
retained with new components
added
– Existing components modified and
restructured to reflect new approach
– Components have similarities to
COSO
Quality Control at the Firm Level (ISQC 1) –
New Quality Management Approach
Page 20 | Confidential and Proprietary Information
Quality Management at the Firm Level (ISQC 1) –
Significant Changes
• Governance and leadership– Improved focus on firm culture, tone at the top & leadership
• Information and communication– Focus on importance of two-way communication within the firm
• Resources– Enhancements to requirements addressing human resources
• Monitoring and remediation – New requirements to perform a root cause analysis on deficiencies
– New framework to guide firms through assessing results of monitoring activities, external inspections and other information
Page 21 | Confidential and Proprietary Information
• IFAC SMP Committee: www.ifac.org/SMP
• Follow us on Twitter: IFAC_SMP
• IFAC Global SMP Survey www.ifac.org/smp
• Join us on LinkedIn: IFAC SMP Community
• Global Knowledge Gateway www.ifac.org/Gateway
IFAC Resources