ifac smp-sme activities · other assurance and related service engagements became effective as of...

| Confidential and Proprietary Information

IFAC SMP-SME ACTIVITIES

Monica Foerster

IFAC SMP Committee Chair

INCP Conference

August 23

Cartagena, Colombia


Agenda

• Importance of Quality Control

• Key Standards

• Inspection Findings

• Back to Basics – ISQC 1 Requirements (QC Guide)

– Leadership responsibilities for quality within the firm

– Ethical Requirements

– Acceptance and continuance of client relationships & specific engagements

– Human Resources

– Engagement performance

– Monitoring

• IAASB Projects – new ISQC 1


Importance of Quality Control

Benefits of Effective QC System

• Reduces risk of error

• Enhanced reputation and brand value in the marketplace

• Enhanced risk management

• Improved client relationships

• Improved recruitment and retention of employees

• Improved efficiencies in the provision of services

General Principles

• Firm & personnel comply with prof standard and reg req

• Reports issue are appropriate in the circumstances


Key Standards

• ISQC1, Quality Control for Firms that Perform Audits

and Reviews of Historical Financial Information and

Other Assurance and Related Service Engagements

became effective as of December 15, 2009 (firm level)

• ISA 220, Quality Control for an Audit of Financial

Statements, effective for audits of financial statements for

periods beginning on or after December 15, 2009

(engagement level)

• Both being updated as part of current IAASB projects

• IESBA Code of Ethics for Professional Accountants


Inspection Findings – IFIAR 2016 Survey I

Inspection Theme % of audit firms

with at least one

QC finding

2016 2015 2014

Engagement Performance 49% 59% 60%

Independence and Ethical

Requirements

40% 40% 48%

Human Resources 31% 36% 45%

Monitoring 28% 33% 34%

Client Risk Assessment,

Acceptance and Continuance

25% 30% 33%

Leadership Responsibilities for

Quality within the Firm

12% 12% 19%


Guide to Quality Control for

SMPs

• Helps SMPs apply ISQC 1

proportionately and efficiently.

• Includes guidance, case study,

two sample QC manuals, and

checklists

Tools, Guidance and Standard Support I


Leadership Responsibilities for Quality Within the

Firm

• Develop a culture of quality from top down

• Ultimate responsibility is with the firm’s managing board

• Underpinned by partner commitment to the firm’s quality

control policies and procedures

• Operational responsibilities for elements of the QC system

assigned to those with:

– sufficient and appropriate experience; and

– the necessary authority

• Commercial considerations should not over-ride

management responsibilities for quality (for example in

performance evaluations, setting compensation etc)


Relevant Ethical Requirements

• Embed within the firm the fundamental principles of professional

ethics

• Understand the threats and safeguards to independence, set

out in the IESBA Code of Ethics

• Maintain policies and procedures to enable threats to

independence to be identified, documented and managed

appropriately, including:

– Firm level - annual written confirmations from all partners and professional

staff

– Engagement level – written confirmation by engagement team

• Identify and manage conflicts of interest

• Establish confidentiality procedures


Acceptance and Continuance of Client

Relationships and Specific Engagements


Human Resources

• Need sufficient personnel with the competence,

capabilities and commitment to ethical principles

necessary to do the work

• Focus on recruitment and retention relative to the needs of

the firm and its clients

• Ensure staff and partners are appropriately trained,

developed and maintain their competence

• Assign engagement teams with the necessary

competence and capabilities to do the work

• Establish a disciplinary process


Engagement Performance

• Policies and procedures to ensure consistent quality

output across the firm

• Engagement partner has defined responsibilities

• Effective planning, supervision and review procedures

• Establish consultation procedures – when, who, how etc –

including external sources if necessary

• Establish procedures for resolving differences of opinion


Engagement Performance

Engagement quality control reviews:

• Required for all audits of listed entities

• Establish criteria for other engagements where EQCR

would be desirable (e.g. high risk)

• Appoint suitable EQCR reviewer – internal or external

– Technically capable with necessary experience and authority

– Objective

• Defined scope of EQCR


Monitoring

• Establish a monitoring program over the firm’s system of

quality control

• Inspection procedures:

– Consider nature and extent, but ensure coverage of at least one

engagement per partner at least every 3 years

– External inspections may be desirable (e.g. fresh perspective or

sharing of ideas) or necessary (if no suitable internal resource)

– Formal report

• Communicate deficiencies and take remedial actions

• Establish procedures for dealing with complaints and

allegations


Back to Basics—Examining ISQC 1 Requirements

7 Key Actions

1. Always write it down – document, document,

document (ISQC 1.57)

2. Lead from the front giving consistent messages on

the importance of quality control (ISQC 1.18)

3. Always act ethically in accordance with the IESBA

Code of Ethics for Professional Accountants (ISQC

1.20)

4. Focus on the right clients being matched by the right

skills with an emphasis on integrity and

competencies (ISQC 1.31)


Back to Basics—Examining ISQC 1 Requirements

7 Key Actions

5. Maintain capable and competent personnel giving

due attention to the firm’s human resources

policies and procedures (ISQC 1.29)

6. Delivery quality audits, consulting when needed

and meeting requirements for engagement quality

control review (ISQC 34 -35)

7. Monitor the firm’s system of quality control and

carry out a periodic objective inspection of a

selection of competed audit engagements (ISQC

1.48)


Documentation – Real Problem

• Excessive documentation for compliance purposes is

real problem

• Largely a product of over-engineered and inefficient

audit methodologies – leading to under- or over-auditing

• Poor documentation by auditors – for example

– Keeping interesting but irrelevant information on the file

– Full documents rather than extracts

– Not making use of facilities for electronic cross-referencing

– Poor checklists used indiscriminately without thought


Documentation – ISA 230

• ISA 230 on documentation is one of the shortest ISAs

– Only 9 requirements but another 22 specific requirements in other

ISAs listed in the appendix

• “A sufficient and appropriate

record of the basis for the

auditor’s report” (ISA 230 para 5)

• Evidence that the audit was planned and performed in

accordance with ISAs

• If it’s not documented … it wasn’t done!


• Has a clear objective

• States the year/period end

• Details the full extent of the test

• When reference is made to another WP, the full

reference to the other WP

• States the results of the procedure/testing

• Conclusions reached that are consistent with the

results of the procedures/testing

• Initialed and dated by preparer and reviewer(s)

“Good” Documentation


Quality Control at the Firm Level (ISQC 1) – New Quality Management Approach• New quality management

approach

– Risk-based and scalable

– Effective

– Proactive and preventative

– Tailored for the firm’s

circumstances

• Existing elements of ISQC 1

retained with new components

added

– Existing components modified and

restructured to reflect new approach

– Components have similarities to

COSO

Quality Control at the Firm Level (ISQC 1) –

New Quality Management Approach


Quality Management at the Firm Level (ISQC 1) –

Significant Changes

• Governance and leadership– Improved focus on firm culture, tone at the top & leadership

• Information and communication– Focus on importance of two-way communication within the firm

• Resources– Enhancements to requirements addressing human resources

• Monitoring and remediation – New requirements to perform a root cause analysis on deficiencies

– New framework to guide firms through assessing results of monitoring activities, external inspections and other information


• IFAC SMP Committee: www.ifac.org/SMP

• Follow us on Twitter: IFAC_SMP

• IFAC Global SMP Survey www.ifac.org/smp

• Join us on LinkedIn: IFAC SMP Community

• Global Knowledge Gateway www.ifac.org/Gateway

IFAC Resources

http://www.ifac.org/SMP

https://twitter.com/IFAC_SMP

http://www.ifac.org/smp

http://www.linkedin.com/groups?home=&gid=4542841&trk=anet_ug_hm

http://www.ifac.org/Gateway

ifac smp-sme activities · other assurance and related service engagements became effective as of...

Documents