, , , ,

The Relevance of New and Emerging Audit Quality Management Standards and Codes to Coping with the Threats to Audit Quality

, , , ,

ABSTRACT

iaasb.jpg

The International Auditing and Assurance Standards Board (IAASB) recently released 3 interrelated exposure drafts (EDs) that address quality management. The EDs bring important changes to the way professional accountancy firms are expected to manage quality for audits, reviews and other assurance and related services engagements. The EDs are:

• Proposed International Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements (previously ISQC 1)

• Proposed International Standard on Quality Management (ISQM) 2, Engagement Quality Reviews

• Proposed International Standard on Auditing (ISA) 220 (Revised), Quality Management for an Audit of Financial Statements

The EDs propose a new risk-based approach that firms are required to use in managing quality. The new approach will require firms to be proactive, responsive and thoughtful about the nature and circumstances of the firm and the engagements it performs in designing, implementing and operating systems of quality management.

HISTORY AND CONTEXT

Public confidence and trust are key if the auditing profession to sustain its relevance. The profession must ensure that firms produce and effectively communicate the high-quality work necessary to fulfil this need. The Global Financial Crisis of 2008 plus preceding and subsequent high profile cases of corporate and systemic failure have raised grave questions about the fitness-for-purpose of the audit function and related International Standards on Auditing (ISA). As part of its response, the International Auditing and Assurance Standards Board (IAASB) initiated a project to revise certain ISAs and the international standard relating to quality control (ISQC).

Table 1.jpg

The IAASB’s Invitation to Comment (ITC) released in 2015 was titled: ‘Enhancing Audit Quality in the Public Interest: A Focus on Professional Skepticism, Quality Control, and Group Audits’. It produced 3 Exposure Drafts (EDs): International Standard in Quality Management (ISQM) 1-ED replacing ISQC 1, ISQM 2-ED (no old standard), and ISA 220-ED (to replace the old ISA 220). The comment period expired in July 2019.

THE NEW QUALITY MANAGEMENT APPROACH

Overview of the Change

IFAC.jpg

One of the criticisms of the current approach to quality control by audit firms is that it is seen as a mechanical exercise that looks at the past and present but is not forward looking. The Quality Management Approach (QMA) requires that those charged with the governance of audit firms must proactively and continuously monitor and manage the quality of assurance and non-assurance work both at firm and at engagement levels. QMA requires a new mind-set, with quality management embedded in the firm’s management culture, and not be a separate stand-alone pillar that is attached to the firm’s structures. QMA’s proper implementation therefore calls for firms to practice enterprise-wide risk management (EWRM) in place of old silo-based risk management practices. EWRM is a cultural practice requiring congruent values and practices and not just a collection of principles and processes. It will require that firms jealously monitor and police inevitable cultural change with a view to ensuring that the dominant culture is sustainably consistent with EWRM and the QMA practices. This will prove quite a challenge especially for Small and Medium Practices (SMPs) and firms operating in emerging and frontier markets which may not have the in-house resources, segregations or experience needed for monitoring and policing firm culture. Further, some fragile and/or frontier markets may lack the quality of national sectoral regulation that can reinforce the efforts within SMPs and larger firms. The contemporary challenge of COVID 19 starkly demonstrates the vital importance of an effective management of firm-wide and societal risks to audit quality.

How firms adopt a Quality Management Culture

Fig 1.jpg

The firm’s leadership is directly responsible to create and sustain a risk-aware culture for the firm and must make an investment decision to establish, finance, lead and sustain such a culture. The ethical values of the profession (integrity, objectivity, professional competence and due care, confidentiality and professional behaviour) must underpin such a culture

The “tone and example from the top” must be unequivocally consistent with the risk-aware cultural values and practices. Problems have been generically defined in management as “a deviation from a standard”. There must be no doubt in the minds of staff or leadership about the cultural standard that gives the audit firm its identity and character. The behaviour of staff should reflect the firm’s self-identification as an organisation focused on quality and be evident in other, more formal systems such as the client acceptance and continuance systems, the firm’s ethical code and its policies and practices manuals. It needs to permeate the firm’s training programs, the performance management systems, authority structures, formal decision-making processes and resource allocation. It should demonstrably go beyond “lip service” to audit quality. To sustain a mind-set focussed on quality requires a firm-wide desire for continuous improvement.

This approach should be scalable, i.e. tailored to accommodate the size and nature of the firm and the various services it provides. A QMA is therefore equally applicable to firms that perform complex audits, firms that perform audits of less complex entities, and firms that perform only reviews of financial statements or other assurance or related services engagements.

When should a firm start with a QMA?

audit-4190944_1920.jpg

The new standards are anticipated to become effective for audits commencing from December 1, 2021. This means that by December 2021 firms need to have implemented an effective system of quality management. Introducing a QMA takes time and effort and may have an impact on the operations and structure of the firm. Firms are therefore recommended to start implementing QMA during 2020 and be fully ready for compliance by the effective date. Firms, of any size, that adapt and respond effectively to the very real threats posed by COVID 19 to audit quality are likely to be on the right track to introducing an effective QMA.

ISQM 1

ISQC 1 had a list of 6 elements that made up a system of quality control. ISQM 1 has modified some of the elements in ISQC 1 and added others to come up with a list of 8 Components that makes a system of Quality Control.

The IAASB in its frequently asked questions states: “The eight components in ISQM 1 have similarities to the components of internal control described in draft ISA 315 (revised) and the COSO Integrated Framework…firms are not required to organise their systems according to these components…only meet all the requirements of the standard.”

Table 2.jpg

The objective of the firm, under ISQM 1, is to design, implement and operate a system of quality management that provides reasonable assurance that:

 The firm and its personnel fulfil their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements, and  Engagement reports issued by the firm or engagement partners are appropriate in the circumstances.

In ISQC 1 the first bullet above reads ‘the firm and its personnel comply with…’ The new terminology in ISQM 1 read ‘fulfil their responsibilities’ and conduct “…in accordance with’ are much more demanding and proactive than the reactive ‘comply with’

This change is seen further in the components. They have been carried over from ISQC 1, adapted (Governance, Resources, Remediation) and added to (The firm’s risk assessment process, information and communication). Risks of not meeting the objectives must be documented and their likely occurrence mapped.

The objective of monitoring and remediation will be interesting. Historically, the appointment of an engagement quality reviewer (EQR), would be seen as a monitoring control. However, there are examples of audits failing even with an EQR in place. Therefore, the control did not always work as intended. Is this a finding or a deficiency? It could be either. Deficiencies need to be remediated. So maybe the EQR needs retraining, or perhaps the evidence presented to the EQR was misleading, which might mean the audit team needs retraining. ISQM 1 requires the root cause of deficiencies to be identified so that appropriate action can be taken to remediate the deficiency.

ISQM 2 ENGAGEMENT QUALITY REVIEWS

audit-3229739_1920.jpg

The biggest change is that the IAASB concluded that because the EQR is acting on behalf of the firm, the objective of ISQM 2 should be framed as an objective of the firm. Hence the requirements for the performance of EQRs is removed from ISA 220 which now deals with how the engagement partner and team communicates with the EQR.

Concerns raised in the ITC included selection, qualification, experience and objectivity of the EQR. These are addressed by including additional requirements and application guidance.

ISQC 1 included eligibility requirements for EQRs focussing on technical, experience, authority and objectivity. ISQM 2 expands and enhances the robustness of the eligibility requirements. In addition, there are requirements to address the importance of being involved at the right time(s) and of there being sufficient time for the EQR.

ISQC 1 refers to the EQR having the necessary authority but does not explain how that authority is obtained. The IAASB considers this to be a firm-led process through cultural practices to enhance and protect the reputation of the EQR in the firm. ISQM 2 also addresses the cooling off period of the audit engagement partner becoming the EQR. A time period isn’t set. The firm should set a period that safeguards the EQR’s objectivity. Documentation of the EQR is reported by regulators as problematic. ISQM 2 includes enhanced requirements and guidance.

An independent external entity can add value through the periodic review of an audit firm’s compliance with ISQM 1 & 2 at the level of the management and controls of the firm. However, the firm must retain full responsibility for a credible EQR system of individual audits.

ISA 220 QUALITY MANAGEMENT FOR AN AUDIT OF FINANCIAL STATEMENTS

In revising ISA 220, the IAASB sought to address public interest considerations by encouraging proactive management of quality at the engagement level, emphasizing the importance of the exercise of professional skepticism, enhancing the documentation of the auditor’s judgments…and reinforcing the need for robust communications during the audit. In support of these goals, the IAASB agreed to:

o Highlight the importance of the public interest role of audits, and improve the emphasis on the importance of the appropriate application of professional judgment and exercise of professional scepticism. o Clarify the role and responsibilities of the engagement partner, particularly required involvement throughout the audit, and retain the emphasis on the engagement partner’s responsibility for managing and achieving quality at the engagement level. o Clarify the relationship between ED-220 and the ISQMs, including additional clarification of the engagement partner’s and engagement team’s interaction with the firm; and the engagement team’s ability to depend on the firm’s quality management policies or procedures.

ISA 540 (REVISED)

ISA 540 (Revised), Auditing Accounting Estimates and Related Disclosures is the first to be completed as part of the IAASB’s broader program of ‘Addressing the Fundamental Elements of an Audit’ and is an important part of the IAASB’s efforts to improve audit quality globally. This revised standard modernizes auditing of accounting estimates in support of audit quality. Some of the significant revisions include: • An enhanced risk assessment that requires auditors to consider complexity, subjectivity and other inherent risk factors in addition to estimation uncertainty. This will drive auditors to think more deeply about the risks inherent to accounting estimates. • A closer link between the enhanced risk assessment and the methods, data and assumptions used in making accounting estimates, including the use of complex models. • Specific material to show how the standard is scalable to all types of accounting estimates. • Emphasis on the importance of applying appropriate professional skepticism when auditing accounting estimates to foster a more independent and challenging skeptical mind-set in auditors. ISA 540 (Revised) became effective for financial statement audits for periods beginning on or after December 15, 2019.

ISA 315 (REVISED 2019)

Identifying and assessing the risks of material misstatement is foundational to the audit. ISA 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement, has brought changes to further tighten audit requirements and clarify the methodology for identifying and assessing risk in order to improve audit quality.

The standard has been revised to respond to challenges and issues with the current ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment. The revised requirements focus on ‘what’ needs to be done, and the application material enhanced, modernized and reorganized to describe ‘why’ and ‘how’ procedures are to be undertaken.

ISA 315 (Revised 2019) is effective for financial statement audits for periods beginning on or after December 15, 2021.

PROPOSED REVISION TO THE CODE ADDRESSING THE OBJECTIVITY OF ENGAGEMENT QUALITY REVIEWERS

ifac-2.jpg

The International Ethics Standards Board for Accountants (IESBA) approved this Exposure Draft in December 2019. Some respondents to the IAASB’s December 2015 ITC questioned whether the global auditing or ethics and independence standards should clarify issues relating to an engagement quality control reviewer’s (EQR) objectivity. Specifically, it was pointed out that some jurisdictions require firms to establish mandatory “cooling-off periods” for individuals previously involved in the audit engagement, in particular engagement partners, before they can act in an EQR role on the same engagement. The IAASB noted that relevant ethical requirements, such as the IESBA Code, may not specifically address threats to objectivity that may arise in these circumstances. For example, a self-review or self-interest threat might be created when judgments made by the individual in the previous engagement continue to influence subsequent periods, as is often the case in an audit of financial statements. Following coordination with the IAASB, the IESBA came to the view that it is necessary to address the issue of EQR objectivity holistically in the Code. The IESBA considered that this would be best achieved by having guidance in the Code to explain clearly the application of the conceptual framework when considering the objectivity of the EQR. This guidance would then provide the context for and support any specific provisions the IAASB might determine necessary to promulgate in proposed ISQM 2 to address the specific matter of an individual being appointed to the EQR role after having served on the engagement team (especially in an engagement partner role). Given the IAASB’s aim to finalize proposed ISQM 2 by mid-2020, the IESBA has decided to start a project on an accelerated basis to develop appropriate guidance in the Code on the topic of EQR objectivity. In progressing this project, the IESBA will continue its close coordination with the IAASB to ensure that the proposed guidance in the Code will be consistent with the final ISQM 2. .

CONCLUSION

The substantial new and revised requirements included in the three exposure drafts and in ISA 540 (Revised) and ISA 315 (Revised 2019), and the proposed requirements in the IESBA Code represent a significant change to the profession because the changes may impact on the firm’s culture, organisational structures and operations. The changes aim to address the public interest concerns and improve and enhance the quality of engagements, thereby sustaining public trust in the auditing and assurance process.

The disruptions caused by COVID 19 present a very present threat to audit quality for engagements executed during the period of crisis. Firms would be well advised to accelerate their transitions to effective enterprise-risk based quality management in order to cope with the current crisis with appropriately mitigated risks to the credibility of the firm and the profession.

© 2020 All Rights Reserved. Sonny Mabheju,Chief Operating Officer, GQRDOTCOM LTD. May 2020.

The views expressed here are his own and do not necessarily represent the views of GovernanceQualityRatings.com.

You can view his profiles:

on LinkedIn here

and the GQR website here