Chartered Accountants Audit Conference
APES 320: Quality Control for Firms – A Mandatory Requirement!
charteredaccountants.com.au
Michael Cain, FCAAudit & Accounting Technical DirectorNexia International – Australia and New Zealand
Session Topics
1. ASIC Audit Inspection
2. Institute Inspection Program
3. Quality Control in Firms: APES 320/PS 1
4. Network Firm Definition
5. Implementation Strategy
6. Useful Implementation Tools
1. ASIC Audit Inspections
> Round 1 – September 2005
> Round 2 – August 2006
> Round 3 – No report issued yet
1. ASIC Audit InspectionsScope of ASIC audit inspections> Second year inspection of Big 4 firms
> First year inspection of various offices of BDO, Horwath, PKF, Grant Thornton, Pitcher Partners and RSM Bird Cameron
> Quality control systems re Independence
> Quality control systems re audit methodologies
1. ASIC Audit Inspections(b) Observations & Findings - Big 4> Significant improvements in
independence systems
> Strong tone at the top leadership
> Implemented systems to monitor compliance, annual/quarterly independence confirmations, conflict checking, engagement acceptance/continuance, systems that monitor and record personal investments
1. ASIC Audit Inspections(b) Observations & Findings - Big 4> Non-audit services now are pre-
approved by the audit partner> Now better communication of
consequences of non-compliance with policies and systems to staff, including disciplinary actions
> Now have systems for capturing independence consultations and enquiries by staff
> 3 firms enhanced independence training and use e-learning tools
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Adoption of CLERP 9> Induction program for new employees
did not include awareness of independence policies
> Independence training not widely conducted
> Lateral hires and contractors not provided with independence training
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Non-Audit Services> Main threat to independence> Inadequate documentation supporting
decisions to provide non-audit services> Need to clarify prohibited services> Some firms not complying with their
own policies> Instances of journals prepared and
payroll services offered, yet no documentation of independence decision
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Partner Evaluation & Compensation> Partner performance reviews either not
conducted or not documented> Remuneration of audit partners linked
purely to financial results> Independence/audit quality
considerations not part of partner evaluation/compensation
> Performance criteria does not include independence or audit quality
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Client Acceptance & Continuance> 1 firm did not document acceptance or
continuanceTesting of Compliance> 2 firms conducted limited reviews on
compliance> 2 firms need to develop and
communicate disciplinary policies which outline consequences of non compliance
> Staff interviewed to test recall of consequences
1. ASIC Audit Inspections(b) Observations & Findings - Mid-TierWhistleblower> No firm had a formal
complaints/whistleblower process
Strategic Plans and Code of Conduct> 4 firms had strategic plans that DID
NOT include independence and quality issues
> 2 firms code of conduct are deficient> Need to establish a “Tone at the Top”
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
AUDIT QUALITYApplication of Audit Methodology> 2 firms have no audit manual> 2 firms have fully mapped manuals to
Audit Standards, supported by proprietary software
> 1 firm has not updated manual for recent changes
> All firms need to improve engagement file application of methodologies
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Application of Auditing Standards> Reviewed 30 engagements> 3 audit standards poorly applied:
- ASA 520 Analytical Review- ASA 240 Fraud- ASA 530 Audit Sampling
> Most have removed guidance on sample sizes
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Audit Documentation> Incomplete documentation of work> In all firms, less adequate documentation at final
stages then at commencementCommon deficiencies in documentation related to:> Consideration of laws and regulations> Partner review of planning prior to field work> Mandatory fraud audit steps> Analytical reviews> Documentation of the substantive sampling approach
adopted> Engagement and management letters not
issued/obtained> Inconsistent application of methodology across
industry groups within the firms
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Audit Evidence> General lack of evidence for disclosure
items such as related party, commitments and contingencies, director remuneration
Engagement Quality Control Review> On some listed clients, inadequate
evidence of review being performed> In 1 firm, not sure who the review partner
was
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Monitoring> 2 did not have adequate policies to
support monitoring of audit quality> 4 firms deficient in communicating
results of reviews beyond the engagement team
> 1 firm had no monitoring policies> No link between partner/staff
performance evaluation and results of their internal monitoring process
1. ASIC Audit Inspections(c) Future Inspections> Follow up action on all firms in the
report
> Extend reach into other Mid-Tier firms
> Other offices of Big 4 firms not in 1st & 2nd report
> Focus on Independence & Quality
> Practical application of Auditor Rotation
> Increase number of engagement files reviewed
1. ASIC Audit Inspections(c) Future InspectionsFocus on Auditing Standards not
adequately dealt with:> ASA 315 Understand Entity & Risk> ASA 240 Fraud> ASA 530 Audit Sampling> ASA 230 Documentation
ASA 315 would naturally extend to ASA 330
1. ASIC Audit Inspections(c) Future Inspections
> Transition to Force of Law Standards and APES 320 (APS 5)
> IFAC broadened definition of “Network”, affiliations must be independent of each other
1. ASIC Audit InspectionsHow to handle ASIC Concerns??
Nexia ASIC Concerns Questionnaire and Action Plan
2. Institute Inspection ReviewAs at 30 June 2007
> 478 practice firms’ reviews completed > 32 listed public companies completed> 518 practice firms’ reviews were in
progress> 16 listed public companies in progress
Review Policy> All practices that audit publicly listed
companies reviewed every 3 years> All other practices reviewed every 5
years
2. Institute Inspection Review> 87.5% [85%] of practices were either
informed there was no further action required or that procedures were adequate, with only minor issues to address
> 12% [14%] had policies and procedures that were insufficient to comply with professional and legal requirements or did not adhere to existing policies and procedures
> <1% (1%) were referred to Institute disciplinary processes for investigation because of fundamental breaches of standards
2. Institute Inspection ReviewMajority are meeting independence
standards, but deficiencies noted were:
> Independence• Self Managed Superannuation Fund
audits• Provision of accounting and audit • Inadequate documentation in
relation to threats to independence
2. Institute Inspection ReviewDeficiencies noted:> Audit Engagements
• No evidence of planning documentation• No internal controls or risk assessment
prior to the audit work performed• No subsequent events review
documentation• No evidence of going concern
assessment• No letters of engagement or
representation• Insufficient documentation surrounding
independence considerations
2. Institute Inspection ReviewDeficiencies noted:> Compilation Engagements
• Did not specify they were Special Purpose Financial Reports
• Non-compliance with APS 9: Compilation of Financial Reports
• Errors in accounting and disclosure
2. Institute Inspection ReviewDeficiencies noted:> Training and development
• Failure to meet minimum hours of training and development R:7 Regulations relating to training development
• Failure to meet training and development re statutory audit registration
2. Institute Inspection ReviewImprovements in Quality Control Systems
ARE required across the majority of practices, in particular:
> Formal policies and procedures of quality control across the whole practice firm
> Training in the Code of Ethics for Professional Accountants
2. Institute Inspections
ASIC• Greater powers
to investigate
• Have access to all files
• No reported breaches of Corporations Act
Institute• Cooperative
approach
• Not have access to all files under privacy legislation
• Cannot access all records
3. Quality ControlWhy is it important?> APES 320: Quality Control for Firms –
Compulsory> APES 110: Code of Ethics for
Professional Accountants – Compulsory
> Legislative Requirements – CLERP 9> Australian Auditing Standards – Force
of Law> Risk Management: Protect your
REPUTATION AND INTEGRITY!!
3. Quality Control
3. Quality ControlAPES 320: Quality Control for Firms> Applicable from 1 July 2006 > More stringent QC than APS4/5> Basic principles and essential
procedures > Firm wide system of quality control, not
just audit> Quality Control Manual/ QC Guide –
http://www.charteredaccountants.com.au/resource_centre
> Quality Control Report (“QCR”)
3. Quality Control Mandatory requirement for every practice firm is to:
“Establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and professional requirements and that reports issued by the firm or engagement partners are appropriate to the circumstances” (APES 320(3))
3. Quality Control The key document to ensure compliance!
The “Quality Control Manual” (QCM)
Quality Control Guide and Checklist
Templates enclosed
Let’s surf the requirements…
3. Quality Control Elements of Quality Control > Leadership responsibilities> Ethical requirements > Acceptance and continuance of client
relationships and specific engagements> Human resources > Engagement performance > Monitoring
3. Quality ControlLeadership Responsibilities - Policy> Partners are committed to a high standard
of quality on all engagements > All staff required to be fully conversant
with APES 110: Code of Ethics for Professional Accountants
> Quality will not be compromised by commercial considerations on assignments
> All partners and staff to follow policies and procedures
3. Quality ControlLeadership Responsibilities - Policy> Effective training key component to
quality maintenance> Mandatory training required for all staff> Sufficient resources devoted for the
development, documentation, and support of quality policies and procedures
> Annual performance reviews to include appraisal of commitment to quality, ethics, CPE, adherence to policies and procedures, and competency
3. Quality Control Leadership Responsibilities
Procedures and Documentation> Documented set of policies and
procedures that reflect what the practice MUST do!
> This is to be documented in the Quality Control Manual
> Applies to the WHOLE firm, all services, all engagements!
3. Quality ControlEthical Requirements - Policy> Maintain a high standard of personal conduct to
avoid damage to:• Personal reputation• Firms’ reputation• Professional Accounting Body (Institute of
Chartered Accountants in Australia,CPA,NIA)> Mandatory compliance with APES110: Code of Ethics for Professional Accountants> Has force of law for Corporations Act audits
• Chapter 2M – Registered Schemes or Disclosing Entities
• Chapter 7 – Financial Services Licensees> Public Interest
3. Quality Control Ethical RequirementsFundamental Principles> Integrity> Objectivity> Independence> Professional Competence and Due
Care> Confidentiality> Professional Behaviour
3. Quality Control Client Acceptance & ContinuancePolicy – Acceptance of New Clients> Client integrity> Cultural fit> Firm’s ability to conduct engagement
competently and within timeframe> Ethical issues: perceived independence
and conflict of interest threats> Decision documented by engagement
partner together with information collected on client file
3. Quality Control Client Acceptance & ContinuancePolicy – Continuance> Not continue engagement where not
have accepted had information been available earlier
> Report events of lack of integrity of client to partner
> Partner to consider professional and legal responsibilities and make effort to resolve
> Must document resolution or decision to withdraw from engagement on client file
3. Quality Control Client Acceptance & ContinuanceProcedures – Key Documents > Client Screening Questionnaire> New Client Form> Welcome Letter> Ethical Letter> New Client Acceptance Checklist> Client Engagement Task Checklist> Client Retention Checklist> Lost Client Form> Disengagement Letter
3. Quality ControlHuman Resources - Policy> Sufficient personnel > Appropriate competence and
capabilities> Partner responsibility for HR issues> Policies and procedures to be monitored> Commitment to ethical principles
• Performance appraisals, promotion, and remuneration
• Non compliance – counselled and/or disciplined
3. Quality Control Human Resources - Procedures> Recruitment
• Job descriptions• Candidate selection• Probation reviews
> Performance evaluation/promotion/remuneration• Six monthly interactive performance
evaluation• Recognition, feedback, and advancement • Compliance with policies and procedures• Appropriate remuneration re performance
and industry standards
3. Quality Control Human Resources - Procedures> Capabilities/competence/career
development• Relevant training • Maintenance of CPE requirements• On the job coaching and mentoring
> Assignment to engagements• Depends on complexity of assignment
and ability of staff member• Supervision• Engagement planning• Monitoring of work in progress and
milestones
3. Quality Control Human Resources - Key Documents> Human Resource Policy> Job Descriptions> Candidate Interview and Evaluation
Checklist> New Staff Orientation Checklist> Professional Staff Performance Review> Administrative Staff Performance Review> Training and Development Record
3. Quality ControlEngagement Performance - Policy> Consistency in quality of engagements
performed> Achieved through
• Use of up to date manuals• Industry standard software• Template documents• Guidance Material• Pre engagement briefings to set
objectives and tasks• Contentious/difficult matters referred
to engagement partner for resolution
3. Quality Control Engagement Performance -
Procedures> Supervision
> Review
> Training and coaching
> Consultations and referrals
> Engagement documentation
3. Quality Control Engagement Performance – Key Documents> Client Acceptance and Continuance docs> Work Control Form> Job entered into firm’s workflow system
(APS)> Timesheets completed and entered> Work in progress produced and
monitored> Workflow reviewed by team> Document consultation/referral on
Checklist for Use of Outside Consultant
3. Quality Control Monitoring - Policy> Quality Control System has to be:
• Relevant
• Adequate
• Operating effectively
• Complied with
3. Quality Control Monitoring - ProceduresOngoing Evaluation - Firm wide> Periodic inspections of completed
engagements• Internal reviews – all service lines• Peer reviews – other office in network• Institute review – every 3 years• ASIC inspection – anytime??!• Emphasis on independence and audit
quality (listed)
3. Quality Control Monitoring - ProceduresIndividual Engagement> Engagement partner reviews all
reports/returns before issue to client
> Review for adherence to policies and procedures (QC completion documentation)
> Resolution of identified issues or errors encountered
> Regular meetings with staff will discuss QC matters
3. Quality Control Monitoring - Key Documents> Monitoring Policy Statement
> Job Review Form
> Firm Feedback Form
> System Review
> Quality Culture Assessment
> Client Complaint Record
3. Quality ControlDocumentation - Policy> Appropriate documentation in place as
EVIDENCE of the operation of EACH element of its
system of quality control> Quality Control Manual includes all
policies and procedures to be available to all staff
> You are expected to fully understand the contents and ensure compliance in day to day completion of tasks
3. Quality Control Final Product- Detailed Policies and Procedures> Leadership responsibilities> Ethical requirements > Acceptance and continuance of client
relationships and specific engagements> Human resources > Engagement performance > Monitoring
3. Quality Control
Nexia QCR Report
4. Network Firm Definition> Revised definition of “network firms”
that the APESB has adopted
> Applicable in Australia 1 July 2008
> Old definition criticised as too focused on control
> Revised definition looks at how networks operate
4. Network Firm DefinitionConsidered a Network when there is a larger
structure aimed at cooperation and one of the following applies: -
> Profit or cost sharing among the entities> Shares common ownership, control or
management> Has common quality control policies and
procedures> Has common business strategy;> Uses a common brand name or common
initials;> Shares a significant part of professional
resources
4. Network Firm DefinitionConsider:> Impact on firm> Implement independence processes
and policies across affiliation> Reference to being a member of an
association of firms in stationery and promotional material could suggest that a firm is a member of a network firm!
5. Implementation Strategy> Set “Tone at the Top” - all partners to
commit
> Incorporate into strategic plan
> Conduct preliminary awareness training
> Establish element champions
> Undertake detailed gap analysis
> Update QCM policies and procedures
> Address ASIC and Institute concerns
5. Implementation Strategy> Incorporate into induction program and
office policies and procedures manual
> Complete QCR checklist
> Practice approval
> Detailed training of new procedures
> Maintain document repository
> Plan annual review and update
> Implement internal review procedures, including reporting of findings
6. Useful Implementation Tools1) QCM template and QC Guide from
Institute website (or email me for Nexia version)
2) Audit independence checklist from Institute
3) ASIC Concerns Questionnaire and Action Plan
4) Quality Control Review Report
5) Committed project partners and staff
ConclusionRemember:
“IF IT IS NOT DOCUMENTED,
IT IS NOT DONE!” Lee White, Chief Accountant, ASIC
Therefore this is not a nice to have…it is a
MUST HAVE!
THANK YOU!
YOUR TURN!!
Top Related