1.33k likes | 2.04k Views
QUALITY CONTROL OF AUDIT WORK. Slovenian case REPARIS Project in Macedonia. Meta Duhovnik, Ph.D., SLOVENIAN INSTITUTE OF AUDITORS. Basic regulation. EU basis :
E N D
QUALITY CONTROL OF AUDIT WORK Sloveniancase REPARIS Projectin Macedonia Meta Duhovnik, Ph.D., SLOVENIAN INSTITUTE OF AUDITORS
Basic regulation • EU basis: • Directive 2006/43/ES on statutory audits of annual accounts and consolidated accounts (Official Journal of the EU, No. L 157 - 9. 6. 2006) • Regulation enforced in Slovenia: • Auditing Act (Official Journal of the Republic of Slovenia, No. 65/2008 – 30. 6. 2008; hereinafter Zrev-2) • ISQC 1: Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and other Assurance and Related Services Engagements Meta Duhovnik, Ph.D.
Basic regulation • Regulation enforced in Slovenia (continuation): • ISA 220: Quality Control for an Audit of Financial Statements • Code of Ethics for Professional Accountants (IFAC) • Code of Professional Conduct (Slovenian) Meta Duhovnik, Ph.D.
Quality control of audit work • Quality control system of the audit company • External quality control Meta Duhovnik, Ph.D.
Quality control system of the audit company in Slovenia Auditing rules: • ISQC 1: Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and other Assurance and Related Services Engagements • ISA 220: Quality Control for an Audit of Financial Statements Meta Duhovnik, Ph.D.
Definitions • Engagement partner • The partner or other person in the firm who is responsible for the engagement and its performance, and for the report that is issued on behalf of the firm, and who, where required, has the appropriate authority from a professional, legal or regulatory body. • Engagement quality control review • A process designed to provide an objective evaluation, on or before the date of the report, of the significant judgments the engagement team made and the conclusions it reached in formulating the report. Meta Duhovnik, Ph.D.
Definitions • Engagement quality control reviewer • A partner, other person in the firm, suitably qualified external person, or a team made up of such individuals, none of whom is part of the engagement team, with sufficient and appropriate experience and authority to objectively evaluate the significant judgments the engagement team made and the conclusions it reached in formulating the report. Meta Duhovnik, Ph.D.
Definitions • Engagement team • All partners and staff performing the engagement, and any individuals engaged by the firm or a network firm who perform procedures on the engagement. This excludes external experts engaged by the firm or a network firm. • Firm • A sole practitioner, partnership or corporation or other entity of professional accountants. Meta Duhovnik, Ph.D.
Definitions • Inspection • In relation to completed engagements, procedures designed to provide evidence of compliance by engagement teams with the firm’s quality control policies and procedures. • Listed entity • An entity whose shares, stock or debt are quoted or listed on a recognized stock exchange, or are marketed under the regulations of a recognized stock exchange or other equivalent body. Meta Duhovnik, Ph.D.
Definitions • Monitoring • A process comprising an ongoing consideration and evaluation of the firm’s system of quality control, including a periodic inspection of a selection of completed engagements, designed to provide the firm with reasonable assurance that its system of quality control is operating effectively. • Network firm • A firm or entity that belongs to a network. Meta Duhovnik, Ph.D.
Definitions • Network • A larger structure: • that is aimed at cooperation, and • that is clearly aimed at profit or cost-sharing or shares common ownership, control or management, common quality control policies and procedures, common business strategy, the use of a common brand name, or a significant part of professional resources. Meta Duhovnik, Ph.D.
Definitions • Partner • Any individual with authority to bind the firm with respect to the performance of a professional services engagement. • Personnel • Partners and staff. Meta Duhovnik, Ph.D.
Definitions • Professional standards • IAASB Engagement Standards, as defined in the IAASB’s Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services, and relevant ethical requirements. • Relevant ethical requirements • Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which ordinarily comprise Parts A and B of the International Federation of Accountants’ Code of Ethics for Professional Accountants (IFAC Code) together with national requirements that are more restrictive. Meta Duhovnik, Ph.D.
Definitions • Reasonable assurance • In the context of ISQC, a high, but not absolute, level of assurance. • Staff • Professionals, other than partners, including any experts the firm employs. Meta Duhovnik, Ph.D.
Definitions • Suitably qualified external person • An individual outside the firm with the competence and capabilities to act as an engagement partner, for example a partner of another firm, or an employee (with appropriate experience) of either a professional accountancy body whose members may perform audits and reviews of historical financial information, or other assurance or related services engagements, or of an organization that provides relevant quality control services. Meta Duhovnik, Ph.D.
ISQC 1 compared with ISA 220 ISQC 1 • The quality control policies and procedures which are documented and communicated to the firms personnel. ISA 220 • Quality control procedures that are applicable to the individual audit engagement. Meta Duhovnik, Ph.D.
Elements of a system of quality control ISQC 1 • Leadership responsibilities for quality within the firm • Relevant ethical requirements • Acceptance and continuance of client relationships and specific engagements • Human resources • Engagement performance • Monitoring ISA 220 • Leadership responsibilities for quality on audits • Relevant ethical requirements • Acceptance and continuance of client relationships and audit engagements • Assignment of engagement teams • Engagement performance • Monitoring Meta Duhovnik, Ph.D.
Leadership responsibilities ISQC 1 • The firm’s chief executive officer (or equivalent), or, if appropriate, the firm’s managing board of partners (or equivalent) should assume ultimate responsibility for the firm’s system of quality control. ISA 220 • The engagement partner is responsible for the overall quality on each audit engagement to which that partner is assigned. Meta Duhovnik, Ph.D.
Leadership responsibilities ISQC 1 • Establishment of policies and procedures that address performance evaluation, compensation, and promotion (including incentive systems) with regard to its personnel, in order to demonstrate the firm’s overriding commitment to quality. • Assignment of management responsibilities so that commercial considerations do not override the quality of work performed. • Provision of sufficient resources for the development, documentation and support of quality control policies and procedures. Meta Duhovnik, Ph.D.
Leadership responsibilities ISA 220 • Engagement partner is taking care of importance to audit quality of: • performing work that complies with professional standards and applicable legal and regulatory requirements; • complying with the firm’s quality control policies and procedures as applicable; • issuing auditor’s reports that are appropriate in the circumstances; and • the engagement team’s ability to raise concerns without fear of reprisals. Meta Duhovnik, Ph.D.
Leadership responsibilities ISQC 1 • Any person assigned operational responsibility for the firm’s system of quality control by the firm’s chief executive officer or managing board of partners should have sufficient and appropriate experience and ability, and the necessary authority, to assume that responsibility. Meta Duhovnik, Ph.D.
Ethical requirements ISQC 1 ISA 220 • Ethical requirements ordinarily comprise Parts A and B of the IFAC Code together with national requirements that are more restrictive. Meta Duhovnik, Ph.D.
Ethical requirements • The fundamental principles of professional ethics, which include: • Integrity • Objectivity • Professional competence and due care • Confidentiality • Professional behavior Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements • The firm shall establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements. ISA 220: Ethical requirements • Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of non-compliance with relevant ethical requirements by members of the engagement team. Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements – independence • The firm establishes policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including network firm personnel) maintain independence where required by relevant ethical requirements. • Such policies and procedures shall enable the firm to: • communicate its independence requirements to its personnel and, where applicable, others subject to them; • identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement, where withdrawal is permitted by law or regulation. Meta Duhovnik, Ph.D.
ISQC 1: Ethical requirements – independence • At least annually, the firm obtains written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent by relevant ethical requirements. • Relevant policies and procedures to assure independence are: • setting out criteria for determining the need for safeguards to reduce the familiarity threat to an acceptable level when using the same senior personnel on an assurance engagement over a long period of time; and • requiring, for audits of financial statements of listed entities, the rotation of the engagement partner and the individuals responsible for engagement quality control review, and where applicable, others subject to rotation requirements, after a specified period in compliance with relevant ethical requirements. Meta Duhovnik, Ph.D.
ISA 220: Ethical requirements – independence • The engagement partner has to: • obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence; • evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to determine whether they create a threat to independence for the audit engagement; • take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is possible under applicable law or regulation. • The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action. Meta Duhovnik, Ph.D.
IFAC Code Independence requires: • independence of mind • The state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment. • independence of appearance • The avoidance of facts and circumstances that are so significant that a reasonable and informed third party , having knowledge of all relevant information,including safeguards applied, would reasonably conclude a firm’s or auditor’s independence had been compromised. Meta Duhovnik, Ph.D.
IFAC Code Possible threats to independence • Self-interest threat • Self-review threat • Advocacy threat • Familiarity threat • Intimidation threat Meta Duhovnik, Ph.D.
IFAC Code Self-interest threat • Self-interest threat may occur as a result of the financial orother interests of a professional accountant or of an immediate orclose family member. Meta Duhovnik, Ph.D.
IFAC Code Self-review threat • Self-review threat may occur when a previous judgmentneeds to be re-evaluated by the professional accountant responsiblefor that judgment. Meta Duhovnik, Ph.D.
IFAC Code Advocacy threat • Advocacy threatmay occur when a professionalaccountant promotes a position or opinion to the point thatsubsequent objectivity may be compromised. Meta Duhovnik, Ph.D.
IFAC Code Familiarity threat • Familiarity threats may occur when, because of a close relationship, a professional accountant becomes too sympathetic to the interests of others. Meta Duhovnik, Ph.D.
IFAC Code Intimidation threat • Intimidation threat may occur when a professionalaccountant may be deterred from acting objectively by threats,actual or perceived. Meta Duhovnik, Ph.D.
IFAC Code Safeguards • Two broad categories: • Safeguards created by the profession, legislation or regulation. • Safeguards in the work environment. Meta Duhovnik, Ph.D.
Safeguards created by the profession, legislation or regulationinclude IFAC Code • Educational, training and experience requirements for entry into the profession. • Continuing professional development requirements. • Corporate governance regulations. • Professional standards. • Professional or regulatory monitoring and disciplinary procedures. • External review by a legally empowered third party of the reports, returns, communications and information produced by a professional accountant. Meta Duhovnik, Ph.D.
IFAC Code Safeguards in the work environment include Depending on the circumstances • Firm – wide safeguards • Engagement specific safeguards Meta Duhovnik, Ph.D.
IFAC Code Firm-wide safeguards in the work environment may include: • Leadership of the firm that stresses the importance of compliancewith the fundamental principles; • Leadership of the firm that establishes the expectation thatmembers of an assurance team will act in the public interest; • Policies and procedures to implement and monitor quality controlof engagements; Meta Duhovnik, Ph.D.
Firm-wide safeguards(continuation 1) IFAC Code • Documented policies regarding: • the identification of threats tocompliance with the fundamental principles, • the evaluation of thesignificance of these threats and • the identification and theapplication of safeguards to eliminate or reduce the threats to an acceptable level; • For firms that perform assurance engagements, documentedindependence policies regarding: • the identification of threats toindependence, • the evaluation of the significance of these threatsand • the evaluation and application of safeguards to eliminate orreduce the threats toan acceptable level; Meta Duhovnik, Ph.D.
Firm-wide safeguards(continuation 2) IFAC Code • Documented internal policies and procedures requiring compliancewith the fundamental principles; • Policies and procedures that will enable the identification ofinterests or relationships between the firm or members ofengagement teams and clients; • Policies and procedures to monitor and, if necessary, manage thereliance on revenue received from a single client; • Using different partners and engagement teams with separatereporting lines for the provision of non-assurance services to anassurance client; Meta Duhovnik, Ph.D.
Firm-wide safeguards(continuation 3) IFAC Code • Policies and procedures to prohibit individuals who are notmembers of an engagement team from inappropriately influencingthe outcome of the engagement; • Timely communication of a firm’s policies and procedures,including any changes to them, to all partners and professionalstaff, and appropriate training and education on such policies andprocedures; • Designating a member of senior management to be responsible foroverseeing the adequate functioning of the firm’s quality controlsystem; Meta Duhovnik, Ph.D.
Firm-wide safeguards(continuation 4) IFAC Code • Advising partners and professional staff of those assurance clientsand related entities from which they must be independent; • A disciplinary mechanism to promote compliance with policiesand procedures; • Published policies and procedures to encourage and empower staffto communicate to senior levels within the firm any issue relatingto compliance with the fundamental principles that concerns them. Meta Duhovnik, Ph.D.
IFAC Code Engagement-specific safeguards in the work environment may include: • Involving an additional professional accountant to review the workdone or otherwise advise as necessary; • Consulting an independent third party, such as a committee ofindependent directors, a professional regulatory body or anotherprofessional accountant; • Discussing ethical issues with those charged with governance ofthe client; Meta Duhovnik, Ph.D.
IFAC Code Engagement-specific safeguards(continuation 1) • Disclosing to those charged with governance of the client thenature of services provided and extent of fees charged; • Involving another firm to perform or re-perform part of theengagement; • Rotating senior assurance team personnel. Meta Duhovnik, Ph.D.
National regulation • Auditing Act • Code of Professional Conduct • Basic Auditing Principles • Guidelines for setting the fees • Guidelines for the Operation of the Audit Companies Meta Duhovnik, Ph.D.
More restrictive national requirements – Auditing Act (Article 45(1)) • An audit company is not allowed to audit an individual legal person if(1): • it holds investments in that legal person; • that legal person holds investments in the audit company; • the persons related to the legal person are: • close family members of the members of the management or supervisory board or the certified auditors of an audit company, • joint indirect or direct holders of a qualifying (10%) holding in the audit company; Meta Duhovnik, Ph.D.
More restrictive national requirements – Auditing Act (Article 45(1)) • An audit company is not allowed to audit an individual legal person if(2): • the audit company or any organizational unit in the network it belongs to, or person connected with the audit company performs or has performed in the two years prior to concluding an agreement on the auditing of a legal person's financial statements: • any type of accounting or bookkeeping services, • valuation services for the purpose of financial reporting that could affect the items in the financial statements, Meta Duhovnik, Ph.D.
More restrictive national requirements – Auditing Act (Article 45(1)) • An audit company is not allowed to audit an individual legal person if(3): • tax consultation services that could affect items in the financial statements, • agency services in tax and judicial procedures regarding tax matters, • internal auditing services, • services involving the set-up or introduction of an information system that includes the area of accounting or the generation of information included in the financial statements of a legal person, Meta Duhovnik, Ph.D.
More restrictive national requirements – Auditing Act (Article 45(1)) • An audit company is not allowed to audit an individual legal person if(4): • business and financial services that affect items in the financial statements and business and financial services that include advertising, trading or guarantees for the equity and debt securities of a legal person, • legal services, • any other services that could affect the items in the financial statements; • it is connected with a legal person in some other way and doubt regarding the independence and objectivity of auditing may exist due to this connection. Meta Duhovnik, Ph.D.