Introduction to Audit Quality Control

Table of Contents

1. Audit Quality
2. SQC 1 “Quality Control for Firms that Perform Audits & Reviews of Historical Financial Information, and Other Assurance & Related Services Engagements”
3. SA 220 “Quality Control for an Audit of F.S.”
4. Mechanisms for review of Quality Control

Check out Taxmann's Advanced Auditing Assurance & Professional Ethics (Audit) | Study Material which presents the subject matter in simple & concise language with the presentation in a tabular format. It also covers all relevant concepts aligned with the study material of the ICAI and illustrations with hints.

CA-Final | New Syllabus | May/Nov. 2024 Exams

1. Audit Quality

1.1 Standards dealing with framework of audit quality

• SQC 1 and SA 220 deal with issue of establishing QC systems and responsibilities of auditors. SQC 1 applies to all engagements and deals with quality at firm level, whereas, SA 220 deals with audit quality at individual audit engagement level.
• Besides SQC 1 & SA 220, other SAs, code of ethics issued by ICAI & certain provisions of
  Companies Act, 2013 also facilitate QC process.
• There also exists mechanism for review of QC through Peer Review Board (PRB), Quality
  Review Board (QRB) and National Financial Reporting Authority (NFRA).

2. SQC 1 “Quality Control for Firms that Perform Audits & Reviews of Historical Financial Information, and Other Assurance & Related Services Engagements”

Purpose of SQC

• The firm should establish a system of QC designed to provide it with reasonable assurance that:

(a) the firm and its personnel comply with professional standards and regulatory and legal requirements, and

(b) reports issued by the firm or engagement partner(s) are appropriate in the circumstances.

• Firm’s system of QC should consist of policies designed to achieve these objectives. SQC 1 applies to all firms irrespective of their constitution

Elements of a System of Quality Control

• The firm’s system of QC should include policies and procedures addressing each of the following elements:

(a) Leadership responsibilities for quality within the firm.

(b) Ethical requirements.

(c) Acceptance and continuance of client relationships and specific engagements.

(d) Human resources.

(e) Engagement performance.

(f) Monitoring.

• The QC policies and procedures should be documented and communicated to the firm’s personnel.

2.1 Requirements of SQC

2.1.1 Leadership Responsibilities

• The firm should establish policies and procedures designed to promote an internal culture based on the recognition that quality is essential in performing engagements.
• Such policies and procedures should require the firm’s CEO (or equivalent) or, if appropriate, the firm’s managing partners (or equivalent), to assume ultimate responsibility for the firm’s system of QC.
• Any person or persons assigned operational responsibility for the firm’s QC system by the firm’s CEO or managing board of partners should have sufficient and appropriate experience and ability, and the necessary authority, to assume that responsibility.

Considerations to be taken into account while upholding quality of firm

• The firm assigns its management responsibilities so that commercial considerations do not override quality of work performed.
• The firm’s policies and procedures in relation to its personnel are designed to demonstrate its overriding commitment to quality.
• The firm devotes sufficient resources for development and documentation of its QC policies and procedures.
• A firm before accepting an engagement should acquire vital information about the client. Such an information should help firm to decide about integrity of Client, promoters and key managerial personnel, competence (including capabilities, time and resources) to perform engagement and compliance with ethical requirements.

2.1.2 Ethical requirements

• The firm should establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements.
• The Code establishes the fundamental principles of professional ethics, which include:

(a) Integrity;

(b) Objectivity;

(c) Professional competence and due care;

(d) Confidentiality; and

(e) Professional behaviour.

• Fundamental principles should be emphasized by:

(a) Actions of the leadership of the firm

(b) Spreading awareness and training

(c) Monitoring

(d) A process for dealing with non-compliance.

2.1.3 Independence

• The firm should establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the firm and network firm personnel), maintain independence where required by the Code.
• Such policies and procedures should enable the firm to:

(a) Communicate its independence requirements to its personnel

(b) Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement.

• There should exist a mechanism in the firm by which EPs provide the firm with relevant information about client engagements and personnel of firm promptly notify firm of circumstances and relationships that create a threat to independence. All breaches of independence should be promptly notified to firm for appropriate action. Its objective is
  to ensure that independence requirements are satisfied.
• At least annually, the firm should obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent in terms of the requirements of the Code.

Policies to reduce Familiarity threat

Firm should establish criteria for determining the need for safeguards to address the familiarity threat. In determining appropriate criteria, the firm considers such matters as:

(a) the nature of the engagement, including the extent to which it involves a matter of public interest and

(b) the length of service of the senior personnel on the engagement.

Examples of safeguards: Rotating the senior personnel or requiring an engagement quality control review (EQCR).

Other Points

• The familiarity threat is particularly relevant in the context of financial statement audits of listed entities.
• For these audits, EP should be rotated after a pre-defined period, normally not more than 7 years (except in cases where audit of listed entities is conducted by a sole practitioner).
• However, to ensure QC exists in such firms and appropriate reports are issued, there is a process for mandatory peer review of such firms.

2.1.4 Acceptance and Continuance of Client Relationships & Specific Engagements

• A firm before accepting an engagement should acquire vital information about the client. Such an information should help firm to decide about:

(a) Integrity of Client, promoters and key managerial personnel.

(b) Competence (including capabilities, time and resources) to perform engagement.

(c) Compliance with ethical requirements.

• The firm should obtain such information as it considers necessary in the circumstances before accepting an engagement with a new client, when deciding whether to continue an existing engagement, and when considering acceptance of a new engagement with an existing client. Where issues have been identified, and the firm decides to accept or continue the client relationship or a specific engagement, it should document how the issues were resolved.
• If there is any conflict of interest between the firm and client, it should be properly resolved before accepting the engagement. Where the firm obtains information that would have caused it to decline an engagement if that information had been obtainable earlier, policies and procedures on the continuance of the engagement and the client relationship should include consideration of:

(a) professional and legal responsibilities that apply to the circumstances, including whether there is a requirement for the firm to report to the person or persons who made the appointment or, in some cases, to regulatory authorities; and

(b) possibility of withdrawing from the engagement or from both the engagement and the client relationship.

• Establish Policies w.r.t. withdrawal from engagement and communication requirements, if circumstances warrant. Policies and procedures on withdrawal from an engagement or from both the engagement and the client relationship address issues that include the following:

(a) Discussing with appropriate level of mngt. & TCWG regarding the appropriate action that the firm might take based on the relevant facts and circumstances.

(b) If the firm determines that it is appropriate to withdraw, discussing with the appropriate level of the client’s management and TCWG withdrawal from the engagement or from both the engagement and the client relationship, and the reasons for the withdrawal.

(c) Considering whether there is a professional, regulatory or legal requirement for the firm to remain in place, or for the firm to report the withdrawal from the engagement, or from both the engagement and the client relationship, together with the reasons for the withdrawal, to regulatory authorities.

(d) Documenting significant issues, consultations, conclusions and the basis for the conclusions.

Considerations as to integrity of clients

With regard to the integrity of a client, matters that the firm considers include, for example:

1. The identity and business reputation of the client’s principal owners, key management, related parties and those charged with its governance.
2. The nature of the client’s operations, including its business practices.
3. Information concerning the attitude of the client’s principal owners, key management and those charged with its governance towards such matters as aggressive interpretation of accounting standards and the internal control environment.
4. Whether the client is aggressively concerned with maintaining the firm’s fees as low as possible.
5. Indications of an inappropriate limitation in the scope of work.
6. Indications that the client might be involved in money laundering or other criminal activities.
7. The reasons for the proposed appointment of the firm and non-reappointment of the previous firm.

The extent of knowledge a firm will have regarding the integrity of a client will generally grow within the context of an ongoing relationship with that client.

Matters to be considered to determine whether firm has the capabilities, competence, time and resources to undertake an engagement

1. Firm personnel have knowledge of relevant industries or subject matters;
2. Firm personnel have experience with relevant regulatory or reporting requirements, or the ability to gain the necessary skills and knowledge effectively;
3. The firm has sufficient personnel with the necessary capabilities and competence;
4. Experts are available, if needed;
5. Individuals meeting the criteria and eligibility requirements to perform engagement quality control review are available, where applicable; and
6. The firm would be able to complete the engagement within the reporting deadline.

2.1.5 Human Resources

Firm should establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles necessary to perform its engagements in accordance with professional standards and regulatory and legal requirements, and to enable the firm or engagement partners to issue reports that are appropriate in the circumstances.

Assignment of Engagement Teams

Firm should assign responsibility for each engagement to an engagement partner. The firm should establish policies and procedures requiring that:

(a) The identity and role of the engagement partner are communicated to key members of the client’s management and those charged with governance;

(b) The EP has the appropriate capabilities, competence, authority and time to perform the role; and

(c) The responsibilities of the EP are clearly defined and communicated to that partner.

2.1.6 Engagement Performance

Consistency in quality of engagement performance is achieved through briefing of engagement teams of their objectives, processes for complying with engagement standards, processes of engagement supervision and training, methods of reviewing performance of work, appropriate documentation of work performed.

Consultation

• Consultation should take place in difficult matters pertaining to an engagement and includes discussion, at appropriate professional level, with individuals within or outside the firm who have specialized expertise, to resolve a difficult matter.
• Consultation procedures require consultation with those having appropriate knowledge, seniority and experience within the firm (or outside the firm) on significant technical, ethical and other matters and appropriate documentation and implementation of conclusions resulting from consultations.
• A firm needing to consult externally, for example, a firm without appropriate internal resources, may take advantage of advisory services provided by other firms or professional & regulatory bodies.
• Complete and proper documentation should be maintained on issues involved and results of consultation.

Engagement Quality Control Review (EQCR)

• Significant judgments made in an engagement should be reviewed by EQC reviewer for taking an objective view before the report is issued.
• The extent of the review depends on the complexity of the engagement and the risk that the report might not be appropriate in the circumstances. The review does not reduce the responsibilities of the EP.
• EQCR is mandatory for all audits of F.S. of listed entities. In respect of other engagements, firm should devise criteria to determine cases requiring performance of EQCR.

Matters to be considered in an EQCR for audits of F.S. of listed entities

1. The engagement team’s evaluation of the firm’s independence in relation to the specific engagement.
2. Significant risks identified during the engagement and the responses to those risks.
3. Judgments made, particularly with respect to materiality and significant risks.
4. Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult matters, and the conclusions arising from those consultations.
5. The significance and disposition of corrected and uncorrected misstatements identified during the engagement.
6. The matters to be communicated to management and TCWG and, where applicable, other parties such as regulatory bodies.
7. Whether working papers selected for review reflect the work performed in relation to the significant judgments and support the conclusions reached.
8. The appropriateness of the report to be issued.

Engagement Quality Control Reviewer (EQC Reviewer)

• EQC reviewer should be a suitably qualified external person such as a partner or employee (who should be member of ICAI) or can be from another firm with similar background.
• It is necessary to maintain objectivity of such reviewer. Therefore, participation in engagement or making decisions for ET is to be avoided at all costs. However, EP may consult EQC reviewer during the engagement so as not to compromise his objectivity and eligibility to perform the role. Where the nature and extent of the consultations become significant, care is taken by both the ET and the reviewer to maintain the reviewer’s objectivity. Where this is not possible, another individual within the firm or a suitably qualified external person is appointed to take on the role of either the EQC reviewer or the person to be consulted on the engagement.
• The firm’s policies should provide for the replacement of the EQC reviewer where the ability to perform an objective review may be impaired.

Differences of opinion

• There might be difference of opinion within ET, with those consulted and between EP and EQC reviewer. The report should only be issued after resolution of such differences.
• In case, recommendations of EQC reviewer are not accepted by EP and matter is not resolved to reviewer’s satisfaction, the matter should be resolved by following established procedures of firm like by consulting with another practitioner or firm, or a professional or regulatory body.

Engagement documentation

• Firm should establish policies and procedures for ETs assembly of final engagement files on a timely basis after the engagement reports have been finalized. Engagement files should be completed in not more than 60 days after date of auditor’s report.
• Where two or more different reports are issued in respect of the same subject matter information of an entity, firm’s policies and procedures relating to time limits for assembly of final engagement files should be considered separately. This may be the case when the firm issues an auditor’s report on a component’s financial information for group consolidation purposes and, at a subsequent date, an auditor’s report on the same financial information for statutory purposes.
• Firm should establish policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation.
• Unless otherwise specified by law or regulation, engagement documentation is the property of the firm. The firm may, at its discretion, make portions of, or extracts from, engagement documentation available to clients, provided such disclosure does not undermine the validity of the work performed, or, in the case of assurance engagements, the independence of the firm or its personnel.
• Engagement documentation has to be retained for a period of time sufficient to permit those performing monitoring procedures to evaluate the firm’s compliance with its system of QC, or for a longer period if required by law or regulation.
• In specific case of audit engagements, the retention period ordinarily is no shorter than 7 years from the date of the auditor’s report, or, if later, the date of the group auditor’s report.

Policies and procedures on documentation of the EQCR

Policies & procedures on documentation of the EQCR should require documentation that:

(a) Procedures required by firm’s policies on EQCR have been performed.

(b) EQCR has been completed before the report is issued and

(c) Reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the significant judgments the ET made and the conclusions they reached were not appropriate.

2.1.7 Monitoring

The firm should establish policies and procedures designed to provide it with reasonable assurance that the policies and procedures relating to the system of QC are relevant, adequate, operating effectively and complied within practice.

Such policies and procedures should include an ongoing consideration and evaluation of the firm’s system of QC, including a periodic inspection of a selection of completed engagements.

Factors to be considered in monitoring of QC of engagements

1. Deciding whether QC system of the firm has been appropriately designed and effectively implemented.
2. Examining whether new developments in the professional standards, legal and regulatory requirements have been reflected in the QC policies.
3. Conducting monitoring by entrusting responsibility of monitoring process to a partner or other persons with sufficient and appropriate experience and authority in the firm.
4. Dealing with complaints and allegations against the firm or any employees of it of non- compliance with professional standards or appropriate regulatory requirements by a person within or outside the firm.
5. Taking appropriate remedial actions against the personnel who did not conform to QC policies.
6. Taking action when deficiencies in the design or operation of the firm’s QC policies and procedures, or non-compliance with the firm’s system of QC are identified.

3. SA 220 “Quality Control for an Audit of F.S.”

Objectives of the auditor

The objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that:

(a) Audit complies with professional standards and regulatory and legal requirements; &

(b) Auditor’s report issued is appropriate in the circumstances.

3.1 Requirements to implement QC Procedures

3.1.1 Leadership Responsibilities for Quality in Audits

EP is to take responsibility for overall quality on each audit engagement. As a part of this responsibility, EP should emphasize the following to the engagement team (ET):

• Compliance with professional Standards and regulatory and legal requirements.
• Compliance with firm’s Quality Control Policies and procedures as applicable.
• Issuance of appropriate audit report.
• Ability to raise concerns without fear.
• Quality is essential & indispensable in engagement performance.

3.1.2 Relevant Ethical requirements

In relation to ethical requirements in an audit engagement, EP is responsible for:

• Identifying a threat to independence regarding the audit engagement that safeguards may not be able to eliminate or reduce to an acceptable level.
• Reporting by EP to the relevant persons within the firm to determine appropriate action, which may include eliminating the activity or interest that creates the threat, or withdrawing from the audit engagement, where withdrawal is legally permitted.

3.1.3 Acceptance & Continuance of Client Relationship & audit Engagement

• Responsibility of EP is on lines of SQC 1 which requires that the firm should obtain such information as it considers necessary in the circumstances before accepting an engagement with a new client, when deciding whether to continue an existing engagement, & when considering acceptance of a new engagement with an existing client.
• EP shall be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed, and shall determine that conclusions reached in this regard are appropriate.
• If EP obtains information that would have caused firm to decline the audit engagement had that information been available earlier, the EP shall communicate that information promptly to the firm, so that the firm and the EP can take the necessary action.

Examples of information which may cause the firm to withdraw

• The integrity of the principal owners, key management and TCWG of the entity;
• Competency of engagement team to perform the audit engagement and availability of necessary capabilities, including time and resources;
• Compliance with relevant ethical requirements by firm and the ET; and
• Significant matters that have arisen during the current or previous audit engagement, and their implications for continuing the relationship.

3.1.4 Assignment of Engagement team

EP should ensure that the ET and any auditor’s experts who are not part of the ET, collectively have the appropriate competence and capabilities to perform the engagement in accordance with professional standards and regulatory and legal requirements.

3.1.5 Engagement Performance

EP has the responsibility for the following:

(a) Direction, supervision and performance of audit engagement in accordance with professional standards and regulatory and legal requirements;

(b) Auditor’s report being appropriate in circumstances.

(c) Review of audit documentation before issue of audit report.

(d) Ensuring that SAAE has been obtained to support the conclusions reached and for issuance of auditor’s report.

(e) Undertaking appropriate consultation on difficult matters not only within the team but also with others at appropriate level within or outside the firm.

Engagement Quality Control Review (EQCR)

For audits of F.S. of listed entities, and those other audit engagements, if any, for which firm has determined that an EQCR is required, EP shall:

(a) Determine that an EQC reviewer has been appointed.

(b) Discuss significant matters arising during the audit engagement, including those identified during the EQCR, with the EQC reviewer.

(c) Not date the auditor’s report until the completion of the EQCR.

Matters to be evaluated by EQC Reviewer

EQC reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. This evaluation shall involve:

(a) Discussion of significant matters with the EP.

(b) Review of the F.S. and the proposed auditor’s report

(c) Review of selected audit documentation relating to the significant judgments the ET made and the conclusions it reached and

(d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of whether the proposed auditor’s report is appropriate.

Additional Considerations in audit of F.S. of Listed Entities:

• ET’s evaluation of firm’s independence in relation to audit engagement.
• Whether appropriate consultation has taken place on matters involving differences of opinion/difficult matters & conclusions arising from consultations.
• Whether audit documentation selected for review reflects the work performed w.r.t. significant judgments made & supports the conclusions reached.

Differences of opinion

If differences of opinion arise within the ET, with those consulted or, where applicable, between the EP and the EQC reviewer, the ET shall follow the firm’s policies and procedures for dealing with and resolving differences of opinion.

3.1.6 Monitoring

• An effective system of QC includes a monitoring process designed to provide the firm with reasonable assurance that its policies and procedures relating to the system of QC are relevant, adequate, and operating effectively.
• EP shall consider the results of the firm’s monitoring process as evidenced in the latest information circulated by the firm and, if applicable, other network firms and whether deficiencies noted in that information may affect the audit engagement.

3.1.7 Documentation

By Auditor

• Issues identified w.r.t. compliance with relevant ethical requirements and how they were resolved.
• Conclusions on compliance with applicable independence requirements and any relevant discussions with the firm that support these conclusions.
• Conclusions reached regarding the acceptance and continuance of client relationships and audit engagements.
• The nature and scope of, and conclusions resulting from, consultations undertaken during the course of the audit engagement.

By EQC Reviewer

• Procedures required by firm’s policies on EQCR have been performed.
• EQCR has been completed on or before the date of auditor’s report.
• Reviewer is not aware of any unresolved matters that would cause him to believe that the significant judgments the engagement team made and the conclusions they reached were not appropriate.

3.1.8 SQC 1 vs. SA 220

4. Mechanisms for review of Quality Control

4.1 Peer Review Board (PRB)

PRB is constituted by Council of ICAI. Main objective of PRB is to ensure that, in carrying out assurance assignments:

(a) Technical, professional and ethical standards including regulatory requirements are complied with by members of ICAI.

(b) Proper systems are in place including documentation thereof which amply demonstrate quality of assurance services provided by members.

4.2 Quality Review Board

• Quality review Board has been set up by C.G. It consists of members nominated by C.G. and Council of ICAI. The functions of QRB are:

(a) To make recommendations to the Council regarding the quality of services provided by the members of the Institute;

(b) To review the quality of services provided by the members of the Institute including audit services and

(c) To guide the members of the Institute to improve the quality of services and adherence to the various statutory and other regulatory requirements.

• Statutory auditors in respect of the companies are identified for their audit quality review based upon risk-based approach. The review is carried out by technical reviewers who are empanelled by QRB on engagement basis from across the country.

4.3 National Financial Reporting Authority (NFRA)

• NFRA has been constituted in terms of Sec. 132(1) of Companies Act, 2013. Duties of NFRA also include the following:

(a) Monitor & enforce compliance with ASs and auditing standards.

(b) Oversee the quality of service of the professions associated with ensuring compliance with such standards and suggest measures for improvement in the quality of service.

• NFRA has power to monitor and enforce compliance with ASs and auditing standards and oversee the quality of service u/s 132(2) or undertake investigation u/s 132(4) of the auditors of certain class of companies. Such companies include listed companies, insurance companies, banking companies and other companies as provided for in Rule 3 of NFRA Rules, 2018.