CHAPTER 4 | Quality Control

40

1. Why Do We Need Quality Control?

As part of this process firms need to have policies and procedures to ensure that the
quality of their work is satisfactory, otherwise:

1. in the short term there may be individual audit failures, leading to professional
negligence claims
2. in the long term public confidence in the assurance process as a whole will be
diminished
QC is described by the following standards:

ISQC 1 - QC for Firms that perform Audits & Reviews of FS, and Other Assurance &
Related Services Engagements (ISQC = International Standard in Quality Control)

ISA 220 - QC for and Audit of Financial Statements

2. Relevant Audit Standards

2.1. ISQC1
ISQC 1 sets out an accountancy firms responsibilities with regard to their systems of QC
for audits, reviews and other assurance engagements.
These QC systems should include policies designed to ensure that the firm and its
personnel comply with applicable professional standards and regulatory requirements
and that reports issued are appropriate. The systems should also include procedures
necessary to implement those policies and monitor compliance with them.

2.2. ISA220
ISA 220, by contrast, establishes the responsibilities of the auditor (mainly the
engagement partner and engagement quality reviewer) regarding their quality
procedures during audits only.
It states that within the context of the firms system of QC, the engagement team has a
responsibility to implement quality control procedures applicable to audit engagement.

41

3. ISQC1
3.1. Elements of a System of Quality Control
The firm shall establish & maintain a system of quality control that includes policies and
procedures that address each of the following elements:

1.
2.
3.
4.
5.
6.

Leadership responsibilities for quality within the firm

Relevant ethical requirements
Acceptance & Continuance of client relationships & specific engagements
Human resources
Engagement performance (hot Vs cold reviews)
Monitoring
The firm shall document its policies and procedures and communicate them to the
firms personnel.

3.2. Quality Control Procedures

Procedures include:

1. recruiting honest intelligent employees who are offered training towards professional
qualifications
2. staff career development - CPD
3. for potential & existing clients check independence, ethical matters, firms competence to
accept/continue in office
4. accepting clients whose management are of integrity
5. assigning staff to jobs on a basis such that an appropriate mix of skills is available on
each engagement
6. directing & supervising the work throughout the audit
7. consulting where necessary (use of experts)
8. accepting clients of sound financial performance
9. documenting the policies and procedures to be carried out, and amendments when they
are made
10. monitoring the QC policies & procedures to ensure that they are effective

42

4. ISA 220 Quality Control

4.1. Reasons for Quality Control
1.
2.
3.
4.
5.

Minimize Audit Risk and therefore get sued less often

Maintain ethical standards
Eliminate the possibility of negligence
Avoid adverse publicity & loss of reputation
Avoid damages payable

4.2. Procedures Required by Audit Firms

Audit firms are required to implement the following procedures to ensure that adequate
Quality Control is performed:

1. follow professional requirements on independence, integrity and objectivity for allocating

staff
2. maintain skills & competence through proper training of audit personnel assigned to
specific engagements
3. ensure proper assignment of work to staff capable of performing the audit
4. ensure proper delegation & supervision of audit staff
5. ensure monitoring of adequacy of the policies on quality control
6. ensure proper acceptance/retention of clients
7. ensure that sufficient and appropriate audit evidence is gathered
8. ensure that adequate review is performed

4.3. Types of Review Work

There are several types of reviews that you must be aware of:

1. Peer review / Review panel - Another audit firm or Local supervisory board reviews
some audit files of another audit firm after audits have been carried out
2. Audit review department - some audit firms have such a department whose aim is to
review the audit files just after the audit
3. Second partner review - by another audit partner just before signing the audit report
(Quality Review Partner QRP, or Quality Control Partner)
4. Cold review for selected clients after signing the audit report
5. Hot review - by a senior more experienced auditor during the audit (before signing
the audit report)

43

5. Large VS Small Audits

Small firms have some inherent limitations in the extent of Quality Control they can
implement, due to restrictions in available funding and limited human resources.

Large firms can invest in:

training
procedure manuals
standardized documentation
reviews and supervision
technical manuals
register under ISO 9000

Whereas smaller audit firms (with fewer resources) would rely more on:

co-operation with other audit firms

common training with other firms
use of standardized manuals

6. Working Papers
Working papers are the documents created and maintained by the auditor in the course
of their work, and belong to the auditor. They should only be made available to 3rd
parties at the auditors discretion there is an issue of confidentiality here.

6.1. Importance of Working Papers

Working papers:

Help auditors form an audit opinion

Provide evidence in a court of law
Justify the audit fee
Assist following year's audits

44

6.2. ISA 230 Documentation of Working Papers

Auditors should document in their working papers all matters that will enable them
form an audit opinion
Must be safeguarded and kept for a sufficiently long period of time (7 years)
Must be sufficiently complete, detailed and up to date

6.3. Books and Records

These belong to the client

should be returned to audit client after the end of the audit

there is a right of lien for unpaid fees (documents must have been retained by proper
means)

7. Exam Focus

TEST YOUR UNDERSTANDING 1 June 2004 Q4 (a)

Explain why quality control may be difficult to implement in a smaller audit firm and
illustrate how such difficulties may be overcome.
(5 marks)

TEST YOUR UNDERSTANDING 2 Dec 2007 Q1 (c)

c) i) Identify and describe 4 quality control procedures that are applicable to the
individual audit engagement
(8 marks)
ii) Discuss 2 problems that may be faced in implementing quality control
procedures in a small firm of ACCAs, and recommend how these problems may
be overcome.
(4 marks)

45

TEST YOUR UNDERSTANDING 3 June 2009 Q5 (c)

c) Explain the matters to be considered in deciding who is eligible to perform an
engagement quality control review for a listed client.
(4 marks)

Answers:

TEST YOUR UNDERSTANDING 1 June 2004 Q4 (a)

Answer
Problems:
1.
2.
3.
4.

Fewer resources
Lack of Expertise
Limited Time Availability of audit staff
Less strict regulation

How to overcome:
(5 marks)
1. Increase Capacity
2. Training
3. Better audit planning
4. Comply with all regulations

46

TEST YOUR UNDERSTANDING 2 Dec 2007 Q1 (c)

Answer
(c) (i) ISQC 1 Quality Control for Firms That Perform Audits and Reviews of Historical
Financial Information and Other
Assurance and Related Services Engagements provides guidance on the overall quality
control systems that should be implemented by an audit firm. ISA 220 Quality Control for
Audits of Historical Financial Information specifies the quality control procedures that
should be applied by the engagement team in individual audit assignments.
Procedures include the following:
Client acceptance procedures
There should be full documentation, and conclusion on, ethical and client acceptance
issues in each audit assignment. The engagement partner should consider whether
members of the audit team have complied with ethical requirements, for example,
whether all members of the team are independent of the client. Additionally, the
engagement partner should conclude whether all acceptance procedures have been
followed, for example, that the audit firm has considered the integrity of the principal
owners and key management of the client. Other procedures on client acceptance
should include:
Obtaining professional clearance from previous auditors
Consideration of any conflict of interest
Money laundering (client identification) procedures.
Engagement team
Procedures should be followed to ensure that the engagement team collectively has the
skills, competence and time to perform the audit engagement. The engagement partner
should assess that the audit team, for example:
Has the appropriate level of technical knowledge
Has experience of audit engagements of a similar nature and complexity
Has the ability to apply professional judgement
Understands professional standards, and regulatory and legal requirements.
Direction
The engagement team should be directed by the engagement partner. Procedures such
as an engagement planning meeting should be undertaken to ensure that the team
understands:
Their responsibilities
The objectives of the work they are to perform
The nature of the clients business
Risk related issues
How to deal with any problems that may arise; and
The detailed approach to the performance of the audit.
47

The planning meeting should be led by the partner and should include all people
involved with the audit. There should be a discussion of the key issues identified at the
planning stage.
Supervision
Supervision should be continuous during the engagement. Any problems that arise
during the audit should be rectified as soon as possible. Attention should be focused on
ensuring that members of the audit team are carrying out their work in accordance with
the planned approach to the engagement. Significant matters should be brought to the
attention of senior members of the audit team. Documentation should be made of key
decisions made during the audit engagement.
Review
The review process is one of the key quality control procedures. All work performed
must be reviewed by a more senior member of the audit team. Reviewers should
consider for example whether:
Work has been performed in accordance with professional standards
The objectives of the procedures performed have been achieved
Work supports conclusions drawn and is appropriately documented.
The review process itself must be evidenced.
Consultation
Finally the engagement partner should arrange consultation on difficult or contentious
matters. This is a procedure whereby the matter is discussed with a professional outside
the engagement team, and sometimes outside the audit firm. Consultations must be
documented to show:
The issue on which the consultation was sought; and
The results of the consultation.
(ii) Consultation it may not be possible to hold extensive consultations on specialist
issues within a small firm, due to a lack of specialist professionals. There may be a lack
of suitably experienced peers to discuss issues arising on client engagements.
Arrangements with other practices for consultation may be necessary.
Training/Continuing Professional Development (CPD) resources may not be available,
and it is expensive to establish an in-house training function. External training consortia
can be used to provide training/CPD for qualified staff, and training on non-exam related
issues for non-qualified staff.
Review procedures it may not be possible to hold an independent review of an
engagement within the firm due to the small number of senior and experienced auditors.
In this case an external review service may be purchased.
Lack of specialist experience where special skills are needed within an engagement;
the skills may be bought in, for example, by seconding staff from another practice.
Alternatively if work is too specialised for the firm, the work could be sub-contracted to
another practice.
Working papers the firm may lack resources to establish an in-house set of audit
manuals or standard working papers.
In this case documentation can be provided by external firms or professional bodi
48

TEST YOUR UNDERSTANDING 3 June 2009 Q5 (c)

Answer
(c) ISQC 1 Quality Control for Firms that Perform Audits and Reviews of Historical
Financial Information, and Other Assurance and Related Services Engagements
outlines how a firm decides on the eligibility of a person to perform an engagement
review.
Firstly, the reviewer must have a high standard of technical knowledge, encompassing a
thorough understanding of auditing and financial reporting standards, as well as any
specific regulatory issues (such as stock exchange listing rules) which may be relevant
to the client.
In addition, the reviewer should be an experienced auditor, preferably with specific
practical experience of auditing companies operating in a similar industry or business
sector as the client. The reviewer should possess a level of authority within the firm.
This will allow the reviewer to challenge the decisions made by other members of the
firm, including senior managers and partners. It is important that the reviewer is not
intimidated by the senior members of the audit team who could feel criticised by any
negative comments that the reviewer may have on their work and decisions. ISQC 1
recommends that a reviewer of listed clients audits should normally be at partner level
within the firm.
Finally, the reviewer must be independent of the audit team. This allows a totally
objective review to take place. The engagement partner therefore should not be
involved in deciding who should review the audit. Consultations between the
engagement partner and the reviewer can take place during the audit, but care should
be taken to preserve the reviewers objectivity.

49