Title: Michael Cain, FCA
1Chartered Accountants Audit Conference APES 320
Quality Control for Firms A Mandatory
Requirement!
- Michael Cain, FCA
- Audit Accounting Technical Director
- Nexia International Australia and New Zealand
charteredaccountants.com.au
2Session Topics
- ASIC Audit Inspection
- Institute Inspection Program
- Quality Control in Firms APES 320/PS 1
- Network Firm Definition
- Implementation Strategy
- Useful Implementation Tools
31. ASIC Audit Inspections
- Round 1 September 2005
- Round 2 August 2006
- Round 3 No report issued yet
41. ASIC Audit Inspections
- Scope of ASIC audit inspections
- Second year inspection of Big 4 firms
- First year inspection of various offices of BDO,
Horwath, PKF, Grant Thornton, Pitcher Partners
and RSM Bird Cameron - Quality control systems re Independence
- Quality control systems re audit methodologies
51. ASIC Audit Inspections
- (b) Observations Findings - Big 4
- Significant improvements in independence systems
- Strong tone at the top leadership
- Implemented systems to monitor compliance,
annual/quarterly independence confirmations,
conflict checking, engagement acceptance/continuan
ce, systems that monitor and record personal
investments
61. ASIC Audit Inspections
- (b) Observations Findings - Big 4
- Non-audit services now are pre-approved by the
audit partner - Now better communication of consequences of
non-compliance with policies and systems to
staff, including disciplinary actions - Now have systems for capturing independence
consultations and enquiries by staff - 3 firms enhanced independence training and use
e-learning tools
71. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Adoption of CLERP 9
- Induction program for new employees did not
include awareness of independence policies - Independence training not widely conducted
- Lateral hires and contractors not provided with
independence training
81. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Non-Audit Services
- Main threat to independence
- Inadequate documentation supporting decisions to
provide non-audit services - Need to clarify prohibited services
- Some firms not complying with their own
policies - Instances of journals prepared and payroll
services offered, yet no documentation of
independence decision
91. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Partner Evaluation Compensation
- Partner performance reviews either not conducted
or not documented - Remuneration of audit partners linked purely to
financial results - Independence/audit quality considerations not
part of partner evaluation/compensation - Performance criteria does not include
independence or audit quality
101. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Client Acceptance Continuance
- 1 firm did not document acceptance or continuance
- Testing of Compliance
- 2 firms conducted limited reviews on compliance
- 2 firms need to develop and communicate
disciplinary policies which outline consequences
of non compliance - Staff interviewed to test recall of consequences
111. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Whistleblower
- No firm had a formal complaints/whistleblower
process - Strategic Plans and Code of Conduct
- 4 firms had strategic plans that DID NOT include
independence and quality issues - 2 firms code of conduct are deficient
- Need to establish a Tone at the Top
121. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier AUDIT
QUALITY - Application of Audit Methodology
- 2 firms have no audit manual
- 2 firms have fully mapped manuals to Audit
Standards, supported by proprietary software - 1 firm has not updated manual for recent changes
- All firms need to improve engagement file
application of methodologies
131. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Application of Auditing Standards
- Reviewed 30 engagements
- 3 audit standards poorly applied- ASA 520
Analytical Review- ASA 240 Fraud- ASA 530 Audit
Sampling - Most have removed guidance on sample sizes
141. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Audit Documentation
- Incomplete documentation of work
- In all firms, less adequate documentation at
final stages then at commencement - Common deficiencies in documentation related to
- Consideration of laws and regulations
- Partner review of planning prior to field work
- Mandatory fraud audit steps
- Analytical reviews
- Documentation of the substantive sampling
approach adopted - Engagement and management letters not
issued/obtained - Inconsistent application of methodology across
industry groups within the firms
151. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier
- Audit Evidence
- General lack of evidence for disclosure items
such as related party, commitments and
contingencies, director remuneration - Engagement Quality Control Review
- On some listed clients, inadequate evidence of
review being performed - In 1 firm, not sure who the review partner was
161. ASIC Audit Inspections
- (b) Observations Findings - Mid-Tier Monitoring
- 2 did not have adequate policies to support
monitoring of audit quality - 4 firms deficient in communicating results of
reviews beyond the engagement team - 1 firm had no monitoring policies
- No link between partner/staff performance
evaluation and results of their internal
monitoring process
171. ASIC Audit Inspections
- (c) Future Inspections
- Follow up action on all firms in the report
- Extend reach into other Mid-Tier firms
- Other offices of Big 4 firms not in 1st 2nd
report - Focus on Independence Quality
- Practical application of Auditor Rotation
- Increase number of engagement files reviewed
181. ASIC Audit Inspections
- (c) Future Inspections
- Focus on Auditing Standards not adequately dealt
with - ASA 315 Understand Entity Risk
- ASA 240 Fraud
- ASA 530 Audit Sampling
- ASA 230 Documentation
- ASA 315 would naturally extend to ASA 330
191. ASIC Audit Inspections
- (c) Future Inspections
- Transition to Force of Law Standards and APES 320
(APS 5) - IFAC broadened definition of Network,
affiliations must be independent of each other
201. ASIC Audit Inspections
How to handle ASIC Concerns?? Nexia ASIC
Concerns Questionnaire and Action Plan
212. Institute Inspection Review
- As at 30 June 2007
- 478 practice firms reviews completed
- 32 listed public companies completed
- 518 practice firms reviews were in progress
- 16 listed public companies in progress
- Review Policy
- All practices that audit publicly listed
companies reviewed every 3 years - All other practices reviewed every 5 years
222. Institute Inspection Review
- 87.5 85 of practices were either informed
there was no further action required or that
procedures were adequate, with only minor issues
to address - 12 14 had policies and procedures that were
insufficient to comply with professional and
legal requirements or did not adhere to existing
policies and procedures - lt1 (1) were referred to Institute disciplinary
processes for investigation because of
fundamental breaches of standards
232. Institute Inspection Review
- Majority are meeting independence standards, but
deficiencies noted were - Independence
- Self Managed Superannuation Fund audits
- Provision of accounting and audit
- Inadequate documentation in relation to threats
to independence
242. Institute Inspection Review
- Deficiencies noted
- Audit Engagements
- No evidence of planning documentation
- No internal controls or risk assessment prior to
the audit work performed - No subsequent events review documentation
- No evidence of going concern assessment
- No letters of engagement or representation
- Insufficient documentation surrounding
independence considerations
252. Institute Inspection Review
- Deficiencies noted
- Compilation Engagements
- Did not specify they were Special Purpose
Financial Reports - Non-compliance with APS 9 Compilation of
Financial Reports - Errors in accounting and disclosure
262. Institute Inspection Review
- Deficiencies noted
- Training and development
- Failure to meet minimum hours of training and
development R7 Regulations relating to training
development - Failure to meet training and development re
statutory audit registration
272. Institute Inspection Review
- Improvements in Quality Control Systems
- ARE
- required across the majority of practices, in
particular - Formal policies and procedures of quality control
across the whole practice firm - Training in the Code of Ethics for Professional
Accountants
282. Institute Inspections
- ASIC
- Greater powers to investigate
- Have access to all files
- No reported breaches of Corporations Act
- Institute
- Cooperative approach
- Not have access to all files under privacy
legislation - Cannot access all records
293. Quality Control
- Why is it important?
- APES 320 Quality Control for Firms Compulsory
- APES 110 Code of Ethics for Professional
Accountants Compulsory - Legislative Requirements CLERP 9
- Australian Auditing Standards Force of Law
- Risk Management Protect your REPUTATION AND
INTEGRITY!!
303. Quality Control
313. Quality Control
- APES 320 Quality Control for Firms
- Applicable from 1 July 2006
- More stringent QC than APS4/5
- Basic principles and essential procedures
- Firm wide system of quality control, not just
audit - Quality Control Manual/ QC Guide
http//www.charteredaccountants.com.au/resource_c
entre - Quality Control Report (QCR)
323. Quality Control
- Mandatory requirement for every practice firm is
to - Establish a system of quality control designed
to provide it with reasonable assurance that the
firm and its personnel comply with professional
standards and regulatory and professional
requirements and that reports issued by the firm
or engagement partners are appropriate to the
circumstances (APES 320(3))
333. Quality Control
The key document to ensure compliance! The
Quality Control Manual (QCM) Quality Control
Guide and Checklist Templates enclosed Lets
surf the requirements
343. Quality Control
- Elements of Quality Control
- Leadership responsibilities
- Ethical requirements
- Acceptance and continuance of client
relationships and specific engagements - Human resources
- Engagement performance
- Monitoring
353. Quality Control
- Leadership Responsibilities - Policy
- Partners are committed to a high standard of
quality on all engagements - All staff required to be fully conversant with
APES 110 Code of Ethics for Professional
Accountants - Quality will not be compromised by commercial
considerations on assignments - All partners and staff to follow policies and
procedures
363. Quality Control
- Leadership Responsibilities - Policy
- Effective training key component to quality
maintenance - Mandatory training required for all staff
- Sufficient resources devoted for the development,
documentation, and support of quality policies
and procedures - Annual performance reviews to include appraisal
of commitment to quality, ethics, CPE, adherence
to policies and procedures, and competency
373. Quality Control
- Leadership Responsibilities
- Procedures and Documentation
- Documented set of policies and procedures that
reflect what the practice MUST do! - This is to be documented in the Quality Control
Manual - Applies to the WHOLE firm, all services, all
engagements!
383. Quality Control
- Ethical Requirements - Policy
- Maintain a high standard of personal conduct to
avoid damage to - Personal reputation
- Firms reputation
- Professional Accounting Body (Institute of
Chartered Accountants in Australia,CPA,NIA) - Mandatory compliance with APES110
- Code of Ethics for Professional Accountants
- Has force of law for Corporations Act audits
- Chapter 2M Registered Schemes or Disclosing
Entities - Chapter 7 Financial Services Licensees
- Public Interest
393. Quality Control
- Ethical Requirements
- Fundamental Principles
- Integrity
- Objectivity
- Independence
- Professional Competence and Due Care
- Confidentiality
- Professional Behaviour
403. Quality Control
- Client Acceptance Continuance
- Policy Acceptance of New Clients
- Client integrity
- Cultural fit
- Firms ability to conduct engagement competently
and within timeframe - Ethical issues perceived independence and
conflict of interest threats - Decision documented by engagement partner
together with information collected on client
file
413. Quality Control
- Client Acceptance Continuance
- Policy Continuance
- Not continue engagement where not have accepted
had information been available earlier - Report events of lack of integrity of client to
partner - Partner to consider professional and legal
responsibilities and make effort to resolve - Must document resolution or decision to withdraw
from engagement on client file
423. Quality Control
- Client Acceptance Continuance
- Procedures Key Documents
- Client Screening Questionnaire
- New Client Form
- Welcome Letter
- Ethical Letter
- New Client Acceptance Checklist
- Client Engagement Task Checklist
- Client Retention Checklist
- Lost Client Form
- Disengagement Letter
433. Quality Control
- Human Resources - Policy
- Sufficient personnel
- Appropriate competence and capabilities
- Partner responsibility for HR issues
- Policies and procedures to be monitored
- Commitment to ethical principles
- Performance appraisals, promotion, and
remuneration - Non compliance counselled and/or disciplined
443. Quality Control
- Human Resources - Procedures
- Recruitment
- Job descriptions
- Candidate selection
- Probation reviews
- Performance evaluation/promotion/remuneration
- Six monthly interactive performance evaluation
- Recognition, feedback, and advancement
- Compliance with policies and procedures
- Appropriate remuneration re performance and
industry standards
453. Quality Control
- Human Resources - Procedures
- Capabilities/competence/career development
- Relevant training
- Maintenance of CPE requirements
- On the job coaching and mentoring
- Assignment to engagements
- Depends on complexity of assignment and ability
of staff member - Supervision
- Engagement planning
- Monitoring of work in progress and milestones
463. Quality Control
- Human Resources - Key Documents
- Human Resource Policy
- Job Descriptions
- Candidate Interview and Evaluation Checklist
- New Staff Orientation Checklist
- Professional Staff Performance Review
- Administrative Staff Performance Review
- Training and Development Record
473. Quality Control
- Engagement Performance - Policy
- Consistency in quality of engagements performed
- Achieved through
- Use of up to date manuals
- Industry standard software
- Template documents
- Guidance Material
- Pre engagement briefings to set objectives and
tasks - Contentious/difficult matters referred to
engagement partner for resolution
483. Quality Control
- Engagement Performance - Procedures
- Supervision
- Review
- Training and coaching
- Consultations and referrals
- Engagement documentation
493. Quality Control
- Engagement Performance
- Key Documents
- Client Acceptance and Continuance docs
- Work Control Form
- Job entered into firms workflow system (APS)
- Timesheets completed and entered
- Work in progress produced and monitored
- Workflow reviewed by team
- Document consultation/referral on Checklist for
Use of Outside Consultant
503. Quality Control
- Monitoring - Policy
- Quality Control System has to be
- Relevant
- Adequate
- Operating effectively
- Complied with
513. Quality Control
- Monitoring - Procedures
- Ongoing Evaluation - Firm wide
- Periodic inspections of completed engagements
- Internal reviews all service lines
- Peer reviews other office in network
- Institute review every 3 years
- ASIC inspection anytime??!
- Emphasis on independence and audit quality
(listed)
523. Quality Control
- Monitoring - Procedures
- Individual Engagement
- Engagement partner reviews all reports/returns
before issue to client - Review for adherence to policies and procedures
(QC completion documentation) - Resolution of identified issues or errors
encountered - Regular meetings with staff will discuss QC
matters
533. Quality Control
- Monitoring - Key Documents
- Monitoring Policy Statement
- Job Review Form
- Firm Feedback Form
- System Review
- Quality Culture Assessment
- Client Complaint Record
543. Quality Control
- Documentation - Policy
- Appropriate documentation in place as
- EVIDENCE
- of the operation of EACH element of its
system of quality control - Quality Control Manual includes all policies and
procedures to be available to all staff - You are expected to fully understand the contents
and ensure compliance in day to day completion of
tasks
553. Quality Control
- Final Product-
- Detailed Policies and Procedures
- Leadership responsibilities
- Ethical requirements
- Acceptance and continuance of client
relationships and specific engagements - Human resources
- Engagement performance
- Monitoring
563. Quality Control
Nexia QCR Report
574. Network Firm Definition
- Revised definition of network firms that the
APESB has adopted - Applicable in Australia 1 July 2008
- Old definition criticised as too focused on
control - Revised definition looks at how networks operate
584. Network Firm Definition
- Considered a Network when there is a larger
structure aimed at cooperation and one of the
following applies - - Profit or cost sharing among the entities
- Shares common ownership, control or management
- Has common quality control policies and
procedures - Has common business strategy
- Uses a common brand name or common initials
- Shares a significant part of professional
resources
594. Network Firm Definition
- Consider
- Impact on firm
- Implement independence processes and policies
across affiliation - Reference to being a member of an association of
firms in stationery and promotional material
could suggest that a firm is a member of a
network firm!
605. Implementation Strategy
- Set Tone at the Top - all partners to commit
- Incorporate into strategic plan
- Conduct preliminary awareness training
- Establish element champions
- Undertake detailed gap analysis
- Update QCM policies and procedures
- Address ASIC and Institute concerns
615. Implementation Strategy
- Incorporate into induction program and office
policies and procedures manual - Complete QCR checklist
- Practice approval
- Detailed training of new procedures
- Maintain document repository
- Plan annual review and update
- Implement internal review procedures, including
reporting of findings
626. Useful Implementation Tools
- QCM template and QC Guide from Institute website
(or email me for Nexia version) - Audit independence checklist from Institute
- ASIC Concerns Questionnaire and Action Plan
- Quality Control Review Report
- Committed project partners and staff
63Assistance?
Michael Cain Direct line (03) 9608
0130 Email mcain_at_nexiaasr.com.au
64Conclusion
Remember IF IT IS NOT DOCUMENTED, IT IS NOT
DONE!
Lee White,
Chief Accountant, ASIC Therefore this is not a
nice to have it is a MUST HAVE! THANK
YOU! YOUR TURN!!