Michael Cain, FCA

1
Chartered Accountants Audit Conference APES 320
Quality Control for Firms A Mandatory
Requirement!

• Michael Cain, FCA
• Audit Accounting Technical Director
• Nexia International Australia and New Zealand

charteredaccountants.com.au
2
Session Topics

1. ASIC Audit Inspection
2. Institute Inspection Program
3. Quality Control in Firms APES 320/PS 1
4. Network Firm Definition
5. Implementation Strategy
6. Useful Implementation Tools

3
1. ASIC Audit Inspections

• Round 1 September 2005
• Round 2 August 2006
• Round 3 No report issued yet

4
1. ASIC Audit Inspections

• Scope of ASIC audit inspections
• Second year inspection of Big 4 firms
• First year inspection of various offices of BDO,
  Horwath, PKF, Grant Thornton, Pitcher Partners
  and RSM Bird Cameron
• Quality control systems re Independence
• Quality control systems re audit methodologies

5
1. ASIC Audit Inspections

• (b) Observations Findings - Big 4
• Significant improvements in independence systems
• Strong tone at the top leadership
• Implemented systems to monitor compliance,
  annual/quarterly independence confirmations,
  conflict checking, engagement acceptance/continuan
  ce, systems that monitor and record personal
  investments

6
1. ASIC Audit Inspections

• (b) Observations Findings - Big 4
• Non-audit services now are pre-approved by the
  audit partner
• Now better communication of consequences of
  non-compliance with policies and systems to
  staff, including disciplinary actions
• Now have systems for capturing independence
  consultations and enquiries by staff
• 3 firms enhanced independence training and use
  e-learning tools

7
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Adoption of CLERP 9
• Induction program for new employees did not
  include awareness of independence policies
• Independence training not widely conducted
• Lateral hires and contractors not provided with
  independence training

8
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Non-Audit Services
• Main threat to independence
• Inadequate documentation supporting decisions to
  provide non-audit services
• Need to clarify prohibited services
• Some firms not complying with their own
  policies
• Instances of journals prepared and payroll
  services offered, yet no documentation of
  independence decision

9
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Partner Evaluation Compensation
• Partner performance reviews either not conducted
  or not documented
• Remuneration of audit partners linked purely to
  financial results
• Independence/audit quality considerations not
  part of partner evaluation/compensation
• Performance criteria does not include
  independence or audit quality

10
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Client Acceptance Continuance
• 1 firm did not document acceptance or continuance
• Testing of Compliance
• 2 firms conducted limited reviews on compliance
• 2 firms need to develop and communicate
  disciplinary policies which outline consequences
  of non compliance
• Staff interviewed to test recall of consequences

11
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Whistleblower
• No firm had a formal complaints/whistleblower
  process
• Strategic Plans and Code of Conduct
• 4 firms had strategic plans that DID NOT include
  independence and quality issues
• 2 firms code of conduct are deficient
• Need to establish a Tone at the Top

12
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier AUDIT
  QUALITY
• Application of Audit Methodology
• 2 firms have no audit manual
• 2 firms have fully mapped manuals to Audit
  Standards, supported by proprietary software
• 1 firm has not updated manual for recent changes
• All firms need to improve engagement file
  application of methodologies

13
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Application of Auditing Standards
• Reviewed 30 engagements
• 3 audit standards poorly applied- ASA 520
  Analytical Review- ASA 240 Fraud- ASA 530 Audit
  Sampling
• Most have removed guidance on sample sizes

14
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Audit Documentation
• Incomplete documentation of work
• In all firms, less adequate documentation at
  final stages then at commencement
• Common deficiencies in documentation related to
• Consideration of laws and regulations
• Partner review of planning prior to field work
• Mandatory fraud audit steps
• Analytical reviews
• Documentation of the substantive sampling
  approach adopted
• Engagement and management letters not
  issued/obtained
• Inconsistent application of methodology across
  industry groups within the firms

15
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier
• Audit Evidence
• General lack of evidence for disclosure items
  such as related party, commitments and
  contingencies, director remuneration
• Engagement Quality Control Review
• On some listed clients, inadequate evidence of
  review being performed
• In 1 firm, not sure who the review partner was

16
1. ASIC Audit Inspections

• (b) Observations Findings - Mid-Tier Monitoring
• 2 did not have adequate policies to support
  monitoring of audit quality
• 4 firms deficient in communicating results of
  reviews beyond the engagement team
• 1 firm had no monitoring policies
• No link between partner/staff performance
  evaluation and results of their internal
  monitoring process

17
1. ASIC Audit Inspections

• (c) Future Inspections
• Follow up action on all firms in the report
• Extend reach into other Mid-Tier firms
• Other offices of Big 4 firms not in 1st 2nd
  report
• Focus on Independence Quality
• Practical application of Auditor Rotation
• Increase number of engagement files reviewed

18
1. ASIC Audit Inspections

• (c) Future Inspections
• Focus on Auditing Standards not adequately dealt
  with
• ASA 315 Understand Entity Risk
• ASA 240 Fraud
• ASA 530 Audit Sampling
• ASA 230 Documentation
• ASA 315 would naturally extend to ASA 330

19
1. ASIC Audit Inspections

• (c) Future Inspections
• Transition to Force of Law Standards and APES 320
  (APS 5)
• IFAC broadened definition of Network,
  affiliations must be independent of each other

20
1. ASIC Audit Inspections
How to handle ASIC Concerns?? Nexia ASIC
Concerns Questionnaire and Action Plan
21
2. Institute Inspection Review

• As at 30 June 2007
• 478 practice firms reviews completed
• 32 listed public companies completed
• 518 practice firms reviews were in progress
• 16 listed public companies in progress
• Review Policy
• All practices that audit publicly listed
  companies reviewed every 3 years
• All other practices reviewed every 5 years

22
2. Institute Inspection Review

• 87.5 85 of practices were either informed
  there was no further action required or that
  procedures were adequate, with only minor issues
  to address
• 12 14 had policies and procedures that were
  insufficient to comply with professional and
  legal requirements or did not adhere to existing
  policies and procedures
• lt1 (1) were referred to Institute disciplinary
  processes for investigation because of
  fundamental breaches of standards

23
2. Institute Inspection Review

• Majority are meeting independence standards, but
  deficiencies noted were
• Independence
• Self Managed Superannuation Fund audits
• Provision of accounting and audit
• Inadequate documentation in relation to threats
  to independence

24
2. Institute Inspection Review

• Deficiencies noted
• Audit Engagements
• No evidence of planning documentation
• No internal controls or risk assessment prior to
  the audit work performed
• No subsequent events review documentation
• No evidence of going concern assessment
• No letters of engagement or representation
• Insufficient documentation surrounding
  independence considerations

25
2. Institute Inspection Review

• Deficiencies noted
• Compilation Engagements
• Did not specify they were Special Purpose
  Financial Reports
• Non-compliance with APS 9 Compilation of
  Financial Reports
• Errors in accounting and disclosure

26
2. Institute Inspection Review

• Deficiencies noted
• Training and development
• Failure to meet minimum hours of training and
  development R7 Regulations relating to training
  development
• Failure to meet training and development re
  statutory audit registration

27
2. Institute Inspection Review

• Improvements in Quality Control Systems
• ARE
• required across the majority of practices, in
  particular
• Formal policies and procedures of quality control
  across the whole practice firm
• Training in the Code of Ethics for Professional
  Accountants

28
2. Institute Inspections

• ASIC
• Greater powers to investigate
• Have access to all files
• No reported breaches of Corporations Act

• Institute
• Cooperative approach
• Not have access to all files under privacy
  legislation
• Cannot access all records

29
3. Quality Control

• Why is it important?
• APES 320 Quality Control for Firms Compulsory
• APES 110 Code of Ethics for Professional
  Accountants Compulsory
• Legislative Requirements CLERP 9
• Australian Auditing Standards Force of Law
• Risk Management Protect your REPUTATION AND
  INTEGRITY!!

30
3. Quality Control
31
3. Quality Control

• APES 320 Quality Control for Firms
• Applicable from 1 July 2006
• More stringent QC than APS4/5
• Basic principles and essential procedures
• Firm wide system of quality control, not just
  audit
• Quality Control Manual/ QC Guide
  http//www.charteredaccountants.com.au/resource_c
  entre
• Quality Control Report (QCR)

32
3. Quality Control

• Mandatory requirement for every practice firm is
  to
• Establish a system of quality control designed
  to provide it with reasonable assurance that the
  firm and its personnel comply with professional
  standards and regulatory and professional
  requirements and that reports issued by the firm
  or engagement partners are appropriate to the
  circumstances (APES 320(3))

33
3. Quality Control
The key document to ensure compliance! The
Quality Control Manual (QCM) Quality Control
Guide and Checklist Templates enclosed Lets
surf the requirements
34
3. Quality Control

• Elements of Quality Control
• Leadership responsibilities
• Ethical requirements
• Acceptance and continuance of client
  relationships and specific engagements
• Human resources
• Engagement performance
• Monitoring

35
3. Quality Control

• Leadership Responsibilities - Policy
• Partners are committed to a high standard of
  quality on all engagements
• All staff required to be fully conversant with
  APES 110 Code of Ethics for Professional
  Accountants
• Quality will not be compromised by commercial
  considerations on assignments
• All partners and staff to follow policies and
  procedures

36
3. Quality Control

• Leadership Responsibilities - Policy
• Effective training key component to quality
  maintenance
• Mandatory training required for all staff
• Sufficient resources devoted for the development,
  documentation, and support of quality policies
  and procedures
• Annual performance reviews to include appraisal
  of commitment to quality, ethics, CPE, adherence
  to policies and procedures, and competency

37
3. Quality Control

• Leadership Responsibilities
• Procedures and Documentation
• Documented set of policies and procedures that
  reflect what the practice MUST do!
• This is to be documented in the Quality Control
  Manual
• Applies to the WHOLE firm, all services, all
  engagements!

38
3. Quality Control

• Ethical Requirements - Policy
• Maintain a high standard of personal conduct to
  avoid damage to
• Personal reputation
• Firms reputation
• Professional Accounting Body (Institute of
  Chartered Accountants in Australia,CPA,NIA)
• Mandatory compliance with APES110
• Code of Ethics for Professional Accountants
• Has force of law for Corporations Act audits
• Chapter 2M Registered Schemes or Disclosing
  Entities
• Chapter 7 Financial Services Licensees
• Public Interest

39
3. Quality Control

• Ethical Requirements
• Fundamental Principles
• Integrity
• Objectivity
• Independence
• Professional Competence and Due Care
• Confidentiality
• Professional Behaviour

40
3. Quality Control

• Client Acceptance Continuance
• Policy Acceptance of New Clients
• Client integrity
• Cultural fit
• Firms ability to conduct engagement competently
  and within timeframe
• Ethical issues perceived independence and
  conflict of interest threats
• Decision documented by engagement partner
  together with information collected on client
  file

41
3. Quality Control

• Client Acceptance Continuance
• Policy Continuance
• Not continue engagement where not have accepted
  had information been available earlier
• Report events of lack of integrity of client to
  partner
• Partner to consider professional and legal
  responsibilities and make effort to resolve
• Must document resolution or decision to withdraw
  from engagement on client file

42
3. Quality Control

• Client Acceptance Continuance
• Procedures Key Documents
• Client Screening Questionnaire
• New Client Form
• Welcome Letter
• Ethical Letter
• New Client Acceptance Checklist
• Client Engagement Task Checklist
• Client Retention Checklist
• Lost Client Form
• Disengagement Letter

43
3. Quality Control

• Human Resources - Policy
• Sufficient personnel
• Appropriate competence and capabilities
• Partner responsibility for HR issues
• Policies and procedures to be monitored
• Commitment to ethical principles
• Performance appraisals, promotion, and
  remuneration
• Non compliance counselled and/or disciplined

44
3. Quality Control

• Human Resources - Procedures
• Recruitment
• Job descriptions
• Candidate selection
• Probation reviews
• Performance evaluation/promotion/remuneration
• Six monthly interactive performance evaluation
• Recognition, feedback, and advancement
• Compliance with policies and procedures
• Appropriate remuneration re performance and
  industry standards

45
3. Quality Control

• Human Resources - Procedures
• Capabilities/competence/career development
• Relevant training
• Maintenance of CPE requirements
• On the job coaching and mentoring
• Assignment to engagements
• Depends on complexity of assignment and ability
  of staff member
• Supervision
• Engagement planning
• Monitoring of work in progress and milestones

46
3. Quality Control

• Human Resources - Key Documents
• Human Resource Policy
• Job Descriptions
• Candidate Interview and Evaluation Checklist
• New Staff Orientation Checklist
• Professional Staff Performance Review
• Administrative Staff Performance Review
• Training and Development Record

47
3. Quality Control

• Engagement Performance - Policy
• Consistency in quality of engagements performed
• Achieved through
• Use of up to date manuals
• Industry standard software
• Template documents
• Guidance Material
• Pre engagement briefings to set objectives and
  tasks
• Contentious/difficult matters referred to
  engagement partner for resolution

48
3. Quality Control

• Engagement Performance - Procedures
• Supervision
• Review
• Training and coaching
• Consultations and referrals
• Engagement documentation

49
3. Quality Control

• Engagement Performance
• Key Documents
• Client Acceptance and Continuance docs
• Work Control Form
• Job entered into firms workflow system (APS)
• Timesheets completed and entered
• Work in progress produced and monitored
• Workflow reviewed by team
• Document consultation/referral on Checklist for
  Use of Outside Consultant

50
3. Quality Control

• Monitoring - Policy
• Quality Control System has to be
• Relevant
• Adequate
• Operating effectively
• Complied with

51
3. Quality Control

• Monitoring - Procedures
• Ongoing Evaluation - Firm wide
• Periodic inspections of completed engagements
• Internal reviews all service lines
• Peer reviews other office in network
• Institute review every 3 years
• ASIC inspection anytime??!
• Emphasis on independence and audit quality
  (listed)

52
3. Quality Control

• Monitoring - Procedures
• Individual Engagement
• Engagement partner reviews all reports/returns
  before issue to client
• Review for adherence to policies and procedures
  (QC completion documentation)
• Resolution of identified issues or errors
  encountered
• Regular meetings with staff will discuss QC
  matters

53
3. Quality Control

• Monitoring - Key Documents
• Monitoring Policy Statement
• Job Review Form
• Firm Feedback Form
• System Review
• Quality Culture Assessment
• Client Complaint Record

54
3. Quality Control

• Documentation - Policy
• Appropriate documentation in place as
• EVIDENCE
• of the operation of EACH element of its
  system of quality control
• Quality Control Manual includes all policies and
  procedures to be available to all staff
• You are expected to fully understand the contents
  and ensure compliance in day to day completion of
  tasks

55
3. Quality Control

• Final Product-
• Detailed Policies and Procedures
• Leadership responsibilities
• Ethical requirements
• Acceptance and continuance of client
  relationships and specific engagements
• Human resources
• Engagement performance
• Monitoring

56
3. Quality Control
Nexia QCR Report
57
4. Network Firm Definition

• Revised definition of network firms that the
  APESB has adopted
• Applicable in Australia 1 July 2008
• Old definition criticised as too focused on
  control
• Revised definition looks at how networks operate

58
4. Network Firm Definition

• Considered a Network when there is a larger
  structure aimed at cooperation and one of the
  following applies -
• Profit or cost sharing among the entities
• Shares common ownership, control or management
• Has common quality control policies and
  procedures
• Has common business strategy
• Uses a common brand name or common initials
• Shares a significant part of professional
  resources

59
4. Network Firm Definition

• Consider
• Impact on firm
• Implement independence processes and policies
  across affiliation
• Reference to being a member of an association of
  firms in stationery and promotional material
  could suggest that a firm is a member of a
  network firm!

60
5. Implementation Strategy

• Set Tone at the Top - all partners to commit
• Incorporate into strategic plan
• Conduct preliminary awareness training
• Establish element champions
• Undertake detailed gap analysis
• Update QCM policies and procedures
• Address ASIC and Institute concerns

61
5. Implementation Strategy

• Incorporate into induction program and office
  policies and procedures manual
• Complete QCR checklist
• Practice approval
• Detailed training of new procedures
• Maintain document repository
• Plan annual review and update
• Implement internal review procedures, including
  reporting of findings

62
6. Useful Implementation Tools

• QCM template and QC Guide from Institute website
  (or email me for Nexia version)
• Audit independence checklist from Institute
• ASIC Concerns Questionnaire and Action Plan
• Quality Control Review Report
• Committed project partners and staff

63
Assistance?
Michael Cain Direct line (03) 9608
0130 Email mcain_at_nexiaasr.com.au
64
Conclusion
Remember IF IT IS NOT DOCUMENTED, IT IS NOT
DONE!
Lee White,
Chief Accountant, ASIC Therefore this is not a
nice to have it is a MUST HAVE! THANK
YOU! YOUR TURN!!