chartered accountants audit conference apes 320: quality control for firms – a mandatory...
TRANSCRIPT
Chartered Accountants Audit Conference
APES 320: Quality Control for Firms – A Mandatory Requirement!
charteredaccountants.com.au
Michael Cain, FCA
Audit & Accounting Technical Director
Nexia International – Australia and New Zealand
Session Topics
1. ASIC Audit Inspection
2. Institute Inspection Program
3. Quality Control in Firms: APES 320/PS 1
4. Network Firm Definition
5. Implementation Strategy
6. Useful Implementation Tools
1. ASIC Audit Inspections
> Round 1 – September 2005
> Round 2 – August 2006
> Round 3 – No report issued yet
1. ASIC Audit InspectionsScope of ASIC audit inspections
> Second year inspection of Big 4 firms
> First year inspection of various offices of BDO, Horwath, PKF, Grant Thornton, Pitcher Partners and RSM Bird Cameron
> Quality control systems re Independence
> Quality control systems re audit methodologies
1. ASIC Audit Inspections
(b) Observations & Findings - Big 4
> Significant improvements in independence systems
> Strong tone at the top leadership
> Implemented systems to monitor compliance, annual/quarterly independence confirmations, conflict checking, engagement acceptance/continuance, systems that monitor and record personal investments
1. ASIC Audit Inspections
(b) Observations & Findings - Big 4
> Non-audit services now are pre-approved by the audit partner
> Now better communication of consequences of non-compliance with policies and systems to staff, including disciplinary actions
> Now have systems for capturing independence consultations and enquiries by staff
> 3 firms enhanced independence training and use e-learning tools
1. ASIC Audit Inspections
(b) Observations & Findings - Mid-Tier
Adoption of CLERP 9
> Induction program for new employees did not include awareness of independence policies
> Independence training not widely conducted
> Lateral hires and contractors not provided with independence training
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Non-Audit Services
> Main threat to independence
> Inadequate documentation supporting decisions to provide non-audit services
> Need to clarify prohibited services
> Some firms not complying with their own policies
> Instances of journals prepared and payroll services offered, yet no documentation of independence decision
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Partner Evaluation & Compensation
> Partner performance reviews either not conducted or not documented
> Remuneration of audit partners linked purely to financial results
> Independence/audit quality considerations not part of partner evaluation/compensation
> Performance criteria does not include independence or audit quality
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Client Acceptance & Continuance
> 1 firm did not document acceptance or continuance
Testing of Compliance
> 2 firms conducted limited reviews on compliance
> 2 firms need to develop and communicate disciplinary policies which outline consequences of non compliance
> Staff interviewed to test recall of consequences
1. ASIC Audit Inspections(b) Observations & Findings - Mid-TierWhistleblower> No firm had a formal
complaints/whistleblower process
Strategic Plans and Code of Conduct
> 4 firms had strategic plans that DID NOT include independence and quality issues
> 2 firms code of conduct are deficient
> Need to establish a “Tone at the Top”
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
AUDIT QUALITY
Application of Audit Methodology
> 2 firms have no audit manual
> 2 firms have fully mapped manuals to Audit Standards, supported by proprietary software
> 1 firm has not updated manual for recent changes
> All firms need to improve engagement file application of methodologies
1. ASIC Audit Inspections
(b) Observations & Findings - Mid-Tier
Application of Auditing Standards> Reviewed 30 engagements> 3 audit standards poorly applied:
- ASA 520 Analytical Review- ASA 240 Fraud- ASA 530 Audit Sampling
> Most have removed guidance on sample sizes
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Audit Documentation> Incomplete documentation of work> In all firms, less adequate documentation at final
stages then at commencement
Common deficiencies in documentation related to:> Consideration of laws and regulations> Partner review of planning prior to field work> Mandatory fraud audit steps> Analytical reviews> Documentation of the substantive sampling approach
adopted> Engagement and management letters not
issued/obtained> Inconsistent application of methodology across
industry groups within the firms
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Audit Evidence
> General lack of evidence for disclosure items such as related party, commitments and contingencies, director remuneration
Engagement Quality Control Review
> On some listed clients, inadequate evidence of review being performed
> In 1 firm, not sure who the review partner was
1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier
Monitoring
> 2 did not have adequate policies to support monitoring of audit quality
> 4 firms deficient in communicating results of reviews beyond the engagement team
> 1 firm had no monitoring policies
> No link between partner/staff performance evaluation and results of their internal monitoring process
1. ASIC Audit Inspections
(c) Future Inspections
> Follow up action on all firms in the report
> Extend reach into other Mid-Tier firms
> Other offices of Big 4 firms not in 1st & 2nd report
> Focus on Independence & Quality
> Practical application of Auditor Rotation
> Increase number of engagement files reviewed
1. ASIC Audit Inspections
(c) Future InspectionsFocus on Auditing Standards not
adequately dealt with:
> ASA 315 Understand Entity & Risk
> ASA 240 Fraud
> ASA 530 Audit Sampling
> ASA 230 Documentation
ASA 315 would naturally extend to ASA 330
1. ASIC Audit Inspections
(c) Future Inspections
> Transition to Force of Law Standards and APES 320 (APS 5)
> IFAC broadened definition of “Network”, affiliations must be independent of each other
1. ASIC Audit Inspections
How to handle ASIC Concerns??
Nexia ASIC Concerns
Questionnaire and Action Plan
2. Institute Inspection ReviewAs at 30 June 2007
> 478 practice firms’ reviews completed
> 32 listed public companies completed
> 518 practice firms’ reviews were in progress
> 16 listed public companies in progress
Review Policy
> All practices that audit publicly listed companies reviewed every 3 years
> All other practices reviewed every 5 years
2. Institute Inspection Review> 87.5% [85%] of practices were either
informed there was no further action required or that procedures were adequate, with only minor issues to address
> 12% [14%] had policies and procedures that were insufficient to comply with professional and legal requirements or did not adhere to existing policies and procedures
> <1% (1%) were referred to Institute disciplinary processes for investigation because of fundamental breaches of standards
2. Institute Inspection ReviewMajority are meeting independence
standards, but deficiencies noted were:
> Independence• Self Managed Superannuation Fund
audits
• Provision of accounting and audit
• Inadequate documentation in relation to threats to independence
2. Institute Inspection ReviewDeficiencies noted:
> Audit Engagements
• No evidence of planning documentation
• No internal controls or risk assessment prior to the audit work performed
• No subsequent events review documentation
• No evidence of going concern assessment
• No letters of engagement or representation
• Insufficient documentation surrounding independence considerations
2. Institute Inspection Review
Deficiencies noted:
> Compilation Engagements
• Did not specify they were Special Purpose Financial Reports
• Non-compliance with APS 9: Compilation of Financial Reports
• Errors in accounting and disclosure
2. Institute Inspection Review
Deficiencies noted:
> Training and development
• Failure to meet minimum hours of training and development R:7 Regulations relating to training development
• Failure to meet training and development re statutory audit registration
2. Institute Inspection Review
Improvements in Quality Control Systems
ARE
required across the majority of practices, in particular:
> Formal policies and procedures of quality control across the whole practice firm
> Training in the Code of Ethics for Professional Accountants
2. Institute Inspections
ASIC• Greater powers
to investigate
• Have access to all files
• No reported breaches of Corporations Act
Institute• Cooperative
approach
• Not have access to all files under privacy legislation
• Cannot access all records
3. Quality ControlWhy is it important?
> APES 320: Quality Control for Firms – Compulsory
> APES 110: Code of Ethics for Professional Accountants – Compulsory
> Legislative Requirements – CLERP 9
> Australian Auditing Standards – Force of Law
> Risk Management: Protect your REPUTATION AND INTEGRITY!!
3. Quality Control
3. Quality Control
APES 320: Quality Control for Firms
> Applicable from 1 July 2006
> More stringent QC than APS4/5
> Basic principles and essential procedures
> Firm wide system of quality control, not just audit
> Quality Control Manual/ QC Guide –http://www.charteredaccountants.com.au/resource_centre
> Quality Control Report (“QCR”)
3. Quality Control Mandatory requirement for every practice firm is to:
“Establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and professional requirements and that reports issued by the firm or engagement partners are appropriate to the circumstances” (APES 320(3))
3. Quality Control The key document to ensure compliance!
The “Quality Control Manual” (QCM)
Quality Control Guide and Checklist
Templates enclosed
Let’s surf the requirements…
3. Quality Control Elements of Quality Control
> Leadership responsibilities
> Ethical requirements
> Acceptance and continuance of client relationships and specific engagements
> Human resources
> Engagement performance
> Monitoring
3. Quality ControlLeadership Responsibilities - Policy
> Partners are committed to a high standard of quality on all engagements
> All staff required to be fully conversant with APES 110: Code of Ethics for Professional Accountants
> Quality will not be compromised by commercial considerations on assignments
> All partners and staff to follow policies and procedures
3. Quality Control
Leadership Responsibilities - Policy> Effective training key component to
quality maintenance> Mandatory training required for all staff> Sufficient resources devoted for the
development, documentation, and support of quality policies and procedures
> Annual performance reviews to include appraisal of commitment to quality, ethics, CPE, adherence to policies and procedures, and competency
3. Quality Control
Leadership Responsibilities
Procedures and Documentation
> Documented set of policies and procedures that reflect what the practice MUST do!
> This is to be documented in the Quality Control Manual
> Applies to the WHOLE firm, all services, all engagements!
3. Quality ControlEthical Requirements - Policy> Maintain a high standard of personal conduct to
avoid damage to:• Personal reputation• Firms’ reputation• Professional Accounting Body (Institute of
Chartered Accountants in Australia,CPA,NIA)> Mandatory compliance with APES110: Code of Ethics for Professional Accountants> Has force of law for Corporations Act audits
• Chapter 2M – Registered Schemes or Disclosing Entities
• Chapter 7 – Financial Services Licensees> Public Interest
3. Quality Control
Ethical Requirements
Fundamental Principles> Integrity
> Objectivity
> Independence
> Professional Competence and Due Care
> Confidentiality
> Professional Behaviour
3. Quality Control
Client Acceptance & ContinuancePolicy – Acceptance of New Clients
> Client integrity
> Cultural fit
> Firm’s ability to conduct engagement competently and within timeframe
> Ethical issues: perceived independence and conflict of interest threats
> Decision documented by engagement partner together with information collected on client file
3. Quality Control Client Acceptance & Continuance
Policy – Continuance
> Not continue engagement where not have accepted had information been available earlier
> Report events of lack of integrity of client to partner
> Partner to consider professional and legal responsibilities and make effort to resolve
> Must document resolution or decision to withdraw from engagement on client file
3. Quality Control Client Acceptance & Continuance
Procedures – Key Documents
> Client Screening Questionnaire> New Client Form> Welcome Letter> Ethical Letter> New Client Acceptance Checklist> Client Engagement Task Checklist> Client Retention Checklist> Lost Client Form> Disengagement Letter
3. Quality ControlHuman Resources - Policy> Sufficient personnel > Appropriate competence and
capabilities> Partner responsibility for HR issues> Policies and procedures to be monitored> Commitment to ethical principles
• Performance appraisals, promotion, and remuneration
• Non compliance – counselled and/or disciplined
3. Quality Control Human Resources - Procedures> Recruitment
• Job descriptions
• Candidate selection
• Probation reviews
> Performance evaluation/promotion/remuneration
• Six monthly interactive performance evaluation
• Recognition, feedback, and advancement
• Compliance with policies and procedures
• Appropriate remuneration re performance and industry standards
3. Quality Control Human Resources - Procedures> Capabilities/competence/career
development
• Relevant training
• Maintenance of CPE requirements
• On the job coaching and mentoring> Assignment to engagements
• Depends on complexity of assignment and ability of staff member
• Supervision
• Engagement planning
• Monitoring of work in progress and milestones
3. Quality Control Human Resources - Key Documents
> Human Resource Policy
> Job Descriptions
> Candidate Interview and Evaluation Checklist
> New Staff Orientation Checklist
> Professional Staff Performance Review
> Administrative Staff Performance Review
> Training and Development Record
3. Quality Control
Engagement Performance - Policy> Consistency in quality of engagements
performed> Achieved through
• Use of up to date manuals• Industry standard software• Template documents• Guidance Material• Pre engagement briefings to set
objectives and tasks• Contentious/difficult matters referred
to engagement partner for resolution
3. Quality Control
Engagement Performance - Procedures
> Supervision
> Review
> Training and coaching
> Consultations and referrals
> Engagement documentation
3. Quality Control Engagement Performance – Key Documents> Client Acceptance and Continuance docs> Work Control Form> Job entered into firm’s workflow system
(APS)> Timesheets completed and entered> Work in progress produced and
monitored> Workflow reviewed by team> Document consultation/referral on
Checklist for Use of Outside Consultant
3. Quality Control
Monitoring - Policy
> Quality Control System has to be:
• Relevant
• Adequate
• Operating effectively
• Complied with
3. Quality Control Monitoring - Procedures
Ongoing Evaluation - Firm wide
> Periodic inspections of completed engagements
• Internal reviews – all service lines
• Peer reviews – other office in network
• Institute review – every 3 years
• ASIC inspection – anytime??!
• Emphasis on independence and audit quality (listed)
3. Quality Control
Monitoring - Procedures
Individual Engagement
> Engagement partner reviews all reports/returns before issue to client
> Review for adherence to policies and procedures (QC completion documentation)
> Resolution of identified issues or errors encountered
> Regular meetings with staff will discuss QC matters
3. Quality Control Monitoring - Key Documents
> Monitoring Policy Statement
> Job Review Form
> Firm Feedback Form
> System Review
> Quality Culture Assessment
> Client Complaint Record
3. Quality Control
Documentation - Policy
> Appropriate documentation in place as EVIDENCE
of the operation of EACH element of its system of quality control
> Quality Control Manual includes all policies and procedures to be available to all staff
> You are expected to fully understand the contents and ensure compliance in day to day completion of tasks
3. Quality Control
Final Product- Detailed Policies and Procedures> Leadership responsibilities
> Ethical requirements
> Acceptance and continuance of client relationships and specific engagements
> Human resources
> Engagement performance
> Monitoring
3. Quality Control
Nexia QCR Report
4. Network Firm Definition> Revised definition of “network firms”
that the APESB has adopted
> Applicable in Australia 1 July 2008
> Old definition criticised as too focused on control
> Revised definition looks at how networks operate
4. Network Firm DefinitionConsidered a Network when there is a larger
structure aimed at cooperation and one of the following applies: -
> Profit or cost sharing among the entities
> Shares common ownership, control or management
> Has common quality control policies and procedures
> Has common business strategy;
> Uses a common brand name or common initials;
> Shares a significant part of professional resources
4. Network Firm Definition
Consider:
> Impact on firm
> Implement independence processes and policies across affiliation
> Reference to being a member of an association of firms in stationery and promotional material could suggest that a firm is a member of a network firm!
5. Implementation Strategy> Set “Tone at the Top” - all partners to
commit
> Incorporate into strategic plan
> Conduct preliminary awareness training
> Establish element champions
> Undertake detailed gap analysis
> Update QCM policies and procedures
> Address ASIC and Institute concerns
5. Implementation Strategy> Incorporate into induction program and
office policies and procedures manual
> Complete QCR checklist
> Practice approval
> Detailed training of new procedures
> Maintain document repository
> Plan annual review and update
> Implement internal review procedures, including reporting of findings
6. Useful Implementation Tools1) QCM template and QC Guide from
Institute website (or email me for Nexia version)
2) Audit independence checklist from Institute
3) ASIC Concerns Questionnaire and Action Plan
4) Quality Control Review Report
5) Committed project partners and staff
ConclusionRemember:
“IF IT IS NOT DOCUMENTED,
IT IS NOT DONE!” Lee White, Chief Accountant, ASIC
Therefore this is not a nice to have…it is a
MUST HAVE!
THANK YOU!
YOUR TURN!!