AICPAGovernmental Audit Quality Center
Member Conference Callon
The New Standards on Quality Control and Practical Implementation Tips
May 14, 2009
What we will cover?What we will cover?• Provide an overview of the requirements of Statement on Quality
Control Standards (SQCS) No. 7
• Discuss the elements of a system of quality control;
• Provide practical tips for implementing SQCS No. 7 in your governmental audit practices;
• Brief you on the quality control requirements of Government Auditing Standards and how they relate to SQCS No. 7; and
• Review the additional GAQC membership requirements relating to your system of quality control and tips for implementing them.
3
Overview of Statement on Quality Control Standards
(SQCS) No. 7, A Firm’s System of Quality Control (AICPA, Professional Standards, vol. 2, QC sec. 10)
4
SQCS No. 7• Issued October 2007
• Supersedes all previous SQCSs
• Effective as of January 1, 2009
• Compliance with PCAOB QC standards does not automatically mean compliance with SQCS 7.
5
SQCS No. 7
The firm must establish a system of quality control designed to provide it with reasonable assurance that:– The firm and its personnel comply with
professional standards and applicable regulatory and legal requirements, and
– Reports issued are appropriate in the circumstances
6
SQCS No. 7
A system of quality control consists of:
• Policies designed to achieve these objectives and
• The procedures necessary to implement and monitor compliance with those policies.
7
SQCS No. 7Documentation and Communication• Required to document QC policies and
procedures.– Extent based on firm characteristics
• Required to communicate QC policies and procedures to personnel.– More effective if in writing, but not required to
be.
8
Required Elements of QC System
• Leadership responsibilities for quality within the firm (the “tone at the top”)
• Relevant ethical requirements• Acceptance and continuance of client
relationships and specific engagements• Human resources• Engagement performance• Monitoring
10
Tone at the Top
Policies
• Require the firm’s leadership to assume ultimate responsibility for the QC system.
• Assign management responsibilities so that commercial considerations do not override the quality of work performed.
12
Tone at the Top
Policies (Cont’d)• Assign operational responsibility to appropriate
personnel (experience, ability, authority)• Address personnel performance evaluation,
compensation and advancement to demonstrate the firm’s overarching commitment to quality.
• Devote resources to developing, communicating, and supporting QC policies and procedures.
13
Relevant Ethical Requirements
Objective Reasonable assurance that the firm and its
personnel comply with relevant ethical requirements.
• Independence• Objectivity• Integrity
14
Relevant Ethical Requirements
Policies
• Require personnel to comply with relevant ethical requirements
• Communicate independence requirements to personnel
• Identify and evaluate threats• Withdraw from engagements if effective
safeguards to reduce threats to independence acceptably cannot be applied
15
Relevant Ethical Requirements
Policies (Cont’d)
• Annually obtain written confirmation from all personnel required to be independent
• Confirm independence of another firm who performs part of the engagement
• Rotate personnel for audits or attest engagements where required by regulation
16
Acceptance and Continuance of Client Relationships and Specific Engagements
Objective - Firm should undertake or continue relationships and engagements only where it:
• Has considered the integrity of the client and the risks associated with providing professional services in the particular circumstances.
• Is competent to perform the engagement and has the capabilities and resources to do so.
• Can comply with legal and ethical requirements.
• Has reached an understanding with the client regarding the services to be performed.
17
Acceptance and Continuance of Client Relationships and Specific Engagements
Policies
• Evaluate management’s integrity and consider risks of engagement
• Evaluate whether engagement can be performed with professional competence; undertake only those engagements firm has capabilities, resources and competence to perform; and periodically evaluate whether relationship should be continued
18
Acceptance and Continuance of Client Relationships and Specific Engagements
Policies (Cont’d)• Obtain an understanding with the client
regarding the services to be performed, preferably in writing.
• Establish procedures on withdrawal from an engagement or from both the engagement and the client relationship
• Document how issues were resolved.
19
Human Resources
Objective Reasonable assurance of sufficient personnel with
the necessary capabilities, competence and commitment to ethical principles to perform the engagements and enable the firms to issue appropriate reports.
20
Human Resources
Policies and procedures should address:– Recruitment and hiring, if applicable;– Determining capabilities and competencies;– Assigning personnel to engagements, if
applicable;– Professional development; and– Performance evaluation, compensation and
advancement.
21
Engagement Performance
Objectives
Engagements are consistently performed in accordance with professional standards and regulatory and legal requirements, and the firm or the engagement partner issues reports that are appropriate in the circumstances.
22
Engagement Performance
Policies• Plan all engagements to meet professional, regulatory,
and the firm’s requirements.• Perform work and issue reports and other
communications that meet professional, regulatory, and the firm’s requirements.
• Require that work performed by other team members be reviewed by qualified engagement team members, which may include the engagement partner, on a timely basis.
23
Engagement Performance
Detailed guidance on• Engagement performance (plan and execute)• Supervision responsibilities• Review responsibilities• Engagement documentation• Consultation policies and procedures • Resolution of differences of opinions, including a
requirement that reports not be released until the differences of opinions are resolved.
24
Planning Procedures• Assign engagement team• Update client information and obtain engagement letter• Prepare planning document
– Work programs tailored to engagement– Staffing requirements and need for specialized knowledge– Risk assessment – economic conditions and fraud
considerations– Budget with sufficient time
25
Supervision Procedures• Tracking the progress of the engagement;
• Considering the capabilities and competence of individual members of the engagement team, whether they have sufficient time to carry out their work, whether they understand their instructions, and whether the work is being carried out in accordance with the planned approach to the engagement;
• Addressing significant issues arising during the engagement, considering their significance, and appropriately modifying the planned approach; and
• Identifying matters for consultation or consideration by more-experienced engagement team members during the engagement.
26
Review Responsibilities Policies
Determined on the basis that qualified engagement team members, which may include the engagement partner, review work performed by other team members on a timely basis.
27
Review Checklist• Has the work been performed in accordance with professional standards
and regulatory and legal requirements?
• Have significant findings and issues been raised for further consideration?
• Have appropriate consultations taken place and have the resulting conclusions have been documented and implemented?
• Is the nature, timing, and extent of work performed appropriate and without need for revision?
• Does the work performed support the conclusions reached and is it appropriately documented?
• Is the evidence obtained sufficient and appropriate to support the report?
• Have the objectives of the engagement procedures been achieved?
28
Engagement Documentation Policies• Require the engagement team to complete the
assembly of final engagement files on a timely basis.
• Establish procedures to maintain the confidentiality, safe custody, integrity, accessibility, and retrievability of engagement documentation.
• Require the retention of engagement documentation for a period of time sufficient to meet the needs of the firm, professional standards, laws, and regulations.
29
Consultation Policies• Consultation takes place when appropriate (for example,
when dealing with complex, unusual, unfamiliar, difficult, or contentious issues)
• Sufficient and appropriate resources are available to enable appropriate consultation to take place
• All the relevant facts known to the engagement team are provided to those consulted
• The nature, scope, and conclusions of such consultations are documented
• The conclusions resulting from such consultations are implemented
30
Differences of Opinion - Policies
Within the engagement team, with those consulted, and between the engagement partner and engagement quality control reviewer
• Conclusions reached are documented and implemented
• The report is not released until the matter is resolved
31
Engagement Quality Control Review (EQCR)
• Establish criteria for determining whether an engagement quality control review should be performed,
• Evaluate all engagements against the criteria• Perform an engagement quality control review for all
engagements that meet the criteria, and complete the review before the report is released.
• Establish procedures addressing the nature, timing, extent and documentation of the engagement quality control review.
32
EQCR - Procedures• An objective evaluation of the significant judgments made by the
engagement team, and the conclusions reached in formulating the report.
• Reading the financial statements or other subject matter information and the report, and consideration of whether the report is appropriate.
• Review of selected engagement documentation relating to the significant judgments the engagement team made and the conclusions they reached
• Discussion with the engagement partner regarding significant findings and issues.
• Extent depends on the complexity of the engagement and the risk that the report might not be appropriate in the circumstances.
33
Monitoring
Objective – reasonable assurance that QC policies and procedures are
• Relevant
• Adequate
• Operating effectively
• Complied with in practice
34
Monitoring - Requirements
• Ongoing evaluation of appropriateness of design and operating effectiveness
• Assign responsibility for the monitoring process to a partner.
• Assign performance of the monitoring process to competent individuals.
• Perform sufficiently comprehensive procedures.
35
Monitoring Procedures– Review of selected administrative and personnel
records pertaining to the quality control elements– Review of engagement working papers, reports, and
clients' financial statements– Discussions with the firm's personnel– Summarization of the findings from the monitoring
procedures, at least annually, and consideration of the systemic causes of findings that indicate that improvements are needed
36
Monitoring Procedures cont’d
– Determination of any corrective actions to be taken or improvements to be made with respect to the specific engagements reviewed or the firm's quality control policies and procedures
– Communication of the identified findings to appropriate firm management personnel
– Consideration of findings by appropriate firm management personnel who should also determine that any actions necessary, including necessary modifications to the quality control system, are taken on a timely basis
37
• Assessment of
– The appropriateness of the firm’s guidance materials and any practice aids;
– New developments in professional standards and regulatory and legal requirements and how they are reflected in the firm’s policies and procedures where appropriate;
– Compliance with policies and procedures on independence;
– The effectiveness of continuing professional development, including training;
– Decisions related to acceptance and continuance of client relationships and specific engagements; and
– Firm personnel’s understanding of the firm’s quality control policies and procedures and implementation thereof.
38
Monitoring Procedures cont’d
Monitoring
Monitoring procedures may be accomplished through the performance of:
• Engagement quality control review• Post-issuance review of engagement working
papers, reports, and clients’ financial statements for selected engagements
• Inspection procedures
39
Monitoring
Self-inspection
• Not prohibited
• Higher risk that noncompliance with policies and procedures will not be detected
40
Monitoring - Communication
To engagement partners and others:
• Deficiencies noted as a result of the monitoring process
• Recommendations for appropriate remedial action.
To all relevant personnel:
• Monitoring results at least annually.
41
Monitoring • Procedures to deal appropriately with
complaints and allegations– Clear channels for personnel to raise
concerns without fear of reprisal– Documentation of complaints and responses
42
Monitoring - Documentation
• Document evidence of the operation of each element of its system of quality control. – Form and content based on firm
characteristics• Retain this documentation for a period of time
sufficient to permit those performing monitoring procedures and peer review to evaluate the firm’s compliance.
43
SQCS No. 7 - Practice AidSQCS No. 7 - Practice Aid
AICPA Audit and Accounting Practice Aid Series:
Establishing and Maintaining a System of Quality Control for a CPA Firm’s Accounting and
Auditing Practice
Available at http://www.aicpa.org/download/members/div/auditstd/System_of_Quality_Control_Practice_Aid.pdf
44
Tips for Implementing SQCS No. 7
• Do you update your current Quality Control document or start over?
• It is important to remember that your Quality Control Document is fluid– Improving your document is ongoing.– Keep prior versions with noted effective dates.
46
Tips for Implementing SQCS No. 7
• Areas we struggled with:– Engagement quality review criteria.– EQCR reviewer being independent to the
engagement.– Acceptance and continuation of client
relationship documentation.– Complaints and allegations.
47
Yellow Book QC Requirements
• July 2007 Revisions to Yellow Book– Supersedes the Jan. 2007 and 2003 revisions– Enhanced and clarified the requirements for
an audit organization’s system of quality control by specifying the elements of quality that an organization’s policies and procedures collectively address
– Added a requirement that external audit organizations make their most recent peer review report publicly available
49
Yellow Book QC Requirements
• Paragraph 3.50 – 3.54 discuss QC Requirements
• Requirements for system of quality control are consistent with the AICPA proposed statement on Quality Control Standards except that the GAGAS requirements state that reviews of the work and the report that are normally part of supervision are not monitoring controls when used alone
50
Yellow Book QC Requirements• Those audit organizations seeking to enter into a
contract to perform a GAGAS audit or attestation engagement should provide the following to the party contracting for such services – The audit organization’s most recent peer review
report and any letter of comment– Any subsequent peer review reports and letters of
comment received during the period of the contract• Auditors who are using another audit organization’s work
should request– The audit organization’s latest peer review report– Any letter of comment
51
Yellow Book QC Requirements• Must document & communicate• Policies must address:
– Leadership Responsibilities– Independence, Legal & Ethical Requirements– Initiation, Acceptance and Continuance of
Engagements– Human Resources– Engagement performance, documentation and
reporting– Monitoring
52
Yellow Book QC Requirements• Monitoring:
– Purpose:• Ensure adherence to requirements• Ensure QC is appropriately designed• Ensure QC policies & procedures are operating
effectively
53
Yellow Book QC Requirements• Monitoring:
– Engagement Supervision Alone is not Monitoring– Audit organizations to analyze and summarize the
results of monitoring procedures at least annually• Include identification of any systemic issues
needing improvement• Include recommendations for corrective action
– Should be performed by individuals that collectively have sufficient expertise and authority
54
GAQC Membership Requirements
• Policies & Procedures:– GAQC Policies to be Addressed in QC
Document• Identify Designated Partner• Client Acceptance and Retention• Engagement Performance and Review• Training and Supervision• Internal Inspection • Peer Review
56
GAQC Membership Requirements
• Policies & Procedures con’t:– Methods of documenting:
• Revise the firm’s QC document to address the governmental audit practice to comply with applicable professional standards and Center membership requirements.
• Prepare an addendum to the firm’s existing QC Document
57
GAQC Membership Requirements
• Policies & Procedures con’t:– Communicate
• Circulate the revised firm QC document • Establish training to inform audit staff of the firm’s
QC policies and procedures • Circulate communication to audit staff regarding
the firm’s QC policies and procedures • Link to QC document on the firm’s intranet
58
GAQC Membership Requirements
• Annual Internal Inspections:– Required to establish annual internal inspection procedures that
include a review of the firm's governmental audit practice (that is, all audits performed under Government Auditing Standards)
– Reviewer should have current experience & knowledge of governmental auditing and accounting practices
– Engagements inspected should be representative of the firm’s governmental audit practice (e.g., single audits, program-specific audits, HUD audits, etc.) and the firm locations those audits are performed in
– Inspection results should be made available to peer reviewer
59
GAQC Membership Requirements• Annual Internal Inspections con’t:
– Firm’s monitoring process should Include a review of the firm’s compliance with GAQC membership requirements
– A peer review is not a substitute for monitoring procedures
– However, consistent with AICPA quality control standards, the peer review may substitute for some or all of its inspection procedures for the period covered by the peer review.
60
GAQC Membership Requirements• Annual Internal Inspections con’t:
– Developing an Governmental Audit Practice Self-Inspection Strategy
• Begin with the inventory of your governmental audits audits (that is, all performed under Government Auditing Standards)
• Consider:– When is the best time of year to conduct this review?
– Who should perform the review?
– How long will it take?
– How are we going to communicate the results?
– What about multi-office issues?
– How it differs from concurring partner reviews?
• Obtain AICPA peer review checklist or develop firm checklist
61
GAQC Membership Requirements• DAQP - Designating an audit partner to have firm-wide responsibility for the
quality of the firm's governmental audit practice.
• Having all audit partners of the firm residing in the United States and eligible for AICPA membership be members of the AICPA.
• Ensuring that the DAQP meets the yellow book CPE requirements, even if that partner would not otherwise be subject to those CPE requirements.
• DAQP must participate in an annual Center-sponsored Webcast on recent developments in governmental auditing.
• Making publicly available information about the firm’s most recently accepted peer review as determined by the Executive Committee.
• Having firm’s governmental audits selected as part of the firms peer review reviewed by a peer review team member who is employed by a Center member firm.
62
GAQC Membership Requirements• Use the Q&A document on GAQC membership
requirements located at:
http://gaqc.aicpa.org/Memberships/Q+and+A+Membership+Requirements.htm
(Note: This document is being updated for SQCS 7 however, it currently contains very useful and relevant information about GAQC membership requirements.)
63