Audit Quality: IAASB Framework and Guidance on Control under ISA 220
Updated: Nov 23, 2020
In ACCA Advanced Audit and Assurance (AAA) exam, audit quality is always a hot topic. There are two publications about audit quality which are -
IAASB Framework for Audit Quality;
ISA 220 Quality Control for an Audit of Financial Statements.
IAASB Framework for Audit Quality describes the input, process and output of factors that play an important role in determining the audit quality of engagement, the audit firm and national levels. It is the framework for every auditor to know the basics of audit quality.
Background of IAASB Framework for Audit Quality
The users of financial statements require information to be provided to them that is relevant, reliable and timely. For them to trust this data, an external audit of the financial statement is required. Therefore, the audit must meet a certain quality standard for it to be useful and trusted by the users.
Therefore, the IAASB developed the framework to provide auditors with an idea of what audit quality means and to provide them with an insight to the key elements that create an environment for audit quality.
The objectives of the framework include raising awareness about the key elements of audit quality, encouraging key stakeholders to explore ways to improve audit quality and facilitating greater dialogue between key stakeholders on the topic of audit quality.
Key elements of the framework
There are three key elements of the framework, inputs, process and outputs.
Inputs within the framework refer to the values, ethics and attitudes of auditors, which in turn, are influenced by the culture prevailing within the audit firm.
Furthermore, inputs also refer to the knowledge, skills, and experience of the auditors and the time allocated for them to perform the audit.
Process within the framework refers to the application of rigorous audit process and quality control procedures that comply with applicable standards, laws and regulations.
In the context of this framework, outputs refer to reports and information that are formally prepared and presented by the one party to another, in this case, by the auditor to the business. These outputs also include outputs that arise from the auditing process that are generally not visible to those outside the audited organization.
The outputs from the audit are often determined by the context, including legislative requirements. While some stakeholders can influence the nature of the outputs, others have less influence. Indeed, for some stakeholders, such as investors in listed companies, the auditor’s report is the primary output.
Key interactions within the financial reporting supply chain
The framework also defines the key interaction within the financial reporting supply chain. The stakeholders in the financial reporting supply chain include users, management, those charged with governance and regulators. These stakeholders play an important role in supporting high-quality financial reporting.
The said interactions will depend on the context in which the audit is being performed while also allowing a dynamic relationship to exist between inputs and outputs.
According to the standard, there are several contextual factors, such as laws and regulations and corporate governance, which can impact the nature and the quality of the financial reporting process, and through that, directly or indirectly, the audit quality. These factors are dealt with when obtaining sufficient appropriate audit evidence.
ISA 220 - Quality Control for an Audit of Financial Statements
In ACCA Advanced Audit and Assurance (AAA) exam, audit quality control is another key topic. You are require to apply the knowledge of quality control to a given scenario and it has appeared several times in past papers.
ISA 220 Quality Control for an Audit of Financial Statements is the international standard on auditing that deals with the responsibilities of auditors related to the quality control of the auditing process. It provides guidance to auditor what they need to do to ensure quality control in the engagement.
This standard defines the objective of auditors when it comes to the quality control procedures implemented for an audit assignment. Regarding the objectives of auditors related to quality control, the standard states:
The objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that:
(a) The audit complies with professional standards and applicable legal and regulatory requirements; and
(b) The auditor’s report issued is appropriate in the circumstances.
The standard also specifies the role of an engagement quality control reviewer, where applicable. In addition, it contains instructions regarding to leadership responsibilities for quality on audits. ISA 220 states that:
The engagement partner shall take responsibility for the overall quality on each audit engagement to which that partner is assigned.
This means that the overall responsibility of ensuring quality in an audit assignment ultimately resides with the audit engagement partner.
The audit engagement partner sets the tone for quality control by their actions and their communications with other members of the audit engagement team. Moreover, the partner also dictates the quality of work required from an audit assignment.
Relevant ethical requirements, in particular, independence
Ethical requirements are another key consideration in audit quality control. Under ISA 220, it says:
- Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of non-compliance with relevant ethical requirements by members of the engagement team.
- If matters come to the engagement partner’s attention through the firm’s system of quality control or otherwise that indicate that members of the engagement team have not complied with relevant ethical requirements, the engagement partner, in consultation with others in the firm, shall determine the appropriate action.
The second point above indicates the engagement partner has the responsibility to ensure the members in engagement team should comply with relevant ethical requirements. It moves to next important area which is independence. To form a conclusion on compliance with independence requirements to the audit engagement, the engagement partner shall:
a. Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence;
b. Evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to determine whether they create a threat to independence for the audit engagement; and
c. Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is possible under applicable law or regulation. The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action.
Ethical standards are defined by the IESBA Code. If the audit engagement partner identifies any threat to independence, they should apply safeguards to either eliminate the threat or reduce it to an acceptable level.
If proper safeguards cannot be applied, the partner may consider withdrawing from the audit engagement if the applicable laws and regulations allow it.
Acceptance and continuance of client relationships and audit engagements
Appropriate procedures to accept and continue of client relationships and audit engagements have to be followed by engagement partner. The partner has to decide whether he is satisfied of those procedures and conclusions reached.
In addition, the audit firm shall obtain any information that is necessary for the circumstances before accepting an engagement with a new client or when agreeing to continue an existing engagement.
This will include considering the integrity of the owners, the management and those charged with governance of the business, considering whether the engagement team is competent to perform the audit engagement, whether the firm has enough resources to complete the engagement within the set time, whether the firm can comply with relevant ethical requirements and whether any significant matters arose during the current or previous engagements.
In case the partner comes across any information that would have caused the engagement to be not accepted in the first place, then the partner should discuss the matter with the firm for any actions to be taken.
Assignment of engagement teams
Audit engagement team members should be competent and capable for the audit assignement. The engagement partner has to satisfy the team members to:
a. Perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements; and
b. Enable an auditor’s report that is appropriate in the circumstances to be issued.
The engagement team of an audit assignment must include members that are experts in accounting or auditing.
The audit firm may also have consultants for an engagement but these consultants are not considered a part of the engagement team. Consultants are people that are not directly involved in the audit engagement.
When considering appropriate team members for the engagement, the audit partner must take into consideration some matters regarding the expertise, knowledge and experience of the team members.
Regarding engagement performance, the standard states that the engagement partner should take responsibility for the direction, supervision and performance of the audit team.
It’s no doubt the audit engagement partner should take responsibility for the review of the work of the audit team members according to the firm’s review policies and procedures. This can be done by a through a review of the audit documentation and discussion with the audit team before the report date.
The engagement partner should also take responsibility for consulting the audit team on difficult or contentious matters. Besides, the partner should ensure that team members undertake appropriate consultation during the engagement.
The partner must be satisfied with the nature and scope of the consultations and any results obtained from it. It’s important that the audit partner should ensure the conclusions determined from these consultations have been implemented.
The standard also requires the audit partner to carry out an engagement quality control review for the audit of listed entities and for other entities where applicable. The audit partner shall assign an engagement quality control reviewer who will discuss significant matters arising during the review and ensure the audit report is not signed until the review is complete.
What the reviewer does is to review areas within the audit where the engagement team has made significant judgments. Moreover, the reviewer also checks whether all the other above listed considerations have been considered.
Monitoring and documentation
Another part under ISA 220 of quality control is monitoring. The standard states that the firm should have an effective monitoring process to obtain reasonable assurance that the firm’s quality control policies are relevant, adequate and effective.
The results of the monitoring process should be reviewed by the engagement partner who should also check if any deficiencies within the process can affect the audit engagement.
Last but not the least, the standard requires auditor should include audit documentation regarding all of the above-mentioned factors. The engagement quality control reviewer should also document that the procedures required by the firm’s policies regarding quality control for the engagement have been performed, the engagement quality control review has been completed before or on the audit report date and there are no unresolved matters that the reviewer is aware of.
To sum up...
The framework contributes the principles an auditor should know about to ensure audit quality. ISA 220 states all detailed guidance and procedures to a firm and engagement audit partner on how to control audit quality. Understand both of them well can help you to answer the audit quality questions in ACCA AAA exam.
If you find this article is helpful and you want to help others too, just share it in any social media (such as Facebook, LinkedIn).