Quality Control for Assurance Engagements
Details on two new generally accepted auditing standards.
While it has yet to be conclusively proven that the well-publicized financial failures of the past few years were the result of audit failures, action has been taken to address concerns related to audit quality. In February 2004, the IFAC International Auditing and Assurance Standards Board (IAASB) released
ISQC-1,Quality Control for Firms That Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements, to establish basic principles and essential procedures, and to provide guidance on a firm's responsibilities for its system of quality control for audits, reviews, and assurance engagements. IAASB also published
ISA 220,Quality Control for Audits of Historical Financial Information, to provide direction to practitioners who provide assurance services.
Canadian standard-setters have developed similar requirements. In
August 2004, the Audit and Assurance Standards Board (AASB) updated the
Handbook to include new standards relevant to quality control at both the firm and assurance engagement levels. What is especially noteworthy is that these two new standards are the first ones to be published in the Handbook that are outside assurance standards, yet form part of generally accepted auditing standards (GAAS).
New AASB Standards
General Standards of Quality Control for Firms Performing Assurance Engagements
(GSF-QC), provides guidance on quality control policies and procedures to be established by firms or legislative audit offices that perform assurance engagements. It requires those organizations to establish a system of quality control to provide reasonable assurance that the firm and its representatives comply with professional standards, regulatory and legal requirements, and that reports issued are appropriate.
In order to comply with the standard, a firm will have to establish policies and procedures designed to provide reasonable assurance that:
- the firm and its personnel have maintained independence in all required circumstances, and any breaches of independence requirements have been brought to the attention of the appropriate firm personnel;
- personnel possess the competencies and commitment to ethical principles necessary to perform assurance engagements, and all personnel assigned to an engagement collectively possess the competencies necessary to complete the engagement;
- the firm has identified and considered the impact of potential sources of risks associated with a client relationship or a specific assurance engagement;
- its system for quality control is appropriate under the circumstances and is operating effectively, and any weaknesses identified as a result of the monitoring process are evaluated appropriately; and
- it deals appropriately with complaints and allegations that its work fails to comply with professional standards and regulatory and legal requirements.
In addition, a firm is required to establish policies and procedures such that a quality control review will be done for all audit engagements of a public enterprise. The policies should require that documentation about each element of the firm's quality control system is provided. Finally, the policies should provide criteria for considering whether such a review should be performed for non-public audit or other assurance engagements. These requirements become effective
January 1, 2005, so a system of quality control must be in place by that date for firms that perform assurance engagements.
Just as the IAASB issued ISA 220, the AASB issued a new
Handbook section —
Section 5030 — entitled
Quality Control Procedures for Assurance Engagements. This section establishes standards and provides guidance on the specific quality control procedures to be performed by teams conducting assurance engagements.
Section 5030 now requires that the assurance team implement quality control procedures that are applicable to the individual assurance engagement. The section also sets out specific responsibilities for practitioners concerning the performance of each assurance engagement. Note that unlike
GSF-QC,Section 5030 refers to
assurance engagements rather than
audit engagements. The ambit of the section is considerably larger. In fact,
paragraph 5030.01 specifically directs the practitioner to read the section in conjunction with
Section 5025, and recommendations of the
Handbook, which taken together, "...establish a framework and set out the standards for performing assurance engagements."
Section 5030 sets the tone by providing specific guidance regarding the quality of the work performed and the promotion of a quality-oriented culture. It also builds on the general framework of
GSF-QC and the ethical code followed by practitioners. For example,
paragraph 5030.15 outlines compliance by the assurance team with applicable ethical requirements, including independence requirements, set out in the rules of professional conduct/code of ethics applicable to the practice of public accounting directed to practitioners and other members of the assurance team when performing assurance engagements. Further, the practitioner should form a conclusion on compliance with independence requirements that apply to the assurance engagement before any work is performed on the engagement.
Section 5030 also deals with various aspects of engagement performance. For example, it addresses matters such as planning, supervision and review, consultation, resolving differences of opinion, and ensuring that an engagement quality control review is performed when required.
The requirements of Section 5030 are effective for assurance engagements concerning financial statements and financial reports for periods commencing on or after
January 1, 2005.
CGA-Canada issued a
Practice Alert to subscribers of the
Public Practice Manual in the fall of 2004. It is expected that an update to the assurance volume of the
Manual will be sent to subscribers by
year-end 2005. The update will provide detailed guidance on the policies, procedures, and documentation necessary to implement these two new sections on quality control, including checklists. It will be prepared especially for small and
It must be stressed that compliance with these standards is
All firms, whether CGA firms or CA firms, sole proprietorships or partnerships, must comply with these requirements. They are part of GAAS, and practice reviewers will be on the lookout to ensure that policies and procedures are in place for next year's implementation dates.