Abstract image of a woman sitting on books and studying on a laptop

ICAI Peer Review: Compliance with framework of quality control

Khurshed Pastakia, profile picture
Khurshed Pastakia

The peer reviewer selects audit files from the practice unit (PU) for review. For each file, the reviewer understands the audit approach and risks identified by the engagement team. The reviewer inspects documentation of risk assessment, planning, controls testing, and other audit procedures to evaluate compliance with standards. If documentation is insufficient or does not support the work done, it is a major weakness. The reviewer aims to determine if the PU has performed risk-based audits and obtained sufficient evidence as required.

Presentations & Public Speaking
1 of 77
Downloaded 66 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Peer Review – Compliance with framework of Quality Control: General and Specific Controls and Compliance with Documentation Khurshed Pastakia Mumbai, October 11, 2014
Agenda of this presentation •Peer review •What are quality controls in the context of peer review? •Review of general controls •Review of specific controls – additional procedures •Documentation •Questions
Peer review
Peer review •The objective of peer review is to understand the quality of assurance work done by PUs and to point out instances of weakness for the PU to remediate •Many PUs in India are longstanding practices, many of them several generations old – these may have culture and traditions that are no longer in tune with the changing risk scenario in which we operate today nor with the new mandatory accounting and auditing standards
…Peer review •They must often change, who would be constant in happiness or wisdom. ~ Confucius •When we are no longer able to change a situation, we are challenged to change ourselves. ~ Victor Frankl •It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. ~ attributed to Charles Darwin
…Peer review •The raison d’être of peer review is for our fraternity to reach out and help each other raise the bar of quality in all that we do as professional brethren •Nothing is achieved without labour – we need to unlearn the old and relearn the new: at any age, a CA is always a student •To be a peer reviewer is a greater challenge than being a reviewee – you need to know before you can challenge!
What are quality controls in the context of peer review?
Role of controls testing in peer review •What are controls? - preventive, detective •Their importance oCOSO framework: Control environment, risk assessment, control activities, information and communication, monitoring •Controls testing (compliance approach) v substantive testing (substantive approach) •Tests of design, implementation and operating effectiveness •Controls testing methods in peer review oInquiry, corroborated by inspection of documents
Types of controls in peer review •General controls (SQCs) oThese are quality controls at the firm level, designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements and that reports issued by the firm or engagement partner are appropriate in the circumstances •Specific controls (SAs, SAEs, SREs) oThese are controls at the engagement level, designed to ensure that the ET plans and performs an assurance engagement in compliance with the standards on auditing or review and other regulatory and legal requirements
Review of general controls
Change in concept of general controls •Earlier there were 5 general controls – oIndependence, maintenance of professional skills and standards, outside consultation, staff supervision and development, and office administration •Now, SQC 1 has codified all these aspects into one Quality Control Standard – mandatory wef 1st April 2009 and has 6 elements – oLeadership responsibilities for quality within the firm, ethical requirements, acceptance and continuance of client relationships and specific engagements, human resources, engagement performance, and monitoring
What is SQC 1? •Q: Do SQC 1 requirements apply to all firms? •A: Yes •Q: Are there any exemptions for small firms? •A: No, but the nature of policies and procedures that a small firm is expected to follow may depend upon factors like its size, operating characteristics and whether it is part of a network •Q: What is the peer reviewer’s responsibility for this? •A: A peer reviewer is expected to test if the PU has complied with SQC 1 and, if not, to determine that the PU has failed in complying with general controls
What does SQC 1 require a firm to do? •To establish and communicate QC policies and procedures – based on guidance provided •To implement those standards in its day to day practice •To monitor the implementation and effectiveness of the QC policies and procedures that it has adopted •The peer reviewer has to evaluate and report if the PU has done all of the above
Documentation and communication of QC •QC policies and procedures that are established by the firm must be (a) documented, (b) communicated to the firm’s personnel •Such communication oDescribes the policies and their objectives oEmphasizes that each individual has personal responsibility for quality and is expected to comply with the policies oExplains that the firm encourages its personnel to communicate their views/ concerns on QC matters
1st element – Leadership responsibilities •Tone at the top to be set for quality and its message to percolate down the line •QC to tie in to partner/ staff appraisals •Commercial considerations must not override quality of work and reporting •Sufficient resources are devoted to develop, document and support quality control policies and procedures •Firm’s quality controller to have sufficient and appropriate experience, ability and authority
2nd element – Ethical requirements •Code of Ethics oIntegrity, objectivity, professional competence and due care, confidentiality, and professional behaviour •Independence oIndependence Policies to be made based on the “threats and safeguards” approach
What are “threats” to independence? •Self-interest threat oAuditor could benefit from an interest •Self-review threat oAuditor audits his own work •Advocacy threat oAuditor promotes client’s position/ opinion •Familiarity threat oRelationship buys auditor’s sympathy •Intimidation threat oAuditor succumbs to client’s threats
Illustrative “safeguards” •Involving an additional advisory or reviewing partner or manager •Rotation of partner/ manager •Discussion of independence matters with audit committee or board •Independence confirmations from engagement team •Removing individuals who might cause a threat – eg those with financial/ business interests or having employment relationships
What independence policies should a PU have? •Financial interests oInvestments in debt/ equity, making borrowings except commercially, taking insurance, giving loans, being executor/ trustee, etc •Employment relationships oServing as officer/ director, relatives in accounting/ financial reporting oversight role, taking employment or being in employment negotiations •Business relationships oHaving business relationship or joint investment (partnership interest)
…What independence policies should a PU have? •Long association oUsing same partner/ staff, rotation policy, cooling off period •Gifts and hospitality oAccepting gifts/ hospitality unless clearly insignificant •Fees oTotal fees from auditee are large proportion of firm’s fees, long unpaid fees (=loan), contingent fee arrangements
…What independence policies should a PU have? •Scope of services oService proscribed by law (internal audit), behaving/ having authority in management role, taking decisions for management, custody of auditee assets, supervising auditee’s employees, preparing source documents for auditee oNon-audit services – Companies Act 2013: •Accounting and book keeping services •Internal audit •Design and implementation of any financial information system
…What independence policies should a PU have? oNon-audit services – Companies Act 2013: •Actuarial services •Investment advisory services •Investment banking services •Rendering of outsourced financial services •Management services •Any other kind of services as may be prescribed
…What independence policies should a PU have? •Complying with the policies oPartners/ staff responsible for understanding policies, provide details for independence control, systems to help compliance, consultation process, learning •Confirming compliance oAnnual confirmation, engagement confirmation •Understanding consequences of non-compliance oFirm’s disciplinary process/ actions, ignorance no excuse
3rd element – Acceptance and continuance of client relationships and specific engagements •Considerations for client acceptance/ continuance oEvaluating client for reputation of integrity – internet media and industry searches, reputation of promoters/ KMPs, related parties, any criminal antecedents oBackground checks oConflicts of interest – other clients oNature of operations, business practices, industry, aggressive accounting, low fees, time pressures oDoes firm have resources to handle work? oCommunication with predecessor auditor oDoes firm want to associate its name with client?
•Considerations for engagement acceptance/ continuance oUnderstanding of services to be performed, knowledge and expertise, industry knowledge, quality and quantity of personnel and specialists, ability to perform within time- line, changes in client personnel, reporting requirements, scope of work, delinquency in paying fee, intimidation of team, weak internal controls, going concern •Processes for controlling acceptance/ continuance, conflict resolution and withdrawal oFormal approval process – client and engagement acceptance and continuance form
4th element – Human resources •Resources possess desired characteristics •Firm determines required capabilities/ competencies – partners and personnel, assigns responsibility •Right person on right job, right partner, effective supervision •Continuing professional education, upgradation of industry and accounting/ auditing skills (including IT skills), ability to exercise professional skepticism •Promotion criteria – technical competency and professional maturity, rather than mere seniority
5th element – Engagement performance •Firm has practice aids and performs engagement planning oSelection of team, responsibilities, developing/ updating background information, risk assessment and responses to risks including fraud considerations, tailored detailed audit programs, time budget, engagement planning memorandum •Engagement performance, supervision, review, documentation, reporting, file archival oConsistency in engagement quality (manuals), written audit programs, managing new risks, compliance with standards (checklists), documentation, consultation and resolving difference of opinion, supervision, review, engagement summary memorandum, EQCR, report issuance, file assembly, back-up/ archival, file retention
6th element - Monitoring •Quality controller oUpdating policies, procedures, manuals, checklists oMonitoring compliance with firm manuals and ethical policies, review (EQCR, PR) observations •Annual inspection (practice review) oCovering all general and specific controls – Firm QC inspection checklist •Complaints and allegations •Documentation of all elements of firm’s QC sytem
6th element - Monitoring •Quality controller oUpdating policies, procedures, manuals, checklists oMonitoring compliance with firm manuals and ethical policies, review (EQCR, PR) observations •Annual inspection (practice review) oCovering all general and specific controls – Firm QC inspection checklist •Complaints and allegations •Documentation of all elements of firm’s QC sytem Can be used by Peer Reviewer to Assess the PU’s compliance with Quality Controls
Review of general controls – bearing on PR •A review of general controls under SQC 1 also encompasses the ‘compliance procedures’ under Review of Records •Review of general controls should take up at least or more than half of the time allowed for peer review if the PU has documented policies and procedures •Having completed this review, the peer reviewer is ready to move directly to ‘substantive procedures’ – which essentially means ‘file review’
…Review of general controls – bearing on PR •If results of testing general controls are good, the peer reviewer may reduce the sample size for file review that he may have selected originally •If results of testing general controls are not good, or if the PU does not have documented policies and procedures, the peer reviewer will not be able to provide a “clean report” to the PU
…Review of general controls – bearing on PR •In his report, the peer reviewer will need to list out the general quality controls where the PU has ‘failed’ and provide his recommendations on what the PU needs to do in order to ‘pass’ •He will also need to consider if he requires to increase the sample size for selection of engagements to be reviewed substantively
…Review of general controls – bearing on PR •If the PU has ‘failed’ in general controls it is more likely than not that it will also ‘fail’ in the file review •The peer reviewer therefore needs to increase his skepticism with regard to the PU’s compliance with law and regulation, accounting standards and standards on auditing (also standards on assurance and review engagements if applicable) in reviewing the files selected
Review of specific controls – additional procedures
What are specific controls? •Specific controls are those that ensure that the engagement teams in the PU, when doing audit, uphold compliance with oLaws and regulations – eg Income Tax Act, 1961 for tax audits or Banking Regulation Act, 1949 for bank audits oAccounting standards – either of the ICAI or those prescribed under Sec 133 of the Companies Act 2013 oStandards on auditing of the ICAI oAny other applicable standards of the ICAI – eg standards on review engagements
How far does review of general controls also cover specific controls? •When testing QC for the 5th element – Engagement Performance, a reviewer may call for checklists used by PU for compliance with standards •When testing general controls, the peer reviewer would therefore perform test of ‘design’ and ‘implementation’ on those controls •By these additional procedures for testing specific controls, the peer reviewer now tests the ‘operating effectiveness’ of those controls
What is the difference? •The control objective is that the specific controls ensure that all laws, regulations and accounting and auditing standards are complied with by the PU •To meet this objective the PU may have designed checklists or other controls. Controls testing is done to find out if this objective is met oTest of design = To see if the checklists, as designed, have the level of detail and accuracy to meet the objective oTest of implementation = To see if the firm actually uses those checklists when performing its audits in all cases oTest of operating effectiveness = To see if by using the checklists, the desired compliance is indeed achieved at engagement level
How should the peer reviewer check operating effectiveness? •The most efficient way would be to combine this testing with the file reviews •When reviewing an audit file, ask how the engagement team (ET) has ensured compliance with all relevant laws, regulations and various standards •If there are checklists, ask to see them in the working paper file •Then, pick out items at random from each checklist and ask the ET to show from other workpapers in the same file how they actually ensured what they have asserted
Performing file reviews
Selection of files •General considerations oPeriod of coverage is three years oDifferent types of engagements should be selected oFiles of various partners and from all significant branches should be selected •If the size of assurance practice of the PU, is large, it may not be possible for peer reviewer to select so many files because oHe has limited time, and may use only one assistant oTests of controls will now take up more than half of that time oLarge firms have large engagements – which means for one engagements there may be many files, including large electronic files of up to more than one GB plus manual files
Understanding the firm’s audit approach •When reviewing general controls the peer reviewer may get an overall understanding of the PU’s processes – however, each engagement is done by a different ET •Step 1: Therefore the peer reviewer needs to sit with them and understand how that ET did the audit – the work flow and the documentation •When doing so, he also simultaneously tests whether the process followed by ET is the same as was explained to him earlier – otherwise it is apparent that the general and specific controls installed by the PU are not operating effectively
Understanding the risks identified •Step 2: The peer reviewer should then ask the ET to explain what audit risks they identified (SA 315) and the rationale behind them; he should then inspect the related documentation •Also, what processes the ET followed to identify the risk of fraud (SA 240) •Step 3: Then the peer reviewer should obtain an understanding of what audit procedures the ET planned to perform to respond to the identified risks – including fraud risks (SA 330); he should then inspect the related documentation
What if no risks were identified or responded to? •If, based on his examination of related documentation, the finding is that the ET has not identified and responded to risks, a “risk- based audit” as per auditing standards may not have been done – this would be a major weakness in complying with the standards •Besides, if duties cast on the auditor under SA 240, Auditor’s Responsibilities for Fraud, are not recorded in the audit documentation, the PU could well be exposed to significant risk – and this would again be a major weakness in complying with the standards
Materiality and planning •Step 4: The peer reviewer may then inquire about the materiality established by the ET for performing the audit (SA 320); he should then inspect the related documentation •Step 5: He should then inspect the Engagement Planning Memorandum (SA 300) to ensure that the ET had spent adequate time and effort in properly planning the audit – commensurate with the size and complexity of the entity audited •If, based on his examination of related documentation, the finding is that the ET has not adequately planned the audit, this would be a major weakness in complying with the standards
Controls testing •In large sized engagements it is not possible to obtain sufficient audit assurance without performing tests of internal controls (SA 315) – ie by performing only tests of detail (transaction vouching) •Step 6: If he has selected a large entity, the peer reviewer should understand the process and inspect documentation of identification and testing of internal controls •If, based on his examination of related documentation, the finding is that in a large audit controls were not adequately tested, the peer reviewer should challenge how the ET claims to have obtained sufficient appropriate audit evidence (SA 500) by performing only tests of detail
Substantive testing and sampling •Having performed controls testing in large entities, the auditor uses the result of his “control assurance” to decide the scope and extent of substantive procedures, which may be of two types: analytical and tests of detail •In audits of smaller entities, the ET may rely completely on substantive procedures as the number of transactions is manageable •The peer reviewer should inquire and inspect documentation to determine if the ET has followed SA 530, Sampling – as adequacy of scope of work depends on appropriate sampling •Determining sample size is the auditor’s judgement, but the peer reviewer should inspect documentation to see if this judgement is as required under SA 530
Compliance with accounting standards •The peer reviewer should read the Notes to the Financial Statements to understand if the significant accounting policies are, prima facie, in accord with accounting standards •If that is not the case, he should inquire if the appropriateness of such policy is supported by other evidence and/ or consultation •When obtaining an understanding of the entity’s business, he should also inquire how accounting is done for various types of transactions and corroborate the explanation with relevant documentation in the workpapers •He should also examine how the ET ensured compliance, using the PU’s accounting standards checklist
Audit of estimates and judgements •From a study of the financial statements the peer reviewer should identify major management estimates and judgements •He should then ask the ET to explain how they audited these estimates and judgements •He should then inspect the related documentation to see if sufficient work was done to validate the estimates as per SA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures •If, based on his examination of related documentation, the finding is that the ET has not done sufficient work per SA 540 or has not tested sufficient appropriate audit evidence to evaluate judgements, this would be a major weakness in complying with the standards
Going concern •If the entity’s net worth is eroded or business suspended or such other information is available, it may raise a question about the appropriateness of using the going concern assumption in preparation of the financial statements •If such indicators exist, the peer reviewer should ask to examine the ET’s documentation of how they have dealt with the going concern matter and whether the audit is in compliance with the disclosure and reporting requirements of SA 570 •If, based on his examination of related documentation, the finding is negative, this would be a major weakness in complying with the standards
Evaluation of misstatements •Often, errors found by ET in tests of detail by sample are corrected by the management, but no audit procedures are performed to evaluate if the extent of likely misstatements in the untested population is expected to be material – unless this is done, it is not possible to conclude that the financial statements are not materially misstated to give a true and fair opinion •The peer reviewer should inquire about such procedures in accordance with SA 450, Evaluation of Misstatements Identified During the Audit, and examine corroborative evidence in the workpapers file •If, based on such examination, it is found that the ET did not perform any such procedures it would be a major weakness in complying with the standards
Other auditing standards •The peer reviewer should evaluate if the other auditing standards of the Institute are complied with •Some of these important standards are oSAs 501 (audit evidence – special), 505 (external confirmations), 550 (related parties), 560 (subsequent events), and 580 (written representations)
Reporting •The auditor’s report is his “finished product” and is the document that gives his audit opinion – a conclusion of all his efforts •Any intended or unintended error or omission in the auditor’s report could invite disciplinary action and other litigation on the auditor and PU •Inappropriate audit opinions also tarnish the image of the Institute as well as the whole profession and may even invite regulatory retribution •It is necessary for the peer reviewer to spend time to examine if the audit documentation supports the auditor’s opinion
Reporting •He should also carefully examine oIf matters that should be qualified are in fact qualified, and if not, whether the audit documentation contains justification for that oIf matters that are significant to a user’s understanding of the financial statements are reported as matters of emphasis oIf there are pervasive misstatements where audit evidence was available, or pervasive possible misstatements where audit evidence was not available or denied, or where there are multiple uncertainties whose aggregate possible effect could be pervasive, the auditor should not have given a “qualified” opinion but rather a disclaimer of opinion or an adverse opinion
Audit documentation
Changing attitude •Changing attitude towards documentation
Changing attitude •Changing attitude towards documentation
Changing attitude •Changing attitude towards documentation
What is documentation? •Definition of audit workpapers in SA 230 oThe record of (i) audit procedures performed, (2) relevant audit evidence obtained, and (3) conclusions the auditor reached •Documentation provides - oEvidence of the auditor’s basis for a conclusion about the achievement of the overall objective of the auditor; and oEvidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements.
Why is record and evidence of audit important? •Changing perception of auditors worldwide and in India – scams •Auditors under attack in media •Political demands to “regulate” auditors •Investors’ demand for auditors to become “informers” •Role as “watchdog” no longer valid – auditors are expected to find and report frauds and failures in the making
Auditors •They must often change, who would be constant in happiness or wisdom. ~ Confucius •When we are no longer able to change a situation, we are challenged to change ourselves. ~ Victor Frankl •It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. ~ attributed to Charles Darwin
Responsibility of a peer reviewer •Peer reviewers are the Institute’s “agents of change” – they have the unique opportunity and responsibility to identify weaknesses and to recommend their remediation by the PU •Documentation will be the greatest challenge – audits will be done but workpaper files will not provide evidence of work said to have been done, of audit evidence examined, of the basis for conclusions reached – under the circumstances what is the peer reviewer expected to do?
The Golden Rule What is not documented is not done !!!
Peer reviewers should •Identify shortfalls in documentation •Sit with the PU partners and explain to them this problem •Impress upon them that investing in proper “documentation” is like buying a professional insurance policy •Tell them that it will not be possible for you to issue a clean report on peer review to the PU and that a second review to see remediation would be necessary
Form, content and extent of documentation •Depend on oSize and complexity oAudit procedures oRisks oAudit evidence oExceptions identified oConclusions/ basis of conclusion oAudit methodology
What is the minimum that is expected? •Engagement acceptance/ continuance form •Evidence of planning the audit – engagement planning memorandum oRisk assessment, fraud procedures and fraud risk assessment, materiality, unusual transactions, audit programmes by account (including responses to risk + nature, timing and extent of audit procedures), copies of major contracts/ documents •Evidence of performing the audit oControls testing for significant business cycles, details testing including sample selection, details of findings (evidence examined) and conclusions on audit procedures/ significant matters, how risks were mitigated, who did what (review), memoranda on contentious matters, accounting/ auditing standards checklists
What is the minimum that is expected? •Evidence of effective reporting oEngagement summary memorandum, aggregation of errors and error evaluation working, management representation letter, signed financial statements, cross-referenced trial balance, notes and disclosures workpapers, CARO workpapers, auditor’s report •Specific documentation requirements under various auditing standards oMost importantly these are under: SAs 240, 250, 260, 300, 315, 330, 580, 600
Discussion on documentation •Q: Should client’s records be part of audit documentation? oA: No, but copies of significant contracts/ agreements, trial balances, financial statements are kept in workpapers file •Q: Should superseded drafts, preliminary notes, duplicates be included in workpaper file? oA: No •Q: Aren’t oral explanations by the auditor sufficient? oA: No – unless backed up by information contained in workpapers
Discussion on documentation •Q: When asked a question about audit evidence on record, the engagement team says that oral explanation was given by the client. How should the peer reviewer respond? oA: Oral audit evidence is acceptable evidence from an audit viewpoint unless the matter is contentious. oIf it is contentious, a written representation should be obtained from management and filed. oIf routine, the engagement team should record “minutes” of discussions held with management to reduce oral evidence to written evidence and save those minutes in their workpaper file
Discussion on documentation •Q: How should a peer reviewer respond to an engagement partner who says that the entity audited is very small and the low fees do not allow him to spend time and effort on documentation? oA: Quality and business considerations do not go together. A PU should know what it needs to do to serve a client before accepting or continuing an audit. If it is not fairly remunerated, it should not accept the audit. Having accepted it, it cannot “make it profitable” by compromising on quality.
Discussion on documentation •Q: Does an auditor have to document every matter considered or professional judgement made? oA: No. If he can demonstrate compliance by any document in the workpaper file, he need not create a separate workpaper – if there is a detailed audit planning memo, then it is implied that he performed planning, or – if there is a signed engagement letter it is implied that he agreed the terms of audit with management/ TCWG
Discussion on documentation •Q: Should peer reviewer judge the PU’s documentation by what he himself maintains in his audit files? oNo. Whatever strengths or weaknesses a peer reviewer has for maintenance of quality in his personal practice should not cloud his judgement when performing a peer review oFor example, if the peer reviewer is not performing a certain required audit procedure in his own practice, he should not be sympathetic to a PU that has also not performed them and exclude them from his report
Discussion on documentation •Q: Should a peer reviewer have a higher expectation for maintenance of quality and documentation from a larger PU than from a small PU? oA: Yes. A smaller PU cannot be expected to have as elaborate a system of QC and documentation as a big or medium-size PU oNevertheless, every PU – small or big – must comply with the accounting and auditing standards / laws and regulations – there is no exemption and no lower level of professional risk for small PUs oHowever, for example, if a very large PU has a 300-page QC manual, a small firm should at least have a 30-page manual; it cannot say that it does not have a manual or that it does not have quality controls!
What if the peer reviewer feels that an audit judgement taken is wrong? •A peer reviewer cannot challenge the engagement partner’s judgement – unless it is clearly contradictory to accounting/ auditing standards •If justification for a significant audit judgement is not on record in the file, he may conclude that there was no proper application of mind in making the judgement as well as recognise a documentation deficiency
What is the basic principle peer reviewer must keep in mind? •After understanding the overall audit strategy from the engagement team, if he went through the workpapers on his own, without help of engagement team, would he be able to understand what was done and would he be able to reach the same audit opinion as the audit partner reached? •In other words, does the file speak for itself and does it stand on its own legs?
Is peer reviewer a critic, a teacher or a friend? •Depending on the quality of the PU, he may be a little of all three oHe should look for and identify shortcomings and determine if they are accidental or systemic – if systemic, there should be no compromise in giving an honest report, otherwise the object is defeated oHe should guide the PU in understanding what it needs to do and give practical advice on how to do it within the shortest timeframe oHe should treat the PU as “his responsibility” to ensure that the PU remediates its policies and practices and “earns” a peer review certificate
Fall out of peer review on reviewer •Reviewers will have to revise knowledge of accounting and auditing standards, including SQC 1 – this will be professionally enriching •Reviewers will realise weaknesses in QC and documentation within their own practices and should set their own house in order before reviewing others •Reviewers with uncompromising but helpful attitude will earn respect in peer circles
Questions? Contact: Khurshed Pastakia kpastakia@deloitte.com

More Related Content

PPTX
Audit Process, Audit Procedures, Audit Planning, Auditing
Advance Business Consulting
 
PDF
International Marketing: Introduction
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PDF
Inscription au LOF à Titre initial (SCC 201)
Jagd0748
 
PPT
Globalisation & emerging markets
Kapil Chhabra
 
PPTX
Measurementand scaling-10
University of Balochistan
 
PPTX
Measurement & Scaling
BVIMSR, Navi Mumbai
 
PPTX
CONTEMPORARY ISSUES IN ACCOUNTING.pptx
ThiranjayaDarshana
 
PPTX
Analytical procedures presentation
Darryl Woolley
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Advance Business Consulting
 
International Marketing: Introduction
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Inscription au LOF à Titre initial (SCC 201)
Jagd0748
 
Globalisation & emerging markets
Kapil Chhabra
 
Measurementand scaling-10
University of Balochistan
 
Measurement & Scaling
BVIMSR, Navi Mumbai
 
CONTEMPORARY ISSUES IN ACCOUNTING.pptx
ThiranjayaDarshana
 
Analytical procedures presentation
Darryl Woolley
 

What's hot (20)

PPTX
Heteroscedasticity
Madurai Kamaraj University
 
PPT
Chp6 - Research Methods for Business By Authors Uma Sekaran and Roger Bougie
Hassan Usman
 
PPT
Management Control System
Drishay Gupta
 
PPT
International Marketing Information System
Pure Chemicals Co
 
PDF
Auditing
CHANDERPRABHU JAIN COLLEGE OF HIGHER STUDIES & SCHOOL OF LAW
 
PDF
International Standards on Auditing - Summarized
Fawad Hassan
 
PPTX
Scope of Business Research
Sundar B N
 
PPT
Porters Diamond
Santosh Balaguru
 
PDF
Quality management system
Soheir Elbanna
 
PPTX
PPT on business research project
Ravi kumar
 
PPTX
Internal check audit (ppt)
MahithaKatragadda
 
PPTX
Quality Control of an Audit of Financial Statements
Dr. Soheli Ghose Banerjee
 
PDF
International Auditing Standards (ISA)
Manon Cuylits
 
PPT
Presentation2
naeemniazi3
 
PPTX
Audit report- Consideration of Internal Control
nellynljcoles
 
PPTX
Internal check internal audit internal control
SriramPurnaKotla
 
PPTX
Chapter 4 Ethical and Social Issues in Information Systems
Sammer Qader
 
PPTX
Audit presentation
Metafrique group
 
PPTX
Ethics in marketing ppt
toch_faculty
 
PPTX
Performance Measurement
University of Caloocan City
 
Heteroscedasticity
Madurai Kamaraj University
 
Chp6 - Research Methods for Business By Authors Uma Sekaran and Roger Bougie
Hassan Usman
 
Management Control System
Drishay Gupta
 
International Marketing Information System
Pure Chemicals Co
 
Auditing
CHANDERPRABHU JAIN COLLEGE OF HIGHER STUDIES & SCHOOL OF LAW
 
International Standards on Auditing - Summarized
Fawad Hassan
 
Scope of Business Research
Sundar B N
 
Porters Diamond
Santosh Balaguru
 
Quality management system
Soheir Elbanna
 
PPT on business research project
Ravi kumar
 
Internal check audit (ppt)
MahithaKatragadda
 
Quality Control of an Audit of Financial Statements
Dr. Soheli Ghose Banerjee
 
International Auditing Standards (ISA)
Manon Cuylits
 
Presentation2
naeemniazi3
 
Audit report- Consideration of Internal Control
nellynljcoles
 
Internal check internal audit internal control
SriramPurnaKotla
 
Chapter 4 Ethical and Social Issues in Information Systems
Sammer Qader
 
Audit presentation
Metafrique group
 
Ethics in marketing ppt
toch_faculty
 
Performance Measurement
University of Caloocan City
 
Ad

Viewers also liked (14)

PDF
Standard on quality control (sqc) peer review
Vaibhav Vakharia
 
DOCX
Professional Ethics Paper Scenario 4
llknaack
 
PPT
Peer review
Ankit Agarwal
 
PDF
CDM Capability Slides
hegdenr
 
PDF
Clinical Data Management
Mahesh Koppula
 
PPT
A framework for ethical decision making
jyotijagtap_77
 
PPT
Legal Documentation Aug 2008
Shelia Duncan
 
PPTX
Clincial Data Management
Deepak Yadav
 
PPT
Cdm
manishw21
 
PPTX
Clinical data management
Upendra Agarwal
 
PPTX
Clinical Data Management
Shray Jali
 
PPTX
Nursing audit
Jaya Deepa
 
PPT
Case study Research
Dr Muireann O'Keeffe
 
PDF
Emerging Trends in Clinical Data Management
Arshad Mohammed
 
Standard on quality control (sqc) peer review
Vaibhav Vakharia
 
Professional Ethics Paper Scenario 4
llknaack
 
Peer review
Ankit Agarwal
 
CDM Capability Slides
hegdenr
 
Clinical Data Management
Mahesh Koppula
 
A framework for ethical decision making
jyotijagtap_77
 
Legal Documentation Aug 2008
Shelia Duncan
 
Clincial Data Management
Deepak Yadav
 
Cdm
manishw21
 
Clinical data management
Upendra Agarwal
 
Clinical Data Management
Shray Jali
 
Nursing audit
Jaya Deepa
 
Case study Research
Dr Muireann O'Keeffe
 
Emerging Trends in Clinical Data Management
Arshad Mohammed
 
Ad

Similar to ICAI Peer Review: Compliance with framework of quality control (20)

PPT
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
International Federation of Accountants
 
PPTX
CHAP 5 QUALITY CONTROL IN ADVAVNCED AUDIT.pptx
Shirley288621
 
PPT
4. cotrolloing
Syed Osama Rizvi
 
PPTX
Audting 4
Nur Dalila Zamri
 
PDF
audit-charts-by-pankaj-garg.pdf
Khushal3898
 
PPTX
introduction on auditing
nikhilkumar640177
 
PPT
professionals-training.ppt
Pritam Yadav
 
ZIP
Practice management p7
josianne1977
 
KEY
Audit Practice management p7
Richard Clarke Academy
 
PPTX
Quality Control Guide Orientation Slides
International Federation of Accountants
 
PPTX
Pharmaceutical Audits
salunkhekishor
 
PPT
Audit Quality
Nik Hasyudeen
 
PDF
CH 1 Quality Control (Audit SAAR - Handwritten Notes).pdf
Gours Elearning
 
PPTX
Examining Audit Quality, Common Engagement Deficiencies and the Importance of...
International Federation of Accountants
 
PPTX
AQMM-SHORT-PPT-PEER-REVIEW presentation (1).pptx
vermaashishca
 
PDF
CHAPTER-1 Management Audit and Planning procedure.pdf
Dr. Dinesh Mehta
 
PDF
Audit Quality Control
Anh Ho
 
PDF
Pharmaceutical Auditing and Inspections Professor Peivand Pirouzi 2010
Pharmaceutical Compliance Inspection unit, Crown College of Canada
 
PPTX
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
alihassanfarooq19
 
PPTX
Quality audit - QA
NIMESH SHARMA
 
Session 3B Quality Assurance and Building Effective Oversight System - Paul H...
International Federation of Accountants
 
CHAP 5 QUALITY CONTROL IN ADVAVNCED AUDIT.pptx
Shirley288621
 
4. cotrolloing
Syed Osama Rizvi
 
Audting 4
Nur Dalila Zamri
 
audit-charts-by-pankaj-garg.pdf
Khushal3898
 
introduction on auditing
nikhilkumar640177
 
professionals-training.ppt
Pritam Yadav
 
Practice management p7
josianne1977
 
Audit Practice management p7
Richard Clarke Academy
 
Quality Control Guide Orientation Slides
International Federation of Accountants
 
Pharmaceutical Audits
salunkhekishor
 
Audit Quality
Nik Hasyudeen
 
CH 1 Quality Control (Audit SAAR - Handwritten Notes).pdf
Gours Elearning
 
Examining Audit Quality, Common Engagement Deficiencies and the Importance of...
International Federation of Accountants
 
AQMM-SHORT-PPT-PEER-REVIEW presentation (1).pptx
vermaashishca
 
CHAPTER-1 Management Audit and Planning procedure.pdf
Dr. Dinesh Mehta
 
Audit Quality Control
Anh Ho
 
Pharmaceutical Auditing and Inspections Professor Peivand Pirouzi 2010
Pharmaceutical Compliance Inspection unit, Crown College of Canada
 
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
alihassanfarooq19
 
Quality audit - QA
NIMESH SHARMA
 

Recently uploaded (20)

PPTX
Rakhi Presentation vbbrfferregergrgerg.pptx
BibekanandShah3
 
PPTX
Literatura en Star Wars (Legends y Canon)
Wilfredo Pachon
 
PPTX
TG Hospitality workshop Vietnam (1).pptx
ishaq295747
 
PPTX
Paraphrasing Sentence To Make Your Writing More Interesting
YouAda
 
PPTX
HOW TO HANDLE THE STAGE FOR ACADEMIA AND OTHERS.pptx
PerryBright1
 
PPTX
Unit 8#Concept of teaching and learning.pptx
madil155445
 
PPTX
Phylogeny and disease transmission of Dipteran Fly (ppt).pptx
tasnimsume
 
PDF
Financial Managememt CA1 for Makaut Student
AmitenduBikashDhusiy
 
PPTX
Public Speaking Is Easy . Start Now . It's now or never.
skillcoachaman
 
PPTX
Phylogeny and disease transmission of Dipteran Fly (ppt).pptx
tasnimsume
 
PDF
Yoken Capital Network Presentation Slide
Omololu Akinwunmi
 
PPTX
power point presentation ofDracena species.pptx
abdulwazeed223
 
PPTX
Religious Thinkers Presentationof subcontinent
misbah942810
 
PPTX
WEB_DEVELOPMENTGJMFGHJMGJMFJM FGJMFGHMNF
romanygamal033
 
PPTX
Pharmaceutical industry and drugdevelopment.pptx
ratneshratrey80
 
PDF
IKS PPT.....................................
karanmjangid
 
PPT
Comm.-100W-Writing-a-Convincing-Editorial-slides.ppt
2202172
 
PPTX
Lesson 1 (Digital Media) - Multimedia.pptx
JTulloch1
 
PPTX
Phrases and phrasal verb for a small step.
YouAda
 
PPT
Lessons from Presentation Zen_ how to craft your story visually
Ariana Amorim
 
Rakhi Presentation vbbrfferregergrgerg.pptx
BibekanandShah3
 
Literatura en Star Wars (Legends y Canon)
Wilfredo Pachon
 
TG Hospitality workshop Vietnam (1).pptx
ishaq295747
 
Paraphrasing Sentence To Make Your Writing More Interesting
YouAda
 
HOW TO HANDLE THE STAGE FOR ACADEMIA AND OTHERS.pptx
PerryBright1
 
Unit 8#Concept of teaching and learning.pptx
madil155445
 
Phylogeny and disease transmission of Dipteran Fly (ppt).pptx
tasnimsume
 
Financial Managememt CA1 for Makaut Student
AmitenduBikashDhusiy
 
Public Speaking Is Easy . Start Now . It's now or never.
skillcoachaman
 
Phylogeny and disease transmission of Dipteran Fly (ppt).pptx
tasnimsume
 
Yoken Capital Network Presentation Slide
Omololu Akinwunmi
 
power point presentation ofDracena species.pptx
abdulwazeed223
 
Religious Thinkers Presentationof subcontinent
misbah942810
 
WEB_DEVELOPMENTGJMFGHJMGJMFJM FGJMFGHMNF
romanygamal033
 
Pharmaceutical industry and drugdevelopment.pptx
ratneshratrey80
 
IKS PPT.....................................
karanmjangid
 
Comm.-100W-Writing-a-Convincing-Editorial-slides.ppt
2202172
 
Lesson 1 (Digital Media) - Multimedia.pptx
JTulloch1
 
Phrases and phrasal verb for a small step.
YouAda
 
Lessons from Presentation Zen_ how to craft your story visually
Ariana Amorim
 

ICAI Peer Review: Compliance with framework of quality control

  • 1. Peer Review – Compliance with framework of Quality Control: General and Specific Controls and Compliance with Documentation Khurshed Pastakia Mumbai, October 11, 2014
  • 2. Agenda of this presentation •Peer review •What are quality controls in the context of peer review? •Review of general controls •Review of specific controls – additional procedures •Documentation •Questions
  • 4. Peer review •The objective of peer review is to understand the quality of assurance work done by PUs and to point out instances of weakness for the PU to remediate •Many PUs in India are longstanding practices, many of them several generations old – these may have culture and traditions that are no longer in tune with the changing risk scenario in which we operate today nor with the new mandatory accounting and auditing standards
  • 5. …Peer review •They must often change, who would be constant in happiness or wisdom. ~ Confucius •When we are no longer able to change a situation, we are challenged to change ourselves. ~ Victor Frankl •It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. ~ attributed to Charles Darwin
  • 6. …Peer review •The raison d’être of peer review is for our fraternity to reach out and help each other raise the bar of quality in all that we do as professional brethren •Nothing is achieved without labour – we need to unlearn the old and relearn the new: at any age, a CA is always a student •To be a peer reviewer is a greater challenge than being a reviewee – you need to know before you can challenge!
  • 7. What are quality controls in the context of peer review?
  • 8. Role of controls testing in peer review •What are controls? - preventive, detective •Their importance oCOSO framework: Control environment, risk assessment, control activities, information and communication, monitoring •Controls testing (compliance approach) v substantive testing (substantive approach) •Tests of design, implementation and operating effectiveness •Controls testing methods in peer review oInquiry, corroborated by inspection of documents
  • 9. Types of controls in peer review •General controls (SQCs) oThese are quality controls at the firm level, designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements and that reports issued by the firm or engagement partner are appropriate in the circumstances •Specific controls (SAs, SAEs, SREs) oThese are controls at the engagement level, designed to ensure that the ET plans and performs an assurance engagement in compliance with the standards on auditing or review and other regulatory and legal requirements
  • 10. Review of general controls
  • 11. Change in concept of general controls •Earlier there were 5 general controls – oIndependence, maintenance of professional skills and standards, outside consultation, staff supervision and development, and office administration •Now, SQC 1 has codified all these aspects into one Quality Control Standard – mandatory wef 1st April 2009 and has 6 elements – oLeadership responsibilities for quality within the firm, ethical requirements, acceptance and continuance of client relationships and specific engagements, human resources, engagement performance, and monitoring
  • 12. What is SQC 1? •Q: Do SQC 1 requirements apply to all firms? •A: Yes •Q: Are there any exemptions for small firms? •A: No, but the nature of policies and procedures that a small firm is expected to follow may depend upon factors like its size, operating characteristics and whether it is part of a network •Q: What is the peer reviewer’s responsibility for this? •A: A peer reviewer is expected to test if the PU has complied with SQC 1 and, if not, to determine that the PU has failed in complying with general controls
  • 13. What does SQC 1 require a firm to do? •To establish and communicate QC policies and procedures – based on guidance provided •To implement those standards in its day to day practice •To monitor the implementation and effectiveness of the QC policies and procedures that it has adopted •The peer reviewer has to evaluate and report if the PU has done all of the above
  • 14. Documentation and communication of QC •QC policies and procedures that are established by the firm must be (a) documented, (b) communicated to the firm’s personnel •Such communication oDescribes the policies and their objectives oEmphasizes that each individual has personal responsibility for quality and is expected to comply with the policies oExplains that the firm encourages its personnel to communicate their views/ concerns on QC matters
  • 15. 1st element – Leadership responsibilities •Tone at the top to be set for quality and its message to percolate down the line •QC to tie in to partner/ staff appraisals •Commercial considerations must not override quality of work and reporting •Sufficient resources are devoted to develop, document and support quality control policies and procedures •Firm’s quality controller to have sufficient and appropriate experience, ability and authority
  • 16. 2nd element – Ethical requirements •Code of Ethics oIntegrity, objectivity, professional competence and due care, confidentiality, and professional behaviour •Independence oIndependence Policies to be made based on the “threats and safeguards” approach
  • 17. What are “threats” to independence? •Self-interest threat oAuditor could benefit from an interest •Self-review threat oAuditor audits his own work •Advocacy threat oAuditor promotes client’s position/ opinion •Familiarity threat oRelationship buys auditor’s sympathy •Intimidation threat oAuditor succumbs to client’s threats
  • 18. Illustrative “safeguards” •Involving an additional advisory or reviewing partner or manager •Rotation of partner/ manager •Discussion of independence matters with audit committee or board •Independence confirmations from engagement team •Removing individuals who might cause a threat – eg those with financial/ business interests or having employment relationships
  • 19. What independence policies should a PU have? •Financial interests oInvestments in debt/ equity, making borrowings except commercially, taking insurance, giving loans, being executor/ trustee, etc •Employment relationships oServing as officer/ director, relatives in accounting/ financial reporting oversight role, taking employment or being in employment negotiations •Business relationships oHaving business relationship or joint investment (partnership interest)
  • 20. …What independence policies should a PU have? •Long association oUsing same partner/ staff, rotation policy, cooling off period •Gifts and hospitality oAccepting gifts/ hospitality unless clearly insignificant •Fees oTotal fees from auditee are large proportion of firm’s fees, long unpaid fees (=loan), contingent fee arrangements
  • 21. …What independence policies should a PU have? •Scope of services oService proscribed by law (internal audit), behaving/ having authority in management role, taking decisions for management, custody of auditee assets, supervising auditee’s employees, preparing source documents for auditee oNon-audit services – Companies Act 2013: •Accounting and book keeping services •Internal audit •Design and implementation of any financial information system
  • 22. …What independence policies should a PU have? oNon-audit services – Companies Act 2013: •Actuarial services •Investment advisory services •Investment banking services •Rendering of outsourced financial services •Management services •Any other kind of services as may be prescribed
  • 23. …What independence policies should a PU have? •Complying with the policies oPartners/ staff responsible for understanding policies, provide details for independence control, systems to help compliance, consultation process, learning •Confirming compliance oAnnual confirmation, engagement confirmation •Understanding consequences of non-compliance oFirm’s disciplinary process/ actions, ignorance no excuse
  • 24. 3rd element – Acceptance and continuance of client relationships and specific engagements •Considerations for client acceptance/ continuance oEvaluating client for reputation of integrity – internet media and industry searches, reputation of promoters/ KMPs, related parties, any criminal antecedents oBackground checks oConflicts of interest – other clients oNature of operations, business practices, industry, aggressive accounting, low fees, time pressures oDoes firm have resources to handle work? oCommunication with predecessor auditor oDoes firm want to associate its name with client?
  • 25. •Considerations for engagement acceptance/ continuance oUnderstanding of services to be performed, knowledge and expertise, industry knowledge, quality and quantity of personnel and specialists, ability to perform within time- line, changes in client personnel, reporting requirements, scope of work, delinquency in paying fee, intimidation of team, weak internal controls, going concern •Processes for controlling acceptance/ continuance, conflict resolution and withdrawal oFormal approval process – client and engagement acceptance and continuance form
  • 26. 4th element – Human resources •Resources possess desired characteristics •Firm determines required capabilities/ competencies – partners and personnel, assigns responsibility •Right person on right job, right partner, effective supervision •Continuing professional education, upgradation of industry and accounting/ auditing skills (including IT skills), ability to exercise professional skepticism •Promotion criteria – technical competency and professional maturity, rather than mere seniority
  • 27. 5th element – Engagement performance •Firm has practice aids and performs engagement planning oSelection of team, responsibilities, developing/ updating background information, risk assessment and responses to risks including fraud considerations, tailored detailed audit programs, time budget, engagement planning memorandum •Engagement performance, supervision, review, documentation, reporting, file archival oConsistency in engagement quality (manuals), written audit programs, managing new risks, compliance with standards (checklists), documentation, consultation and resolving difference of opinion, supervision, review, engagement summary memorandum, EQCR, report issuance, file assembly, back-up/ archival, file retention
  • 28. 6th element - Monitoring •Quality controller oUpdating policies, procedures, manuals, checklists oMonitoring compliance with firm manuals and ethical policies, review (EQCR, PR) observations •Annual inspection (practice review) oCovering all general and specific controls – Firm QC inspection checklist •Complaints and allegations •Documentation of all elements of firm’s QC sytem
  • 29. 6th element - Monitoring •Quality controller oUpdating policies, procedures, manuals, checklists oMonitoring compliance with firm manuals and ethical policies, review (EQCR, PR) observations •Annual inspection (practice review) oCovering all general and specific controls – Firm QC inspection checklist •Complaints and allegations •Documentation of all elements of firm’s QC sytem Can be used by Peer Reviewer to Assess the PU’s compliance with Quality Controls
  • 30. Review of general controls – bearing on PR •A review of general controls under SQC 1 also encompasses the ‘compliance procedures’ under Review of Records •Review of general controls should take up at least or more than half of the time allowed for peer review if the PU has documented policies and procedures •Having completed this review, the peer reviewer is ready to move directly to ‘substantive procedures’ – which essentially means ‘file review’
  • 31. …Review of general controls – bearing on PR •If results of testing general controls are good, the peer reviewer may reduce the sample size for file review that he may have selected originally •If results of testing general controls are not good, or if the PU does not have documented policies and procedures, the peer reviewer will not be able to provide a “clean report” to the PU
  • 32. …Review of general controls – bearing on PR •In his report, the peer reviewer will need to list out the general quality controls where the PU has ‘failed’ and provide his recommendations on what the PU needs to do in order to ‘pass’ •He will also need to consider if he requires to increase the sample size for selection of engagements to be reviewed substantively
  • 33. …Review of general controls – bearing on PR •If the PU has ‘failed’ in general controls it is more likely than not that it will also ‘fail’ in the file review •The peer reviewer therefore needs to increase his skepticism with regard to the PU’s compliance with law and regulation, accounting standards and standards on auditing (also standards on assurance and review engagements if applicable) in reviewing the files selected
  • 34. Review of specific controls – additional procedures
  • 35. What are specific controls? •Specific controls are those that ensure that the engagement teams in the PU, when doing audit, uphold compliance with oLaws and regulations – eg Income Tax Act, 1961 for tax audits or Banking Regulation Act, 1949 for bank audits oAccounting standards – either of the ICAI or those prescribed under Sec 133 of the Companies Act 2013 oStandards on auditing of the ICAI oAny other applicable standards of the ICAI – eg standards on review engagements
  • 36. How far does review of general controls also cover specific controls? •When testing QC for the 5th element – Engagement Performance, a reviewer may call for checklists used by PU for compliance with standards •When testing general controls, the peer reviewer would therefore perform test of ‘design’ and ‘implementation’ on those controls •By these additional procedures for testing specific controls, the peer reviewer now tests the ‘operating effectiveness’ of those controls
  • 37. What is the difference? •The control objective is that the specific controls ensure that all laws, regulations and accounting and auditing standards are complied with by the PU •To meet this objective the PU may have designed checklists or other controls. Controls testing is done to find out if this objective is met oTest of design = To see if the checklists, as designed, have the level of detail and accuracy to meet the objective oTest of implementation = To see if the firm actually uses those checklists when performing its audits in all cases oTest of operating effectiveness = To see if by using the checklists, the desired compliance is indeed achieved at engagement level
  • 38. How should the peer reviewer check operating effectiveness? •The most efficient way would be to combine this testing with the file reviews •When reviewing an audit file, ask how the engagement team (ET) has ensured compliance with all relevant laws, regulations and various standards •If there are checklists, ask to see them in the working paper file •Then, pick out items at random from each checklist and ask the ET to show from other workpapers in the same file how they actually ensured what they have asserted
  • 40. Selection of files •General considerations oPeriod of coverage is three years oDifferent types of engagements should be selected oFiles of various partners and from all significant branches should be selected •If the size of assurance practice of the PU, is large, it may not be possible for peer reviewer to select so many files because oHe has limited time, and may use only one assistant oTests of controls will now take up more than half of that time oLarge firms have large engagements – which means for one engagements there may be many files, including large electronic files of up to more than one GB plus manual files
  • 41. Understanding the firm’s audit approach •When reviewing general controls the peer reviewer may get an overall understanding of the PU’s processes – however, each engagement is done by a different ET •Step 1: Therefore the peer reviewer needs to sit with them and understand how that ET did the audit – the work flow and the documentation •When doing so, he also simultaneously tests whether the process followed by ET is the same as was explained to him earlier – otherwise it is apparent that the general and specific controls installed by the PU are not operating effectively
  • 42. Understanding the risks identified •Step 2: The peer reviewer should then ask the ET to explain what audit risks they identified (SA 315) and the rationale behind them; he should then inspect the related documentation •Also, what processes the ET followed to identify the risk of fraud (SA 240) •Step 3: Then the peer reviewer should obtain an understanding of what audit procedures the ET planned to perform to respond to the identified risks – including fraud risks (SA 330); he should then inspect the related documentation
  • 43. What if no risks were identified or responded to? •If, based on his examination of related documentation, the finding is that the ET has not identified and responded to risks, a “risk- based audit” as per auditing standards may not have been done – this would be a major weakness in complying with the standards •Besides, if duties cast on the auditor under SA 240, Auditor’s Responsibilities for Fraud, are not recorded in the audit documentation, the PU could well be exposed to significant risk – and this would again be a major weakness in complying with the standards
  • 44. Materiality and planning •Step 4: The peer reviewer may then inquire about the materiality established by the ET for performing the audit (SA 320); he should then inspect the related documentation •Step 5: He should then inspect the Engagement Planning Memorandum (SA 300) to ensure that the ET had spent adequate time and effort in properly planning the audit – commensurate with the size and complexity of the entity audited •If, based on his examination of related documentation, the finding is that the ET has not adequately planned the audit, this would be a major weakness in complying with the standards
  • 45. Controls testing •In large sized engagements it is not possible to obtain sufficient audit assurance without performing tests of internal controls (SA 315) – ie by performing only tests of detail (transaction vouching) •Step 6: If he has selected a large entity, the peer reviewer should understand the process and inspect documentation of identification and testing of internal controls •If, based on his examination of related documentation, the finding is that in a large audit controls were not adequately tested, the peer reviewer should challenge how the ET claims to have obtained sufficient appropriate audit evidence (SA 500) by performing only tests of detail
  • 46. Substantive testing and sampling •Having performed controls testing in large entities, the auditor uses the result of his “control assurance” to decide the scope and extent of substantive procedures, which may be of two types: analytical and tests of detail •In audits of smaller entities, the ET may rely completely on substantive procedures as the number of transactions is manageable •The peer reviewer should inquire and inspect documentation to determine if the ET has followed SA 530, Sampling – as adequacy of scope of work depends on appropriate sampling •Determining sample size is the auditor’s judgement, but the peer reviewer should inspect documentation to see if this judgement is as required under SA 530
  • 47. Compliance with accounting standards •The peer reviewer should read the Notes to the Financial Statements to understand if the significant accounting policies are, prima facie, in accord with accounting standards •If that is not the case, he should inquire if the appropriateness of such policy is supported by other evidence and/ or consultation •When obtaining an understanding of the entity’s business, he should also inquire how accounting is done for various types of transactions and corroborate the explanation with relevant documentation in the workpapers •He should also examine how the ET ensured compliance, using the PU’s accounting standards checklist
  • 48. Audit of estimates and judgements •From a study of the financial statements the peer reviewer should identify major management estimates and judgements •He should then ask the ET to explain how they audited these estimates and judgements •He should then inspect the related documentation to see if sufficient work was done to validate the estimates as per SA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures •If, based on his examination of related documentation, the finding is that the ET has not done sufficient work per SA 540 or has not tested sufficient appropriate audit evidence to evaluate judgements, this would be a major weakness in complying with the standards
  • 49. Going concern •If the entity’s net worth is eroded or business suspended or such other information is available, it may raise a question about the appropriateness of using the going concern assumption in preparation of the financial statements •If such indicators exist, the peer reviewer should ask to examine the ET’s documentation of how they have dealt with the going concern matter and whether the audit is in compliance with the disclosure and reporting requirements of SA 570 •If, based on his examination of related documentation, the finding is negative, this would be a major weakness in complying with the standards
  • 50. Evaluation of misstatements •Often, errors found by ET in tests of detail by sample are corrected by the management, but no audit procedures are performed to evaluate if the extent of likely misstatements in the untested population is expected to be material – unless this is done, it is not possible to conclude that the financial statements are not materially misstated to give a true and fair opinion •The peer reviewer should inquire about such procedures in accordance with SA 450, Evaluation of Misstatements Identified During the Audit, and examine corroborative evidence in the workpapers file •If, based on such examination, it is found that the ET did not perform any such procedures it would be a major weakness in complying with the standards
  • 51. Other auditing standards •The peer reviewer should evaluate if the other auditing standards of the Institute are complied with •Some of these important standards are oSAs 501 (audit evidence – special), 505 (external confirmations), 550 (related parties), 560 (subsequent events), and 580 (written representations)
  • 52. Reporting •The auditor’s report is his “finished product” and is the document that gives his audit opinion – a conclusion of all his efforts •Any intended or unintended error or omission in the auditor’s report could invite disciplinary action and other litigation on the auditor and PU •Inappropriate audit opinions also tarnish the image of the Institute as well as the whole profession and may even invite regulatory retribution •It is necessary for the peer reviewer to spend time to examine if the audit documentation supports the auditor’s opinion
  • 53. Reporting •He should also carefully examine oIf matters that should be qualified are in fact qualified, and if not, whether the audit documentation contains justification for that oIf matters that are significant to a user’s understanding of the financial statements are reported as matters of emphasis oIf there are pervasive misstatements where audit evidence was available, or pervasive possible misstatements where audit evidence was not available or denied, or where there are multiple uncertainties whose aggregate possible effect could be pervasive, the auditor should not have given a “qualified” opinion but rather a disclaimer of opinion or an adverse opinion
  • 55. Changing attitude •Changing attitude towards documentation
  • 56. Changing attitude •Changing attitude towards documentation
  • 57. Changing attitude •Changing attitude towards documentation
  • 58. What is documentation? •Definition of audit workpapers in SA 230 oThe record of (i) audit procedures performed, (2) relevant audit evidence obtained, and (3) conclusions the auditor reached •Documentation provides - oEvidence of the auditor’s basis for a conclusion about the achievement of the overall objective of the auditor; and oEvidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements.
  • 59. Why is record and evidence of audit important? •Changing perception of auditors worldwide and in India – scams •Auditors under attack in media •Political demands to “regulate” auditors •Investors’ demand for auditors to become “informers” •Role as “watchdog” no longer valid – auditors are expected to find and report frauds and failures in the making
  • 60. Auditors •They must often change, who would be constant in happiness or wisdom. ~ Confucius •When we are no longer able to change a situation, we are challenged to change ourselves. ~ Victor Frankl •It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. ~ attributed to Charles Darwin
  • 61. Responsibility of a peer reviewer •Peer reviewers are the Institute’s “agents of change” – they have the unique opportunity and responsibility to identify weaknesses and to recommend their remediation by the PU •Documentation will be the greatest challenge – audits will be done but workpaper files will not provide evidence of work said to have been done, of audit evidence examined, of the basis for conclusions reached – under the circumstances what is the peer reviewer expected to do?
  • 62. The Golden Rule What is not documented is not done !!!
  • 63. Peer reviewers should •Identify shortfalls in documentation •Sit with the PU partners and explain to them this problem •Impress upon them that investing in proper “documentation” is like buying a professional insurance policy •Tell them that it will not be possible for you to issue a clean report on peer review to the PU and that a second review to see remediation would be necessary
  • 64. Form, content and extent of documentation •Depend on oSize and complexity oAudit procedures oRisks oAudit evidence oExceptions identified oConclusions/ basis of conclusion oAudit methodology
  • 65. What is the minimum that is expected? •Engagement acceptance/ continuance form •Evidence of planning the audit – engagement planning memorandum oRisk assessment, fraud procedures and fraud risk assessment, materiality, unusual transactions, audit programmes by account (including responses to risk + nature, timing and extent of audit procedures), copies of major contracts/ documents •Evidence of performing the audit oControls testing for significant business cycles, details testing including sample selection, details of findings (evidence examined) and conclusions on audit procedures/ significant matters, how risks were mitigated, who did what (review), memoranda on contentious matters, accounting/ auditing standards checklists
  • 66. What is the minimum that is expected? •Evidence of effective reporting oEngagement summary memorandum, aggregation of errors and error evaluation working, management representation letter, signed financial statements, cross-referenced trial balance, notes and disclosures workpapers, CARO workpapers, auditor’s report •Specific documentation requirements under various auditing standards oMost importantly these are under: SAs 240, 250, 260, 300, 315, 330, 580, 600
  • 67. Discussion on documentation •Q: Should client’s records be part of audit documentation? oA: No, but copies of significant contracts/ agreements, trial balances, financial statements are kept in workpapers file •Q: Should superseded drafts, preliminary notes, duplicates be included in workpaper file? oA: No •Q: Aren’t oral explanations by the auditor sufficient? oA: No – unless backed up by information contained in workpapers
  • 68. Discussion on documentation •Q: When asked a question about audit evidence on record, the engagement team says that oral explanation was given by the client. How should the peer reviewer respond? oA: Oral audit evidence is acceptable evidence from an audit viewpoint unless the matter is contentious. oIf it is contentious, a written representation should be obtained from management and filed. oIf routine, the engagement team should record “minutes” of discussions held with management to reduce oral evidence to written evidence and save those minutes in their workpaper file
  • 69. Discussion on documentation •Q: How should a peer reviewer respond to an engagement partner who says that the entity audited is very small and the low fees do not allow him to spend time and effort on documentation? oA: Quality and business considerations do not go together. A PU should know what it needs to do to serve a client before accepting or continuing an audit. If it is not fairly remunerated, it should not accept the audit. Having accepted it, it cannot “make it profitable” by compromising on quality.
  • 70. Discussion on documentation •Q: Does an auditor have to document every matter considered or professional judgement made? oA: No. If he can demonstrate compliance by any document in the workpaper file, he need not create a separate workpaper – if there is a detailed audit planning memo, then it is implied that he performed planning, or – if there is a signed engagement letter it is implied that he agreed the terms of audit with management/ TCWG
  • 71. Discussion on documentation •Q: Should peer reviewer judge the PU’s documentation by what he himself maintains in his audit files? oNo. Whatever strengths or weaknesses a peer reviewer has for maintenance of quality in his personal practice should not cloud his judgement when performing a peer review oFor example, if the peer reviewer is not performing a certain required audit procedure in his own practice, he should not be sympathetic to a PU that has also not performed them and exclude them from his report
  • 72. Discussion on documentation •Q: Should a peer reviewer have a higher expectation for maintenance of quality and documentation from a larger PU than from a small PU? oA: Yes. A smaller PU cannot be expected to have as elaborate a system of QC and documentation as a big or medium-size PU oNevertheless, every PU – small or big – must comply with the accounting and auditing standards / laws and regulations – there is no exemption and no lower level of professional risk for small PUs oHowever, for example, if a very large PU has a 300-page QC manual, a small firm should at least have a 30-page manual; it cannot say that it does not have a manual or that it does not have quality controls!
  • 73. What if the peer reviewer feels that an audit judgement taken is wrong? •A peer reviewer cannot challenge the engagement partner’s judgement – unless it is clearly contradictory to accounting/ auditing standards •If justification for a significant audit judgement is not on record in the file, he may conclude that there was no proper application of mind in making the judgement as well as recognise a documentation deficiency
  • 74. What is the basic principle peer reviewer must keep in mind? •After understanding the overall audit strategy from the engagement team, if he went through the workpapers on his own, without help of engagement team, would he be able to understand what was done and would he be able to reach the same audit opinion as the audit partner reached? •In other words, does the file speak for itself and does it stand on its own legs?
  • 75. Is peer reviewer a critic, a teacher or a friend? •Depending on the quality of the PU, he may be a little of all three oHe should look for and identify shortcomings and determine if they are accidental or systemic – if systemic, there should be no compromise in giving an honest report, otherwise the object is defeated oHe should guide the PU in understanding what it needs to do and give practical advice on how to do it within the shortest timeframe oHe should treat the PU as “his responsibility” to ensure that the PU remediates its policies and practices and “earns” a peer review certificate
  • 76. Fall out of peer review on reviewer •Reviewers will have to revise knowledge of accounting and auditing standards, including SQC 1 – this will be professionally enriching •Reviewers will realise weaknesses in QC and documentation within their own practices and should set their own house in order before reviewing others •Reviewers with uncompromising but helpful attitude will earn respect in peer circles
  • 77. Questions? Contact: Khurshed Pastakia kpastakia@deloitte.com