PEER REVIEW TRAINING

​

CA Jatin Tagra

+91-99-531-40-464

YouTube Channel: AccounTist

​

SUBSCRIBE TO

PLAYLIST FOR FORM 1

ACHIEVING AUDIT QUALITY

Important conversations are taking place worldwide about corporate reporting, audit quality, stakeholder expectations, and corporate governance.

The stakeholders of audit have increased in the past few decades..

Today’s stakeholders include directors, management, employees, analysts, regulators, rating agencies, customers, suppliers, and the general public.

General public – the expectations of general public has also increased tremendously. Their expectation of auditor’s responsibility is much wider

So much so, anything going wrong in the corporate world becomes the baby of the auditor

Therefore, the contemporary auditor not only has to maintain a high level of quality in audit, but has to demonstrate it to the stakeholders and the public at large.

ACHIEVING AUDIT QUALITY

​

Today’s Topic

1. Compliance with Technical and Professional Standards
2. Compliance with framework of Quality Control General & Specific Controls

​

VARIOUS PRONOUNCEMENTS OF �AUDITING AND ASSURANCE STANDARDS BOARD

Our profession as an auditor is regulated by the various pronouncements of the AASB, issued under the authority of the Institute

Various pronouncements are:

1. Standards Issued by AASB M
• Standards on Auditing (SAs) – 26 standards
• Standards on Review Engagements (SREs)
• Standards on Assurance Engagements (SAEs)
• Standards on Related Services (SRSs)
2. Standards on Quality Control (SQC) M
3. Statements on Auditing (SAs) M
4. General Clarifications M
5. Guidance notes
6. Technical Guides, Practice Manuals, Studies and other Papers

Structure of Standards issued by the Auditing and Assurance Standards Board (AASB)

Frame work for quality control in all kinds of engagements

Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements

Standards on Quality Control (SQC1)

Framework for Assurance Services

Audits and Reviews of historical financial information

Standards on Auditing

(SAs): 100 – 999

Standards on Review Engagements (SREs): 2000 – 2699

Assurance engagements other than audits and reviews of historical financial information

Standards on Assurance Engagements (SAEs): 3000 – 3699

Framework for Related Services

Engagements of related services such as agreed upon procedures, compilation engagements and other related services

Standards on Related Services (SRSs): 4000 – 4699

An overview of Auditing & Assurance Frame work

NEED OF THE HOUR

​

​

​

Benchmarking of Audit Quality

BENCHMARKING OF AUDIT QUALITY�

In the past, audit was just a relationship between the client and the auditor

Now the stake holders have increased – investors, financial institutions, regulators and general public

Hence the need to be more transparent

Auditors have to demonstrate:

• the way they plan to do the work,
• compliance with the standards,
• story of the work performed,
• Conclusion on the work performed

BENCHMARKING OF AUDIT QUALITY�

​

Tools of benchmarking introduced by the Institute

​

• Peer Review – introduced in March 2002

&

• Audit Quality Maturity Model – introduced in July 2021

PEER REVIEW

It’s a review done of a professional practitioner by another professional of similar standing

ICAI commenced peer review process from March 2002, and established the Peer Review Board

Revised rules on Peer Review were issued in February 2022

The objectives of Peer Review

• The members of the Institute comply with Technical, Professional and Ethical Standards including other regulatory requirements while performing assurance services
• The member has in place proper system (including documentation system) to demonstrate the quality of assurance services
• Adhere to various Statutory and Other Regulatory Requirements
• Enhance the reliance placed by the users of financial financial statements for economic decision making

​

PEER REVIEW

Important

Peer review is not to identify isolated cases of engagement failure

Aim is to identify weaknesses in a firm that are pervasive, leading to systemic failure

Peer review provides a confirmation to the practitioner if he is performing his functions in compliance with the standards and regulations

Also indicates to the practitioner the areas of improvement needed

There is a process where improvements made by the member is monitored

PEER REVIEW PROCEDURE

The key processes

• Review of General Controls
• Selection of sample files
• Review of records
• Preliminary report to Practice Unit (PU)
• PU’s response thereof to the Reviewer
• Interim/Final Report
• Issue of Certificate

​

KEY AREAS TO COMPLY

General Controls

The reviewer considers the 'general controls' which comprise of five controls, viz.

1. Independence / ethics
2. Maintenance of professional skills and standards
3. Outside consultation
4. Staff supervision and developments
5. Office administration

​

​

Most of us may be lacking

Independence & Ethics

• Documented policies and procedures on independence and ethics, for partners and staff to follow.
• Senior professional or partner responsible for independence and ethics implementation
• Communication of these policies and expected standards of professional behaviour to all partners and staff
• Monitor compliance
• Update the policies and procedures on a need to basis

​

Professional skills and standards

• Establish plan for personnel needs at all levels, based on current and anticipated clientele, business growth, impending retirements, etc
• Establish criteria for staff recruitment and a process for recruitment
• Continuing education programmes for partners and staff, and allow easy access to current and relevant professional literature
• Conduct programmes for developing expertise in specialised areas and industries

​

Consultation

• Should have a policy for consulting experts (both internal and external)
• Should build up a network of other accountants, solicitors and advocates and technical consultants of industries in which its clients operate

Staff supervision & development

• Should have a policy for promotions
• Performance evaluation and counselling
• Guidelines for assigning engagement responsibilities

Office Administration

• Record of staff
• List of clients, commencement and closure date of engagement
• Files archiving and retrieval documents

​

Reporting by the firm

• Controls over reports issued
• Review process

​

PEER REVIEW

Common observations during peer review

• NO documented policies & procedures for its System of Quality Control
• Policies implemented are just basic and does not commensurate the size of the firm
• There is a policy for independence, but No evidence that the independence policies were implemented
• No engagement specific independence review was conducted to ensure engagement team members were independent of the client
• Deficiencies in implementing independence & ethics policies; acceptance & continuance standards
• NO Acceptance/Continuation evaluation conducted/documented
• No practice of obtaining engagement letters

​

PEER REVIEW

Common observations during peer review (contd.)

• Staff deployed did not have sufficient experience, particularly industry experience
• No indication that the staff were given relevant training
• Working papers did not indicate any review carried out by the senior or partner
• No standard documented policies and procedures for planning and performing audits (audit manual)
• No documentation policy and hence the files lacked consistency
• NO working papers to evidence risk assessment and design of responses to risk
• Controls evaluation not performed; only substantive tests performed
• No methodology was followed for audit sampling
• NO documentation regarding samples selected, the procedures performed, the outcome of those procedures and the conclusions made
• No evidence of overall conclusion on the audit

​

�PEER REVIEW�

Common observations during peer review (Contd.)

• While several queries were raised during audit, no evidence that satisfactory responses were received and the issues were closed
• No evidence of going concern evaluation
• NO evidence of subsequent events review
• Working papers were not linked to financial statements
• Poor management of audit files and its archival

​

​

​

​

Timeline for Mandatory application of Peer Review

Pre-requisite of Peer Review Certificate

�

​

​

​

Audit Quality Maturity Model

​

AUDIT QUALITY MATURITY MODEL

​

• A tool for self evaluation of audit maturity
• Encourages practicing firms to be technology driven, by awarding greater points
• Introduced by the Institute in July 2021
• Covers audit firms auditing the following:
• Listed entities
• Banks - other than co-operative banks
• Insurance companies
• (Audit firms doing branch audits are however not covered)
• Allows firms to assess their level of Audit Maturity
• Helps to identify competencies and weaknesses
• Helps to focus on improving quality on areas identified as weak

​

Right now, recommendatory

AUDIT QUALITY MATURITY MODEL

AQMM covers audit quality at

• Engagement level - compliance with standards, laws and regulations, documentation and reporting etc
• Firm level – firm leadership, tone at the top, quality control systems, dependence on electronic systems, staff quality etc

Evaluation is based on a set of questionnaire that focuses on:

1. Practice Management - Operational quality
2. Human Resources
3. Practice Management – strategic / functional

​

​

​

AUDIT QUALITY MATURITY MODEL

​

Total score is 600, divided into 280 for operational quality, 240 for human resources and 80 for operations management – strategy

Firms that score

25% or less are in Level 1 – Take immediate corrective action

25% to 50% in Level 2 – some progress, but needs much improvement

50% to 75% in Level 3 – made significant adaptation of standards

Over 75% in Level 4 – Achieved full adoption of standards and procedures

​

​

ACHIEVING AUDIT QUALITY

What is quality in audit?

Performing the audit function in full compliance with the Auditing Standards and other pronouncements of the Institute

Conducting the audit with objectivity and integrity

Maintain a questioning attitude throughout the course of the audit (Skepticism)

Adhering to ethical standards and independence

Performing the audit with competent professional staff

Maintaining quality control standards at the firm level, and regularly monitor its application

Supervising and reviewing work performed by seniors

Consulting on significant matters

Maintaining adequate and appropriate documentation for all the activities carried as part of the audit

Retaining audit documents in accordance with the regulations

​

ACHIEVING AUDIT QUALITY

Standards on Quality Control (SQC) 1,

Quality Control for Firms that Perform Audits & Reviews of Historical Financial Information and other Assurance & Related Services Engagements

Sets the standards for the process of quality control in a professional accountant’s firm

The principles set out in SQC 1 applies to:

• audits and reviews of historical financial information and
• other assurance and other related services engagements

Every professional accountant’s office should develop a set of standard quality control policies and procedures commensurate with the firm’s size, nature and complexity of its practice and appropriate cost/benefit consideration

STANDARDS ON QUALITY CONTROLS

The following are the SIX ELEMENTS of quality control

1. Leadership responsibilities within the Firm
2. Ethical compliance
3. Acceptance & Continuance of client relationships and specific engagements
4. Human resources
5. Engagement performance
6. Monitoring

​

Peer Review conducted by the Institute places importance on whether the firms have developed policies and procedures on quality control and whether they are properly implemented and reviewed periodically

Important!

STANDARDS ON QUALITY CONTROL (SQC) 1

This standard is mandatory from 1 April 2009

This is the mother standard for all other standards, and is the basic standard for all quality control

Every firm or sole proprietorship should have a documented policies and procedures for ensuring quality control which should be based on the SIX elements

SQC must be read and understood in conjunction with the provisions of the Chartered Accountants Act, Code of Ethics and all relevant pronouncements of the Institute and legal and regulatory requirements

​

STANDARDS ON QUALITY CONTROL (SQC) 1

SIX elements of Quality Control

1. Leadership responsibilities

Every firm must have a designated leader who sets and implements internal quality. He may delegate part of his responsibilities

He is responsible for designing, implementing internal quality and ensuring that it operates efficiently

He ensures that fee considerations do not compromise quality of work

He communicates to the firm personnel of the policies and procedures on quality control and emphasis that failure to adhere to them will result in disciplinary action

He evaluates performance and compensates personnel who demonstrates commitment to quality through performance evaluation

​

STANDARDS ON QUALITY CONTROL (SQC) 1

2. Ethical Requirements

The firm must have a Code of Ethics

Its personnel must comply with the relevant ethical requirements contained in the Code of Ethics issued by ICAI, as well as other relevant pronouncements of the Institute

The firm’s personnel must maintain independence, perform all professional responsibilities with integrity and maintain objectivity in discharging professional responsibilities

Perform with integrity – be straight forward, honest

Maintain objectivity – Perform tasks by competent persons without bias; conflict of interest; undue influence by applying systematic and disciplined approach

STANDARDS ON QUALITY CONTROL (SQC) 1

Generally recognized threats to independence are:

• Self Interest threat – Financial interest & Employment relationships
• Self- review threat
• Advocacy threat
• Familiarity threat
• Intimidation test

​

Independence comprise:

1. Independence in mind – a state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgement
2. Independence in appearance – certain actions by the auditor may cause a reasonable and informed third party to conclude that the firm or its partner has compromised its integrity, objectivity or professional judgement

STANDARDS ON QUALITY CONTROL (SQC) 1

Ethical Principles - The code of ethics issued by the ICAI are

1. Integrity - should be straightforward and honest in performing professional services.
2. Objectivity - should be fair and should not allow prejudice or bias, conflict of interest or influence of others to override objectivity.
3. Professional competence and due care - should perform professional services with due care, competence and diligence based on up-to-date developments in practice, legislation and techniques.
4. Confidentiality – should respect the confidentiality of information acquired as a result of professional relationships.
5. Professional behaviour – comply with relevant laws and regulations and avoid any conduct that might discredit the profession.

It includes personal commitment to integrity; always be a desire to ‘get it right’; maintain professional skepticism; stand up to management; a commitment to learning and up dating skills

STANDARDS ON QUALITY CONTROL (SQC) 1

Independence and Ethics

The firm must designate a partner or a senior personnel to ensure that Independence and Ethics policies are strictly implemented and followed

The firm must have a process to evaluate potential independence threats before accepting a new client relationship or continuing a relationship

All professional personnel in the firm should be periodically trained in ethics and independence

The firm must establish communication channels to up date firm personnel on independence and ethics policies and procedures

Must establish a process where personnel can promptly report potential threats to independence or breach of independence

A process where the firm withdraws from an engagement if there is a threat of independence if effective safeguards are not possible

Must obtain independence confirmation from all personnel at least once annually

​

​

STANDARDS ON QUALITY CONTROL (SQC) 1

3. Acceptance & Continuance of Client Relationships

Before accepting a client-relationship or continuing a relationship, the firm should evaluate the client management’s integrity and consider risk associated with providing professional service

The firm should obtain an understanding of the client, their business practices and the reputation of the management

Should communicate with the previous auditor

The firm should evaluate whether the engagement can be completed with professional competence – that the firm has the capabilities, resources, professional competence

Once the firm decides to onboard the client, they should have a written engagement letter describing the scope of work, responsibilities and terms of the engagement

The firm should have policies and procedures on how to exit from an engagement

STANDARDS ON QUALITY CONTROL (SQC) 1

4. Human Resources

The objective is to ensure that the firm has sufficient personnel with capabilities, competence and commitment to ethical principles necessary to perform engagements with professional standards

There must be a policy and procedure on hiring including qualifications and attributes for staff selected at various levels

Responsibilities for each engagement is assigned to a specific partner and must be clearly documented

Firm should assign personnel to engagements based on the knowledge, skills and abilities required for each engagement

Policy and procedure to develop the capability of professional staff

Professional staff must be mandated to participate in CPE programmes

A partner or senior member of the firm should be entrusted with the overall responsibility to manage human resources

STANDARDS ON QUALITY CONTROL (SQC) 1

5. Engagement Performance

The objective is that engagements are performed in accordance with professional standards, regulatory and legal requirements and the reports issued are appropriate

Planning must be conducted at the commencement of an engagement

Planning includes assessment of risk, including fraud risk and documenting conclusions

It includes determining audit strategy, developing work programmes specific to the engagement and determining the staffing requirements according to the nature and complexity of the engagement

Planning is a continuous process…… keep updating as audit progresses

Engagement should be performed, supervised, documented and reported in accordance with professional standards and regulations

​

STANDARDS ON QUALITY CONTROL (SQC) 1

Some of the factors for achieving professional standard include:

• Ensuring compliance with auditing standards such as client acceptance & continuance; planning and risk assessment including fraud risk etc.
• Written audit programs according to which work is performed and monitored.
• Detailed engagement documentation which should describe work carried out, evidence of the extent of testing conducted, results of the tests and conclusions.
• There must be a process in the firm where consultations take place during the course of or conclusion of the engagement on matters arising. Conclusions must be documented
• There must be a review process by senior and experienced personnel

​

​

​

STANDARDS ON QUALITY CONTROL (SQC) 1

SQC should have a provision to appoint a Quality Control Reviewer and should have procedures for review of audit work carried out – mandatory in listed entity audit

A Reviewer must be independent of the audit engagement

Reviewer should review the working paper and financial statements and consider the conclusions reached by the engagement team

There must be a process whereby differences of opinion are discussed, resolved and documented

Engagement documentation and related files must be completed and wrapped up on a timely basis

Maintain confidentiality, safe custody, accessibility and retrievability of engagement files

Retention of engagement files – 7 years

Development of professional staff – continuing professional education

STANDARDS ON QUALITY CONTROL (SQC) 1

6. Monitoring

Firm should have a policy to monitor its quality control process

Policy on action to be taken on any deviation observed

Policy should laydown the extent of documentation to be retained to evidence the operation of SQC at all times and on all engagements

A Quality Control Check list to have a standard review of compliance by the firm

Policy to have, at a minimum, an annual review of compliance with SQC

A process must be in place to identify deficiencies and take remedial action

​

To conclude……………………..

STANDARDS ON QUALITY CONTROL (SQC) 1

Conclusion

Standards on Quality (SQC 1) is mandatory, irrespective of the size

Every firm must develop a set of policies designed to establish a system of quality control of the firm, and procedures to implement and monitor compliance.

The aim is to mandate and ensure that the firm and its personnel comply with the professional standards

The firm, therefore, must document its policies and procedures for establishing overall quality of the firm

To start with, your SQC document need not be very lengthy. As you start preparing, you will be able to find gaps in your quality control process and can bridge those

At least once annually review and ensure that the policies and procedures are complied with

A MUST document to be produced during peer review. Of late, all regulators focus on compliance with SQC by the firm

Institute has published a set of illustrative SQC policies and procedures which firms can adopt or modify and adopt according to their size and circumstances

​

​

STANDARDS ON AUDITING

General Principles and Responsibilities

​

STANDARDS ON AUDITING

Planning; Risk Assessment and Response to Assessed Risks

SA 300 -450

STANDARDS ON AUDITING

STANDARDS ON AUDITING

​

​

​

Risk based Audit

(SAs 315 & 330)

RISK BASED AUDIT

What are the Standards on Auditing (SAs) dealing with this topic?

• Planning an Audit of Financial Statements (SA 300)
• Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment (SA 315)
• Materiality in Planning and Performing and Audit (SA 320)
• Auditor’s Response to Assessed Risk (SA 330)

RISK BASED AUDIT

​

What is the inherent risk in our audit profession?

Material misstatement in a financial statement on which we issue an unqualified opinion

This is termed as ‘Audit Risk’

Misstatement can arise from fraud or error which could individually Or in aggregate, influence the economic decisions of the users of the financial statements

So the duty of the auditor is to keep the Audit Risk at a low level, whereby the possibility of material misstatement of the financial statements is also brought to a low level

​

RISK BASED AUDIT

How could financial statements presented to us for audit be misstated?

• Due to the nature of the entity’s business or the low integrity of the management/staff, the entity’s transactions and balances have an inherent risk of material misstatement
• Primarily, the entity will put in place controls to mitigate the risks.
• However, all inherent risks by nature may not be completely prevented through controls. Controls are managed by client.
• The misstatements that could not be prevented due to the weakness of controls are called Control Risks
• Control risk is caused by the absence of controls or the ineffectiveness of a control put in place by management
• If a risk cannot be prevented by the controls put in place by management, the next possibility to preventing the misstatement is through audit tests conducted by the auditor. (detection tests)
• But it may be possible that all misstatements are not detected.
• This risk of not detecting the misstatement through audit procedures is called ‘detection risk’

​

​

RISK BASED AUDIT

Inherent risks may be at the entity level or at transaction/ balances level

Factors affecting the Inherent risk at the entity level

• Integrity of management
• Experience of management
• Unusual pressure on management
• Nature of entity’s business
• Economic/ political conditions affecting the business and the industry

To assess this risk, we evaluate the Control Environment of the client

​

​

​

​

​

​

​

​

RISK BASED AUDIT

Factors affecting the Inherent risk at the account balance and class of transaction levels

• Complexity of the underlying transactions
• Degree of judgment in determining account balances
• Susceptibility of assets to misappropriation
• Large volumes of transaction or transactions with high value
• High dependence on computer systems
• Incapability of the accounting system to handle the transactions
• Related party transactions

To assess this risk we need to Understand the Key Business Processes and related transactions of the client

​

​

​

​

​

​

​

​

​

​

RISK BASED AUDIT

The Risk of Material Misstatement is a combination of:

• Inherent risk – due to the nature of the business
• Control risk – due to the entity’s failure to implement internal control procedures to prevent misstatements from occurring
• Detection risk – the auditor’s failure to detect the misstatement through audit procedures

The first two relates to the entity and its management

The third one, namely detection risk, is to be handled by the auditor

First two relate to entity and its management

RISK BASED AUDIT

Therefore, the primary function of the auditor is to:

• assess the risk of material misstatement, and
• design audit procedures to prevent or limit those risk to a lower level

​

Risk has to be assessed at

• Financial statement level (risk that is pervasive as a whole)
• Class of transactions level (risk specific to assertions)
• Account balances level (risk specific to assertions)

for assertions made by management – recognition, measurement, presentation and disclosure of information in the financial statements

(SA 315. para 25)

RISK BASED AUDIT�

Identification of Risk

The risk shall be identified by an understanding of the entity and its environment (SA 315*):

• The entity and its owners;
• The industry in which it operates;
• Its management and organization structure;
• Its business operations and processes, including IT;
• The key regulations affecting the entity, etc.
• The risk assessment process of the entity

​

*The Standards on Auditing (SA 315): Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.

​

​

Document

RISK BASED AUDIT

This understanding should be further drilled down to:

• Appropriateness of Accounting policies and procedures
• Understanding of the IT systems and financial statement preparation
• Transactions – such as cash transactions, sales, production process, inventory acquisition and consumption, employee compensation, custody or assets (information must be gathered for all material transactions)
• Account balances – how existence of assets are ensured, how assets are valued (eg: trade receivables, investments), how rights over assets are assured, the process to capture liabilities and claims etc.
• Disclosures – how relevant data for disclosure in the financial statements are gathered and verified for completion and accuracy

Document

RISK BASED AUDIT

Identification of Risk

The understanding gained will enable the auditor to identify the risk of material misstatement (and its intensity) at

• the entity level (financial statements level),
• class of transactions level and disclosures level

– for every relevant assertion

This is easier by asking ourselves: “What could go wrong?”

The understanding gained will also help the auditor to assess the level of internal controls that the entity has at financial statements level, transaction level, account balances level and disclosure level

The identification of risks and understanding of relevant controls will enable the auditor to decide on the magnitude of possible misstatements. The better the controls, the lower the RoMM

The auditor can now move to designing audit procedures to respond to assessed risk of material misstatements (SA 330)

​

RISK BASED AUDIT

Before we move to responding to assessed risks, lets be clear about assertions.

When Management prepares the financial statements, it is implied that they assert the on the recognition, measurement, presentation and disclosure of various elements in the financial statements. These assertions are further broken down to:

1. Assertions about classes of transactions
1. Occurrence – The recorded transactions and events have actually occurred
2. Completeness – All transactions and events that should have been recorded have been recorded
3. Accuracy – Amounts and other data that have been recorded are accurately/appropriately recorded
4. Cut-off – Transactions and events have been recorded in the correct period
5. Classification – Transaction and events have been recorded in the proper accounts

​

RISK BASED AUDIT

2. Assertions about Account balances

1. Existence – That assets, liabilities, equity exists
2. Rights / Obligations – That the entity has the right over the assets and liabilities are the actual obligations
3. Completeness - All assets, liabilities and equity that should have been recorded have been recorded
4. Valuation – All assets, liabilities and equity are recorded at appropriate amounts

​

3. Assertions about Presentation and Disclosures

1. Occurrence and Rights/Obligations – The disclosed events and transactions have occurred and pertain to the entity
2. Completeness – All disclosures that should have been included have been included
3. Classification and understandability – Financial information is appropriately presented and described
4. Accuracy and valuation – Financial and other information disclosed fairly and for appropriate amounts

​

RISK BASED AUDIT

Responding to the assessed risk of material misstatement (SA 330)

Design of audit procedures

1. Assessing relevant controls

Where the auditor considers that the entity has relevant controls to mitigate the risk, and has therefore assessed the Risk of Material Misstatement (RoMM) at a lower level, he has to carry out control tests to ensure that the controls are effective and are in operation.

If control evaluation gives assurance that controls are effective to mitigate the risk, and that they are in operation, then it means that the Control Risk is low.

A low control risk means, substantial part of audit risk has been mitigated and hence detection risk is also brought to a lower level. Hence, he can afford to do reduce the extent of detection tests that has to be performed.

See the diagram in the next slide

Document

RISK BASED AUDIT

​

​

​

​

Audit

Risk

Tested - Effective controls in operation

Detection

tests

Effective controls in operation

Detection

tests

Client 1

Client 2

Detection Risk

Control Risk

Inherent Risk

RISK BASED AUDIT

2. Designing detection tests (substantive tests)

(a) Tests of Detail

(b) Analytical Reviews

3. Decide on the nature, extent and timing of tests to be performed

​

To sum up:

• Understand the entity
• Understand the key business processes
• Identify the risk at the financial statement level – pervasive risks
• Identify the risks in each key process– by assertion
• Understand the related controls of the identified risks
• Conclude on the level of Risk of Material Misstatement (RoMM)
• Test controls if RoMM is assessed by relying on controls
• Conclude on the existence and effectiveness of controls
• Design audit procedures and the nature, timing and extent of tests
• Conclude on the result of audit procedures
• Draft appropriate audit report

�

AUDIT INITIATION

PROCESS AUDIT

AUDIT COMPLETION

A STRUCTURED AUDIT APPROACH

Knowing the client

Review Organisation Structure

Understand the business

Understand Information systems

Risks Identification

Risks Assessment

Transactions Audit

Audit of final balances

Clearance of Draft Financials

Business Risks

Operational Risks

Information Systems Risks

Identify key business processes

Obtain policies and procedures

Identify & assess control effectiveness

Determine level of substantive tests

Perform test of transactions

Test of balances

Discussion with client

THE CLIENT, ITS BUSINESS, PROCESSES, CONTROLS AND SYSTEMS ARE THE FOCUS

SUBSTANTIVE AUDIT

PLANNING

EXECUTION

COMPLETION

Test controls

Risk based Audit Approach

Year-end work

Issue of Audit Report

PLANNING & AUDIT STRATEGY

When should the planning for an audit start?

• Planning should start at the beginning of the current year audit, by performing the following:
• Client acceptance/continuance evaluation(SA 220)
• Compliance of ethical requirements and independence of the team
• Agree the terms of the engagement (SA 210)
• The auditor should develop an overall audit strategy. The audit strategy document shall contain the following:

​

• The characteristic of the engagement
• Financial reporting framework
• Industry specific reporting requirements, if any
• Availability of or planned use of the work of internal auditors
• Planned use of auditor’s expert
• How to address an entity’s use of service organization
• Use of audit evidence obtained in previous years
• The impact of IT systems of the client on the audit
• Overall timing of the audit and deadlines for issue of report

​

​

PLANNING & AUDIT STRATEGY

• Reporting objectives, Timing of the audit and nature of communications

Time table for reporting

• Frequency of meeting with senior management and TCWG
• Management’s and TCWG’s expectation of type of reports and communication with them
• Communications within the engagement team
• Determination of materiality
• Preliminary identification of areas where RoMM is expected to be high
• Selection and allocation of engagement team
• Time budget
• Plan for review of the work of engagement team
• RoMMs identified and the plans to address them – extent of control tests and substantive tests
• Detailed audit plan for each audit area (audit programmes) – developed as the audit progresses
• Significant risks identified and plan to address them

Don’t forget –

Planning is a continuous process

ACHIEVING AUDIT QUALITY

​

​

​

Audit Documentation

AUDIT DOCUMENTATION

​

​

Audit Documentation is a record of:

• The audit procedures performed, 
• The relevant audit evidence obtained, and
• The conclusions the auditor reached

​

AUDIT DOCUMENTATION

Audit Documentation

An essential part of audit

SA 230 deals with Audit Documentation, but this is only with regard to engagements

SQC 1 deals with documentation requirement on the entire functions of a firm

If there is no documentation, then it is presumed that there is no work done

There is more and more focus of regulators on the quality of documentation

Majority of adverse comments from regulators is on the quality and extent of documentation

AUDIT DOCUMENTATION

Why is audit documentation so important?

• Compliance with standards
• Guidance for audit team to perform their work – planning document
• Leaves a record of and evidence of work performed
• Creates accountability
• Assists in supervision and review of the work
• Highlights significant matters arising from audit
• Evidence for conclusions made on the audit
• Assists in quality control reviews and in external inspection
• Provides transparency
• Auditor’s best defense that he planned and executed the audit professionally

AUDIT DOCUMENTATION

Factors determining the form and content of documentation

Not all audit engagements should have the same level of documentation. It depends on:

• Size of the firm
• Nature and complexity of the engagement
• Specific documentation requirements under regulations, if any
• Internal controls of the client
• Extent of records maintained by the client and their archiving

​

AUDIT DOCUMENTATION

Stages of documentation – what to document?

• Client onboarding – acceptance/continuance
• Understanding the entity
• Planning & Audit Strategy
• Risk assessment, including fraud risk and conclusion on RoMM
• Response to assessed risk
• Audit programs
• Work performed, reference to samples tested, results and conclusions
• Team discussions
• Consultations, how differences of opinion are resolved
• Partner review notes, quality control reviews and conclusions
• Overall conclusions on audit (Summary Memo)
• Minutes of important meetings with client
• Communication with TCWG
• Letter of representation

​

AUDIT DOCUMENTATION

Key essentials of documentation

• Name of the client
• Period covered by the audit
• Subject matter/area of audit covered by the work paper
• Details of work performed, with reference to the audit program
• Reference to samples tested, findings and conclusions made
• Lead schedules, tied to the financial statement
• Name/initial of person who performed the work
• Name/initial of the person who reviewed the work, including partner and quality reviewer
• Final conclusions signed off by audit partner and engagement reviewer

​

​

�DOCUMENTATION REQUIREMENT UNDER SQC 1�

Standards on Quality Controls (SQC 1)

• This applies firmwide for all types of engagements
• Requires the firm to have a policy and procedure on documentation, its archival, retention and retrieval
• Substantial part of the documentation, particularly those on which the auditor relies for making conclusions, should be completed and signed off before the report date
• Engagement file should be assembled and archived within a reasonable time – generally 60 days
• Electronic assembly of audit files is encouraged by the Institute
• Confidentiality and Safe custody of audit files and retrievability of those files

​

​

AUDIT DOCUMENTATION

Audit documentation at various stages of the audit engagement

1. Pre-audit stage
• Understanding of the client, its management and their integrity
• Confirmation of independence of the auditor and his team
• Conclusion on the capability of the firm to perform the engagement
• Appointment letter
• Engagement letter
• Correspondence with the previous auditor
• Understanding of the joint auditor (in case of joint audits)
• Agreement on sharing responsibilities with the other auditor

​

​

AUDIT DOCUMENTATION

2. Planning stage

• Understanding of the entity and its environment
• Understanding of the applicable laws and regulations
• Preliminary analytical review
• Determination of materiality
• Understanding of the accounting systems and procedures
• Assessment of the audit risks
• Assessment of the internal controls
• Conclusion on the risks of misstatement
• Decisions on resource allocation
• Audit strategy and audit plan
• A description of the nature, timing and extent of planned audit procedures at the financial statement level, assertion level and disclosure level

​

​

Planning is a continuous process

AUDIT DOCUMENTATION

3. Execution stage

• Analytical review
• Details of work carried out based on audit program. Should include:
• Description of work done on each of the programs
• Samples covered – how designed and selected
• Results of work done, and
• Conclusion
• Changes if any made to audit strategy and the reasons thereof
• Confirmations
• Use of auditor’s expert and conclusions on their work
• Use of internal auditors and conclusions on their work
• Group audit – detailed documentation
• Consolidation procedures
• Going concern issues
• Key Audit Matter (where applicable)

​

AUDIT DOCUMENTATION

4. Conclusion stage

• Analytical review
• Evaluation of mis-statements
• Consultations and conclusions
• Engagement Partner’s conclusions
• Quality Review Partner’s conclusions
• Conclusions on going concern
• Basis of forming the audit report – emphasis of matter/modified opinion
• Management representation letter
• Communication with those charged with governance
• Managementletter
• File Archival details

​

​

​

AUDIT DOCUMENTATION

General rules of documentation

• Clear and Understandable
• Complete and Accurate
• Relevance
• Self speaking – story of the engagement
• Cross references
• Initials and date
• Conclusions

​

FRAMEWORK OF ASSURANCE ENGAGEMENTS

Assurance engagement is an engagement in which the practitioner expresses a conclusion designed to enhance the degree of confidence on the subject matter (eg: financial statement)

Scope of the framework

• Generally covers all assurance engagements under SA, SRE, SAEs.
• Engagements under Standards on Related Services (SRS) are not assurance engagements since no assurance is given on the subject matter of the report. Eg: Preparation of tax returns
• While issuing a report on a non-assurance engagement, the practitioner should clearly indicate that his report does not give any assurance

​

FRAMEWORK OF ASSURANCE ENGAGEMENTS

Elements of Assurance Framework

1. Engagement Acceptance
2. Three party relationship – a practitioner, responsible party, intended users
3. An appropriate subject matter
4. Suitable criteria – benchmark used to evaluate the subject matter
5. Materiality
6. Sufficient appropriate evidence –
• Nature, Timing and Extent of evidence gathering;
• Professional skepticism – critical assessment with a questioning mind
7. Written assurance report
1. Reasonable assurance – conclusion in a positive form (audit report)
2. Limited assurance – conclusion in a negative form (review report)

FRAMEWORK OF ASSURANCE ENGAGEMENTS

Skepticism

It is a key attribute that every audit personnel should have

• Having a questioning mind all through the engagement
• Challenging management assertions
• Should have a curious mind and persistence
• Devoting sufficient time to follow up on leads
• Mind set to challenge people in senior positions
• Sufficient skill and knowledge

​

PEER REVIEW

Peer Review Process

• Selection of Practice Unit (PU)
• Intimation to PU
• Choice of Peer Reviewer by PU
• Intimation and selection of peer reviewer
• Questionnaire and list of clientele
• Selection of sample
• Site visit
• Review of General Controls
• Final selection of sample
• Review of records
• Preliminary report to PU
• PU’s response thereof to the Reviewer
• Interim/Final Report
• Issue of Certificate

AUDIT QUALITY MATURITY MODEL

AQMM covers audit quality at

• Engagement level - compliance with standards, laws and regulations, documentation and reporting etc
• Firm level – firm leadership, tone at the top, quality control systems, dependence on electronic systems, staff quality etc

Evaluation is based on a set of questionnaire that focuses on:

1. Practice Management - Operational quality
2. Human Resources
3. Practice Management – strategic / functional

In operational quality, points are awarded based on the maturity of firms in use of practice manuals, audit programs, adoption of technology, standard forms for engagement letter, letters of representation, letters of confirmations, quality control etc

In Human resources, points are awarded based on resource planning, policy on staff recruitment, performance evaluation, promotion and rewards, training of personnel

Practice management - Strategic and functional: mainly covers infrastructure, physical and others

​

​

​

​

ACHIEVING AUDIT QUALITY

​

​

​

Thank you very much

SUBSCRIBE TO