Quality control

By Jacqui M. Bridel & Donald E. Jeffreys

The commitment to enhance the quality of assurance engagements is evident in the new standards

Humans Thanks to recent corporate collapses, confidence in auditors has been shaken and questions have been raised about audit quality and the ability to rely on audits. This has led to initiatives to improve audit quality, including the profession’s new independence rules and the establishment of the Canadian Public Accountability Board (CPAB) for oversight of those who audit the financial statements of public companies. In August 2004, the Auditing and Assurance Standards Board (AASB) also took action by issuing two new standards on quality control relating to audits and other assurance engagements.

SPECIFIC REQUIREMENTS A firm’s system of quality control should be designed to provide it with reasonable assurance that: it and its personnel maintain independence in all required circumstances, and that it is notified of breaches of independence requirements; it identifies and assesses the potential sources of risks associated with a client relationship or a specific assurance engagement; it has sufficient personnel with the competencies and commitment to ethical principles necessary to perform its assurance engagements, and that a team assigned to an engagement collectively possesses the competencies necessary to complete the engagement; appropriate consultation takes place on difficult or contentious matters, that sufficient resources are available to enable this to happen, and that differences of opinion are dealt with and resolved; the system of quality control is relevant, operating effectively and complied with in practice (monitoring), and that deficiencies noted as a result of the monitoring process are evaluated appropriately; and it deals appropriately with complaints and allegations that its work fails to comply with professional standards and regulatory and legal requirements.

The first of these standards — General Standards of Quality Control for Firms Performing Assurance Engagements (firm standard) — addresses the public accounting firm’s responsibility for establishing a system of quality control. The second — Quality Control Procedures for Assurance Engagements, CICA Handbook — Assurance Section 5030 (engagement standard) — addresses the practitioner’s responsibilities in the performance of an individual assurance engagement. A broad overview of the content of the new standards, responses to the November 2003 AASB exposure draft and plans for implementation guidance are provided here.

The new standards are applicable to assurance engagements, as these are defined in Standards for Assurance Engagements, CICA Handbook — Assurance Section 5025, and the effective date is December 1, 2005. The firm standard is to be in place on that date and the engagement standard applies to assurance engagements concerning financial statements and reports for periods commencing on or after that date. Note that CPAB requires its participating firms to implement the new standards as of January 1, 2005.

There are two separate standards because quality control needs to be dealt with at two levels: the firm level and the engagement level. The publication of a standard directed at a firm’s responsibility is a first for the AASB and it requires that a firm performing assurance engagements establish an effective system of quality control. The firm standard, which forms part of generally accepted standards of practice for the profession, has been published in the Handbook but outside assurance standards.

On the other hand, the engagement standard, which has been published as part of the assurance standards, deals with quality control procedures that should be performed by the assurance team, led by a practitioner (partner of a firm), on individual assurance engagements. This engagement standard recognizes that it is possible for a practitioner to have complied with assurance standards for an individual engagement even if there is a deficiency in the firm’s system of quality control. For example, the firm may not have properly documented its policies and procedures related to resolution of differences of opin-ion, and therefore would not be in com-pliance with the firm standards. However, if a difference of opinion arose regarding an engagement and was dealt with appropriately by the practitioner, the individual engagement would be in compliance with the requirements of the engagement standard.

Key features of the standards
The firm standard establishes a framework and provides guidance on the quality control policies and procedures applicable to such engagements (collectively, “the system of quality control”) that a firm performing assurance engagements should establish to provide the firm with reasonable assurance that it and its personnel comply with professional standards and legal and regulatory requirements, and that reports issued by the firm are appropriate in the circumstances. Individual Recommendation paragraphs set out a number of specific requirements.

There are two other important features to note. The new standard stresses the importance of a firm’s culture and leadership in establishing recognition that quality is essential in performing all assurance engagements. It requires that the firm establish policies and procedures to promote such a culture and that the firm’s chief executive officer (or an equivalent person or group) assume ultimate responsibility for its system of quality control. The standard also introduces a requirement for the performance of an engagement quality control review (sometimes in the past described as a second or concurring partner review), for all audit engagements to report on the financial statements of a public enterprise. In addition, the firm is to establish criteria for considering the need for a review for other assurance engagements. Guidance is provided in the standard on the nature, extent and timing of the review.

The engagement standard focuses on what the practitioner and other members of the assurance engagement team are expected to do on an individual assurance engagement. It includes specific requirements addressing the following matters:

• the quality of the work performed and the promotion of a quality-oriented culture;
• the compliance of the assurance team with applicable ethical requirements, including the independence rules;
• determining that the assurance team, collectively, has the competencies, resources and time necessary to complete the engagement; and
• various aspects of engagement performance (for example, planning, supervision and review; consultation; resolving differences of opinion; and ensuring that an engagement quality control review is performed when required).

The exposure draft
The November 2003 exposure draft (which included both the firm and engagement standards) drew a significant number of responses. Comments were received from approximately 60 groups and individuals, many of them practitioners in small and mid-size firms. Members of the AASB’s Quality Control Task Force reviewed the responses and held consultation sessions with practitioners in several provinces to discuss the implications of the proposals for smaller practices. The AASB (assisted by the task force) reviewed a detailed analysis of all comments and considered these carefully, analyzed the final international standards and, as a result, made a number of changes or clarifications to the exposure draft.

Generally, exposure draft respondents agreed with the importance of performing high quality assurance engagements and the need to be able to demonstrate that their work meets such a standard. Some of the more significant issues raised by respondents are set out below.

A number of respondents felt that the Canadian standards should, to the extent possible, be the same as the new standards issued by the International Auditing and Assurance Standards Board (IAASB) early in 2004. The AASB agreed this was essential and based the new standards substantially on the new IAASB standards that are being adopted in many countries, including the UK and Australia. As a result, practice in Canada will be consistent with that of other countries. Also, several respondents noted consistency of practice with the US is particularly relevant for some Canadian practitioners. The AASB acknowledged this and concluded that the new Canadian standards do not conflict with existing US professional standards.

Many respondents noted the new quality control standards are related to the rules of professional conduct dealing with independence recently implemented in Canada. They urged the AASB to ensure that the quality control standards do not conflict with the independence rules nor impose additional requirements, and the AASB responded with changes to the exposure draft to achieve this objective.

A number of respondents also expressed concern about the duplication of material between the two standards. The firm standard is a stand-alone document and is published outside assurance standards. Duplication is necessary because the engagement standard must deal with similar topics, albeit at a different level, to ensure that guidance directly related to individual engagements is included in assurance standards.

Some respondents, particularly sole practitioners, expressed concern about the requirement for performing an engagement quality control review, citing their inability to perform such a review and the cost of doing so. After further discussion of this matter in response to these concerns, the AASB concluded the proposals in the exposure draft were necessary and appropriate. The AASB believes, however, that the implementation guidance planned will assist practitioners greatly in establishing the criteria for determining when it is necessary to perform such reviews.

Many respondents in smaller practices expressed concern about their ability to implement all aspects of the new standards effectively and efficiently by January 1, 2005, the date proposed in the exposure draft. For example, they said preparing the formal documentation required by the proposals would be time consuming and costly, and stated it was essential help be provided in adapting the requirements to smaller practices of various sizes. Specifically, they suggested it would be helpful to provide examples of policies and procedures that would be practical for their size of practice. They also suggested practice guidance be developed concerning, for example, the use of external consultants, particularly with respect to confidentiality and the qualifications of such people.

The AASB recognizes that implementation of the new standards may have a significant effect on many firms and has taken several steps to assist practitioners. First, the effective date was deferred to December 1, 2005 to allow time for practitioners to prepare for implementation. Secondly, the CICA expects to publish a new Quality Control Manual by the end of 2004. It is based largely on material developed by the Greater Vancouver Mid-Size CA Firms Forum to address the needs of mid-size firms; however, material will be added to address issues specific to smaller firms and sole practitioners, such as the areas of concern noted above. The manual, which will complement the Practice Engagement Manual, will contain detailed guidance, forms, templates and checklists that practitioners can readily adapt to their own circumstances.

Conclusion
Significant effort has been made in the profession to restore investor and public confidence in audits. The new standards should enable the profession to demonstrate it is committed to a uniformly high quality of work and has the processes in place to make this happen. However, this is only a first step. Continuing efforts will be needed by the profession to ensure effective implementation of these standards.