This document provides an overview of the IAASB's project to revise ISQC 1 and ISA 220 related to quality management at the firm and engagement level. The key changes proposed include:
1. Adopting a risk-based and scalable quality management approach that is more proactive and tailored to firms' circumstances.
2. Enhancing requirements around governance, leadership responsibilities, communication, and documentation.
3. Requiring firms to establish quality objectives, identify and assess quality risks, and design and implement responses through a new quality management process.
4. Strengthening monitoring and remediation with a focus on root causes and effectiveness of remedial actions.
5.
3. Project Overview
Page 3
Feedback and concerns identified, i.e.:
• Findings from ISA Implementation project
• Outreach with regulators and audit oversight bodies
• Respondent comments on public consultation on work plan
• Public consultation: Invitation to Comment (ITC) issued December 2015 (addressing
professional skepticism, quality control and group audits)
Exploratory
Phase
Project
proposal
Project proposal to amend ISQC 1 and ISA 220 approved by IAASB December
2016 (also included ISA 600 (group audits))
Exposure
draft
Final
standard
Exposure draft of ISQC 1, ISQC 2* and ISA 220 currently being
developed, based on issues identified. Anticipated September 2018
* ISQC 2 is a proposed new standard addressing engagement quality control reviews
Final standards anticipated 2019, with effective dates yet to
be considered
4. What this Project Aims to Address
• Keeping ISQC 1 and ISA 220 fit for purpose
– More complex and varying environments
• Encouraging proactive quality management at the firm and
engagement level
– Improving recognition of external stakeholders, to improve the firm’s
recognition of its public interest role
• Enhancing firms’ internal and external monitoring and remediation
activities
• Reinforcing the need for robust two-way communication
• Improving transparency and encouraging effective communication
with external stakeholders
Page 4
5. Issues that are being Considered
• Scalability for small and medium practices (SMPs)
• Firm governance and responsibility and accountability of firm leadership
for quality
• Transparency reporting
• Monitoring and remediation - understanding causes of deficiencies and
addressing all information sources (e.g., external inspections)
• “Reliance” on networks, including accessibility issues and findings related
to the network level
• Alternative delivery models (ADMs) (e.g., shared service centers,
centers of excellence, on-shoring, offshoring, outsourcing)
• Engagement quality control (EQC) reviews – scope of engagements,
eligibility of the EQC reviewer, performance of the review, documentation
Page 5
6. Issues that are being Considered
• Responsibilities of the engagement partner
• Engagement partner remuneration and link to quality
• Competency of the engagement team
• Others involved in the audit (e.g., component auditors, experts, other
auditors)
*Note – certain of the above issues relate to quality management at the engagement level (ISA 220)
Page 6
8. Quality Management Approach
Page 8
Quality management
approach
Modernized, fresh approach to
firms’ management of quality:
• Risk-based and scalable
• Effective
• Proactive and preventative
• Tailored for the firm’s
circumstances
9. 1. Governance and leadership, organization, culture and strategy
2. Information, communication and documentation
3. Quality management process (QMP)
ISQC 1: The New Structure
Page 9
3 Components
Quality objectives, risks and responses common
to all firms. Firms still need to:
• Establish more granular quality objectives
• Identify and assess more granular quality
risks or additional quality risks
• Design and implement additional responses
Requirements for firms to:
• Establish quality objectives
• Identify and assess quality risks
• Design and implement responses to
quality risks
• Monitor and remediate
Quality management process
Prescribed quality objectives, risks and
responses
11. Introduction of Requirements related to Governance Principles
• New requirement for firm to establish governance principles and
implement them through actions
– Establishes the “environment” for the system of quality management
– Actions may arise through other aspects of the system of quality management,
e.g., communication, responses to quality risks
• Standard includes 4 governance principles applicable to all firms, scalable
for the firm’s circumstances. Principles focused on:
– Culture that promotes professional and ethical values, that extends throughout
the firm (tone in the middle)
– Organization of the firm to support the system of quality management
– Effective leadership with responsibility and accountability
– Consideration of external stakeholders on matters related to quality
Page 11
12. Enhancements to Leadership’s Responsibilities
• Various enhancements to the responsibility of firm leadership, including:
– Focus on accountability of firm leadership
– Emphasis on quality overall, rather than the system of quality management
– Clarifying leadership’s role in implementing the governance principles, including
ensuring that the firm’s strategy aligns with the firm’s culture and supports
quality
– More focus on the establishment and allocation of resources – includes all
resources (technological, financial, intellectual, human)
– Consideration of the “attributes” of firm leadership, i.e., sufficient and appropriate
experience, knowledge and capacity
– Assigning operational responsibility for independence to an individual within
leadership
• Addressing performance evaluations of leadership and those operationally
responsible for the system of quality management
Page 12
15. Enhancing Two-Way Communication and Addressing Information Needs
Page 15
Engagement teams
and others involved
in the engagement
Firm
Personnel performing
functions related to
SOQM
External parties
External parties
16. Enhancing Two-Way Communication and Addressing Information Needs
• Explicit requirement to consider the firm’s information needs to support
functioning of the firm’s system of quality management
– Recognizes all parties within the firm, including engagement teams and firm
leadership
• Encouraging two-way communication and recognition that all
individuals have a responsibility
• Consideration of what information needs to be exchanged with parties
external to the firm
– Includes network and other firms within the network
– Transparency reporting still to be further explored
Page 16
17. Clarifying Documentation Expectations
• Clarification of documentation expectations, while retaining flexibility
• 2 “layers” of requirements:
– Overarching, outcome-based requirement to reflect “objective” of
documentation and to address both the “design” and “operation” of the system
• Consistent and appropriate understanding and application of the firm’s system of quality
management (i.e., design),
• Evidence of the operation of the system of quality management to support the firm’s
evaluation of its system of quality management (i.e., operation)
– Specific documentation requirement related to certain components, that
support overarching requirement, and consistent application
Page 17
19. Quality Management Process
Page 19
Establish objectives
Identify and assess
quality risks
Design and implement
responses
Monitor and remediate
20. Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances
Page 20
Establish
quality
objectives
• Prescribed quality objectives reflecting the
“elements” of extant ISQC 1 (excl. leadership and
monitoring)
• Firm establishes more granular or additional
quality objectives
Identify and
assess quality
risks
• Prescribed quality risks include most of the
requirements of extant ISQC 1 (some extant
requirements prescribed responses – see below)
• Firm establishes more granular or additional
quality objectives
Design and implement
responses
• Prescribed responses (not extensive, and
includes EQC reviews)
• Firm designs additional responses - highly tailored
for the firm
Extent of
customization
21. Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances
Page 21
QO A QO B QO C QO D
QO A.2QO A.1 QO C.2QO C.1
• Prescribed quality
objectives relevant to
all firms
• Firm considers whether more
granular or additional quality
objectives are necessary to support
the identification of quality risks
– Based on firm’s circumstances and
nature of engagements
– Prescribed quality objectives at a
more granular level
Establish
quality
objectives
NOTE: How a firm designs the quality objectives, quality
risks and response may vary, e.g., a firm may have quality
objectives for engagement types or types of entity for
whom engagements are performed (e.g., listed)
22. Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances
Page 22
Establish
quality
objectives
QO A QO B QO C QO D
QO A.2QO A.1 QO C.2QO C.1
Identify and
assess quality
risks
QR A QR B QR C QR D QR E …Etc.
QR B.1 QR B.2 QR D.1 QR D.2 QR YQR X
• Prescribed quality risks
relevant to all firms
• Quality risks identified by the
firm, which may be:
– More granular than the
prescribed quality risks; or
– Additional to the prescribed
quality risks
23. Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances
Page 23
Establish
quality
objectives
QO A QO B QO C QO D
QO A.2QO A.1 QO C.2QO C.1
Identify and
assess quality
risks
QR A QR B QR C QR D QR E …Etc.
QR B.1 QR B.2 QR D.1 QR D.2 QR YQR X
Design and
implement
responses
EQCR Resp. A
Resp. B Resp. C Resp. D Resp. E Resp. F Resp. G …Etc.
…Etc.
…Etc.
24. How is this Different from Extant ISQC 1?
• Extant ISQC 1:
– Focused on policies and procedures
– Perceived as “checklist-based” and “one size fits all” and may not address
risks to quality
– Minimal emphasis on the circumstances of the firm in designing the system of
quality management
• Proposed revisions to ISQC 1:
– Risk-based approach – more thought-provoking and tailored
– Responses are likely to be more effective and efficient use of firm resources
– Proactive approach to managing quality that may prevent quality failures
Page 24
25. Example of Quality Objective, Quality Risk under New Approach
Prescribed quality objective
The firm accepts and continues client relationships
and specific engagements for which the firm
is…satisfied with the integrity and ethical values of
management, and, when appropriate, those charged
with governance
Prescribed quality risk
The firm accepts or continues a client relationship or
specific engagement, in circumstances when
management, and, when appropriate, those charged
with governance, lack integrity and ethical values,
including as a result of a failure to obtain or generate
and communicate information to support the firm’s
consideration of the integrity and ethical values.
Page 25
Extant:
The firm shall establish
policies and procedures for
the acceptance and
continuance of client
relationships and specific
engagements, designed to
provide…reasonable
assurance…undertake…
engagements where the
firm…has considered the
integrity of the client, and
does not have information
that would lead it to
conclude that the client
lacks integrity
Firm may identify more
granular or additional
quality objective
Firm may identify
additional or more
granular quality risks
Firm determines the
response
27. Enhancing Monitoring and Remediation
Page 27
• Overall linkage with various aspects of the system of quality management
• More emphasis on monitoring the system as a whole
– Engagement inspections retained
• Increased focus on tailoring the scope and frequency of monitoring
activities to the circumstances of the firm
• Enhancements to who is eligible to perform monitoring activities
• Increased “scope” of information sources for identifying deficiencies
• Requirement to investigate root cause of deficiencies and evaluate
effect
• Remedial actions taken by the firm appropriate to the circumstances
(less prescriptive than extant ISQC 1)
• Requirement to monitor effectiveness of remedial actions
29. Strengthening and Clarifying the EQC Review
• New separate standard addressing EQC reviews
• Enhanced requirements and application material in
relation to:
– Scope of engagements subject to an EQC review
– Eligibility of an individual to be appointed as an EQC
reviewer, including objectivity, authority, technical
competence and experience
– Appointment of the EQC reviewer
– Performance of the EQC review, including clarification of
appropriate timing of the review and strengthening the
nature and extent of the review
– Documentation related to, and of, the EQC review
Page 29
ISQC 1 (Revised)
Requirement on the
selection of
engagements for EQC
review
ISQC 2 (New)
All other requirements
in relation to EQC
reviews, including
responsibilities of the
firm and the EQC
reviewer
31. Consideration of Networks at the Firm and Engagement Level
Page 31
Network
Level
Firm
Level
Engagement
Level
Component
Auditors and
Others
Involved in the
Engagement
32. Consideration of Networks and ADMs at the Firm Level
• Flexible approach to accommodate variety of circumstances
• Definition of a network or network firm to remain the same as extant
(consistent with IESBA definition)
• No requirements for the networks themselves
• Strengthened requirements and/or application material in relation to firm
– Proactive two-way communication on a timely basis and as needed
• Clarify the types of information that should be communicated between network / firms /
engagement teams, including component auditors
– More proactively consider relevant aspects of the network’s system of quality
management
Page 32
34. Relationship Between ISQC 1 and ISA 220
Page 34
Establish
quality
objectives
Identify and
assess quality
risks
Design
responses to
quality risks
Implement
responses at
firm level
FIRM LEVEL
ENGAGEMENT LEVEL
Design and implement additional responses that address
‘what could go wrong’ for the specific engagement
Implement the firm’s responses that address
the firm-identified quality risks
Note: The above representation depicts the relationship with quality management at an engagement level. Additional
enhancements to ISA 220 are being considered.
36. Next Steps
• Further enhance proposals and develop specific areas, e.g.,
transparency reporting, engagement partner performance and rewards
• Consider the scalability and length of the standard, in particular
application material
• Continue with outreach across stakeholder groups
• Explore the development of accompanying guidance
• Consider impact on other IAASB Standards (e.g., ISRE 2400 (Revised)
and ISAE 3000)
• Consider impact of the IESBA’s projects, e.g., safeguards
Page 36
37. More Information…
Visit the project pages:
ISQC 1 (Quality control (firm level)):
http://www.iaasb.org/projects/quality-control-firm-level-isqc-1
ISQC 2 (Engagement quality control reviews):
http://www.iaasb.org/projects/engagement-quality-control-review-isqc-2
ISA 220 (Quality control (engagement level)):
http://www.iaasb.org/projects/quality-control-engagement-level-isa-220
Page 37
Karin – please note on this slide that we are including this for informational purposes due to the connection with quality at a firm level, but this session won’t be covering ISA 220 and the possible revisions to that standard.
Specific documentation requirements:
Quality objectives and risks, and description of how responses address risks
Results of periodic performance evaluations and corrective actions
Evidence and results of monitoring activities, identified root cause(s) and remedial actions