Quality Management for Firms

Quality Management for Firms
Quality Management for Firms IAASB Webcast September 21, 2017 Presenter: Karin French, Chair of the Quality Control Task Force
Project Background Page 2
Project Overview Page 3 Feedback and concerns identified, i.e.: • Findings from ISA Implementation project • Outreach with regulators and audit oversight bodies • Respondent comments on public consultation on work plan • Public consultation: Invitation to Comment (ITC) issued December 2015 (addressing professional skepticism, quality control and group audits) Exploratory Phase Project proposal Project proposal to amend ISQC 1 and ISA 220 approved by IAASB December 2016 (also included ISA 600 (group audits)) Exposure draft Final standard Exposure draft of ISQC 1, ISQC 2* and ISA 220 currently being developed, based on issues identified. Anticipated September 2018 * ISQC 2 is a proposed new standard addressing engagement quality control reviews Final standards anticipated 2019, with effective dates yet to be considered
What this Project Aims to Address • Keeping ISQC 1 and ISA 220 fit for purpose – More complex and varying environments • Encouraging proactive quality management at the firm and engagement level – Improving recognition of external stakeholders, to improve the firm’s recognition of its public interest role • Enhancing firms’ internal and external monitoring and remediation activities • Reinforcing the need for robust two-way communication • Improving transparency and encouraging effective communication with external stakeholders Page 4
Issues that are being Considered • Scalability for small and medium practices (SMPs) • Firm governance and responsibility and accountability of firm leadership for quality • Transparency reporting • Monitoring and remediation - understanding causes of deficiencies and addressing all information sources (e.g., external inspections) • “Reliance” on networks, including accessibility issues and findings related to the network level • Alternative delivery models (ADMs) (e.g., shared service centers, centers of excellence, on-shoring, offshoring, outsourcing) • Engagement quality control (EQC) reviews – scope of engagements, eligibility of the EQC reviewer, performance of the review, documentation Page 5
Issues that are being Considered • Responsibilities of the engagement partner • Engagement partner remuneration and link to quality • Competency of the engagement team • Others involved in the audit (e.g., component auditors, experts, other auditors) *Note – certain of the above issues relate to quality management at the engagement level (ISA 220) Page 6
Proposed Changes Page 7
Quality Management Approach Page 8 Quality management approach Modernized, fresh approach to firms’ management of quality: • Risk-based and scalable • Effective • Proactive and preventative • Tailored for the firm’s circumstances
1. Governance and leadership, organization, culture and strategy 2. Information, communication and documentation 3. Quality management process (QMP) ISQC 1: The New Structure Page 9 3 Components Quality objectives, risks and responses common to all firms. Firms still need to: • Establish more granular quality objectives • Identify and assess more granular quality risks or additional quality risks • Design and implement additional responses Requirements for firms to: • Establish quality objectives • Identify and assess quality risks • Design and implement responses to quality risks • Monitor and remediate Quality management process Prescribed quality objectives, risks and responses
Governance and Leadership, Organization, Culture and Strategy WHAT will change? Page 10
Introduction of Requirements related to Governance Principles • New requirement for firm to establish governance principles and implement them through actions – Establishes the “environment” for the system of quality management – Actions may arise through other aspects of the system of quality management, e.g., communication, responses to quality risks • Standard includes 4 governance principles applicable to all firms, scalable for the firm’s circumstances. Principles focused on: – Culture that promotes professional and ethical values, that extends throughout the firm (tone in the middle) – Organization of the firm to support the system of quality management – Effective leadership with responsibility and accountability – Consideration of external stakeholders on matters related to quality Page 11
Enhancements to Leadership’s Responsibilities • Various enhancements to the responsibility of firm leadership, including: – Focus on accountability of firm leadership – Emphasis on quality overall, rather than the system of quality management – Clarifying leadership’s role in implementing the governance principles, including ensuring that the firm’s strategy aligns with the firm’s culture and supports quality – More focus on the establishment and allocation of resources – includes all resources (technological, financial, intellectual, human) – Consideration of the “attributes” of firm leadership, i.e., sufficient and appropriate experience, knowledge and capacity – Assigning operational responsibility for independence to an individual within leadership • Addressing performance evaluations of leadership and those operationally responsible for the system of quality management Page 12
Information, Communication and Documentation WHAT will change? Page 13
Information, Communication and Documentation Page 14
Enhancing Two-Way Communication and Addressing Information Needs Page 15 Engagement teams and others involved in the engagement Firm Personnel performing functions related to SOQM External parties External parties
Enhancing Two-Way Communication and Addressing Information Needs • Explicit requirement to consider the firm’s information needs to support functioning of the firm’s system of quality management – Recognizes all parties within the firm, including engagement teams and firm leadership • Encouraging two-way communication and recognition that all individuals have a responsibility • Consideration of what information needs to be exchanged with parties external to the firm – Includes network and other firms within the network – Transparency reporting still to be further explored Page 16
Clarifying Documentation Expectations • Clarification of documentation expectations, while retaining flexibility • 2 “layers” of requirements: – Overarching, outcome-based requirement to reflect “objective” of documentation and to address both the “design” and “operation” of the system • Consistent and appropriate understanding and application of the firm’s system of quality management (i.e., design), • Evidence of the operation of the system of quality management to support the firm’s evaluation of its system of quality management (i.e., operation) – Specific documentation requirement related to certain components, that support overarching requirement, and consistent application Page 17
Quality Management Process WHAT is the firm expected to do? HOW is this different from extant ISQC 1? Page 18
Quality Management Process Page 19 Establish objectives Identify and assess quality risks Design and implement responses Monitor and remediate
Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances Page 20 Establish quality objectives • Prescribed quality objectives reflecting the “elements” of extant ISQC 1 (excl. leadership and monitoring) • Firm establishes more granular or additional quality objectives Identify and assess quality risks • Prescribed quality risks include most of the requirements of extant ISQC 1 (some extant requirements prescribed responses – see below) • Firm establishes more granular or additional quality objectives Design and implement responses • Prescribed responses (not extensive, and includes EQC reviews) • Firm designs additional responses - highly tailored for the firm Extent of customization
Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances Page 21 QO A QO B QO C QO D QO A.2QO A.1 QO C.2QO C.1 • Prescribed quality objectives relevant to all firms • Firm considers whether more granular or additional quality objectives are necessary to support the identification of quality risks – Based on firm’s circumstances and nature of engagements – Prescribed quality objectives at a more granular level Establish quality objectives NOTE: How a firm designs the quality objectives, quality risks and response may vary, e.g., a firm may have quality objectives for engagement types or types of entity for whom engagements are performed (e.g., listed)
Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances Page 22 Establish quality objectives QO A QO B QO C QO D QO A.2QO A.1 QO C.2QO C.1 Identify and assess quality risks QR A QR B QR C QR D QR E …Etc. QR B.1 QR B.2 QR D.1 QR D.2 QR YQR X • Prescribed quality risks relevant to all firms • Quality risks identified by the firm, which may be: – More granular than the prescribed quality risks; or – Additional to the prescribed quality risks
Tailoring the Objectives, Risks and Responses for the Firm’s Circumstances Page 23 Establish quality objectives QO A QO B QO C QO D QO A.2QO A.1 QO C.2QO C.1 Identify and assess quality risks QR A QR B QR C QR D QR E …Etc. QR B.1 QR B.2 QR D.1 QR D.2 QR YQR X Design and implement responses EQCR Resp. A Resp. B Resp. C Resp. D Resp. E Resp. F Resp. G …Etc. …Etc. …Etc.
How is this Different from Extant ISQC 1? • Extant ISQC 1: – Focused on policies and procedures – Perceived as “checklist-based” and “one size fits all” and may not address risks to quality – Minimal emphasis on the circumstances of the firm in designing the system of quality management • Proposed revisions to ISQC 1: – Risk-based approach – more thought-provoking and tailored – Responses are likely to be more effective and efficient use of firm resources – Proactive approach to managing quality that may prevent quality failures Page 24
Example of Quality Objective, Quality Risk under New Approach Prescribed quality objective The firm accepts and continues client relationships and specific engagements for which the firm is…satisfied with the integrity and ethical values of management, and, when appropriate, those charged with governance Prescribed quality risk The firm accepts or continues a client relationship or specific engagement, in circumstances when management, and, when appropriate, those charged with governance, lack integrity and ethical values, including as a result of a failure to obtain or generate and communicate information to support the firm’s consideration of the integrity and ethical values. Page 25 Extant: The firm shall establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide…reasonable assurance…undertake… engagements where the firm…has considered the integrity of the client, and does not have information that would lead it to conclude that the client lacks integrity Firm may identify more granular or additional quality objective Firm may identify additional or more granular quality risks Firm determines the response
Monitoring and Remediation WHAT will change? Page 26
Enhancing Monitoring and Remediation Page 27 • Overall linkage with various aspects of the system of quality management • More emphasis on monitoring the system as a whole – Engagement inspections retained • Increased focus on tailoring the scope and frequency of monitoring activities to the circumstances of the firm • Enhancements to who is eligible to perform monitoring activities • Increased “scope” of information sources for identifying deficiencies • Requirement to investigate root cause of deficiencies and evaluate effect • Remedial actions taken by the firm appropriate to the circumstances (less prescriptive than extant ISQC 1) • Requirement to monitor effectiveness of remedial actions
Engagement Quality Control Reviews WHAT will change? Page 28
Strengthening and Clarifying the EQC Review • New separate standard addressing EQC reviews • Enhanced requirements and application material in relation to: – Scope of engagements subject to an EQC review – Eligibility of an individual to be appointed as an EQC reviewer, including objectivity, authority, technical competence and experience – Appointment of the EQC reviewer – Performance of the EQC review, including clarification of appropriate timing of the review and strengthening the nature and extent of the review – Documentation related to, and of, the EQC review Page 29 ISQC 1 (Revised) Requirement on the selection of engagements for EQC review ISQC 2 (New) All other requirements in relation to EQC reviews, including responsibilities of the firm and the EQC reviewer
Networks and Alternative Delivery Models WHAT will change? Page 30
Consideration of Networks at the Firm and Engagement Level Page 31 Network Level Firm Level Engagement Level Component Auditors and Others Involved in the Engagement
Consideration of Networks and ADMs at the Firm Level • Flexible approach to accommodate variety of circumstances • Definition of a network or network firm to remain the same as extant (consistent with IESBA definition) • No requirements for the networks themselves • Strengthened requirements and/or application material in relation to firm – Proactive two-way communication on a timely basis and as needed • Clarify the types of information that should be communicated between network / firms / engagement teams, including component auditors – More proactively consider relevant aspects of the network’s system of quality management Page 32
Relationship with Quality Management at the Engagement Level Page 33
Relationship Between ISQC 1 and ISA 220 Page 34 Establish quality objectives Identify and assess quality risks Design responses to quality risks Implement responses at firm level FIRM LEVEL ENGAGEMENT LEVEL Design and implement additional responses that address ‘what could go wrong’ for the specific engagement Implement the firm’s responses that address the firm-identified quality risks Note: The above representation depicts the relationship with quality management at an engagement level. Additional enhancements to ISA 220 are being considered.
Next Steps Page 35
Next Steps • Further enhance proposals and develop specific areas, e.g., transparency reporting, engagement partner performance and rewards • Consider the scalability and length of the standard, in particular application material • Continue with outreach across stakeholder groups • Explore the development of accompanying guidance • Consider impact on other IAASB Standards (e.g., ISRE 2400 (Revised) and ISAE 3000) • Consider impact of the IESBA’s projects, e.g., safeguards Page 36
More Information… Visit the project pages: ISQC 1 (Quality control (firm level)): http://www.iaasb.org/projects/quality-control-firm-level-isqc-1 ISQC 2 (Engagement quality control reviews): http://www.iaasb.org/projects/engagement-quality-control-review-isqc-2 ISA 220 (Quality control (engagement level)): http://www.iaasb.org/projects/quality-control-engagement-level-isa-220 Page 37
www.iaasb.org For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.

Check these out next

Quality Management for Firms

Recommended

More Related Content

Slideshows for you(20)

Similar to Quality Management for Firms(20)

More from International Federation of Accountants(20)

Recently uploaded(20)

Quality Management for Firms

Editor's Notes