michael cain, fca audit & accounting technical director

Chartered Accountants Audit Conference

APES 320: Quality Control for Firms – A Mandatory Requirement!

charteredaccountants.com.au

Michael Cain, FCAAudit & Accounting Technical DirectorNexia International – Australia and New Zealand

Session Topics

1. ASIC Audit Inspection

2. Institute Inspection Program

3. Quality Control in Firms: APES 320/PS 1

4. Network Firm Definition

5. Implementation Strategy

6. Useful Implementation Tools

1. ASIC Audit Inspections

> Round 1 – September 2005

> Round 2 – August 2006

> Round 3 – No report issued yet

1. ASIC Audit InspectionsScope of ASIC audit inspections> Second year inspection of Big 4 firms

> First year inspection of various offices of BDO, Horwath, PKF, Grant Thornton, Pitcher Partners and RSM Bird Cameron

> Quality control systems re Independence

> Quality control systems re audit methodologies

1. ASIC Audit Inspections(b) Observations & Findings - Big 4> Significant improvements in

independence systems

> Strong tone at the top leadership

> Implemented systems to monitor compliance, annual/quarterly independence confirmations, conflict checking, engagement acceptance/continuance, systems that monitor and record personal investments

1. ASIC Audit Inspections(b) Observations & Findings - Big 4> Non-audit services now are pre-

approved by the audit partner> Now better communication of

consequences of non-compliance with policies and systems to staff, including disciplinary actions

> Now have systems for capturing independence consultations and enquiries by staff

> 3 firms enhanced independence training and use e-learning tools

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Adoption of CLERP 9> Induction program for new employees

did not include awareness of independence policies

> Independence training not widely conducted

> Lateral hires and contractors not provided with independence training

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Non-Audit Services> Main threat to independence> Inadequate documentation supporting

decisions to provide non-audit services> Need to clarify prohibited services> Some firms not complying with their

own policies> Instances of journals prepared and

payroll services offered, yet no documentation of independence decision

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier

Partner Evaluation & Compensation> Partner performance reviews either not

conducted or not documented> Remuneration of audit partners linked

purely to financial results> Independence/audit quality

considerations not part of partner evaluation/compensation

> Performance criteria does not include independence or audit quality

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Client Acceptance & Continuance> 1 firm did not document acceptance or

continuanceTesting of Compliance> 2 firms conducted limited reviews on

compliance> 2 firms need to develop and

communicate disciplinary policies which outline consequences of non compliance

> Staff interviewed to test recall of consequences

1. ASIC Audit Inspections(b) Observations & Findings - Mid-TierWhistleblower> No firm had a formal

complaints/whistleblower process

Strategic Plans and Code of Conduct> 4 firms had strategic plans that DID

NOT include independence and quality issues

> 2 firms code of conduct are deficient> Need to establish a “Tone at the Top”

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier

AUDIT QUALITYApplication of Audit Methodology> 2 firms have no audit manual> 2 firms have fully mapped manuals to

Audit Standards, supported by proprietary software

> 1 firm has not updated manual for recent changes

> All firms need to improve engagement file application of methodologies

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier

Application of Auditing Standards> Reviewed 30 engagements> 3 audit standards poorly applied:

- ASA 520 Analytical Review- ASA 240 Fraud- ASA 530 Audit Sampling

> Most have removed guidance on sample sizes

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Audit Documentation> Incomplete documentation of work> In all firms, less adequate documentation at final

stages then at commencementCommon deficiencies in documentation related to:> Consideration of laws and regulations> Partner review of planning prior to field work> Mandatory fraud audit steps> Analytical reviews> Documentation of the substantive sampling approach

adopted> Engagement and management letters not

issued/obtained> Inconsistent application of methodology across

industry groups within the firms

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier Audit Evidence> General lack of evidence for disclosure

items such as related party, commitments and contingencies, director remuneration

Engagement Quality Control Review> On some listed clients, inadequate

evidence of review being performed> In 1 firm, not sure who the review partner

was

1. ASIC Audit Inspections(b) Observations & Findings - Mid-Tier

Monitoring> 2 did not have adequate policies to

support monitoring of audit quality> 4 firms deficient in communicating

results of reviews beyond the engagement team

> 1 firm had no monitoring policies> No link between partner/staff

performance evaluation and results of their internal monitoring process

1. ASIC Audit Inspections(c) Future Inspections> Follow up action on all firms in the

report

> Extend reach into other Mid-Tier firms

> Other offices of Big 4 firms not in 1st & 2nd report

> Focus on Independence & Quality

> Practical application of Auditor Rotation

> Increase number of engagement files reviewed

1. ASIC Audit Inspections(c) Future InspectionsFocus on Auditing Standards not

adequately dealt with:> ASA 315 Understand Entity & Risk> ASA 240 Fraud> ASA 530 Audit Sampling> ASA 230 Documentation

ASA 315 would naturally extend to ASA 330

1. ASIC Audit Inspections(c) Future Inspections

> Transition to Force of Law Standards and APES 320 (APS 5)

> IFAC broadened definition of “Network”, affiliations must be independent of each other

1. ASIC Audit InspectionsHow to handle ASIC Concerns??

Nexia ASIC Concerns Questionnaire and Action Plan

2. Institute Inspection ReviewAs at 30 June 2007

> 478 practice firms’ reviews completed > 32 listed public companies completed> 518 practice firms’ reviews were in

progress> 16 listed public companies in progress

Review Policy> All practices that audit publicly listed

companies reviewed every 3 years> All other practices reviewed every 5

years

2. Institute Inspection Review> 87.5% [85%] of practices were either

informed there was no further action required or that procedures were adequate, with only minor issues to address

> 12% [14%] had policies and procedures that were insufficient to comply with professional and legal requirements or did not adhere to existing policies and procedures

> <1% (1%) were referred to Institute disciplinary processes for investigation because of fundamental breaches of standards

2. Institute Inspection ReviewMajority are meeting independence

standards, but deficiencies noted were:

> Independence• Self Managed Superannuation Fund

audits• Provision of accounting and audit • Inadequate documentation in

relation to threats to independence

2. Institute Inspection ReviewDeficiencies noted:> Audit Engagements

• No evidence of planning documentation• No internal controls or risk assessment

prior to the audit work performed• No subsequent events review

documentation• No evidence of going concern

assessment• No letters of engagement or

representation• Insufficient documentation surrounding

independence considerations

2. Institute Inspection ReviewDeficiencies noted:> Compilation Engagements

• Did not specify they were Special Purpose Financial Reports

• Non-compliance with APS 9: Compilation of Financial Reports

• Errors in accounting and disclosure

2. Institute Inspection ReviewDeficiencies noted:> Training and development

• Failure to meet minimum hours of training and development R:7 Regulations relating to training development

• Failure to meet training and development re statutory audit registration

2. Institute Inspection ReviewImprovements in Quality Control Systems

ARE required across the majority of practices, in particular:

> Formal policies and procedures of quality control across the whole practice firm

> Training in the Code of Ethics for Professional Accountants

2. Institute Inspections

ASIC• Greater powers

to investigate

• Have access to all files

• No reported breaches of Corporations Act

Institute• Cooperative

approach

• Not have access to all files under privacy legislation

• Cannot access all records

3. Quality ControlWhy is it important?> APES 320: Quality Control for Firms –

Compulsory> APES 110: Code of Ethics for

Professional Accountants – Compulsory

> Legislative Requirements – CLERP 9> Australian Auditing Standards – Force

of Law> Risk Management: Protect your

REPUTATION AND INTEGRITY!!

3. Quality Control

3. Quality ControlAPES 320: Quality Control for Firms> Applicable from 1 July 2006 > More stringent QC than APS4/5> Basic principles and essential

procedures > Firm wide system of quality control, not

just audit> Quality Control Manual/ QC Guide –

http://www.charteredaccountants.com.au/resource_centre

> Quality Control Report (“QCR”)

3. Quality Control Mandatory requirement for every practice firm is to:

“Establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and professional requirements and that reports issued by the firm or engagement partners are appropriate to the circumstances” (APES 320(3))

3. Quality Control The key document to ensure compliance!

The “Quality Control Manual” (QCM)

Quality Control Guide and Checklist

Templates enclosed

Let’s surf the requirements…

3. Quality Control Elements of Quality Control > Leadership responsibilities> Ethical requirements > Acceptance and continuance of client

relationships and specific engagements> Human resources > Engagement performance > Monitoring

3. Quality ControlLeadership Responsibilities - Policy> Partners are committed to a high standard

of quality on all engagements > All staff required to be fully conversant

with APES 110: Code of Ethics for Professional Accountants

> Quality will not be compromised by commercial considerations on assignments

> All partners and staff to follow policies and procedures

3. Quality ControlLeadership Responsibilities - Policy> Effective training key component to

quality maintenance> Mandatory training required for all staff> Sufficient resources devoted for the

development, documentation, and support of quality policies and procedures

> Annual performance reviews to include appraisal of commitment to quality, ethics, CPE, adherence to policies and procedures, and competency

3. Quality Control Leadership Responsibilities

Procedures and Documentation> Documented set of policies and

procedures that reflect what the practice MUST do!

> This is to be documented in the Quality Control Manual

> Applies to the WHOLE firm, all services, all engagements!

3. Quality ControlEthical Requirements - Policy> Maintain a high standard of personal conduct to

avoid damage to:• Personal reputation• Firms’ reputation• Professional Accounting Body (Institute of

Chartered Accountants in Australia,CPA,NIA)> Mandatory compliance with APES110: Code of Ethics for Professional Accountants> Has force of law for Corporations Act audits

• Chapter 2M – Registered Schemes or Disclosing Entities

• Chapter 7 – Financial Services Licensees> Public Interest

3. Quality Control Ethical RequirementsFundamental Principles> Integrity> Objectivity> Independence> Professional Competence and Due

Care> Confidentiality> Professional Behaviour

3. Quality Control Client Acceptance & ContinuancePolicy – Acceptance of New Clients> Client integrity> Cultural fit> Firm’s ability to conduct engagement

competently and within timeframe> Ethical issues: perceived independence

and conflict of interest threats> Decision documented by engagement

partner together with information collected on client file

3. Quality Control Client Acceptance & ContinuancePolicy – Continuance> Not continue engagement where not

have accepted had information been available earlier

> Report events of lack of integrity of client to partner

> Partner to consider professional and legal responsibilities and make effort to resolve

> Must document resolution or decision to withdraw from engagement on client file

3. Quality Control Client Acceptance & ContinuanceProcedures – Key Documents > Client Screening Questionnaire> New Client Form> Welcome Letter> Ethical Letter> New Client Acceptance Checklist> Client Engagement Task Checklist> Client Retention Checklist> Lost Client Form> Disengagement Letter

3. Quality ControlHuman Resources - Policy> Sufficient personnel > Appropriate competence and

capabilities> Partner responsibility for HR issues> Policies and procedures to be monitored> Commitment to ethical principles

• Performance appraisals, promotion, and remuneration

• Non compliance – counselled and/or disciplined

3. Quality Control Human Resources - Procedures> Recruitment

• Job descriptions• Candidate selection• Probation reviews

> Performance evaluation/promotion/remuneration• Six monthly interactive performance

evaluation• Recognition, feedback, and advancement • Compliance with policies and procedures• Appropriate remuneration re performance

and industry standards

3. Quality Control Human Resources - Procedures> Capabilities/competence/career

development• Relevant training • Maintenance of CPE requirements• On the job coaching and mentoring

> Assignment to engagements• Depends on complexity of assignment

and ability of staff member• Supervision• Engagement planning• Monitoring of work in progress and

milestones

3. Quality Control Human Resources - Key Documents> Human Resource Policy> Job Descriptions> Candidate Interview and Evaluation

Checklist> New Staff Orientation Checklist> Professional Staff Performance Review> Administrative Staff Performance Review> Training and Development Record

3. Quality ControlEngagement Performance - Policy> Consistency in quality of engagements

performed> Achieved through

• Use of up to date manuals• Industry standard software• Template documents• Guidance Material• Pre engagement briefings to set

objectives and tasks• Contentious/difficult matters referred

to engagement partner for resolution

3. Quality Control Engagement Performance -

Procedures> Supervision

> Review

> Training and coaching

> Consultations and referrals

> Engagement documentation

3. Quality Control Engagement Performance – Key Documents> Client Acceptance and Continuance docs> Work Control Form> Job entered into firm’s workflow system

(APS)> Timesheets completed and entered> Work in progress produced and

monitored> Workflow reviewed by team> Document consultation/referral on

Checklist for Use of Outside Consultant

3. Quality Control Monitoring - Policy> Quality Control System has to be:

• Relevant

• Adequate

• Operating effectively

• Complied with

3. Quality Control Monitoring - ProceduresOngoing Evaluation - Firm wide> Periodic inspections of completed

engagements• Internal reviews – all service lines• Peer reviews – other office in network• Institute review – every 3 years• ASIC inspection – anytime??!• Emphasis on independence and audit

quality (listed)

3. Quality Control Monitoring - ProceduresIndividual Engagement> Engagement partner reviews all

reports/returns before issue to client

> Review for adherence to policies and procedures (QC completion documentation)

> Resolution of identified issues or errors encountered

> Regular meetings with staff will discuss QC matters

3. Quality Control Monitoring - Key Documents> Monitoring Policy Statement

> Job Review Form

> Firm Feedback Form

> System Review

> Quality Culture Assessment

> Client Complaint Record

3. Quality ControlDocumentation - Policy> Appropriate documentation in place as

EVIDENCE of the operation of EACH element of its

system of quality control> Quality Control Manual includes all

policies and procedures to be available to all staff

> You are expected to fully understand the contents and ensure compliance in day to day completion of tasks

3. Quality Control Final Product- Detailed Policies and Procedures> Leadership responsibilities> Ethical requirements > Acceptance and continuance of client

relationships and specific engagements> Human resources > Engagement performance > Monitoring

3. Quality Control

Nexia QCR Report

4. Network Firm Definition> Revised definition of “network firms”

that the APESB has adopted

> Applicable in Australia 1 July 2008

> Old definition criticised as too focused on control

> Revised definition looks at how networks operate

4. Network Firm DefinitionConsidered a Network when there is a larger

structure aimed at cooperation and one of the following applies: -

> Profit or cost sharing among the entities> Shares common ownership, control or

management> Has common quality control policies and

procedures> Has common business strategy;> Uses a common brand name or common

initials;> Shares a significant part of professional

resources

4. Network Firm DefinitionConsider:> Impact on firm> Implement independence processes

and policies across affiliation> Reference to being a member of an

association of firms in stationery and promotional material could suggest that a firm is a member of a network firm!

5. Implementation Strategy> Set “Tone at the Top” - all partners to

commit

> Incorporate into strategic plan

> Conduct preliminary awareness training

> Establish element champions

> Undertake detailed gap analysis

> Update QCM policies and procedures

> Address ASIC and Institute concerns

5. Implementation Strategy> Incorporate into induction program and

office policies and procedures manual

> Complete QCR checklist

> Practice approval

> Detailed training of new procedures

> Maintain document repository

> Plan annual review and update

> Implement internal review procedures, including reporting of findings

6. Useful Implementation Tools1) QCM template and QC Guide from

Institute website (or email me for Nexia version)

2) Audit independence checklist from Institute

3) ASIC Concerns Questionnaire and Action Plan

4) Quality Control Review Report

5) Committed project partners and staff

Assistance?

Michael Cain

Direct line: (03) 9608 0130

Email: mcain@nexiaasr.com.au

ConclusionRemember:

“IF IT IS NOT DOCUMENTED,

IT IS NOT DONE!” Lee White, Chief Accountant, ASIC

Therefore this is not a nice to have…it is a

MUST HAVE!

THANK YOU!

YOUR TURN!!