Four Steps to Assessing Audit Quality Risks

Four Steps to Assessing Audit Quality Risks

The implementation deadline for the International Standard on Quality Management 1 (ISQM 1) was 15 December 2022 the date from which audit firms have their System of Quality Management (SoQM) documented and prepared.

As part of the implementation process audit firms are expected to record risks to audit quality, put in place appropriate responses and document the overall firm approach.  This may best be done as a brainstorming session with senior audit personnel.

In certain cases it will be appropriate to involve non-audit Partners in the process, in so far as they provide non-audit services to audit clients, so that there is a complete understanding of the scope of the potential audit quality risks that may be present.

Essentially there are at least four steps involved:

  1. Work out the firm’s audit quality risks;
  2. Prioritise the risks depending on likelihood and impact;
  3. Agree the responses – take note that there are at least 18 pre-set responses in ISQM.34 that must be compulsorily dealt with or marked as ‘not applicable’ and then each firm may need to add their own specific risks.

Depending on the type and size of audit firm, there are likely to be a few risks that may be easily excluded e.g. if:

  1. Your firm is not part of an international network;
  2. It does not carry out groups audits as the Parent company auditor; and
  3. It does not act for Public Interest Entities).
  1. Devise tailored responses to the risks identified, ensuring these responses are effective and complete.

Spot check reviews by the professional bodies, on ISQM implementation, have already commenced, so the need to finalise these responses is urgent.

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Registration deadline looms for clients with property in the UK

Registration deadline looms for clients with property in the UK

Do you have clients with property interests in the UK, or who are about to acquire or recently sold property there? There is a registration deadline looming on 31 January 2023 which is only one week away!

Your clients will need to know much more about this new piece of UK legislation in order to avoid committing a criminal offence.

With effect from 1 August 2022 any overseas entity that wants to buy, sell, or transfer property or land in the UK, (i.e. freehold estates or a lease granted for a term of more than seven years) must register with UK Companies House. They must declare who their registrable beneficial owners or managing officers are before 31 January 2023. Entities that disposed of property or land after 28 February 2022 will also need to register and give details of that disposal.

The Economic Crime (Transparency and Enforcement) Act 2022 provides the legislative background to this new requirement designed to tackle money laundering. This legislation creates the Register of Overseas Entities.

The procedure for making registration applications is set out in the Register of Overseas Entities (Delivery, Protection and Trust Services) Regulations 2022 and the rules around verification are contained in the Register of Overseas Entities (Verification and Provision of Information) Regulations 2022 (2022/725).

The requirements for registration apply to property acquired in:

  • England and Wales, since 1 January 1999;
  • Scotland, since 8 December 2014 and
  • Northern Ireland, since 1 August 2022.

Overseas entities that currently hold qualifying property have six months from 1 August to register with Companies House. Failure to register is a criminal offence.

The Department for Business, Energy and Industrial Strategy (BEIS) has produced some guidance for those who may undertake verification on behalf of an overseas entity.

Accountants take care

According to the ICAEW and the UK Law Society, because of the potential liabilities for incorrectly carrying out verification checks, it is critical for any accountants seeking to carry out this service for a foreign entity that they fully understand that the client due diligence (CDD) process usually carried out to comply with anti-money laundering regulations is not of the same standard required for verification of ownership of Overseas Entities.

The BEIS guidance highlights that “there are differences between what’s required under the UK Money Laundering Regulations (MLRs) by way of client due diligence and what is required by way of verification under the 2022/725 Regulations. As such, a relevant person cannot only do what they would normally do under the MLRs and as set out in related industry guidance. Relevant persons should refer to the Act, the 2022/725 Regulations and this guidance when conducting verification checks.”

The ICAEW has said ‘If a professional accountant undertakes verification and does not carry out the process correctly, then they open themselves up to criminal prosecution, regulatory sanctions, and liability for professional negligence.’

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Got Your Supplier Quality Statement Yet?

Got Your Supplier Quality Statement Yet?

As many audit firms will already be aware the International Standard on Quality Management 1 (ISQM 1) became effective on 15 December 2022 from when they must document their System of Quality Management (SoQM).

As part of such a system, firms must assess the quality of any system components which have been sourced from external third parties. Part of the confirmation process will involve the collection of statements from these external parties known as Supplier Quality Statements (SQS).  We are only concerned here with those suppliers that may impact on audit quality such as (the list is not necessarily comprehensive):

  • training organisations providing CPD;
  • providers of audit tools such as audit programmes and financial statements checklists;
  • professional bodies;
  • software and IT support suppliers;
  • providers of technical checklists;
  • technical advisers and
  • audit file reviewers.

The collection of these Supplier Quality Statements will form part of each firm’s System of Quality Management (SoQM) and will need to be updated subsequently at regular intervals.

Have you sourced all the Supplier Quality Statements you need?

In case you ask, here is the one from John McCarthy Consulting Ltd.

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Key Differences Between ISQM (Ireland) 1 and ISQC (Ireland) 1

Key Differences Between ISQM (Ireland) 1 and ISQC (Ireland) 1

ISQM (IRELAND) 1 (hereafter referred to as ISQM 1) is very different from its predecessor which was called ISQC (IRELAND) 1.

One of the main differences is that ISQC was ‘passive’ (it could sit on the shelf for years without really affecting how the audit work was performed) while the ISQM 1 is much more ‘proactive’ requiring more thought and tailoring in its preparation leading to corrective action like root cause analysis (RCA). More on this in a later blog.

The other key differences are that the ISQM 1:

  1. Requires the firm to take a risk-based approach to designing, implementing and operating the individual components of the system of quality management (called the SoQM). In this risk based approach firms must:
  • establish quality objectives;
  • identify and assess the risks (the quality risks) that the quality objectives referred to above might not be achieved;
  • design and implement responses to address the quality risks; and
  • test and adjust the SoQM on a regular basis (probably annually) to ensure it is always fit for purpose;
  1. The new ISQM 1 has eight components of a quality management system compared to six in the previous ISQC. The two new elements are
    1. the firm’s risk assessment process, and
    2. information and communication;
  2. The standard includes enhanced requirements related to the firm’s commitment to quality through its culture;
  3. Greater emphasis is placed on accountability for the system of quality management much more than was the case with the old ISQC;
  4. There is a much more focused approach to the relevant ethical requirements rather than just independence which was emphasised in ISQC;
  5. Resources are given more attention, so each audit firm must consider resources such as :
    1. Human;
    2. Technological;
    3. Intellectual; and
    4. Service providers.
  6. Communication and information is one of the new components of the quality management system which places more emphasis on communications with external parties;
  7. There is a new approach to the monitoring process requiring a specific technique called root cause analysis;
  8. Requirements about engagement quality control reviews (EQCR) or hot file reviews are set out in a new standard, called ISQM 2. The old ISQC dealt with these in the past; and
  9. There is new requirement to understand quality in relation to:
  • resources,
  • services and
  • monitoring provided by a firm’s network, where relevant.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

 

10 Tips for Audit Firms to prepare for ISQM 1 28.10.22

10 Tips for Audit Firms to prepare for ISQM 1 28.10.22

Around the globe, auditors are preparing for the imminent ISQM 1 regime, and it’s now just under fifty days to the deadline – 15 December 2022. On or before this date every Irish audit firm will need an ISQM-compliant System of Quality Management (‘SOQM’).

Our new ISQM TOOLKIT is the answer to your needs and is available to purchase now for immediate download to help get you started. Click here for more details.

If you’re tempted to conclude that you’ve left it too late to meet the deadline, our message is: don’t despair. There is still opportunity to get ready, although it’ll mean setting aside dedicated partner time to achieve this, and regulators will be looking for clear evidence of progress by the end of the year and certainly by this time in 2023.

Here are our top ten tips to helping you get your SOQM across the finish line:

  1. Read the ISQMThere’s really no way around this! We’d recommend you also get hold of the IAASM Implementation Guide, which is genuinely helpful – although be warned; this is for the international version of the ISQM and doesn’t include the additional quality responses added to the Irish standard by the Irish Audit & Accounting Supervisory Authority (IAASA).
  2. Assess your current approach to audit quality. Firms aren’t (usually!) starting from scratch on audit quality and will have various policies and procedures already in place. While we want to stress that you shouldn’t simply ‘bolt on’ ISQM to your existing approach, it’s helpful to get a clear insight into what’s happening now (e.g., by taking a look with a critical eye at your existing ISQC 1 but being careful not to copy and paste the answers, but what’s in the ISQC1 may be helpful).This may mean gathering various documents (like staff appraisals, CPD plans and IES 8), clarifying existing arrangements with the rest of the team and organising your thoughts.
  3. Find out what your team thinks about your current approach. Chances are, you and your team already have sound insights into what’s working well and what isn’t, and some honest feedback may be painful but is essential to making progress.John McCarthy Consulting Ltd. (working in conjunction with our colleagues in Apex Professional Consulting Ltd.) has produced the ISQM TOOLKIT for the Republic of Ireland. It comes with a team questionnaire that can help you to gather anonymous feedback including suggestions for tackling problem areas.
  4. Start with leadership and governance issues. For most if not all small firms, a critical success factor for ISQM compliance is the degree of support from partners, especially managing partners within firms.Whether your firm is a sole practitioner or a larger firm, ISQM 1 challenges senior leadership to demonstrate genuine commitment to audit quality, recognising that this may not always align with a firm’s commercial strategy or its leaders’ priorities. You need to identify and deal with those conflicts, if present. You’ll also need to consider how much of the SOQM can be delegated to others and how the firm’s leadership will demonstrate that they bear ultimate responsibility for its success.
  5. Don’t dismiss the appointment stage. Many firms assign consideration of (re)appointment to junior audit staff who lack the judgement to assess ethical threats and to apply the right safeguards. Accepting a client relationship or engagement inappropriately removes any chance to achieve a quality audit.
  6. Be honest about priorities. Many firms say that they’re committed to audit quality, but a cursory scrutiny about how much of the firm’s time and money is spent in supporting and developing high quality audit may suggest otherwise.ISQM 1 demands that firms allocate enough resource to recruit and develop audit teams, supply them with appropriate tools (including hardware and software) and allow them the time to conduct audits thoroughly. You’ll also need to assess the quality risks of over-relying on external training providers, file reviewers or providers of methodology or IT tools.
  7. Refocus on prevention rather than cure. In the past, many audit firms have relied on regular cold file reviews to ensure their quality is up to scratch. Whilst such reviews will still play a key role, firms need to consider how to avoid audit defects altogether.For many audit partners, this may mean reducing the amount of time spent in review, and increasing the time spent in directing and supervising audits whilst in progress. Better prepared and managed teams should produce better audit files that need less review and remediation.
  8. Plan your monitoring as you go. As you set out your SOQM, make sure that every element is trackable and assign responsibility for monitoring to specific individuals, with clear instructions about how they should check progress and how they must record this. This should make the ‘monitoring and remediation’ part of the process much less burdensome. Don’t leave it all until the end!
  9. Get familiar with Root Cause Analysis (‘RCA’). This is a tool that has increased in profile of late, and while RCA can be sophisticated, it needn’t always be so. The aim is to identify systemic defects that, if corrected, will prevent problems from recurring. Don’t be afraid of asking ‘why did X happen’ multiple times when a quality problem is spotted, until the roots are uncovered.
  10. Consider external support. Whilst it’s possible to implement ISQM 1 without any other support, especially if you use a good transition tool (did we mention that John McCarthy Consulting Limited has designed the ISQM TOOLKIT with the smaller firm in mind?), you may find that getting the assistance of a specialist can be hugely valuable, even if just as a sounding board.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.