Protected Disclosures Expanding from 17 December 2023

Protected Disclosures Expanding from 17 December 2023

by | Sep 20, 2023 | Blog, News

The Protected Disclosures (Amendment) Act 2022 (the Act) requires certain entities to have in place procedures to establish internal reporting channels and procedures to enable workers make protected disclosures (defined as a ‘relevant wrongdoing’). From 17 December 2023 its scope will be expanded to employers with over 50 employees.

The Act already applies to certain entities from 1 January 2023 including entities employing over 250 employees and certain financial services (regardless of employee numbers) entities like AIFMs, MiFID firms, Irish UCITS management companies and other Irish financial service providers, as well as Irish domiciled corporate funds.

The 2022 Act expands the scope of the Protected Disclosures Act, 2014 to include areas such as:

  • public procurement;
  • financial services;
  • anti-money laundering (AML);
  • product safety and compliance;
  • transport safety;
  • environmental protection;
  • radiation and nuclear safety;
  • food and animal health and welfare;
  • public health;
  • consumer protection; and
  • the protection of privacy and personal data.

Its scope is being enhanced from 17 December 2023 when employers with over 50 employees will need to have such a policy in place. The basic steps for employers are:

  • the establishment, maintenance and operation of a secure and confidential internal reporting channel for workers who wish to make a protected disclosure, whether in writing, orally or both;
  • the designation of an impartial and competent person who may be internal/external; and
  • an obligation to provide workers with information on the internal/external protected disclosure reporting process.

The Act also creates a newly established Office of the Protected Disclosures Commissioner (www.opdc.ie) which will forward reports of work-related wrongdoing to the most appropriate body for initial assessment and follow-up.

Employees are given protection from dismissal from employment (among other protections) when they report a ‘relevant wrongdoing’ (defined which are defined to include:

  • Where an offence has been or is likely to be committed;
  • Non-compliance with a legal obligation – the 2014 Act excludes obligations arising under the worker’s contract of employment;
  • A miscarriage of justice;
  • Danger to the health and safety of any individual;
  • Damage to the environment;
  • An unlawful or otherwise improper use of funds or resources of a public body;
  • Oppression, gross neglect or gross mismanagement by a public body; and
  • Other breaches related to the financial interests of the EU the internal market, EU competition and state aid rules and internal market rules on corporate tax.

The legislation is complex and we cannot cover all its aspects in the space of a blog.  We urge our readers to seek independent professional and legal advice where necessary.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 21 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Accessing the Register of Beneficial Ownership

Accessing the Register of Beneficial Ownership

by | Dec 19, 2022 | Blog, News

As many are already aware, access to the RBO Register has recently been shut down, following an EU Court of Justice ruling.

Access to the Register of Beneficial ownership registry is only now being reopened to registered designated persons, which includes accountants in practice.

In order to gain access to the Register from now on, Designated Persons will need to appoint an authorised administrator register themselves, using a Form BEN3A1 Designated Persons Administration Declaration form (fillable online).

We suggest readers monitor the home page of the RBO for more information which will appear there as soon as it becomes available.

Meanwhile, for those of you still in the process of ISQM 1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Are you Ready for a Hot File Review?

Are you Ready for a Hot File Review?

by | Dec 13, 2022 | Blog, News

The ISQM 2 comes into effect on 15 December 2022. It relates to what used to be called ‘engagement quality control reviews’.

These are now called ‘engagement quality reviews’ also known as Engagement Quality Review (EQR or EQ review). These are also referred to as Hot File Review.

The main changes are as follows:

  1. The standard require the reviewer to challenge the engagement partners’ judgments much more than in the previous requirements. In the past, reviews have sometimes focused on process more than on assessing the quality of judgments.
  2. The scope of the standard, at least for small and medium firms with non-PIE or listed audits states that reviews should be required:
    • for ‘other engagements’ that are required by law or regulation; and
    • audits and other engagements that the firm itself determines should be reviewed in response to a specific ‘quality risk’.

These types of audit engagement could include those where there are:

    • high levels of complexity or judgment;
    • un-remediated deficiencies in internal control at the audit firm;
    • there are recurring inspection findings on the audit; and
    • engagements for new clients where there were disagreements with the previous auditor.

Some firms that didn’t need an EQ review in the past may need one in the future as the scope for avoiding one will probably be narrower. However the implications are not clear. It will ultimately depend on individual firms’ assessment of their quality risks and the types of appropriate responses to such risks which may include an EQ review.

Who can carry out the EQR?

Reviewers will need sufficient seniority/experience, with sufficient time and resources allowed to do the job properly.

With ever-increasing emphasis on quality generally within firms and the adverse consequences associated with quality failings, it seems likely that the role of EQ reviewer will be an even more challenging one in future.

As regards documenting Audit Firms’ statement of Quality Management (SoQM), We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Have You Asked the Five Whys?

Have You Asked the Five Whys?

by | Dec 6, 2022 | Blog, News

Root cause analysis (RCA) is a requirement of the new ISQM 1 which comes into effect in less than 10 days. It is one of the eight main components of that standard.

Audit firms will be expected to carry out RCA from 15 December 2022 and have the results and implementation action plan available for inspection by audit monitoring teams in 2023.

RCAs main objective is to examine the more serious audit deficiencies that have occurred during either hot or cold file reviews and involves asking ‘why’ questions, typically five times. The ultimate aim being to prevent them from happening again.

Known as the ‘5 Whys’ technique – it is allegedly attributed to the famously successful Toyota vehicle manufacture process.

In the audit world you might find that the source of a problem is lack of adequate staff training or staff performing audit work with an out of date disclosure checklist – the root problem occurs there.

But what is the root cause of the problem? The answer lies in going deeper by asking why the problem occurred. Asking “Why?” five times requires taking the answer to the first why and then asking why that occurs.

Typically, the process of asking “Why?” leads upstream in the process. It may be a defect that occurs in planning, but the root cause may be in the poor quality of client records, or perhaps a lack of sufficiently critical sceptical thinking on the part of the audit team.

Some typical root cause that we have come across include:

  • risk assessment at the planning stage of the audit;
  • the extent of audit evidence obtained and the level of documentation; and
  • the degree of disclosure within the financial statements.

A common reason for these types of issue is a lack of understanding of the ISAs (Ireland) or accounting standards. Some firms insist on staff reading the ISAs as a basic starting point. What a good idea?

The 2022 book of the ISAs (Ireland) is available from the CAI store here. (We promise we don’t get a commission!). These standards are essential reading for all audit teams, especially with so many modifications to the standards coming into play for accounting periods ending 31 December 2022.

Other reasons that can be root causes include:

  • flaws in the design of audit tests and
  • inadequate review by senior audit team personnel (i.e. the audit manager or the audit engagement partner) as well as;
  • Client familiarity which can play a part in leading to poorer quality audit documentation.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

What are the Main Elements Within a System of Quality Control?

What are the Main Elements Within a System of Quality Control?

by | Nov 25, 2022 | Blog, News

Continuing our series of blogs where we looked at the scalability of the ISQM(Ireland) 1, this week we look at the question: ‘What are the Main Elements Within a System of Quality Control (SoQM)?

Establishing the SoQM

ISQM 1.6 requires each audit firm to establish and maintain a system of quality control (SoQM) which includes policies and procedures addressing each of the following six processes:

  1. Governance and leadership;
  2. Relevant ethical requirements;
  3. Acceptance and continuance;
  4. Engagement performance;
  5. Resources; and
  6. Information and communication.

There are two other elements of the SoQM that we have covered in our other blogs –

  • The risk assessment and responses;
  • The monitoring/remediation stage which includes Root Cause Analysis as a key component.

Each audit firm must have written policies and procedures which ensure that its independence and objectivity cannot be jeopardised by the intervention of any partner or member of staff in the carrying out of an audit engagement.

As well as the above policies/procedures, each audit firm must also have:

  • Sound administrative and accounting procedures;
  • Internal quality control mechanisms;
  • Effective procedures for risk assessment; and
  • Effective control and safeguard arrangements for information processing

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Is The New ISQM 1 Scalable?

Is The New ISQM 1 Scalable?

by | Nov 21, 2022 | Blog, News

Continuing our series of blogs where we last looked at the key differences between ISQM(Ireland) 1 and its predecessor the ISQC 1 establish quality objectives . This week we look at the question: ‘Is the new ISQM 1 scalable?’

Scalability

According to ISQM 1:34D-3 when designing, implementing and operating a system of quality management (SoQM), each audit firm must take into account the nature and circumstances of the firm and its engagements and ensure that its approach is appropriate. In doing this, the firm shall:

  • take into consideration the scale and complexity of the firm’s activities; and
  • be able to demonstrate to the firm’s regulatory body and to the Irish Audit & Accounting Supervisory Authority, that the policies and procedures are appropriate.

Saleability example:

For firms with low complexity and flat structures, (for example smaller partnerships) objectives about, for example, the firm’s organisational structure and the assignment of roles, responsibilities and authority may not need to contain a lot of detail. Likewise, sole practitioner auditors or firms with only one or two audit staff, objectives relating to HR much are less likely to be very complex.

Another potential factor to take into account is where there are staff working on audits, who have chosen to opt out of the audit exam topic in their professional examinations, this additional risk factor may need to feature in a firm’s risk assessment. Such staff may need additional one-to-one audit training in the auditing basics, as they have not had the benefit of such a foundation to enhance their audit skills and scepticism.

Networks: There are important objectives in the ISQM 1 for firms that are involved in international Networks. Where firms are not members of networks, they don’t need to consider any of the objectives relating to network resources or requirements.

Group audits: Firms that never participate in group audits are unlikely to need objectives surrounding the cooperation with component or group auditors.

Additional objectives

The standard expects the firm’s SoQM to reflect the firm’s nature and circumstances. This means that there could be circumstances where extra objectives will be required in addition to those provided within the standard.

E.g. in a large, complex firm with multiple offices and strategies including mergers and acquisitions, it is likely that the firm may need to expand the mandatory objectives or provide more granular detail in its objectives and risk assessment. Completely new objectives may need to be added in these circumstances.

In smaller, less complex firms it is much less likely to need to expand the mandatory objectives, although additional granular detail may be useful depending on the circumstances.

In subsequent years, firms must take account of feedback from around the firm and from the RCA (Root Cause Analysis) work to mould new or amended objectives, as the entire SoQM is a continuously iterative process.

Where in doubt, external professional expert advice should be sought.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.