Have You Asked the Five Whys?

Have You Asked the Five Whys?

Root cause analysis (RCA) is a requirement of the new ISQM 1 which comes into effect in less than 10 days. It is one of the eight main components of that standard.

Audit firms will be expected to carry out RCA from 15 December 2022 and have the results and implementation action plan available for inspection by audit monitoring teams in 2023.

RCAs main objective is to examine the more serious audit deficiencies that have occurred during either hot or cold file reviews and involves asking ‘why’ questions, typically five times. The ultimate aim being to prevent them from happening again.

Known as the ‘5 Whys’ technique – it is allegedly attributed to the famously successful Toyota vehicle manufacture process.

In the audit world you might find that the source of a problem is lack of adequate staff training or staff performing audit work with an out of date disclosure checklist – the root problem occurs there.

But what is the root cause of the problem? The answer lies in going deeper by asking why the problem occurred. Asking “Why?” five times requires taking the answer to the first why and then asking why that occurs.

Typically, the process of asking “Why?” leads upstream in the process. It may be a defect that occurs in planning, but the root cause may be in the poor quality of client records, or perhaps a lack of sufficiently critical sceptical thinking on the part of the audit team.

Some typical root cause that we have come across include:

  • risk assessment at the planning stage of the audit;
  • the extent of audit evidence obtained and the level of documentation; and
  • the degree of disclosure within the financial statements.

A common reason for these types of issue is a lack of understanding of the ISAs (Ireland) or accounting standards. Some firms insist on staff reading the ISAs as a basic starting point. What a good idea?

The 2022 book of the ISAs (Ireland) is available from the CAI store here. (We promise we don’t get a commission!). These standards are essential reading for all audit teams, especially with so many modifications to the standards coming into play for accounting periods ending 31 December 2022.

Other reasons that can be root causes include:

  • flaws in the design of audit tests and
  • inadequate review by senior audit team personnel (i.e. the audit manager or the audit engagement partner) as well as;
  • Client familiarity which can play a part in leading to poorer quality audit documentation.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

What are the Main Elements Within a System of Quality Control?

What are the Main Elements Within a System of Quality Control?

Continuing our series of blogs where we looked at the scalability of the ISQM(Ireland) 1, this week we look at the question: ‘What are the Main Elements Within a System of Quality Control (SoQM)?

Establishing the SoQM

ISQM 1.6 requires each audit firm to establish and maintain a system of quality control (SoQM) which includes policies and procedures addressing each of the following six processes:

  1. Governance and leadership;
  2. Relevant ethical requirements;
  3. Acceptance and continuance;
  4. Engagement performance;
  5. Resources; and
  6. Information and communication.

There are two other elements of the SoQM that we have covered in our other blogs –

  • The risk assessment and responses;
  • The monitoring/remediation stage which includes Root Cause Analysis as a key component.

Each audit firm must have written policies and procedures which ensure that its independence and objectivity cannot be jeopardised by the intervention of any partner or member of staff in the carrying out of an audit engagement.

As well as the above policies/procedures, each audit firm must also have:

  • Sound administrative and accounting procedures;
  • Internal quality control mechanisms;
  • Effective procedures for risk assessment; and
  • Effective control and safeguard arrangements for information processing

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Is The New ISQM 1 Scalable?

Is The New ISQM 1 Scalable?

Continuing our series of blogs where we last looked at the key differences between ISQM(Ireland) 1 and its predecessor the ISQC 1 establish quality objectives . This week we look at the question: ‘Is the new ISQM 1 scalable?’

Scalability

According to ISQM 1:34D-3 when designing, implementing and operating a system of quality management (SoQM), each audit firm must take into account the nature and circumstances of the firm and its engagements and ensure that its approach is appropriate. In doing this, the firm shall:

  • take into consideration the scale and complexity of the firm’s activities; and
  • be able to demonstrate to the firm’s regulatory body and to the Irish Audit & Accounting Supervisory Authority, that the policies and procedures are appropriate.

Saleability example:

For firms with low complexity and flat structures, (for example smaller partnerships) objectives about, for example, the firm’s organisational structure and the assignment of roles, responsibilities and authority may not need to contain a lot of detail. Likewise, sole practitioner auditors or firms with only one or two audit staff, objectives relating to HR much are less likely to be very complex.

Another potential factor to take into account is where there are staff working on audits, who have chosen to opt out of the audit exam topic in their professional examinations, this additional risk factor may need to feature in a firm’s risk assessment. Such staff may need additional one-to-one audit training in the auditing basics, as they have not had the benefit of such a foundation to enhance their audit skills and scepticism.

Networks: There are important objectives in the ISQM 1 for firms that are involved in international Networks. Where firms are not members of networks, they don’t need to consider any of the objectives relating to network resources or requirements.

Group audits: Firms that never participate in group audits are unlikely to need objectives surrounding the cooperation with component or group auditors.

Additional objectives

The standard expects the firm’s SoQM to reflect the firm’s nature and circumstances. This means that there could be circumstances where extra objectives will be required in addition to those provided within the standard.

E.g. in a large, complex firm with multiple offices and strategies including mergers and acquisitions, it is likely that the firm may need to expand the mandatory objectives or provide more granular detail in its objectives and risk assessment. Completely new objectives may need to be added in these circumstances.

In smaller, less complex firms it is much less likely to need to expand the mandatory objectives, although additional granular detail may be useful depending on the circumstances.

In subsequent years, firms must take account of feedback from around the firm and from the RCA (Root Cause Analysis) work to mould new or amended objectives, as the entire SoQM is a continuously iterative process.

Where in doubt, external professional expert advice should be sought.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Key Differences Between ISQM (Ireland) 1 and ISQC (Ireland) 1

Key Differences Between ISQM (Ireland) 1 and ISQC (Ireland) 1

ISQM (IRELAND) 1 (hereafter referred to as ISQM 1) is very different from its predecessor which was called ISQC (IRELAND) 1.

One of the main differences is that ISQC was ‘passive’ (it could sit on the shelf for years without really affecting how the audit work was performed) while the ISQM 1 is much more ‘proactive’ requiring more thought and tailoring in its preparation leading to corrective action like root cause analysis (RCA). More on this in a later blog.

The other key differences are that the ISQM 1:

  1. Requires the firm to take a risk-based approach to designing, implementing and operating the individual components of the system of quality management (called the SoQM). In this risk based approach firms must:
  • establish quality objectives;
  • identify and assess the risks (the quality risks) that the quality objectives referred to above might not be achieved;
  • design and implement responses to address the quality risks; and
  • test and adjust the SoQM on a regular basis (probably annually) to ensure it is always fit for purpose;
  1. The new ISQM 1 has eight components of a quality management system compared to six in the previous ISQC. The two new elements are
    1. the firm’s risk assessment process, and
    2. information and communication;
  2. The standard includes enhanced requirements related to the firm’s commitment to quality through its culture;
  3. Greater emphasis is placed on accountability for the system of quality management much more than was the case with the old ISQC;
  4. There is a much more focused approach to the relevant ethical requirements rather than just independence which was emphasised in ISQC;
  5. Resources are given more attention, so each audit firm must consider resources such as :
    1. Human;
    2. Technological;
    3. Intellectual; and
    4. Service providers.
  6. Communication and information is one of the new components of the quality management system which places more emphasis on communications with external parties;
  7. There is a new approach to the monitoring process requiring a specific technique called root cause analysis;
  8. Requirements about engagement quality control reviews (EQCR) or hot file reviews are set out in a new standard, called ISQM 2. The old ISQC dealt with these in the past; and
  9. There is new requirement to understand quality in relation to:
  • resources,
  • services and
  • monitoring provided by a firm’s network, where relevant.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

 

10 Tips for Audit Firms to prepare for ISQM 1 28.10.22

10 Tips for Audit Firms to prepare for ISQM 1 28.10.22

Around the globe, auditors are preparing for the imminent ISQM 1 regime, and it’s now just under fifty days to the deadline – 15 December 2022. On or before this date every Irish audit firm will need an ISQM-compliant System of Quality Management (‘SOQM’).

Our new ISQM TOOLKIT is the answer to your needs and is available to purchase now for immediate download to help get you started. Click here for more details.

If you’re tempted to conclude that you’ve left it too late to meet the deadline, our message is: don’t despair. There is still opportunity to get ready, although it’ll mean setting aside dedicated partner time to achieve this, and regulators will be looking for clear evidence of progress by the end of the year and certainly by this time in 2023.

Here are our top ten tips to helping you get your SOQM across the finish line:

  1. Read the ISQMThere’s really no way around this! We’d recommend you also get hold of the IAASM Implementation Guide, which is genuinely helpful – although be warned; this is for the international version of the ISQM and doesn’t include the additional quality responses added to the Irish standard by the Irish Audit & Accounting Supervisory Authority (IAASA).
  2. Assess your current approach to audit quality. Firms aren’t (usually!) starting from scratch on audit quality and will have various policies and procedures already in place. While we want to stress that you shouldn’t simply ‘bolt on’ ISQM to your existing approach, it’s helpful to get a clear insight into what’s happening now (e.g., by taking a look with a critical eye at your existing ISQC 1 but being careful not to copy and paste the answers, but what’s in the ISQC1 may be helpful).This may mean gathering various documents (like staff appraisals, CPD plans and IES 8), clarifying existing arrangements with the rest of the team and organising your thoughts.
  3. Find out what your team thinks about your current approach. Chances are, you and your team already have sound insights into what’s working well and what isn’t, and some honest feedback may be painful but is essential to making progress.John McCarthy Consulting Ltd. (working in conjunction with our colleagues in Apex Professional Consulting Ltd.) has produced the ISQM TOOLKIT for the Republic of Ireland. It comes with a team questionnaire that can help you to gather anonymous feedback including suggestions for tackling problem areas.
  4. Start with leadership and governance issues. For most if not all small firms, a critical success factor for ISQM compliance is the degree of support from partners, especially managing partners within firms.Whether your firm is a sole practitioner or a larger firm, ISQM 1 challenges senior leadership to demonstrate genuine commitment to audit quality, recognising that this may not always align with a firm’s commercial strategy or its leaders’ priorities. You need to identify and deal with those conflicts, if present. You’ll also need to consider how much of the SOQM can be delegated to others and how the firm’s leadership will demonstrate that they bear ultimate responsibility for its success.
  5. Don’t dismiss the appointment stage. Many firms assign consideration of (re)appointment to junior audit staff who lack the judgement to assess ethical threats and to apply the right safeguards. Accepting a client relationship or engagement inappropriately removes any chance to achieve a quality audit.
  6. Be honest about priorities. Many firms say that they’re committed to audit quality, but a cursory scrutiny about how much of the firm’s time and money is spent in supporting and developing high quality audit may suggest otherwise.ISQM 1 demands that firms allocate enough resource to recruit and develop audit teams, supply them with appropriate tools (including hardware and software) and allow them the time to conduct audits thoroughly. You’ll also need to assess the quality risks of over-relying on external training providers, file reviewers or providers of methodology or IT tools.
  7. Refocus on prevention rather than cure. In the past, many audit firms have relied on regular cold file reviews to ensure their quality is up to scratch. Whilst such reviews will still play a key role, firms need to consider how to avoid audit defects altogether.For many audit partners, this may mean reducing the amount of time spent in review, and increasing the time spent in directing and supervising audits whilst in progress. Better prepared and managed teams should produce better audit files that need less review and remediation.
  8. Plan your monitoring as you go. As you set out your SOQM, make sure that every element is trackable and assign responsibility for monitoring to specific individuals, with clear instructions about how they should check progress and how they must record this. This should make the ‘monitoring and remediation’ part of the process much less burdensome. Don’t leave it all until the end!
  9. Get familiar with Root Cause Analysis (‘RCA’). This is a tool that has increased in profile of late, and while RCA can be sophisticated, it needn’t always be so. The aim is to identify systemic defects that, if corrected, will prevent problems from recurring. Don’t be afraid of asking ‘why did X happen’ multiple times when a quality problem is spotted, until the roots are uncovered.
  10. Consider external support. Whilst it’s possible to implement ISQM 1 without any other support, especially if you use a good transition tool (did we mention that John McCarthy Consulting Limited has designed the ISQM TOOLKIT with the smaller firm in mind?), you may find that getting the assistance of a specialist can be hugely valuable, even if just as a sounding board.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

 

Have You Developed Your Quality Management Strategy Yet?

Have You Developed Your Quality Management Strategy Yet?

Continuing on from our recent blog where we looked at assessing the quality risks for the ISQM, this week we look at how to develop a quality management strategy.

Have You Developed Your Quality Management Strategy Yet?

There are four key steps involved in developing a quality management strategy:

  1. Respond to quality risks – what is required in ISQM 1?
  2. Map and document your responses
  3. The role of the RI in embedding audit quality
  4. Practical considerations for less complex firms

We will look at the first of these steps today.

Bear in mind that the quality management process is iterative, so you are expected to adjust the assessment at any time if you notice any risks have changed since they were last assessed. Make sure to document your changes and the reasons for the change.

Respond to quality risks – what is required in ISQM 1?

The types of quality risks that may exist will vary from firm to firm and will be influenced by the size and complexity of the clients as well as the size of the firm and the numbers of offices it has, as well as the non-audit services it provides.

The responses will be influenced by factors like the specific responses that are required by Paragraph 34 of ISQM 1 which includes responses that the firm is required to design and implement. However there is the caveat that ‘unlike the quality objectives …the specified responses are not comprehensive and would not fully address all quality risks. Accordingly, the firm is expected to design and implement responses in addition to those specified in the standards.’

There are also the 12 additional requirements to paragraph 34 added by the Irish Audit & Accounting Supervisory Authority.

Factors to be aware of will include:

  • The type of audit programme used and whether ether is an updating service;
  • The type of ISQM Manual used;
  • CPD training policies within the firm;
  • Whether the firm is part of a Network and what types of support it may offer;
  • Technical resources and having confidence that they are competent and up to date;
  • The types of non-audit services provided and whether these are offered to audit clients where there could be an ethical threat;
  • The length of time the audit partners have provided the audit service to their clients with the potential for long association risk.

This list is not exhaustive.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.