Four Steps to Assessing Audit Quality Risks

Four Steps to Assessing Audit Quality Risks

The implementation deadline for the International Standard on Quality Management 1 (ISQM 1) was 15 December 2022 the date from which audit firms have their System of Quality Management (SoQM) documented and prepared.

As part of the implementation process audit firms are expected to record risks to audit quality, put in place appropriate responses and document the overall firm approach.  This may best be done as a brainstorming session with senior audit personnel.

In certain cases it will be appropriate to involve non-audit Partners in the process, in so far as they provide non-audit services to audit clients, so that there is a complete understanding of the scope of the potential audit quality risks that may be present.

Essentially there are at least four steps involved:

  1. Work out the firm’s audit quality risks;
  2. Prioritise the risks depending on likelihood and impact;
  3. Agree the responses – take note that there are at least 18 pre-set responses in ISQM.34 that must be compulsorily dealt with or marked as ‘not applicable’ and then each firm may need to add their own specific risks.

Depending on the type and size of audit firm, there are likely to be a few risks that may be easily excluded e.g. if:

  1. Your firm is not part of an international network;
  2. It does not carry out groups audits as the Parent company auditor; and
  3. It does not act for Public Interest Entities).
  1. Devise tailored responses to the risks identified, ensuring these responses are effective and complete.

Spot check reviews by the professional bodies, on ISQM implementation, have already commenced, so the need to finalise these responses is urgent.

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Registration deadline looms for clients with property in the UK

Registration deadline looms for clients with property in the UK

Do you have clients with property interests in the UK, or who are about to acquire or recently sold property there? There is a registration deadline looming on 31 January 2023 which is only one week away!

Your clients will need to know much more about this new piece of UK legislation in order to avoid committing a criminal offence.

With effect from 1 August 2022 any overseas entity that wants to buy, sell, or transfer property or land in the UK, (i.e. freehold estates or a lease granted for a term of more than seven years) must register with UK Companies House. They must declare who their registrable beneficial owners or managing officers are before 31 January 2023. Entities that disposed of property or land after 28 February 2022 will also need to register and give details of that disposal.

The Economic Crime (Transparency and Enforcement) Act 2022 provides the legislative background to this new requirement designed to tackle money laundering. This legislation creates the Register of Overseas Entities.

The procedure for making registration applications is set out in the Register of Overseas Entities (Delivery, Protection and Trust Services) Regulations 2022 and the rules around verification are contained in the Register of Overseas Entities (Verification and Provision of Information) Regulations 2022 (2022/725).

The requirements for registration apply to property acquired in:

  • England and Wales, since 1 January 1999;
  • Scotland, since 8 December 2014 and
  • Northern Ireland, since 1 August 2022.

Overseas entities that currently hold qualifying property have six months from 1 August to register with Companies House. Failure to register is a criminal offence.

The Department for Business, Energy and Industrial Strategy (BEIS) has produced some guidance for those who may undertake verification on behalf of an overseas entity.

Accountants take care

According to the ICAEW and the UK Law Society, because of the potential liabilities for incorrectly carrying out verification checks, it is critical for any accountants seeking to carry out this service for a foreign entity that they fully understand that the client due diligence (CDD) process usually carried out to comply with anti-money laundering regulations is not of the same standard required for verification of ownership of Overseas Entities.

The BEIS guidance highlights that “there are differences between what’s required under the UK Money Laundering Regulations (MLRs) by way of client due diligence and what is required by way of verification under the 2022/725 Regulations. As such, a relevant person cannot only do what they would normally do under the MLRs and as set out in related industry guidance. Relevant persons should refer to the Act, the 2022/725 Regulations and this guidance when conducting verification checks.”

The ICAEW has said ‘If a professional accountant undertakes verification and does not carry out the process correctly, then they open themselves up to criminal prosecution, regulatory sanctions, and liability for professional negligence.’

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Got Your Supplier Quality Statement Yet?

Got Your Supplier Quality Statement Yet?

As many audit firms will already be aware the International Standard on Quality Management 1 (ISQM 1) became effective on 15 December 2022 from when they must document their System of Quality Management (SoQM).

As part of such a system, firms must assess the quality of any system components which have been sourced from external third parties. Part of the confirmation process will involve the collection of statements from these external parties known as Supplier Quality Statements (SQS).  We are only concerned here with those suppliers that may impact on audit quality such as (the list is not necessarily comprehensive):

  • training organisations providing CPD;
  • providers of audit tools such as audit programmes and financial statements checklists;
  • professional bodies;
  • software and IT support suppliers;
  • providers of technical checklists;
  • technical advisers and
  • audit file reviewers.

The collection of these Supplier Quality Statements will form part of each firm’s System of Quality Management (SoQM) and will need to be updated subsequently at regular intervals.

Have you sourced all the Supplier Quality Statements you need?

In case you ask, here is the one from John McCarthy Consulting Ltd.

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Accessing the Register of Beneficial Ownership

Accessing the Register of Beneficial Ownership

As many are already aware, access to the RBO Register has recently been shut down, following an EU Court of Justice ruling.

Access to the Register of Beneficial ownership registry is only now being reopened to registered designated persons, which includes accountants in practice.

In order to gain access to the Register from now on, Designated Persons will need to appoint an authorised administrator register themselves, using a Form BEN3A1 Designated Persons Administration Declaration form (fillable online).

We suggest readers monitor the home page of the RBO for more information which will appear there as soon as it becomes available.

Meanwhile, for those of you still in the process of ISQM 1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Are you Ready for a Hot File Review?

Are you Ready for a Hot File Review?

The ISQM 2 comes into effect on 15 December 2022. It relates to what used to be called ‘engagement quality control reviews’.

These are now called ‘engagement quality reviews’ also known as Engagement Quality Review (EQR or EQ review). These are also referred to as Hot File Review.

The main changes are as follows:

  1. The standard require the reviewer to challenge the engagement partners’ judgments much more than in the previous requirements. In the past, reviews have sometimes focused on process more than on assessing the quality of judgments.
  2. The scope of the standard, at least for small and medium firms with non-PIE or listed audits states that reviews should be required:
    • for ‘other engagements’ that are required by law or regulation; and
    • audits and other engagements that the firm itself determines should be reviewed in response to a specific ‘quality risk’.

These types of audit engagement could include those where there are:

    • high levels of complexity or judgment;
    • un-remediated deficiencies in internal control at the audit firm;
    • there are recurring inspection findings on the audit; and
    • engagements for new clients where there were disagreements with the previous auditor.

Some firms that didn’t need an EQ review in the past may need one in the future as the scope for avoiding one will probably be narrower. However the implications are not clear. It will ultimately depend on individual firms’ assessment of their quality risks and the types of appropriate responses to such risks which may include an EQ review.

Who can carry out the EQR?

Reviewers will need sufficient seniority/experience, with sufficient time and resources allowed to do the job properly.

With ever-increasing emphasis on quality generally within firms and the adverse consequences associated with quality failings, it seems likely that the role of EQ reviewer will be an even more challenging one in future.

As regards documenting Audit Firms’ statement of Quality Management (SoQM), We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Have You Asked the Five Whys?

Have You Asked the Five Whys?

Root cause analysis (RCA) is a requirement of the new ISQM 1 which comes into effect in less than 10 days. It is one of the eight main components of that standard.

Audit firms will be expected to carry out RCA from 15 December 2022 and have the results and implementation action plan available for inspection by audit monitoring teams in 2023.

RCAs main objective is to examine the more serious audit deficiencies that have occurred during either hot or cold file reviews and involves asking ‘why’ questions, typically five times. The ultimate aim being to prevent them from happening again.

Known as the ‘5 Whys’ technique – it is allegedly attributed to the famously successful Toyota vehicle manufacture process.

In the audit world you might find that the source of a problem is lack of adequate staff training or staff performing audit work with an out of date disclosure checklist – the root problem occurs there.

But what is the root cause of the problem? The answer lies in going deeper by asking why the problem occurred. Asking “Why?” five times requires taking the answer to the first why and then asking why that occurs.

Typically, the process of asking “Why?” leads upstream in the process. It may be a defect that occurs in planning, but the root cause may be in the poor quality of client records, or perhaps a lack of sufficiently critical sceptical thinking on the part of the audit team.

Some typical root cause that we have come across include:

  • risk assessment at the planning stage of the audit;
  • the extent of audit evidence obtained and the level of documentation; and
  • the degree of disclosure within the financial statements.

A common reason for these types of issue is a lack of understanding of the ISAs (Ireland) or accounting standards. Some firms insist on staff reading the ISAs as a basic starting point. What a good idea?

The 2022 book of the ISAs (Ireland) is available from the CAI store here. (We promise we don’t get a commission!). These standards are essential reading for all audit teams, especially with so many modifications to the standards coming into play for accounting periods ending 31 December 2022.

Other reasons that can be root causes include:

  • flaws in the design of audit tests and
  • inadequate review by senior audit team personnel (i.e. the audit manager or the audit engagement partner) as well as;
  • Client familiarity which can play a part in leading to poorer quality audit documentation.

For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.