Have You Assessed Your Quality Risks Yet?

Have You Assessed Your Quality Risks Yet?

by | Oct 10, 2022 | Blog, News

Continuing our blog where we looked at how to establish quality objectives for the ISQM, this week we look at how to assess the quality risks.

Have you assessed your quality risks yet?

The first step is to consider the likelihood and significance of a particular risk crystallising.

Bear in mind that the quality management process is iterative, so you can adjust the assessment at any time if you think it has changed since it was last assessed, as long as you document your changes and the reasons for the change.

Develop and implement responses

There are broadly 6 mandatory responses set out in ISQM 1 (see paragraph 34 of ISQM 1) to which the IAAASA have added a further 12 of their own (see paragraph 34D-1 of ISQM 1). Paragraph 34D-2 adds some requirements for auditors of listed entities and Paragraph 34D-3 mentions  adjusting the requirements for the scalability and complexity of the audit firm and the entities it audits.

On their own they will not be sufficient for full ISQM 1 compliance.

Many of the policies and procedures you already have in place on your ISQC1 may be appropriate but be careful not to take the attitude that this is a copy and paste exercise.

The responses identified need to link back to the quality risks already identified and the established quality objectives. Please don’t give in to the temptation to work backwards by starting with your policies and procedures and then doing the responses followed by the risk assessment.

Follow this sequence:

  1. Document the key information about your firm and engagements;
  2. Think about the quality objectives in the standard and the risks that could arise by not achieving those objectives; and
  3. Then look at your current procedures and policies to identify gaps.

Where you find that your existing ISQC 1 policy or procedure doesn’t fit any of the risks, you have identified, it has one of two main consequences either:

  1. The procedure isn’t needed or
  2. You have missed a risk that needs more attention in the new ISQM 1 System of Quality Management (SOQM).

Monitor and revisit

As you progress through the standard and you evaluate and monitor your System of Quality Management (SOQM), you may revisit and change objectives, risks and responses. If deficiencies are identified, you must perform root cause analysis, the outcome of which may then involve revising either your objectives, risks or responses.

You may have already been doing this by responding to cold and hot file review and inspection findings, but perhaps not being sufficiently proactive about correcting deficiencies and ensuring they are much less likely to recur.

If you haven’t, please don’t need to wait until 15 December 2022 to start – get started now.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Establishing Quality Objectives for the ISQM

Establishing Quality Objectives for the ISQM

by | Oct 3, 2022 | Blog, News

Six of the eight components have mandatory quality objectives established in the International Standard on Quality Management (ISQM) 1 (see paragraphs 25-34 of ISQM 1). For assistance with implementing the ISQM see our ISQM TOOLKIT available for immediate download here. There is 20% off for simultaneous purchases of five items or more.

There are no mandatory objectives for the two remaining areas:

  • risk assessment or
  • monitoring and remediation.

Smaller firms may find that the quality objectives already included in ISQM 1 are sufficient for their needs, but some firms may need to establish other objectives or sub-objectives. Every firm must consider (and evidence they considered) whether they need additional objectives – it’s not safe just to assume you don’t need them.

Note that if a quality objective included in ISQM 1 is not relevant to your firm then you can ignore it.

The next step is to identify quality risks that threaten the achievement of those quality objectives:

  • Consider
    • the nature and circumstances;
    • the conditions and events;
    • the actions and inactions; and
    • the type and nature of the client engagements.
  • Much of a firm’s nature and circumstances is dictated by:
    • the people working there;
    • the environment within which it operates; and
    • the types of client it serves.

All of the above variables may have an impact on the quality risks that are most relevant to the firm, and each firm will need to assess the significance/likelihood of those risks crystallising.

The emphasis will need to be on identifying quality risks rather than focusing on the consequences of a risk crystallising – e.g.

  • not understanding the requirements of the Ethical Standard is a quality risk;
  • rather than a breach of the Ethical Standard which would be a consequence of that quality risk

Watch out that where you identify a quality risk that doesn’t result from a quality objective in ISQM 1 then you will need to establish a new quality objective.

Next week we will look at assessing risks.

It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Tailoring your ISQM

Tailoring your ISQM

by | Sep 20, 2022 | Blog, News

Audit firms of all sizes, with differing levels of complexity will expect their service providers to publish an off the shelf manual to help implement ISQM 1, just like they did with its predecessor ISQC1. Our new ISQM TOOLKIT is here to help you with documenting your ISQM compliant audit quality risks and responses.

The new ISQM standard requires each audit firm to tailor the ISQM TOOLKIT in such a manner that the risks and responses are unique to each firm. In this regard the new ISQM TOOLKIT is very different to, its off the shelf predecessor, the ISQC1.

Each audit firm must document its:

  • audit objectives (which will be unique, depending on the size of each firm and the nature, size and complexity of its client base),
  • audit risks; and
  • responses to those audit risks

because ISQM 1 requires that these responses are tailored to each firm’s particular circumstances. Each audit firm will need to consider the firm’s particular risks and ensure the responses are tailored appropriately, and document these with an annual review and updates in subsequent years. The process is iterative by its very nature.

The good news is that our new ISQM TOOLKIT has just been published to help audit firms implement the Action Plan below.

Action Plan

Here’s how to start.

  1. Write down key information about the firm and its audit engagements (e.g. do we audit any groups);
  2. Think about the quality objectives in the standard and
  3. The risks arising if those quality objectives are not met.

Then take a look at the firm’s current audit policies and procedures to identify gaps e.g. do we have  up to date letters of engagement, representation, Financial Statement Disclosure Checklists or the latest audit manual for charities, insurance brokers etc.

If you find that you currently have an ISQC 1 policy or procedure that doesn’t fit any of the risks you have identified, either it isn’t needed or you have missed a risk. The answer will be unique to your firm and you will, need to decide which is the correct response. You can’t copy/past the answer from your friend down the road. It goes without saying that these blogs cannot be a substitute for reading the ISQM 1 itself.

More on documenting these risks in one of our upcoming blogs.

If you would like a bespoke consultation remotely or on-site to discuss the new ISQM 1 in more detail please send an e-mail to john@jmcc.ie

Future blogs

Over the coming weeks we will publish a series of blogs, alongside the publication of our new Audit Quality Control Manual called the ISQM TOOLKIT, to help auditors implement the new process.

Publications and AML webinar

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.

Tags: ISQM TOOLKIT, IAASA, International Standard on Quality Management (ISQM) 1, Root Cause Analysis, Anti Money Laundering Policies Controls & Procedures Manual, AML Training webinar.

Are You Ready For The ISQM?

Are You Ready For The ISQM?

by | Sep 11, 2022 | Blog, News

There are several new acronyms for auditors in Ireland to grapple with before Christmas. From 15 December 2022 the International Standard on Quality Management (ISQM) 1, issued by the Irish Audit & Accounting Supervisory Authority, comes into force. The ISQM TOOLKIT is available here to purchase now for immediate download.

It is and deals with the quality management of audits with special emphasis on:

  • designing, 
  • implementing and 
  • operating 

a system of quality management (SOQM) for audits or reviews of financial statements or other assurance or related services engagements.

It will have a deep and lasting impact on all audits carried out in Ireland, whether they are of public or private companies. Early preparation, well before 15 December 2022, is highly recommended.

The new standard requires audit firms to be much more proactive than the predecessor document the International Standard on Quality (ISQC) 1, which was more reactive in nature.

Among the changes in terminology and acronyms, the main ones are:

  • IUR = Individual assigned with ultimate responsibility for implementation assigned ultimate responsibility and accountability for the system of quality management, on behalf of the firm, evaluates the system of quality management and concludes whether the system of quality management provides the firm with reasonable assurance that the objectives of the system are being achieved.
  • IOR = Individual assigned with overall responsibility for the audit engagement – usually the engagement partner.
  • SOQM = Systems of Quality Management is the overall description for the eight main areas prescribed by the standard.
  • RCA = Root Cause Analysis – identification of the root causes of audit deficiencies which is an iterative and non-linear evaluation. It is part of the monitoring and remediation process – see below.
  • EP = engagement partner.
  • KAP = for an audit of financial statements, the engagement partner is the key audit partner.

The standard is broken into eight main areas:

  1. The firm’s risk assessment process;
  2. Governance and leadership;
  3. Relevant ethical requirements;
  4. Acceptance and continuance of client relationships and specific engagements;
  5. Engagement performance; 
  6. Resources;
  7. Information and communication; and
  8. The monitoring and remediation process.

The IAASB in New York (from where the standard emanates) have issued a very useful Factsheet that explains the background to the changes.

Over the coming weeks we will publish a series of blogs, in advance of the publication of our new Audit Quality Control Manual called the ISQM Toolkit, to help auditors implement the new process. The Manual will be published soon. Watch this space!

Publications and AML webinar

  • The ISQM TOOLKIT is available here to purchase now for immediate download.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Ethical matters: Change is coming to auditing standards in Ireland

Ethical matters: Change is coming to auditing standards in Ireland

by | Oct 1, 2019 | Blog, News

In July, the Financial Reporting Council (FRC) in London issued a consultation on proposed changes to the UK’s Ethical and Auditing Standards. It closed on September 27, 2019.

The consultation is expected to introduce revisions that will see tougher regulations on audit independence and the provision of non-audit services. Any changes that are approved will come into effect for audits of accounting periods commencing on/after 15 December 2019.

The date these changes may come into effect in Ireland is at present, unclear. Coming up to a 31 December 2019 period end, auditors are expected to be aware of the changes that may impact audits being due to be performed in 2020, before they accept or commence an assignment, so that they can properly accept or reject the audit appointment having checked the independence rules.

The aim of these changes is to place greater emphasis and focus on ethical matters and the public interest within audit firms, and to require reporting where an audit firm does not follow the ethics partner’s advice. This will be achieved by increasing the authority of the ethics partner function within audit firms.

What does this mean for Ethical and Auditing Standards in Ireland?

The IAASA has confirmed that following the FRC consultation, they will review the proposed changes and in due course, will issue a public consultation specific to Irish Standards, that will reflect the changes proposed by the FRC in the UK.

This will likely bring a change to both audit and ethical standards in Ireland.

What will the key changes be?

  • A more robust, ‘reasonably informed third-party’ (RITP) test that is ‘objective’ and ‘reasonable’;
  • The test would require audit firms to evaluate the effect a proposed action would have on their independence – from the perspective of public interest stakeholders;
  • This test would be supported by further material, designed to encourage a more comprehensive assessment considering the spirit and letter of the standard;
  • Further detailed amendments to individual standards to clarify what the auditor’s responsibilities are:
    • when considering whether or not, the bodies they have audited are compliant with relevant laws and regulations
    • when checking there are no material misstatements in the ‘other information’ companies include in their annual financial reports;
  • Potential ban on gifts and hospitality both being received and given;
  • Potential change to the definition of ‘accounting services’ where it might involve ‘playing the role of management or initiating transactions’; and an
  • Absolute prohibition is proposed on the provision of internal audit services, and recruitment services to an audited entity by the auditor of that entity. And its proposed to simplify and clarify the prohibitions on the provision of Information Technology Systems.

 

Why would a UK change affect Irish audit standards?

Since June 2016, Ireland has had to write its own audit standards. However, they remain very similar to the FRC’s Auditing Framework as it is IAASA policy to make ‘minimal amendments to the UK framework’.

Amendments are most often only made to specify ‘Irish’ rather than ‘UK’ company law, or to remove a conflict with Irish or EU law, or differences in Irish or UK markets.  In this way, whatever changes are made in the UK, Ireland is likely to follow suit.

Who writes the Irish accounting standards?

The Financial Reporting Council in London still currently write accounting standards for both the UK and Ireland. Until Brexit, the FRC will continue to write Irish accounting standards – FRS 102 being the main one. Rumour has it that the Financial Reporting Council can’t wait to get rid of FRS 105 the standard for Micro Entities, once Brexit occurs.

Post Brexit, Ireland may have to write their own accounting standards, but capacity-wise, this is a potential problem as FRS 102, for example took ten years to develop!

Support materials

There are 19 webinars on various topics, include ethics and an audit update, on our website – €45 each, or you may purchase two at the same time for €80 or five for €190.

All our webinars are accessible at any time (for 12 months from date of purchase) here.

We have also prepared, ready to use, several engagement and representation letter templates (in Word format) for many types of assignment, which help reduce misunderstandings about engagement scope and liability. These are available to purchase online (bulk purchases of 5 or more templates attract a 20% discount), please click on the relevant links.

Some latest additions may be of interest to you: