Transcript Kosovo Board on Standards for Financial Reporting

Documentation Working
Papers &
Quality Control
Regulation & Practice Workshop
Skopje 25 November 2009
Paul F.M. Hurks (NIVRA)
Regulation IFAC
Regulations on Documentation Working
Papers & Quality Control
SMO1
ISQC1
ISA 220 & 230
IFAC SMOs
Obligations for SCAAK as IFAC member:
•
•
•
•
•
•
•
SMO 1
SMO 2
SMO 3
SMO 4
SMO 5
SMO 6
SMO 7
Quality Assurance
Education Standards
Auditing & Assurance Standards
Standards of Ethics
Public Sector Accounting Standards
Investigation & Discipline
IFRS
QA / QC:
SMO 1. ISQC 1, ISA 220/230
3 levels:
ICARM
SMO-1
FIRM
ISQC1-1
Professional
ISA 220-230
Professional
ISA 220-230
FIRM
ISQC1
Professional
ISA 220-230
Professional
ISA 220-230
Professional
ISA 220-230
IFAC SMO 1
•
Implementation of a Quality Assurance Review Program (QARP) for Audit
Engagements (AE) of Financial Statements (FS)
– mandatory QARP for AE of FS of listed entities (minimum)
– mandatory QARP for established and published criteria for all other AE
of FS
•
Obligations on 3 levels:
– (3rd) Oversight (MB / POB): review program:
– (2nd) Firm (including a sole practitioner):
– (1st) Personal (audit professional, member):
•
SMO 1 (= QA)
ISQC 1 (= QC)
ISA 220
Best endeavours to encourage and assist other responsible authorities to
follow SMO 1, when applicable (government, regulators)
IFAC SMO 1
• Mandatory program tot assist members
– Understand objectives (publication & CPD)
– Implement and maintain an appropriate system (guidance /
tools)
• Mandatory review program
– Selection on cycle approach (3 years) or risk based approach
– Consider risk factors (listed entities, PIE, review results, quality
and effectiveness of internal inspection program)
– Reasonable frequency, even if not selected on risk based
approach
IFAC SMO 1
• Review procedures
– Assessment of the system of QC for listed entities
– Review of QC policies and procedures & working paper review
and discussions with staff to evaluate
• Compliance with the system
• Compliance with other regulatory and legal requirements
• Working paper review includes
–
–
–
–
Existence & Effectiveness QC system
Compliance with regulatory and legal requirements
Evidence documented
Appropriateness of auditor’s report
IFAC SMO 1
• MB requires correction to member’s system, policies and
procedures if not compliant
• MB should take disciplinary actions with failing members
• MB must be clear about linkage between conclusions
and corrections
– CPD, system, engagements, persons, number of peers
– Reprimands, fines, suspension, expulsion
IFAC ISQC1
Obligations for Licensed firms (2nd level):
• System for quality control for compliance with regulation
–
–
–
–
–
–
Leadership responsibility
Clients relationships & assignments
Human resources
Engagement performance
Monitoring
Documentation
IFAC ISQC1
• Leadership responsibility (tone at the top)
–
–
–
–
–
–
–
–
–
–
firm's mission: focus clearly on public interest
specialization (industry, clients)
assignments (audits, compilation, advice, tax)
tailored QC manual based on ISQC1
procedures driven by checklists in a adequate way
procedures for timely updates of procedures in place
firm’s manual based on ethical requirements (CoE)
procedures for QC enforcement in place
standard audit programs available for tailoring purposes
communication
IFAC ISQC1
• Clients relationships & assignments
– procedures for proposals, client & assignment acceptance & resignation
– procedures for receiving client's assignment confirmation (ISA 210)
– procedures refer to CoE requirements: integrity, objectivity, competence
& due care, confidentiality, professional behaviour, independence
– procedures include a written assessment of threats to CoE principles (7
steps)
– procedures refer the assigning a licensed professional as the client
partner
– procedures refer to periodical partner rotation
– procedures contain investigation of client's integrity & reputation
– procedures contain investigation of fraud risks
– communication
IFAC ISQC1
• Human resources
– procedures for recruitment & retention of HR
– procedures for assigning engagement teams based on
availability, competence, skills and experience
– Procedures for proper instruction & guidance for teams
– procedures for facilitating training (internal) & education and
CPD (external) based on IESs
– procedures for supervision & periodical evaluation
– procedures for reward & discipline
– procedures for carreer planning
– communication
IFAC ISQC1
• Engagement performance (1)
–
–
–
–
–
–
–
–
–
–
engagement process based on ISAs and tailored audit programs?
assign the team members based on criteria
budget the audit fee for the assignment
partner's role and responsibilities (e.g. pre-audit meeting, supervision)
procedures for threats/safequards of CoE principles (7 steps)
understanding the client's business & financial reporting system
assess materiality & risk (including fraud, non-compliance)
assess internal control risks & internal control reliance (including IT)
analytical review, substantive testing, cut-off, third party confirmations
choice and correct use of appicable accouning standards (local or IFRS)
IFAC ISQC1
• Engagement performance (2)
–
–
–
–
–
–
–
–
–
–
timely team member supervison and (independent partner) review
technical consultation & use of other auditors / experts
differences of opinion
assess safeguard going concern
receiving a Letter of Representation
wrap-up & evaluating audit evidence based on reassessment of
materiality
assessing the appropriateness of the auditor's opinion, reporting (&
signing)
communication with the client (opinion/findings/advice)
invoicing audit fee and budget evaluation
timely closure and archiving of working paper files
IFAC ISQC1
• Monitoring (Plan Do Check Act): TQM
–
–
–
–
–
–
–
–
planning
client / engagement acceptance
yearly independence declaration
incidents, internal & external: complaints, allegations
review & inspection
reporting & evaluation
HR (evalution, CPD)
follow-up procedures for removing deficiencies:
adjustments, instructions, reprimands, sanctions
– communication
IFAC ISQC1
• Documentation (ref. ISA 230)
–
–
–
–
–
–
–
strategy, policy, mission
(customized) manual & procedures, checklists, tools
working papers
inspection and (independent) reviews
monitoring (compliance officer)
file access & retention procedures
communication (make available)
IFAC ISA 220
Obligations for Professionals on Quality Control:
What is quality?
• For the client (client interest)
advice & help, low taxes, quick response, compliance
• For the society (public society interest)
relevant information, integrity, trust, reliability, expertise, reputation,
transparent, accountable
Important for your strategy:
– Quality Control is or will be a competitive tool!
– It’s Integrity that sells the best!
IFAC ISA 220
Obligations for Professionals on Quality Control (1st level):
•
•
•
•
•
•
•
•
•
responsibility engagement partner
ethical requirements (e.g. independence)
client / engagement acceptance (information!)
assign the team members based on criteria
engagement performance
supervision & (independent) review
quality control
communication
documentation
IFAC ISA 230
Obligations for Professionals on Documentation:
NOT DOCUMENTED IS THE SAME AS
NOT DONE!
“trust me > show me > prove me”
IFAC ISA 230
Obligations for Professionals on Documentation:
•
•
covers audit evidence to support the auditor’s opinion
shows compliance with
–
–
•
international & national standards and regulation, and
firm’s manual & procedures, including ethical requirements
shows ‘story of the audit’
planning, timing, accounting principles, extent audit work: materiality, (fraud)risk
& respons (IC & IT), analytical review, substantive testing, third party
confirmations, findings, results, consults, considerations & discussions, meetings
with client management and governance responsibles, judgement & conclusions
•
•
due process: timely = instantly (direct support audit ‘work in process’)
accessable and understandable without explanation, also for ‘w.i.p’
for instruction, supervision and review purposes
•
•
Identification of assignment, partner, team members & reviewer(s)
wrap up, file closure, file retention
IFAC ISA 210
Obligations for Professionals on Assignment
Confirmation:
•
•
•
•
•
•
•
•
•
•
•
written and signed in advance (first time & yearly renewal)
conditions: integrity, necessary data and cooperation, anti-fraud
responsibilities client and firm (Letter of Representation)
limitations assignment: audit, review, complilation, materiality
reference to ISAs & CoE
engagement partner
use of other experts
reporting
timing
budget, invoicing & payment
liability & limitation
SMP focus on documentation
What often goes wrong in SMP audit practice?:
•
•
•
•
•
•
•
•
•
•
•
•
•
Strategy, mission, clients, quality focus (public interest)
Quality control manual, templates, procedures, checklists
Written assignment confirmation
ISA 240/250 and consequences for the audit
Tailored planning & work program based on ‘risk & respons’
Work program documentation & completion (electronic files)
Clarity about who did what and when (identification)? (including supervision)
Substandard consultation performance
CPD registration
Code of Ethics (e.g. integrity, independence, expertise, confidentaility)
Considerations, evaluation & conclusions
TQM monitoring (inspection, independence declarations)
Firm going concern risk respons: deputization, insurance (public interest)
SMP Focus ISQC 1
ISQC 1 SMP facilities:
Agreement with other (sole) practitioners:
•
•
•
•
Combining consultation activities (partly)
Combining inspection activities
Reciprocal compliance officer
Firm’s going concern (deputization)
Concluding remarks
“Do you really want to be
in this profession?”
–
–
–
–
–
–
–
Moral
Honourable
Responsible
Transparent
Ethical
Trustworthy
Focus on Public Society interest
“What is your tone? (your personal
fundamental incentive)?”