Documentation Working Papers Quality Control Regulation Practice Workshop

Documentation Working Papers & Quality Control Regulation & Practice Workshop Skopje 25 November 2009 Paul F. M. Hurks (NIVRA)

Regulation IFAC Regulations on Documentation Working Papers & Quality Control SMO 1 ISQC 1 ISA 220 & 230

IFAC SMOs Obligations for SCAAK as IFAC member: • • SMO 1 SMO 2 SMO 3 SMO 4 SMO 5 SMO 6 SMO 7 Quality Assurance Education Standards Auditing & Assurance Standards of Ethics Public Sector Accounting Standards Investigation & Discipline IFRS

QA / QC: SMO 1. ISQC 1, ISA 220/230 3 levels: ICARM SMO-1 FIRM ISQC 1 -1 Professional ISA 220 -230 FIRM ISQC 1 Professional ISA 220 -230

IFAC SMO 1 • Implementation of a Quality Assurance Review Program (QARP) for Audit Engagements (AE) of Financial Statements (FS) – mandatory QARP for AE of FS of listed entities (minimum) – mandatory QARP for established and published criteria for all other AE of FS • Obligations on 3 levels: – (3 rd) Oversight (MB / POB): review program: – (2 nd) Firm (including a sole practitioner): – (1 st) Personal (audit professional, member): • SMO 1 (= QA) ISQC 1 (= QC) ISA 220 Best endeavours to encourage and assist other responsible authorities to follow SMO 1, when applicable (government, regulators)

IFAC SMO 1 • Mandatory program tot assist members – Understand objectives (publication & CPD) – Implement and maintain an appropriate system (guidance / tools) • Mandatory review program – Selection on cycle approach (3 years) or risk based approach – Consider risk factors (listed entities, PIE, review results, quality and effectiveness of internal inspection program) – Reasonable frequency, even if not selected on risk based approach

IFAC SMO 1 • Review procedures – Assessment of the system of QC for listed entities – Review of QC policies and procedures & working paper review and discussions with staff to evaluate • Compliance with the system • Compliance with other regulatory and legal requirements • Working paper review includes – – Existence & Effectiveness QC system Compliance with regulatory and legal requirements Evidence documented Appropriateness of auditor’s report

IFAC SMO 1 • MB requires correction to member’s system, policies and procedures if not compliant • MB should take disciplinary actions with failing members • MB must be clear about linkage between conclusions and corrections – CPD, system, engagements, persons, number of peers – Reprimands, fines, suspension, expulsion

IFAC ISQC 1 Obligations for Licensed firms (2 nd level): • System for quality control for compliance with regulation – – – Leadership responsibility Clients relationships & assignments Human resources Engagement performance Monitoring Documentation

IFAC ISQC 1 • Leadership responsibility (tone at the top) – – – – – firm's mission: focus clearly on public interest specialization (industry, clients) assignments (audits, compilation, advice, tax) tailored QC manual based on ISQC 1 procedures driven by checklists in a adequate way procedures for timely updates of procedures in place firm’s manual based on ethical requirements (Co. E) procedures for QC enforcement in place standard audit programs available for tailoring purposes communication

IFAC ISQC 1 • Clients relationships & assignments – procedures for proposals, client & assignment acceptance & resignation – procedures for receiving client's assignment confirmation (ISA 210) – procedures refer to Co. E requirements: integrity, objectivity, competence & due care, confidentiality, professional behaviour, independence – procedures include a written assessment of threats to Co. E principles (7 steps) – procedures refer the assigning a licensed professional as the client partner – procedures refer to periodical partner rotation – procedures contain investigation of client's integrity & reputation – procedures contain investigation of fraud risks – communication

IFAC ISQC 1 • Human resources – procedures for recruitment & retention of HR – procedures for assigning engagement teams based on availability, competence, skills and experience – Procedures for proper instruction & guidance for teams – procedures for facilitating training (internal) & education and CPD (external) based on IESs – procedures for supervision & periodical evaluation – procedures for reward & discipline – procedures for carreer planning – communication

IFAC ISQC 1 • Engagement performance (1) – – – – – engagement process based on ISAs and tailored audit programs? assign the team members based on criteria budget the audit fee for the assignment partner's role and responsibilities (e. g. pre-audit meeting, supervision) procedures for threats/safequards of Co. E principles (7 steps) understanding the client's business & financial reporting system assess materiality & risk (including fraud, non-compliance) assess internal control risks & internal control reliance (including IT) analytical review, substantive testing, cut-off, third party confirmations choice and correct use of appicable accouning standards (local or IFRS)

IFAC ISQC 1 • Engagement performance (2) – – – – – timely team member supervison and (independent partner) review technical consultation & use of other auditors / experts differences of opinion assess safeguard going concern receiving a Letter of Representation wrap-up & evaluating audit evidence based on reassessment of materiality assessing the appropriateness of the auditor's opinion, reporting (& signing) communication with the client (opinion/findings/advice) invoicing audit fee and budget evaluation timely closure and archiving of working paper files

IFAC ISQC 1 • Monitoring (Plan Do Check Act): TQM – – – – planning client / engagement acceptance yearly independence declaration incidents, internal & external: complaints, allegations review & inspection reporting & evaluation HR (evalution, CPD) follow-up procedures for removing deficiencies: adjustments, instructions, reprimands, sanctions – communication

IFAC ISQC 1 • Documentation (ref. ISA 230) – – – – strategy, policy, mission (customized) manual & procedures, checklists, tools working papers inspection and (independent) reviews monitoring (compliance officer) file access & retention procedures communication (make available)

IFAC ISA 220 Obligations for Professionals on Quality Control: What is quality? • For the client (client interest) advice & help, low taxes, quick response, compliance • For the society (public society interest) relevant information, integrity, trust, reliability, expertise, reputation, transparent, accountable Important for your strategy: – Quality Control is or will be a competitive tool! – It’s Integrity that sells the best!

IFAC ISA 220 Obligations for Professionals on Quality Control (1 st level): • • • responsibility engagement partner ethical requirements (e. g. independence) client / engagement acceptance (information!) assign the team members based on criteria engagement performance supervision & (independent) review quality control communication documentation

IFAC ISA 230 Obligations for Professionals on Documentation: NOT DOCUMENTED IS THE SAME AS NOT DONE! “trust me > show me > prove me”

IFAC ISA 230 Obligations for Professionals on Documentation: • • covers audit evidence to support the auditor’s opinion shows compliance with – international & national standards and regulation, and – firm’s manual & procedures, including ethical requirements • shows ‘story of the audit’ planning, timing, accounting principles, extent audit work: materiality, (fraud)risk & respons (IC & IT), analytical review, substantive testing, third party confirmations, findings, results, considerations & discussions, meetings with client management and governance responsibles, judgement & conclusions • • due process: timely = instantly (direct support audit ‘work in process’) accessable and understandable without explanation, also for ‘w. i. p’ for instruction, supervision and review purposes • • Identification of assignment, partner, team members & reviewer(s) wrap up, file closure, file retention

IFAC ISA 210 Obligations for Professionals on Assignment Confirmation: • • • written and signed in advance (first time & yearly renewal) conditions: integrity, necessary data and cooperation, anti-fraud responsibilities client and firm (Letter of Representation) limitations assignment: audit, review, complilation, materiality reference to ISAs & Co. E engagement partner use of other experts reporting timing budget, invoicing & payment liability & limitation

SMP focus on documentation What often goes wrong in SMP audit practice? : • • • • Strategy, mission, clients, quality focus (public interest) Quality control manual, templates, procedures, checklists Written assignment confirmation ISA 240/250 and consequences for the audit Tailored planning & work program based on ‘risk & respons’ Work program documentation & completion (electronic files) Clarity about who did what and when (identification)? (including supervision) Substandard consultation performance CPD registration Code of Ethics (e. g. integrity, independence, expertise, confidentaility) Considerations, evaluation & conclusions TQM monitoring (inspection, independence declarations) Firm going concern risk respons: deputization, insurance (public interest)

SMP Focus ISQC 1 SMP facilities: Agreement with other (sole) practitioners: • • Combining consultation activities (partly) Combining inspection activities Reciprocal compliance officer Firm’s going concern (deputization)

Concluding remarks “Do you really want to be in this profession? ” – – – – Moral Honourable Responsible Transparent Ethical Trustworthy Focus on Public Society interest “What is your tone? (your personal fundamental incentive)? ”