New Standards of Quality Management in Audit. The Risk-Based Approach
From December 2022 on the audit, quality control of audit services are waiting for radical changes in quality management . The article highlights the results of a study devoted to new requirements to quality management in auditing firms, resulting from the enforcement of the new standards: ISQM 1 “Quality Management”, ISQM 2 “Engagement Quality Reviews”, and the revised ISA 220 “Quality Management for an Audit of Financial Statements” . The design of a quality management system at firm level is considered in ISQM 1, including building up an organization system for management of audit quality, creating the essential conditions for performing audits . This standard will be enforced in place of the existing ISQC 1“Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements” The new quality management system includes the following components: the risk assessment process of the audit firm; management and leadership, ethical requirements, acceptance, continuation of customer relationships and specific tasks; resource; performance of tasks; information and communication; monitoring and sanctions . ISQM 2 “Engagement Quality Reviews” specifies the requirements to reviewers of the quality of performed audit engagements A quality reviewer is required to have knowledge and understanding of professional standards, current legal and normative acts, and understanding of firm’s policies or procedures used in the process of engagement performance; knowledge of the industry of a company to which audit services on engagement performance were provided; the professional experience in evaluations of scopes and complexity of the performed engagements, the professional qualification for quality evaluations of the engagement performance, including the firm’s obligation for providing this qualification The abovementioned requirements cause the need in additional studies aimed at elaborating new schemes for actions and inclusion of engagements in job descriptions of quality reviewers .
The Ukrainian auditing community currently uses the International Standards of Quality Control, Audit, Review, Other Assurance and Related Services (ISA, edition 2016-2017) of the International Auditing and Assurance Standards Board (IAASB), translated into Ukrainian by the Auditing Chamber of Ukraine in reporting framework . The users of auditing opinions and financial reporting of business enterprises include: owners, management and employees (concerning relations issues) of business entities which reporting is checked by auditors, lenders and investors, regulatory bodies . It follows that auditing is an activity with social significance . This status requires that the auditing procedures at all the phases of the formation of the independent auditor’s opinion highlighted in the conclusion be based on validity and quality criteria . Failure to assure the quality of audit engagements is a cause for misleading of financial reporting users, as it does not inform users on the existing financial problems and a likeliness of the bankruptcy, which is especially important in case of socially significant companies
For example: along with a financial scandal associated with Enron company, in 2019 the British tourist company Thomas Cook which history goes back to 1841, suddenly informed about its bankruptcy and liquidation [10] . The negotiations between shareholders and lenders failed to achieve a constructive agreement on the recovery of solvency, with the British Government waving out the Thomas Cook management’s request on additional financing and Prime-Minister Boris Johnson making the announcement on “considerable sums for tax payers” and “moral threats”, and called for finding ways for protecting the interests of lenders and communities and preventing the occurrence of surprises with respect to bankruptcies [12] .
Literature review. The quality of audit has been in focus of domestic and foreign researchers, which is confirmed by their publications . O . Redko related the audit with business security [11] . I . Dmytrenko addressed practical implementations of the audit quality standards [4] . V. Bondar and Yu. Bondar explored the problems of quality assurance from the viewpoint of management of auditing firms [2] M . Vasyliuk elaborated a system approach to quality assessment of auditing firms included in various sections of the register [13].
I.Limani, audit director in Deloitte firm (Slovenia), and A . Meta, firm manager on audit, came to the conclusion based on the research results that auditors should be seen as allies of financial reporting users According to an existing opinion, the equally high quality of audit has to be assured in all the auditing firms, as the audits are performed in keeping with ISA Research and summing up the results of audit engagement performance can, in a way, deny the traditional approach by showing that the audit engagement quality depends on the size of auditing firms, i e the larger the auditing firm the higher is its quality, and the established reputation of an auditing firm makes its competitive advantage [9].
S . K . Asare, J . P. Van Buuren, and B . Majoor investigated 850 audit engagements performed by auditing firms in the Netherlands in 2005-2015 and revealed the factors with adverse impact on the audit quality: abnormal fees of auditors, parallel provision of auditing and non-auditing services . Their conclusion based on research evidence was that the existence of independent control could prevent the loss of auditors’ independence; independent control of the quality of performed engagements could assure the quality of audit procedures and the formation of independent auditor’s opinion [1] .
M . DeFond and J . Zhang demonstrate that audit engagements have much more significant meaning thana mere detection of violations in the accounting and financial reporting standards Their research gives evidence that auditing committees, when selecting auditors, give preference to the ones with clearly defined specialization in a certain field, whereas their commitment to the audit quality is a function of the auditor’s independence and competence . Only one low quality audit is enough to question the established reputation of an auditing firm, which will plummet its market positions and shrink the client base [3] .
Theoretical and practical research lays down a firm basis for the auditing practices . However, given that the enforcement of three IAASB standards based on summing up a large-scale project on improvements of audit quality, namely International Standard on Quality Management 1 (ISQM 1) (IAASB, 2020), International Standard on Quality Management 2 (ISQM 2) (IAASB, 2020a), International Standard of Audit “Quality Control of an Audit of Financial Statements” (ISA 220), is expected on February 15, 2022, the auditing community has just started to elaborate on these standards’ requirements . This justifies the need in new in-depth studies in this field [6; 7] .
The article’s objective is to present results of a study and recommendations to auditors concerning improvements and/or rebuilding of the system for control over the quality of engagements performed by auditing firms in conformity with new requirements
Results discussion. The quality management standards, used at the level of auditing firm and engagement team, require modifications in the established auditing practices and the corporate culture of engagement performance . A positive trend is that the standard designers put stronger emphasis on small auditing practices Quality management at firm level, specified in ISQM 1 (creating an organizational system for quality management in audit and a framework for audit inspections), is meant to replace the requirements fixed in the existing International Standard of Quality Control (ISQC 1) .
A comparison of characteristics of the requirements specified by ISQC 1 and ISQM 1 is given in Table 1.
Table 1. A comparison of characteristics of the requirements specified by the existing quality standard (ISQC 1) and the new quality management system (ISQM 1)
Serial
number |
Existing quality control system (ISQC 1) | Serial
number |
New quality management system (ISOM 1) |
51 | The responsibility of management for quality in an auditing firm | 1 | The procedure of assessment of the firm’s risk |
2 | Relevant ethical reauirements | 2 | Management and leadership |
3 | Acceptance and Continuance of Client Relationships and Specific Engagements | 3 | Relevant ethical requirements |
4 | Human resources | 4 | Acceptance and Continuance of Client Relationships and Specific Engagements |
5 | Engagement performance | 5 | Resources |
6 | Monitoring | 6 | Engagement performance |
7 | Information and communications | ||
8 | Monitoring and sanctions |
It should be noted that while the existing system of quality control consists of six components, the new one has eight components
Risk assessment procedure in an auditing firm. The economies of scale are a feature to be accounted for when designing the quality management system in an auditing firm. The firm management, when using the method of audit quality control based on risk assessment, must take account of:
- the character and circumstances of the firm activities;
- the character and circumstances of engagements performed by a firm.
Hence, the quality management system in a firm, including the system’s complexity and formality, will be structured in different ways . For example: a firm performing various categories of engagements for a wide range of business entities, including audit of financial statements of business entities with social significance, is likely to have a more complex and formalized quality control system and supporting documentation than a firm with business limited to reviews of financial statements and/or other engagements on assurance, not belonging to audit
The risk-based approach to the quality evaluation of performed engagements is included as a separate component.
An auditing firm is obliged to identify the risks specific to quality assurance, which may change due to objective factors, either individually or in combinations with other risks, and may have considerable impact on the achievement of goals related with quality assurance . For purposes of risk assessment specific to quality, the firm management has to formulate the responses to a set of concrete questions:
- How frequent is the likely occurrence of a condition, event, circumstance, action or inaction that may affect the quality of audit services?
- What is the period of time after which there may occur a condition, event, circumstance, action or inaction that may cause an adverse effect, and will an auditing firm have the capability to respond at that
time, in order to decrease the effects of this condition, event, circumstance, action or inaction? - At what period of time a condition, event, circumstance, action or inaction will affect the achievement of quality management goals?
An analysis of responses to these questions allows to design the auditing procedures for facing the risks (Table 2).
Table 2. Examples of quality-specific risks and auditing procedures designed in response to the identified risks
Examples of understanding of conditions, events, circumstances, actions or inactions by an auditing firm, which may have adverse effect for the quality management goals | Examples of quality-specific risks that may occur in the firm activities | Procedures for counteracting risk effects |
Strategic and operative decisions, actions, business processes and business model of a firm: overall financial goals of a firm are largely dependent on the scopes of services provided by a firm, which are not included in ISQM 1 | Resources are distributed in a way to prioritize the services not covered by ISQM 1 (c. g. non-auditing services), which may have adverse effects for the engagement quality within ISQM 1 The importance of the engagement quality within ISQM 1is accounted for in the financial priorities in incomplete or inadequate manner | The continuing monitoring of the scopes of audit services, involved resources, and rotation of staff |
Characteristics and style of management: a firm is a small business entity with several partners with shared authorities | Duties and accountability of management in quality assurance are not clearly specified Actions and behavior of management not contributing to quality enhancement call into question the quality of services | Evaluation of staff activities, including managerial personnel |
The complexity of management and organizational structure: a firm has been recently merged with another firm | Technological resources exploited by the two merged firms may be incompatible
The teams engaged in mobilization of resources may use intellectual capacities built before the merger, which may not be fitting for the new technique used by the merged firm |
Evaluation and revision of the technical support of audits |
Management and leadership. According to ISQM 1, all the auditing firms irrespective of size (but with accounting for the economies of scale) are required to use risk-oriented approach in designing, implementing and operating quality management systems. The central goal of ISQM 1 is quality enhancement of audit services by use of an updated, consistent and rigid quality management system for auditing firms engaged in auditing, reviews, other non-audit assignments on assurance and other services related with audit . Paragraph 8 of ISQM 1 notes that the quality management goals set by a firm consist of the goals pertaining to the system’s components, which have to be achieved by a firm
The leadership refers to the quality assurance by action and behavior demonstrated by firm management and staff.
According to paragraph A 55-56 ISQM 1, an auditing firm needs to demonstrate the commitment to quality through its culture and behavior, recognizing and emphasizing:
- the firm’s contribution in the realization of social interests by consistent performance of audit engagements with proper quality;
- the importance of professional ethics, values and attitudes;
- the responsibility of all personnel for quality assurance of all the engagements or undertakings within the quality management system, and for their expected behavior;
- the importance of quality in firm’s strategic decisions and actions, including financial and operational priorities.
The implementation of ISQM lrequires that auditing firms and networks elaborate internal documents containing clearly specified goals of the quality assurance system, identification and evaluation of quality-specific risks, the clearly defined nomenclature of procedures in response to the assessed risks, the procedure of regular monitoring of the actions aiming at elimination of deficiencies detected by the quality assurance system
As regards the management’s responsibility for audit quality, ISQM 1 enhanced the requirements and obligations of auditing firms in the following specifications:
- quality management goals;
- aspects of the firm’s internal environment and organizational structure;
- internal culture of quality assurance;
- regulation of decision-making;
- policies and procedures for treatment of complaints and accusations (which can be settled via “hot lines” for staff and third parties).
Auditing firms shall set up policies and procedures of regular performance evaluation of units and/or staff assigned with or taking on the responsibility for the operation of quality control system An essential novelty of ISQM 1 is that the ultimate responsibility for the operation of quality control system lies with the top management personnel of the firm (director, board of director etc.) . This provision of ISQM 1 now conforms with the norms of the Law of Ukraine “Audit of Financial Statements and Auditing Activities” (paragraph 8, article 23), stating that the responsibility for organization and effective operation of the internal quality control system lies with the firm’s director or with a specially appointed person from among the with a specially appointed person from among the
auditors, who is in staff of this firm as his/her main place ofjob [14] .
Ethical requirements. Like in all the other components of the quality management system, the traditional approach has to be replaced with the risk- based one . An auditing firm must receive, at least once in a year, written confirmations of the commitment to independence principles from all the employees. It should be noted that the International Code of Ethics for Professional Accountants (including International Independence Standards) has been updated and displayed on the official website of the Ukrainian Ministry of Finance . The Code consists of three parts [8]:
- Part 1 .Complying with the Code, Fundamental Principles and Conceptual framework
- Part 2 . Professional Accountants in Business .
- Part 3 . Professional Accountants in Public Practice
The International Independence Standards consist of two parts:
- Part 4 A . Independence for Audit and Review Engagements
- Part 4 E. Independence of Assurance Engagements Other Than Audit and Review Engagements
Acceptance and Continuance of Client Relationships and Specific Engagements. The provision on acceptance and continuance of client relationships and specific engagements contains some clarification and additions After the enforcement of ISQM 1, an auditing firm, apart from evaluating its independence and independence of its staff engaged in audits, the availability of resources for performing
auditing procedures, the possibility to involve experts and contractors, and implementing measures for engagement quality control, should evaluate the possibility of access to client information required for engagement performance, and to the managerial staff charged with provision of such information .
The component of ISQC 1 “Human Resources” was replaced with the component “Resources” . ISQM 1, apart from human resources, contains descriptions of the requirements to technological resources enabling to support operation of the quality management system and performance of engagements, and of the intellectual resources needed for high engagement performance and bringing the operation into conformity with the provisions of professional standards and relevant legal norms
The paragraph A 98-104 ISQM 1 “Technological Resources”, which are usually IT applications, creates the IT environment of a firm, incorporating the support IT infrastructure, IT processes and human resources:
- IT program is a program or a set of programs designed for the execution of a certain function for user or, in some cases, for another application program;
- IT infrastructure consists of IT network, operational systems and databases, hardware and software;
- IT processes are the processes used by a firm for control of the access to IT environment, control of modifications in software or IT environment, control of IT operations, including monitoring of IT environment .
According to paragraph A 102-103 ISQM1, intellectual resources include the information used by an auditing firm to maintain the operation of quality management system and perform engagements in a coherent manner (written policies or procedures, methodology, industry or specific manuals, guidelines on accounting, standardized documentation or access to information sources (e g subscription to websites providing extensive information on certain issues of auditing, etc .)
Intellectual resources can be exploited by use of technologies resources . For example: the methodology used by an auditing firm can be built into IT program, thus facilitating planning and performance of engagements
Paragraph A 105 ISQM1 “Service Providers” specifies that there can be circumstances when an auditing firm may use the resources provided by a service supplier, especially in the circumstances when a firm has no internal access to these resources Although an auditing firm is allowed to use the resources of a service supplier, it remains to be responsible for its quality management system. Examples when service suppliers are involved are given below:
- the involvement of third parties in monitoring of the firm’s activities, engagement quality reviews or consulting on technical issues;
- the involvement of parties that perform the procedures in collaboration with a firm, e g auditors of components from other firms not incorporated in the firm’s network, or specialists for estimations of material stocks on a remote site;
- supplies of IT applications used in performing engagements;
- collaborations with external experts involved by an auditing firm for assistance to engagement teams in obtaining audit evidence
The component “Engagement Performance” has the similar name in ISQC 1, and ISQM 1 . However, the requirements of ISQM 1 seem to us to be more rigid: they involve obligatory additional audits of quality to be conducted by an independent partner not only for the auditors from “listing” companies, but also for the companies that meet the criteria of “social significance” . The procedure and documenting of additional audits will be specified in the separate standard ISQM 2 . The component does not change the requirements for the deadline of the final preparation of working documents on audit engagements; this deadline, usually fixed by the law, must not exceed 60 days since the date of signing the audit report
Paragraph A 23 ISA 230 “Auditing Documentation” fixes the minimal term of storage for documents on audit engagements: not less than 5 years since that the date of the audit report .
Paragraph A 85 ISQC 1, legal or normative acts or professional standards can fix various terms for storage of audit documents . When an engagement is performed in keeping with ISA, the period of storage will usually be not less than five years since the date of the audit report or since the date of the audit report on the financial statements of the team, when it is signified as “applicable”
It should be noted that the Law of Ukraine “Audit of Financial Statements and Auditing Activities” fixes more rigid requirements for storage of documents than ISA or ISQM 1 . Its paragraph 12, article 23 “Requirements to Internal Organization of Auditing Entities Entitled for Performing the Obligatory Audit of Financial Statements” specifies that an auditing entity shall store the information on the results of performance evaluation of the internal control system and implemented measures for seven years The article 39 “Information Storage” emphasizes that an auditing entity shall store the working documents and all the reports for seven years or longer since the date of completion of a financial statements audit or the date of their (i . e . documents) creation, when a financial statements audit has not been finished [14] .
Information and communication. The component “Information and Communication” fixes the requirements concerning information and communication systems both within auditing firms or networks and in their relations with external parties
Paragraph A 110 — A 111 says that reliable and relevant information refers to the information that is accurate, complete, timely and valid for the proper management of the firm operation as part of the quality management and support of the decisions pertaining to quality management An information system may incorporate uses of instructions or IT components that determine the methods of identification, fixation, processing, communication and storage of information The procedures of identification, collection, processing, communication and storage of information can involve IT software with components or working documents built in the firm programs . Consideration for the economies of scales allows less structured auditing firms with small numbers of staff and managers involved in engagement performance or in quality control systems to avoid rigid policies and procedures with respect to identification, collection, processing and storage of information
The process of monitoring,. An auditing firm needs to have a clearly defined procedure of monitoring and a list of measures to eliminate deficiencies revealed by monitoring results, which will allow for:
- providing relevant, reliable and timely information on the process of design, implementation and operation of the quality management system;
- taking appropriate measures in response, to eliminate the revealed deficiencies
ISQM 1 requires specifications of the content, time and scopes of monitoring procedures (periodical or continual) The monitoring system needs to cover continuous audits and completed engagements on the basis of the criteria set by an auditing firm, including at least one completed engagement of each partner on the continuous basis This standard fixes the requirements for analyses and documenting of the causes of deficiencies revealed within the quality management system and their impact on the operation of quality management system at firm level
An auditing firm is obliged to demand that the persons involved in the monitoring have adequate competence and capacities, including the sufficiency of time for the effective performance of monitoring, and to check the soundness of their audit opinions .
The International Standard of Quality Management ISQM 2 “Engagement Quality Reviews”, mentioned before, is devoted to the quality review procedures for completed audit engagements It highlights issues of appointing a person responsible for the engagement quality control, regulation and recording of the review procedure An audit partner is not entitled for engagement quality review earlier than after two years, the so called “cooling off period” . It is a radically new provision in the regulation of quality control, intended to ensure the impartiality of audit partners The different and unrelated meaning of “cooling off period” and “rotation of partners” should be emphasized .
Paragraph 5, article 30 “Duration of an Engagement on Obligatory Audit of the Financial Statements for Enterprises with Social Significance” of the Law of Ukraine “Audit of Financial Statements and Auditing Activities” specifies the requirements for “rotation” of key partners . Thus, key audit partners responsible for the obligatory audit of financial statements shall cease their engagement in the obligatory audit of financial statements of a business enterprise with social significance not later than after seven years since the date of their appointment They are not allowed to be engaged in the engagements on obligatory audit of this enterprise during the following three years . An auditing entity must set “rotation” of the auditors engaged in obligatory audits of financial statements The scheme of gradual “rotation” is applied in a phased manner to particular persons but not to the whole group engaged in an assignment
ISQM 2 fixes the necessity of “sufficient time” to perform engagement quality control, but does not specify its duration in hours Therefore, an auditing firm can fix this scope of “sufficient time” by its own in its management documents This standard allows for invitations of third parties (external ones for an auditing firm) for control of engagement quality reviews . Once the competence of a person chosen for control is put into question, this standard specifies the procedures for additional engagements of parties for performing additional control
According to this standard, an engagement partner who is the supervisor of review is not considered as a formal party, being an active member of an engagement group, which allows for timely engagement of group members and supervision of the engagement performance An engagement partner will be entitled for signing the audit report only once it is checked by the quality reviewer This provision is analogous to the norm of paragraph 1, article 32 “Requirements on Internal Quality control of a Completed Engagement on the Financial Statement Audit” of the Law of Ukraine “Audit of Financial Statements and Auditing Activities”: “.. .internal quality control of a completed engagement on the obligatory audit of financial statements of a business enterprise with social significance shall be performed before the audit report and the supplementary report is submitted to the auditing board of an enterprise with social significance.” [14] .
Results of this study led the authors to the conclusion that the emphasis on selected definitions in ISQM lwould be desirable:
“…(i) engagement quality review — an objective evaluation of the significant judgments made by the engagement team and the conclusions reached thereon, performed by the engagement quality reviewer and completed on or before the date of the engagement report;
(ii) engagement quality reviewer — a partner, other individual in the firm, or an external individual, appointed by the firm to perform the engagement quality review;
- relevant ethical requirements — principles of professional ethics and ethical requirements that are applicable to a professional accountant when undertaking the engagement quality review. Relevant ethical requirements ordinarily comprise the provisions of the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards)…” (IAASB, 2020) .
An auditing firm shall establish policies or procedures that require the assignment of responsibility for the appointment of engagement quality reviewers to an individual(s) with the competence, capabilities and appropriate authority within the firm to fulfill the responsibility. Those policies or procedures shall require such individual(s) to appoint the engagement quality reviewer (paragraphs A1 — A3 ISQM 2) . Pursuant to the provisions of these paragraphs, an auditing firm must:
- demand that the quality reviewer bear the ultimate responsibility for the engagement quality review;
- specify the responsibility of the engagement quality reviewer for defining the character, terms and scopes of supervision over an engagement team; formulate the duties of the engagement quality reviewer.
The policies and procedures set by an auditing firm must contain the clause that the engagement quality reviewer cannot be a member of an engagement team .
It should be emphasized that, according to paragraph A2 ISQM 2, in certain circumstances (such as in case of a small firm or a single specialist) it will not be expedient for an auditing firm to appoint an individual performing engagement quality review as a separate person, apart from a member of an engagement team . And according to paragraph A4 ISQM 2, in certain circumstances (e . g., in the case of a smaller firm or a sole practitioner), it may not be practicable for an individual other than a member of the engagement team to appoint the engagement quality reviewer An individual external to a firm can be partner or employee of a network firm, entity or organization that is a service supplier The procedure of using services provided by the mentioned individual is subject to the provisions of ISQM 1 pertaining to network requirements or network services and/or service providers .
The external quality reviewer must:
- have the competence, capabilities, including the sufficient time, and the authorities required for performing an engagement quality review (according to paragraph A5 — A11 ISQM 2);
- conform with the relevant ethical requirements, including the ones concerned with threats to objectivity and independence (paragraph A12 — A15 ISQM 2);
- conform with the legal norms and provisions of regulatory acts (if any) qualifying the relevance of a quality reviewer (paragraph A16 ISQM 2) .
It should be noted that, according to paragraph A3 ISQM 2, an audit firm can appoint several individuals as ones responsible for the engagement quality evaluation . For example: the firm’s policy and/or procedures may involve a special procedure for finding and appointment of audit engagement quality reviewers for listed companies, not applicable for companies not included in the listing or other engagements
Competencies and abilities of the quality reviewer. According to paragraph A5 ISQM 2, technical competencies, professional skills and professional ethics, values and attitudes of a quality reviewer must pertain to:
- an understanding of professional standards and applicable legal and regulatory requirements and of the firm’s policies or procedures relevant to the engagement;
- knowledge of the entity’s industry;
- an understanding of, and experience relevant to, engagements of a similar nature and complexity;
- an understanding of the responsibilities of the engagement quality reviewer in performing and documenting the engagement quality review, which may be attained or enhanced by receiving relevant training from the firm.
ISQM 2 specifies the actions at firm level, which help establish the professional authority of an engagement quality reviewer For example: fostering culture and respect of the engagement quality reviewer’s role helps weaken pressures from engagement partner or other firm personnel to influence the reviewers’ formulation of review results . The professional authority of a reviewer can sometimes be enhanced by provisions of the firm’s policy and/or procedures, to eliminate inconsistencies in the actions that will be performed by the quality reviewer and the engagement team when there is a difference in the engagement quality assessment between the reviewer and the team
When performing an engagement quality review, a reviewer must:
- gain an understanding of the information communicated by an engagement team about the engagement’s character and circumstances and organization of engagement performance;
- obtain information about the procedure of monitoring and elimination of deficiencies within the firm’s quality control system, including the ones pertaining to or affecting the aspects of significant opinions made by an engagement team;
- discuss important issues and significant judgements made in the process of engagement-related planning, performing and reporting with an engagement partners and/or (if possible) with other members of an engagement team (paragraph A35 — A38 ISQM 2).
Based on the obtained information, a reviewer should browse the selected documentation on the completed engagements, pertaining to significant judgements made by the team, and to evaluate:
- the grounds for justification and formulation of significant judgements, the display of professional skepticism by an engagement team;
- the supporting engagement documentation pertaining to the formulated judgements and their relevance to the circumstances
For evaluation of the quality of performed engagements on audit of financial statements it is necessary to evaluate the grounds for appointment of this engagement partner, the conformity with relevant ethical requirements on independence, the provision of consulting on complex or controversial matters and/ or matters pertaining to differences in opinions and judgements
An auditing firm shall set the policy and/ or procedures obliging to record the process of engagement quality review and include these records to the documentation on engagement performance
ISA 220 “Quality Control for an Audit of Financial Statements” deals with quality management at the level of audit engagement .
After the revision this standard contains a more detailed specification of the responsibility for management and assurance of the appropriate quality of audit by the partner who is the supervisor of audit engagement, with emphasis on the need for his active involvement in the audit review throughout the performance of engagement .
It points out to the importance of fostering the relevant culture of quality at firm and team level, to be maintained by all firm staff, including the commitment to the principle of professional skepticism.
A definition of “professional skepticism” is given in article 9 of the Law of Ukraine “Audit of Financial Statements and Auditing Activities” [14] . Auditors and auditing entities, when providing auditing services, shall adhere to the principle of professional skepticism that means the permissibility of possible essential distortion of information disclosed in financial statements as a result of facts or behaviors revealed in the process of audit, which signal on violations, including frauds or mistakes, in spite of the previous experiences of an auditor and an auditing entity regarding the integrity and decency of the executives of a legal entity which financial statements are subject to review An auditor and an auditing entity shall display criticism and professional skepticism in evaluating the fair value estimates used by a legal entity, devaluation (revaluation) of the utility of assets, reserves and future flows of monetary assets, as this information has essential impact on the formation of auditor’s opinion on the legal entity’s capability to continue activities on an ongoing basis
ISA 220 specifies the procedure for use of resources, not only human, but technological and intellectual ones . The supervisor shall be made responsible for the procurement of all the resources required by an engagement team. When the evaluation shows a shortage of resources, this standard specifies the nomenclatures of response measures for obtaining the full set of resources required for the engagement performance
The partner shall supervise the review procedure, define the core aspects of the engagement, form substantive judgements taken in the process of engagement performance, set up communications between members of engagement team, company management, individuals assigned with top administrative authorities in business entities which reporting is subject to review, officials of regulatory bodies (in case of need) .
By analogy with ISQM 2, ISA specify that an additional “self-review” shall be performed after the review is finished, in which the supervisor shall evaluate all the documented procedures and form the judgement on whether or not everything possible was done to assure the quality management and whether or not the relevant quality of the engagement performance could be achieved
Conclusions. ISQM 1 and ISQM 2 cannot be fully implemented unless their provisions are subjected to rigorous scrutiny by managements of auditing firms with taking measures on revision of the documentary support for operation of quality control system at firm level
Results of the study led the authors to the conclusion about the need for revision and/or design of selected segments of the quality control system at firm level, including (i) risk assessment procedure;
- management and leadership; (iii) relevant ethical requirements; (iv) acceptance and continual of client relations and specific engagements; (v) resources; (vi) engagement performance; (vii) information and communication; (viii) monitoring and sanctions.
In our opinion, the expedient and necessary direction of further research is: development of internal working documents on: “management and leadership”, “resources”, “information and communication” and implementation of these developments in the practice of auditing entities.