ISQC1
ISQC1
ISQC1
CONTENTS
Paragraph
Introduction
Scope of this ISQC ..................................................................................... 1-3
Authority of this ISQC ................................................................................ 4-9
Effective Date ............................................................................................. 10
Objective .................................................................................................... 11
Definitions .................................................................................................. 12
Requirements
Applying, and Complying with, Relevant Requirements ........................... 13-15
Elements of a System of Quality Control ................................................... 16-17
Leadership Responsibilities for Quality within the Firm ............................ 18-19
Relevant Ethical Requirements ................................................................... 20-25
Acceptance and Continuance of Client Relationships and Specific
QUALITY CONTROL
Engagements ........................................................................................ 26-28
Human Resources ....................................................................................... 29-31
Engagement Performance ........................................................................... 32-47
Monitoring .................................................................................................. 48-56
Documentation of the System of Quality Control ....................................... 57-59
Application and Other Explanatory Material
Applying, and Complying with, Relevant Requirements ............................ A1
Elements of a System of Quality Control .................................................... A2-A3
Leadership Responsibilities for Quality within the Firm ............................ A4-A6
Relevant Ethical Requirements ................................................................... A7-A17
Acceptance and Continuance of Client Relationships and Specific
Engagements ........................................................................................ A18-A23
41 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 42
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Introduction
Scope of this ISQC
1. This International Standard on Quality Control (ISQC) deals with a firm’s
responsibilities for its system of quality control for audits and reviews of
financial statements, and other assurance and related services engagements.
This ISQC is to be read in conjunction with relevant ethical requirements.
2. Other pronouncements of the International Auditing and Assurance
Standards Board (IAASB) set out additional standards and guidance on the
responsibilities of firm personnel regarding quality control procedures for
specific types of engagements. ISA 220,1 for example, deals with quality
control procedures for audits of financial statements.
3. A system of quality control consists of policies designed to achieve the
objective set out in paragraph 11 and the procedures necessary to implement
and monitor compliance with those policies.
QUALITY CONTROL
addition, it contains related guidance in the form of application and other
explanatory material, as discussed further in paragraph 8, and introductory
material that provides context relevant to a proper understanding of the
ISQC, and definitions.
6. The objective provides the context in which the requirements of this ISQC
are set, and is intended to assist the firm in:
• Understanding what needs to be accomplished; and
• Deciding whether more needs to be done to achieve the objective.
7. The requirements of this ISQC are expressed using “shall.”
8. Where necessary, the application and other explanatory material provides
further explanation of the requirements and guidance for carrying them out.
In particular, it may:
1
ISA 220, “Quality Control for an Audit of Financial Statements.”
43 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Effective Date
10. Systems of quality control in compliance with this ISQC are required to be
established by December 15, 2009.
Objective
11. The objective of the firm is to establish and maintain a system of quality
control to provide it with reasonable assurance that:
(a) The firm and its personnel comply with professional standards and
applicable legal and regulatory requirements; and
(b) Reports issued by the firm or engagement partners are appropriate in
the circumstances.
Definitions
12. In this ISQC, the following terms have the meanings attributed below:
(a) Date of report – The date selected by the practitioner to date the
report.
ISQC 1 44
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
(g) Firm – A sole practitioner, partnership or corporation or other entity
of professional accountants.
(h) Inspection – In relation to completed engagements, procedures
designed to provide evidence of compliance by engagement teams
with the firm’s quality control policies and procedures.
(i) Listed entity – An entity whose shares, stock or debt are quoted or
listed on a recognized stock exchange, or are marketed under the
regulations of a recognized stock exchange or other equivalent body.
(j) Monitoring – A process comprising an ongoing consideration and
evaluation of the firm’s system of quality control, including a
periodic inspection of a selection of completed engagements,
designed to provide the firm with reasonable assurance that its system
of quality control is operating effectively.
2
“Engagement partner,” “partner,” and “firm” should be read as referring to their public sector
equivalents where relevant.
45 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Requirements
Applying, and Complying with, Relevant Requirements
13. Personnel within the firm responsible for establishing and maintaining the
firm’s system of quality control shall have an understanding of the entire
ISQC 1 46
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
text of this ISQC, including its application and other explanatory material, to
understand its objective and to apply its requirements properly.
14. The firm shall comply with each requirement of this ISQC unless, in the
circumstances of the firm, the requirement is not relevant to the services
provided in respect of audits and reviews of financial statements, and other
assurance and related services engagements. (Ref: Para. A1)
15. The requirements are designed to enable the firm to achieve the objective stated
in this ISQC. The proper application of the requirements is therefore expected to
provide a sufficient basis for the achievement of the objective. However,
because circumstances vary widely and all such circumstances cannot be
anticipated, the firm shall consider whether there are particular matters or
circumstances that require the firm to establish policies and procedures in
addition to those required by this ISQC to meet the stated objective.
QUALITY CONTROL
(f) Monitoring.
17. The firm shall document its policies and procedures and communicate them
to the firm’s personnel. (Ref: Para. A2-A3)
Independence
21. The firm shall establish policies and procedures designed to provide it with
reasonable assurance that the firm, its personnel and, where applicable,
others subject to independence requirements (including network firm
personnel) maintain independence where required by relevant ethical
requirements. Such policies and procedures shall enable the firm to: (Ref:
Para. A10)
(a) Communicate its independence requirements to its personnel and,
where applicable, others subject to them; and
(b) Identify and evaluate circumstances and relationships that create threats
to independence, and to take appropriate action to eliminate those
threats or reduce them to an acceptable level by applying safeguards,
or, if considered appropriate, to withdraw from the engagement, where
withdrawal is possible under applicable law or regulation.
22. Such policies and procedures shall require: (Ref: Para. A10)
(a) Engagement partners to provide the firm with relevant information
about client engagements, including the scope of services, to enable
the firm to evaluate the overall impact, if any, on independence
requirements;
(b) Personnel to promptly notify the firm of circumstances and
relationships that create a threat to independence so that appropriate
action can be taken; and
(c) The accumulation and communication of relevant information to
appropriate personnel so that:
(i) The firm and its personnel can readily determine whether they
satisfy independence requirements;
(ii) The firm can maintain and update its records relating to
independence; and
(iii) The firm can take appropriate action regarding identified
threats to independence that are not at an acceptable level.
23. The firm shall establish policies and procedures designed to provide it with
reasonable assurance that it is notified of breaches of independence
requirements, and to enable it to take appropriate actions to resolve such
ISQC 1 48
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
situations. The policies and procedures shall include requirements for: (Ref:
Para. A10)
(a) Personnel to promptly notify the firm of independence breaches of
which they become aware;
(b) The firm to promptly communicate identified breaches of these
policies and procedures to:
(i) The engagement partner who, with the firm, needs to address
the breach; and
(ii) Other relevant personnel in the firm and, where appropriate,
the network, and those subject to the independence
requirements who need to take appropriate action; and
(c) Prompt communication to the firm, if necessary, by the engagement
partner and the other individuals referred to in subparagraph 23(b)(ii)
of the actions taken to resolve the matter, so that the firm can
determine whether it should take further action.
24. At least annually, the firm shall obtain written confirmation of compliance
with its policies and procedures on independence from all firm personnel
required to be independent by relevant ethical requirements. (Ref: Para.
A10-A11)
25. The firm shall establish policies and procedures: (Ref: Para. A10)
(a) Setting out criteria for determining the need for safeguards to reduce
the familiarity threat to an acceptable level when using the same
senior personnel on an assurance engagement over a long period of
QUALITY CONTROL
time; and
(b) Requiring, for audits of financial statements of listed entities, the
rotation of the engagement partner and the individuals responsible for
engagement quality control review, and where applicable, others
subject to rotation requirements, after a specified period in
compliance with relevant ethical requirements. (Ref: Para. A12-A17)
49 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
(c) Has considered the integrity of the client, and does not have
information that would lead it to conclude that the client lacks
integrity. (Ref: Para. A19-A20, A23)
27. Such policies and procedures shall require:
(a) The firm to obtain such information as it considers necessary in the
circumstances before accepting an engagement with a new client,
when deciding whether to continue an existing engagement, and
when considering acceptance of a new engagement with an existing
client. (Ref: Para. A21, A23)
(b) If a potential conflict of interest is identified in accepting an
engagement from a new or an existing client, the firm to determine
whether it is appropriate to accept the engagement.
(c) If issues have been identified, and the firm decides to accept or
continue the client relationship or a specific engagement, the firm to
document how the issues were resolved.
28. The firm shall establish policies and procedures on continuing an
engagement and the client relationship, addressing the circumstances where
the firm obtains information that would have caused it to decline the
engagement had that information been available earlier. Such policies and
procedures shall include consideration of:
(a) The professional and legal responsibilities that apply to the
circumstances, including whether there is a requirement for the firm
to report to the person or persons who made the appointment or, in
some cases, to regulatory authorities; and
(b) The possibility of withdrawing from the engagement or from both the
engagement and the client relationship. (Ref: Para. A22-23)
Human Resources
29. The firm shall establish policies and procedures designed to provide it with
reasonable assurance that it has sufficient personnel with the competence,
capabilities, and commitment to ethical principles necessary to:
(a) Perform engagements in accordance with professional standards and
applicable legal and regulatory requirements; and
(b) Enable the firm or engagement partners to issue reports that are
appropriate in the circumstances. (Ref: Para. A24-A29)
ISQC 1 50
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
(a) The identity and role of the engagement partner are communicated to
key members of client management and those charged with
governance;
(b) The engagement partner has the appropriate competence, capabilities,
and authority to perform the role; and
(c) The responsibilities of the engagement partner are clearly defined and
communicated to that partner. (Ref: Para. A30)
31. The firm shall also establish policies and procedures to assign appropriate
personnel with the necessary competence, and capabilities to:
(a) Perform engagements in accordance with professional standards and
applicable legal and regulatory requirements; and
(b) Enable the firm or engagement partners to issue reports that are
appropriate in the circumstances. (Ref: Para. A31)
Engagement Performance
32. The firm shall establish policies and procedures designed to provide it with
reasonable assurance that engagements are performed in accordance with
professional standards and applicable legal and regulatory requirements, and
that the firm or the engagement partner issue reports that are appropriate in
the circumstances. Such policies and procedures shall include:
(a) Matters relevant to promoting consistency in the quality of
engagement performance; (Ref: Para. A32-A33)
(b) Supervision responsibilities; and (Ref: Para. A34)
QUALITY CONTROL
(c) Review responsibilities. (Ref: Para. A35)
33. The firm’s review responsibility policies and procedures shall be determined on
the basis that work of less experienced team members is reviewed by more
experienced engagement team members.
Consultation
34. The firm shall establish policies and procedures designed to provide it with
reasonable assurance that:
(a) Appropriate consultation takes place on difficult or contentious matters;
(b) Sufficient resources are available to enable appropriate consultation
to take place;
(c) The nature and scope of, and conclusions resulting from, such
consultations are documented and are agreed by both the individual
seeking consultation and the individual consulted; and
51 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 52
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
42. The firm shall establish policies and procedures on documentation of the
engagement quality control review which require documentation that:
(a) The procedures required by the firm’s policies on engagement quality
control review have been performed;
(b) The engagement quality control review has been completed on or
before the date of the report; and
(c) The reviewer is not aware of any unresolved matters that would cause
the reviewer to believe that the significant judgments the engagement
team made and the conclusions it reached were not appropriate.
Differences of Opinion
43. The firm shall establish policies and procedures for dealing with and
resolving differences of opinion within the engagement team, with those
consulted and, where applicable, between the engagement partner and the
engagement quality control reviewer. (Ref: Para. A52-A53)
53 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Engagement Documentation
Completion of the Assembly of Final Engagement Files
45. The firm shall establish policies and procedures for engagement teams to
complete the assembly of final engagement files on a timely basis after the
engagement reports have been finalized. (Ref: Para. A54-A55)
Monitoring
Monitoring the Firm’s Quality Control Policies and Procedures
48. The firm shall establish a monitoring process designed to provide it with
reasonable assurance that the policies and procedures relating to the system
of quality control are relevant, adequate, and operating effectively. This
process shall:
(a) Include an ongoing consideration and evaluation of the firm’s system
of quality control including, on a cyclical basis, inspection of at least
one completed engagement for each engagement partner;
(b) Require responsibility for the monitoring process to be assigned to a
partner or partners or other persons with sufficient and appropriate
experience and authority in the firm to assume that responsibility; and
(c) Require that those performing the engagement or the engagement
quality control review are not involved in inspecting the
engagements. (Ref: Para. A64-A68)
ISQC 1 54
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
52. The firm shall establish policies and procedures to address cases where the
results of the monitoring procedures indicate that a report may be
inappropriate or that procedures were omitted during the performance of the
engagement. Such policies and procedures shall require the firm to
determine what further action is appropriate to comply with relevant
professional standards and applicable legal and regulatory requirements and
to consider whether to obtain legal advice.
53. The firm shall communicate at least annually the results of the monitoring of
its system of quality control to engagement partners and other appropriate
individuals within the firm, including the firm’s chief executive officer or, if
appropriate, its managing board of partners. This communication shall be
sufficient to enable the firm and these individuals to take prompt and
appropriate action where necessary in accordance with their defined roles
and responsibilities. Information communicated shall include the following:
(a) A description of the monitoring procedures performed.
(b) The conclusions drawn from the monitoring procedures.
55 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 56
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
58. The firm shall establish policies and procedures that require retention of
documentation for a period of time sufficient to permit those performing
monitoring procedures to evaluate the firm’s compliance with its system of
quality control, or for a longer period if required by law or regulation.
59. The firm shall establish policies and procedures requiring documentation of
complaints and allegations and the responses to them.
***
QUALITY CONTROL
that each individual has a personal responsibility for quality and is expected
to comply with these policies and procedures. Encouraging firm personnel to
communicate their views or concerns on quality control matters recognizes
the importance of obtaining feedback on the firm’s system of quality control.
57 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Assigning Operational Responsibility for the Firm’s System of Quality Control (Ref:
Para. 19)
A6. Sufficient and appropriate experience and ability enables the person or
persons responsible for the firm’s system of quality control to identify and
understand quality control issues and to develop appropriate policies and
procedures. Necessary authority enables the person or persons to implement
those policies and procedures.
ISQC 1 58
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
(iii) An entity controlled by such parties through ownership, management
or other means.
The IFAC Code also provides guidance in relation to the terms “network”
and “network firm.”
In complying with the requirements in paragraphs 20-25, the definitions
used in the relevant ethical requirements apply in so far as is necessary to
interpret those ethical requirements.
3
IFAC Code of Ethics for Professional Accountants.
59 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 60
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
A19. With regard to the integrity of a client, matters to consider include, for
example:
• The identity and business reputation of the client’s principal owners,
key management, and those charged with its governance.
• The nature of the client’s operations, including its business practices.
• Information concerning the attitude of the client’s principal owners,
key management and those charged with its governance towards such
matters as aggressive interpretation of accounting standards and the
internal control environment.
• Whether the client is aggressively concerned with maintaining the
firm’s fees as low as possible.
• Indications of an inappropriate limitation in the scope of work.
• Indications that the client might be involved in money laundering or
other criminal activities.
61 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
• The reasons for the proposed appointment of the firm and non-
reappointment of the previous firm.
• The identity and business reputation of related parties.
The extent of knowledge a firm will have regarding the integrity of a client
will generally grow within the context of an ongoing relationship with that
client.
A20. Sources of information on such matters obtained by the firm may include
the following:
• Communications with existing or previous providers of professional
accountancy services to the client in accordance with relevant ethical
requirements, and discussions with other third parties.
• Inquiry of other firm personnel or third parties such as bankers, legal
counsel and industry peers.
• Background searches of relevant databases.
ISQC 1 62
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
The estimation of personnel needs.
Effective recruitment processes and procedures help the firm select
individuals of integrity who have the capacity to develop the competence
and capabilities necessary to perform the firm’s work and possess the
appropriate characteristics to enable them to perform competently.
A25. Competence can be developed through a variety of methods, including the
following:
• Professional education.
• Continuing professional development, including training.
• Work experience.
• Coaching by more experienced staff, for example, other members of
the engagement team.
• Independence education for personnel who are required to be
independent.
63 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 64
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Engagement Performance
Consistency in the Quality of Engagement Performance (Ref: Para. 32(a))
A32. The firm promotes consistency in the quality of engagement performance
through its policies and procedures. This is often accomplished through
written or electronic manuals, software tools or other forms of standardized
documentation, and industry or subject matter-specific guidance materials.
Matters addressed may include:
• How engagement teams are briefed on the engagement to obtain an
understanding of the objectives of their work.
• Processes for complying with applicable engagement standards.
• Processes of engagement supervision, staff training and coaching.
QUALITY CONTROL
• Methods of reviewing the work performed, the significant judgments
made and the form of report being issued.
• Appropriate documentation of the work performed and of the timing
and extent of the review.
• Processes to keep all policies and procedures current.
A33. Appropriate teamwork and training assist less experienced members of the
engagement team to clearly understand the objectives of the assigned work.
65 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
whether the work is being carried out in accordance with the planned
approach to the engagement;
• Addressing significant matters arising during the engagement,
considering their significance and modifying the planned approach
appropriately; and
• Identifying matters for consultation or consideration by more
experienced engagement team members during the engagement.
ISQC 1 66
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
Criteria for an Engagement Quality Control Review (Ref: Para. 35(b))
A41. Criteria for determining which engagements other than audits of financial
statements of listed entities are to be subject to an engagement quality
control review may include, for example:
• The nature of the engagement, including the extent to which it
involves a matter of public interest.
• The identification of unusual circumstances or risks in an
engagement or class of engagements.
• Whether laws or regulations require an engagement quality control
review.
Nature, Timing and Extent of the Engagement Quality Control Review (Ref: Para. 36-37)
A42. The engagement report is not dated until the completion of the engagement
quality control review. However, documentation of the engagement quality
control review may be completed after the date of the report.
67 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 68
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Consultation with the Engagement Quality Control Reviewer (Ref: Para. 39(b))
A48. The engagement partner may consult the engagement quality control
reviewer during the engagement, for example, to establish that a judgment
made by the engagement partner will be acceptable to the engagement
quality control reviewer. Such consultation avoids identification of
differences of opinion at a late stage of the engagement and need not
compromise the engagement quality control reviewer’s eligibility to perform
the role. Where the nature and extent of the consultations become significant
the reviewer’s objectivity may be compromised unless care is taken by both
the engagement team and the reviewer to maintain the reviewer’s
objectivity. Where this is not possible, another individual within the firm or
a suitably qualified external person may be appointed to take on the role of
either the engagement quality control reviewer or the person to be consulted
on the engagement.
QUALITY CONTROL
of review;
• Does not make decisions for the engagement team; and
• Is not subject to other considerations that would threaten the
reviewer’s objectivity.
69 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Engagement Documentation
Completion of the Assembly of Final Engagement Files (Ref: Para. 45)
A54. Law or regulation may prescribe the time limits by which the assembly of
final engagement files for specific types of engagement is to be completed.
Where no such time limits are prescribed in law or regulation, paragraph 45
requires the firm to establish time limits that reflect the need to complete the
assembly of final engagement files on a timely basis. In the case of an audit,
for example, such a time limit would ordinarily not be more than 60 days
after the date of the auditor’s report.
A55. Where two or more different reports are issued in respect of the same subject
matter information of an entity, the firm’s policies and procedures relating to
time limits for the assembly of final engagement files address each report as
if it were for a separate engagement. This may, for example, be the case
when the firm issues an auditor’s report on a component’s financial
information for group consolidation purposes and, at a subsequent date, an
auditor’s report on the same financial information for statutory purposes.
ISQC 1 70
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
• Appropriate back-up routines for electronic engagement
documentation at appropriate stages during the engagement.
• Procedures for properly distributing engagement documentation to
the team members at the start of the engagement, processing it during
engagement, and collating it at the end of engagement.
• Procedures for restricting access to, and enabling proper distribution
and confidential storage of, hardcopy engagement documentation.
A59. For practical reasons, original paper documentation may be electronically
scanned for inclusion in engagement files. In such cases, the firm’s procedures
designed to maintain the integrity, accessibility, and retrievability of the
documentation may include requiring the engagement teams to:
• Generate scanned copies that reflect the entire content of the original
paper documentation, including manual signatures, cross-references
and annotations;
• Integrate the scanned copies into the engagement files, including
71 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 72
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
Monitoring
Monitoring the Firm’s Quality Control Policies and Procedures (Ref: Para. 48)
A64. The purpose of monitoring compliance with quality control policies and
procedures is to provide an evaluation of:
• Adherence to professional standards and applicable legal and
regulatory requirements;
• Whether the system of quality control has been appropriately
designed and effectively implemented; and
• Whether the firm’s quality control policies and procedures have been
appropriately applied, so that reports that are issued by the firm or
engagement partners are appropriate in the circumstances.
A65. Ongoing consideration and evaluation of the system of quality control
include matters such as the following:
• Analysis of:
o New developments in professional standards and applicable
legal and regulatory requirements, and how they are reflected
in the firm’s policies and procedures where appropriate;
o Written confirmation of compliance with policies and
procedures on independence;
o Continuing professional development, including training; and
o Decisions related to acceptance and continuance of client
QUALITY CONTROL
relationships and specific engagements.
• Determination of corrective actions to be taken and improvements to
be made in the system, including the provision of feedback into the
firm’s policies and procedures relating to education and training.
• Communication to appropriate firm personnel of weaknesses
identified in the system, in the level of understanding of the system,
or compliance with it.
• Follow-up by appropriate firm personnel so that necessary modifications
are promptly made to the quality control policies and procedures.
A66. Inspection cycle policies and procedures may, for example, specify a cycle
that spans three years. The manner in which the inspection cycle is
organized, including the timing of selection of individual engagements,
depends on many factors, such as the following:
• The size of the firm.
• The number and geographical location of offices.
73 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
QUALITY CONTROL
• Monitoring procedures, including the procedure for selecting
completed engagements to be inspected.
• A record of the evaluation of:
o Adherence to professional standards and applicable legal and
regulatory requirements;
o Whether the system of quality control has been appropriately
designed and effectively implemented; and
o Whether the firm’s quality control policies and procedures
have been appropriately applied, so that reports that are issued
by the firm or engagement partners are appropriate in the
circumstances.
• Identification of the deficiencies noted, an evaluation of their effect,
and the basis for determining whether and what further action is
necessary.
75 ISQC 1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL
STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
ISQC 1 76