The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

No human verification has been conducted of the converted content.
While we strive for accuracy errors or omissions may exist.
This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

FRC Response to IAASB Quality Management Consultation

Financial Reporting Council

Willie Botha Technical Director International Auditing and Assurance Standards Board 529 Fifth Avenue New York 10017 USA

05 July 2019

Dear Mr Botha

IAASB PROPOSED QUALITY MANAGEMENT STANDARDS

The Financial Reporting Council (FRC) welcomes the opportunity to comment on the IAASB's consultation on the proposed quality management standards.

Our response to each of the IAASB's consultation questions, including any further enhancements we propose, are set out as follows:

Appendix 1 - IAASB Covering Explanatory Memorandum
Appendix 2 - IAASB Proposed ISQM1
Appendix 3 - IAASB Proposed ISQM2
Appendix 4 - IAASB Proposed ISA 220
Appendix 5 - Editorial suggestions

If you have any questions about our response or wish to discuss any of our observations in more detail please contact me or Josephine Jackson, Technical Director ([email protected] or +44 207 492 2473).

Yours sincerely

Signature of Stephen Howell

Stephen Haddrill

Stephen Haddrill Chief Executive Officer Direct Dial: +44 207492 2390 Email: [email protected]

Appendix 1

IAASB Covering Explanatory Memorandum

Overall Question

Do you support the approach and rationale for the proposed implementation period of approximately 18 months after the approval of the three standards by the Public Interest Oversight Board (PIOB)? If not, what is an appropriate implementation period?

We note that 18 months is a very long period for implementation, particularly given the need to make improvements to the standards was noted in the Invitation to Comment (ITC)¹ in December 2015, and as far back as July 2013 in the findings from the ISA Implementation Monitoring Project. However, we recognise that establishing a date that allows enough time to implement the standards effectively is important. We therefore support the implementation period but recommend that early adoption of the revised standard is specifically encouraged in the final standards, and that those standards are not finalised in a manner that would preclude early adoption.

In addition, we encourage the IAASB to develop implementation guidance and support materials as soon as possible, and not wait until the standard is finalised by the PIOB (as implied in paragraph 24 of the explanatory memorandum). As noted in our response to the SWP, in finalising the proposals we recommend that the IAASB adopts an implementation programme that offers transition support prior to the effective date. A formal pre-implementation programme will be reassuring to those stakeholders who perceive the standards to be complex and will help improve the consistency and quality of implementation.

Appendix 2

IAASB Proposed ISQM1

Overall Questions

1) Does ED-ISQM 1 substantively enhance firms’ management of engagement quality, and at the same time improve the scalability of the standard? In particular:

Do you support the new quality management approach? If not, what specific attributes of this approach do you not support and why?
In your view, will the proposals generate benefits for engagement quality as intended, including supporting the appropriate exercise of professional skepticism at the engagement level? If not, what further actions should the IAASB take to improve the standard?

Consistent with our response to the ITC, we strongly support the introduction of the quality management approach (QMA). We continue to observe tremendous change in the economic, technological, social and regulatory aspects of the markets in which firms operate. The audit profession plays an essential role in the functioning of the global capital markets by building public trust and confidence in the financial reporting process and stakeholders expect the audit profession to adapt and overcome these multiple and complex challenges, whilst remaining committed to delivering consistently high quality audits and assurance engagements. A key foundation for consistently delivering high quality engagements rests in the firm’s system of quality control. Combined with the enhanced requirements in ‘Governance and Leadership’ that embed the oversight, control and discipline needed to embed a culture of quality, if implemented well, the QMA will help firms meet these challenges.

Are the requirements and application material of proposed ED-ISQM 1 scalable such that they can be applied by firms of varying size, complexity and circumstances? If not, what further actions should the IAASB take to improve the scalability of the standard?

We agree. The system of quality management (SOQM) is a proactive, scalable and robust approach to managing risks to quality that can be adapted as necessary to firms of varying size, complexity and circumstance in a constantly changing business environment.

2) Are there any aspects of the standard that may create challenges for implementation? If so, are there particular enhancements to the standard or support materials that would assist in addressing these challenges?

During our outreach, some of our stakeholders suggested that the IAASB could prepare the following support materials that are intended to supplement the IAASB’s standards, and act as an educational tool for firms:

'First Time Implementation Guide' for ISQM1 and ISQM2
Practical guide to performing a root cause analysis.
Practical guide to performing risk identification and assessment in a SOQM.

3) Is the application material in ED-ISQM 1 helpful in supporting a consistent understanding of the requirements? Are there areas where additional examples or explanations would be helpful or where the application material could be reduced?

We acknowledge the IAASB’s commitment to addressing scalability within ISQM1 and we are supportive of the examples and explanations included throughout the proposed standard to address scalability and aide implementation. We do, however, have some overarching concerns in relation to the length of the standard and encourage the IAASB to relocate the material that supports implementation, to guidance that exists outside the standard ('external guidance'), such as a 'First Time Implementation Guide' noted in our response to question 2. In particular, a number of application material paragraphs could be relocated to external guidance when such material illustrates how a firm might fulfil a particular requirement, including examples of policies and procedures a firm might adopt in response to quality risks. Our suggestions in relation to specific paragraphs that can be relocated can be found in Appendix 5. We would also encourage the IAASB to relocate the prescribed responses to an Appendix in the standard.

Specific Questions

4) Do you support the eight components and the structure of ED-ISQM 1?

We support the eight components of the SOQM and agree with that the components continue to be relevant to a firm in addressing specific topics that are fundamental to the performance of engagements, and therefore provide the critical link to the management of quality at the engagement level.

5) Do you support the objective of the standard, which includes the objective of the system of quality management? Furthermore, do you agree with how the standard explains the firm’s role relating to the public interest and is it clear how achieving the objective of the standard relates to the firm’s public interest role?

In part. We strongly support the explanation in paragraph 7 that the public interest is served by the consistent performance of quality engagements, and the further explanation as to how quality engagements are achieved. However, there is no reference to public interest in the objective, nor the consistent performance of quality engagements. ISQM1 acknowledges that the SOQM supports the consistent performance of quality engagements (as described in paragraph 7) and we therefore question why this, and the firm’s role to serve the public interest, is not addressed explicitly in the objective. We strongly advise the IAASB to consider a revision to the objective so it is clear that an outcome, in designing, implementing and operating the SOQM, is the consistent performance of quality engagements that serve the public interest.

6) Do you believe that application of a risk assessment process will drive firms to establish appropriate quality objectives, quality risks and responses, such that the objective of the standard is achieved? In particular:

Do you agree that the firm’s risk assessment process should be applied to the other components of the system of quality management?
Do you support the approach for establishing quality objectives? In particular:
1. Are the required quality objectives appropriate?
2. Is it clear that the firm is expected to establish additional quality objectives beyond those required by the standard in certain circumstances?

We strongly support the quality objectives that are required for each component, and agree that those quality objectives, when achieved, collectively should provide the firm with reasonable assurance that the objectives of the system of quality management are achieved. The risk assessment provides the context for designing the policies and procedures necessary to reduce the risk of not meeting those quality objectives to an acceptably low level, and therefore should be applied to all components of the system of quality management. We also agree that it is appropriate that the firm applies the risk identification assessment process to quality objectives within the risk assessment component to ensure that, among other things, the process is structured in a practical and disciplined fashion, is sustainable and is performed by people with the right skills, knowledge and experience.

We acknowledge that the quality objectives in ISQM1 are comprehensive and, if properly addressed by a firm, will result in the system providing reasonable assurance that its objectives have been achieved. However, we agree that firms need to consider if there is a need to establish additional quality objectives beyond those set out in ISQM1 because:

the nature and circumstances of firms and the engagements they perform will vary; and
quality objectives need to be reviewed frequently to determine if they are sufficient and appropriate given the constantly changing environment in which firms operate.

Do you support the process for the identification and assessment of quality risks?
Do you support the approach that requires the firm to design and implement responses to address the assessed quality risks? In particular:
1. Do you believe that this approach will result in a firm designing and implementing responses that are tailored to and appropriately address the assessed quality risks?

We support the process for the identification and assessment of risk and an approach that requires the firm to design and implement policies and procedures in response to assessed quality risks.

We agree that this approach has the potential for firms to design and implement responses that are tailored to and appropriately address the assessed quality risks. In particular:

The required understanding of the conditions, events, circumstances, actions or inactions that may adversely affect the achievement of its quality objectives (paragraph 26) leads to an enhanced understanding of the risks, which is critical to tailoring policies and procedures so that they are responsive to the risks.
Identifying changes and appropriately factoring them into the risk assessment process (paragraph 30) is also critical to a robust risk assessment. Changes as a result of both external and internal factors will create and change risk, and it is important that a firm implements processes that enables it to identify and evaluate the impact of changes on the quality risks on a timely basis and tailor the firm’s policies and procedures accordingly.

We acknowledge that the IAASB used the term 'responses' instead of 'controls' because it emphasises the importance of responding to the quality risks and the proactive nature of the new quality management approach. However, we believe that this term adds unnecessary complexity. Particularly as it is now inconsistent with ED-ISA 315 which uses 'controls'. If, as explained in the EM, the responses to quality risks are analogous to controls, and not inconsistent with the COSO Integrated Framework (2013), then we strongly advise the IAASB to use the term 'controls'.

Is it clear that in all circumstances the firm is expected to design and implement responses in addition to those required by the standard?

Yes.

7) Do the revisions to the standard appropriately address firm governance and the responsibilities of firm leadership? If not, what further enhancements are needed?

We strongly support the revisions to the standard in respect of firm governance and the responsibilities of firm leadership. As explained in our response to the ITC, firm leadership collectively has the responsibility and accountability for modelling and articulating the audit firm's culture and values, demanding the highest standards of ethical behaviour throughout the firm, encouraging transparency, and a willingness to challenge and make difficult decisions to maintain the firm's culture and values. Audit firm governance is therefore a critical component of quality; at the core of a QMA and foundational to its effectiveness. In particular:

We strongly support the introduction of the quality objective that addresses the firm’s role in serving the public interest. The firm’s overriding responsibility is to act in the public interest. As noted earlier, we believe this overriding responsibility should feature in the overall objective of ISQM1.
We strongly support the emphasis on a culture of quality, including recognising and reinforcing the importance of professional ethics, values and attitudes throughout the firm. In our view quality, and the associated professional behaviours, is the responsibility of all personnel within the firm and firm leadership are accountable for embedding that culture.
We agree, consistent with ISQC1, that the individuals assigned ultimate responsibility and accountability, and if relevant the individuals assigned operational responsibility, for the firm’s system of quality management, should have an understanding of the ISQM (paragraph 20). We do not agree with the condition "relevant to their responsibilities”, as all the text of the ISQM, in our view, is relevant to their understanding of the responsibility for the firm’s system of quality management. In particular, paragraph 24(a)(i) requires those with ultimate responsibility and accountability to have the appropriate experience and knowledge to fulfill the assigned responsibility. Such knowledge would undoubtedly include the text in ISQM1. We believe this is always relevant regardless of the size or structure of the firm.
We agree with the IAASB that the quality objectives in the governance and leadership component are universally applicable to firms of all sizes, particularly as the quality objectives have been established as outcomes.

8) With respect to matters regarding relevant ethical requirements:

Should ED-ISQM 1 require firms to assign responsibility for relevant ethical requirements to an individual in the firm? If so, should the firm also be required to assign responsibility for compliance with independence requirements to an individual?

We would support the view of IESBA that ISQM1 should more broadly capture responsibility for relevant ethical requirements. Such a responsibility would include responsibility for compliance with independence requirements. However, as with operational responsibility, ISQM1 should recognise that a firm may not have the resources available to address the requirement, as may be the case with an SMP, and accordingly that responsibility may also rest with the individual assigned ultimate responsibility and accountability for the system of quality management.

Does the standard appropriately address the responsibilities of the firm regarding the independence of other firms or persons within the network?

Paragraph 32 emphasises independence through the phraseology "relevant ethical requirements, including those related to independence". We believe this emphasis on independence is important, and absent this emphasis in paragraph 33, it is not clear that the standard appropriately addresses the responsibilities of the firm regarding independence except in respect of paragraph 33(d). To clarify, we suggest this phraseology is also applied to paragraph 33(a).

We do not believe the standard appropriately emphasises that the firm may have responsibilities in respect of other firms or persons that are external to the firm’s network. Whilst the phrase "others subject to relevant ethical requirements" in paragraph 32 could be assumed to encompass those external to the network, the emphasis on "as applicable, the network, network firms, service providers" in paragraph 33(a) implies that those external to the network (other than service providers) are not captured, and paragraph A71 confirms this interpretation.

In our view, the principal approach should be to recognise that, in certain circumstances, other firms that are external to the network performing procedures on an engagement are required to meet the same ethical requirements, including independence, as the firm and its personnel. This is precedented in the auditing standards. For example, in a group audit, ISA 600 requires the group auditor to understand whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent. Irrespective of whether the component auditor is part of the firm’s network or external to the firm’s network, when performing work on the financial information of a component for a group audit, the component auditor is subject to ethical requirements that are relevant to the group audit. Such requirements may be different or in addition to those applying to the component auditor when performing a statutory audit in the component auditor’s jurisdiction.

9) Has ED-ISQM 1 been appropriately modernized to address the use of technology by firms in the system of quality management?

Yes. We strongly support the introduction of the new technology related concepts, along with the enhanced requirements and much of the application material. The material better reflects the current technological environment and is sufficiently principles-based to allow for changing circumstances. However, we suggest that relocating some of the application material to a dedicated appendix or external guidance would be beneficial in reducing the length of the application material overall. Our suggestions in relation to specific paragraphs that can be relocated can be found in Appendix 5.

10) Do the requirements for communication with external parties promote the exchange of valuable and insightful information about the firm’s system of quality management with the firm’s stakeholders? In particular, will the proposals encourage firms to communicate, via a transparency report or otherwise, when it is appropriate to do so?

We support the requirements for communication with external parties. As noted in our response to the ITC, investors are calling for increased transparency about audit quality. As the IAASB has a clear role in strengthening public confidence in the global auditing and assurance profession, it is important for the IAASB to set principles and guidance to assist firms in being more transparent about how firms meet their responsibilities for audit quality (including through their networks), including at the engagement level.

This should include encouraging greater transparency about audit firm governance and how the firm’s SOQM enables the delivery of high quality audits in an evolving business and audit environment and, for particular audits, how quality control is managed and delivered at the engagement level. Such transparency is achieved in part through enhanced auditor reporting, but can be achieved as appropriate through, for example, enhanced communications with audit committees, and further enhancements to the auditor’s report or transparency reports or through other means. In this respect we believe the principle based requirements in paragraph 41(c), together with the application material in paragraph A151, should encourage firms to exchange insightful information about the firm’s system of quality management with the firm’s stakeholders.

11) Do you agree with the proposals addressing the scope of engagements that should be subject to an engagement quality review? In your view, will the requirements result in the proper identification of engagements to be subject to an engagement quality review?

We agree with the proposals addressing the scope of engagements that should be subject to an engagement quality review, including the extension of the scope to audits of financial statements that the firm determines are of significant public interest, and the supporting application material. We believe the requirements have the potential to encourage a more effective process in the identification of engagements subject to an engagement quality review.

12) In your view, will the proposals for monitoring and remediation improve the robustness of firms’ monitoring and remediation? In particular:

Will the proposals improve firms’ monitoring of the system of quality management as a whole and promote more proactive and effective monitoring activities, including encouraging the development of innovative monitoring techniques?
Do you agree with the IAASB’s conclusion to retain the requirement for the inspection of completed engagements for each engagement partner on a cyclical basis, with enhancements to improve the flexibility of the requirement and the focus on other types of reviews?

We support the proposals for monitoring and remediation and believe they have the potential to improve the robustness of firms’ monitoring and remediation process. In particular, we support:

The promotion of a more proactive, risk-based approach to monitoring activities that are focused on all aspects of the SOQM (including monitoring and remediation), and not just focused on responses that are implemented at the engagement level.
The retention of the requirement for the inspection of completed engagements for each engagement partner on a cyclical basis, along with the recognition of in-process engagement reviews.
The distinction between findings and deficiencies, which recognises that not all findings necessarily indicate a deficiency.
The investigation of the root cause of deficiencies so that appropriate action can be taken to address the deficiencies effectively.
The communication requirements in paragraphs 52 to 54.

Is the framework for evaluating findings and identifying deficiencies clear and do you support the definition of deficiencies?

We support the definition of deficiencies and the framework for evaluating findings and identifying deficiencies. We believe the proposals have the potential to deliver greater consistency in practice in the identification and assessment of deficiencies.

Do you agree with the new requirement for the firm to investigate the root cause of deficiencies? In particular:
1. Is the nature, timing and extent of the procedures to investigate the root cause sufficiently flexible?

Is the manner in which ED-ISQM 1 addresses positive findings, including addressing the root cause of positive findings, appropriate?

We strongly support the new requirement for the firm to investigate the root cause of deficiencies. We believe it is clear in ISQM1 that the nature, timing and extent of procedures to investigate the root cause is sufficiently scalable as it bases the extent of the root cause analysis on the nature of the deficiencies, including their perceived severity (i.e. it recognises that in some circumstances where the root cause is apparent a rigorous process is unnecessary).

Are there any challenges that may arise in fulfilling the requirement for the individual assigned ultimate responsibility and accountability for the system of quality management to evaluate at least annually whether the system of quality management provides reasonable assurance that the objectives of the system have been achieved?

We do not believe that an (at least) annual evaluation should give rise to any significant challenges. We are of the view that the new requirement reinforces the responsibility and accountability of leadership for the SOQM.

13) Do you support the proposals addressing networks? Will the proposals appropriately address the issue of firms placing undue reliance on network requirements or network services?

We strongly support the IAASB proposals addressing networks in response to the issues that have been raised in relation to undue reliance by firms and engagement teams on the network’s system of quality control.

We believe that the firm is responsible for the engagements it performs and for the reports that are issued on behalf of the firm and therefore it is the firm that is ultimately responsible for its SOQM, regardless of the nature and extent of network requirements or network services (NRSs) used by the firm. In this regard, we support the requirement in paragraph 59 that encourages a more robust understanding of NRSs being used in the firm. However, we do not agree that this requirement is sufficient to meet the IAASB’s objective set out above as it does not explicitly require the firm to determine whether NRSs are appropriate for use. Currently, the firm is only required to evaluate the effect on the risk assessment process (i.e. determine how the NRSs need to be used in the firm’s SOQM) and whether those NRSs need to be adapted or supplemented to be appropriate for use (i.e. and whether more needs to be done). We find the requirements relating to service providers much clearer and robust in this regard.

In finalising the standard, we strongly encourage the IAASB to amend paragraphs 59 (and 68(a)) to explicitly recognise the firm’s responsibility to determine not only how NRSs need to be used and what more needs to be done, but also whether NRSs are appropriate for use. We believe that this more robust approach has the potential to improve communications and transparency between the network and network firms and encourage improvements in the requirements and services provided by the network. Our editorial suggestions in relation to specific paragraphs can be found in Appendix 5.

14) Do you support the proposals addressing service providers?

We strongly support the proposals addressing service providers. A service provider, similar to a network or network firm, provides the firm with a resource the firm intends to use in its SOQM. Accordingly, as with a network or network firm, the firm needs to determine that such resources are appropriate to use in the firm’s SOQM. This is an important clarification.

15) With respect to national standard setters and regulators, will the change in title to “ISQM” create significant difficulties in adopting the standard at a jurisdictional level?

We do not anticipate any significant difficulties adopting the standard at jurisdictional level as a result of the change in the title.

Appendix 3

IAASB Proposed ISQM 2

1) Do you support a separate standard for engagement quality reviews? In particular do you agree that ED-ISQM 1 should deal with the engagements for which an engagement quality review is to be performed, and ED-ISQM 2 should deal with the remaining aspects of engagement quality reviews?

We support having a separate standard for engagement quality reviews. We agree that a separate standard increases the scalability of ISQM1, provides a mechanism to more clearly differentiate the roles and responsibilities of the engagement quality (EQ) reviewer and the engagement team, and places greater emphasis on the importance of an EQ review as a response to quality risks.

Objective

We agree that the objective of ISQM2 should be framed as an objective of the firm. We do not agree that the objective in ISQM2 is sufficiently outcome based. The performance of the engagement quality review is the process, the outcome of the review is that, in the EQ reviewer’s opinion, significant judgments made by the engagement team and the related conclusions reached in forming the overall conclusion on the engagement and in preparing the engagement report were appropriate in the nature and circumstances of the engagement. Accordingly, we strongly suggest the IAASB reconsider the objective of the standard and focus on an objective that is outcome based.

2) Are the linkages between the requirements for engagement quality reviews in ED-ISQM 1 and ED-ISQM 2 clear?

Yes.

3) Do you support the change from “engagement quality control review/reviewer” to “engagement quality review/reviewer?" Will there be any adverse consequences of changing the terminology in respondents' jurisdictions?

Yes. We support the change and do not anticipate any adverse consequences of changing the terminology.

4) Do you support the requirements for eligibility to be appointed as an engagement quality reviewer or an assistant to the engagement quality reviewer as described in paragraphs 16 and 17, respectively, of ED-ISQM 2?

What are your views on the need for the guidance in proposed ISQM 2 regarding a “cooling-off" period for that individual before being able to act as the engagement quality reviewer?
If you support such guidance, do you agree that it should be located in proposed ISQM 2 as opposed to the IESBA Code?

We support the requirements in paragraph 16. We believe that a "cooling-off" period is critical to audit quality in safeguarding objectivity and is therefore in the public interest. In that regard, we would support a requirement that defines an appropriate period that an individual who had previously been involved in the audit, including in the role of the engagement partner, would not be eligible to fill the role of the EQ reviewer. Whilst we recognise that the requirement in paragraph 16, and the application material in A5, together encourage firms to determine an appropriate period, leaving such a decision solely to firms may result in inconsistencies across practice which is not in the public interest.

We acknowledge that the period of cooling-off might be best determined by IESBA and encourage the IAASB and IESBA to collaborate on the matter in finalising the standard. However, if IESBA are unable to undertake such revisions to the IESBA Code before finalisation of the standard, the IAASB would be expected to address the cooling-off period directly in ISQM2.

In respect of paragraph 17, we acknowledge that in certain circumstances (e.g. larger, more complex engagements), the EQ reviewer may be assisted by an individual or team of individuals to assist the EQ reviewer in complying with the requirements of ISQM2. We support the recognition of assistance from other individuals in paragraph 17 and 18 of the standard. However:

The EQ reviewer still has overall responsibility for the EQ review and the conclusions reached in paragraph 24, but this is not clear enough in paragraph 18.
The EQ reviewer has a responsibility to direct, supervise and review the work of such individuals, but this is not required in paragraph 17 or 18.
Given that the overall responsibility for the EQ review rests with the EQ reviewer, the responsibilities of the individuals or team of individuals should be made clear to them before they undertake the work on behalf of the EQ reviewer, but this is not required in paragraph 17.

We advise the IAASB to clarify these matters when finalising the standard. See Appendix 5 for suggested editorials in this regard.

5) Do you agree with the requirements relating to the nature, timing and extent of the engagement quality reviewer’s procedures? Are the responsibilities of the engagement quality reviewer appropriate given the revised responsibilities of the engagement partner in proposed ISA 220 (Revised)?

We agree with the requirements relating to the nature, timing and extent of the engagement quality reviewer’s procedures. Irrespective of the revisions to ISA 220, the roles and responsibilities of the engagement partner and the EQ reviewer are different, and we believe this is clear in ISQM2. In particular,

The EQ reviewer is not a member of the engagement team, nor does the EQ reviewer participate in the engagement, but instead is an important part of the firm’s quality management responses.
The EQ reviewer’s role is to provide an independent perspective and a critical challenge to areas of significant judgment and provides an analysis of the quality of the work done in those areas.
The engagement partner remains overall responsible for managing and achieving quality on the engagement, and therefore remains responsible for making the critical decisions or significant judgments on the engagement.
Only the engagement partner is responsible for the opinion or conclusion on the engagement.

6) Do you agree that the engagement quality reviewer’s evaluation of the engagement team’s significant judgments includes evaluating the engagement team’s exercise of professional skepticism? Do you believe that ED-ISQM 2 should further address the exercise of professional skepticism by the engagement quality reviewer? If so, what suggestions do you have in that regard?

We agree that the EQ reviewer’s evaluation of the engagement team’s significant judgments includes the evaluation of the engagement team’s exercise of professional skepticism. However, we also believe that ISQM2 should address the exercise of professional skepticism by the engagement quality reviewer.

Professional skepticism is a critical element of engagement quality and is applied by the EQ reviewer in order to act appropriately on their understanding of which matters they should challenge, when determining the extent of their challenge in relation to those matters, and what information they should obtain to satisfy those challenges. The EQ reviewer also applies professional skepticism in challenging themselves as to whether they have fulfilled the objective of the engagement quality review (please see comment in relation to the objective of ISQM2).

7) Do you agree with the enhanced documentation requirements?

In part. An important attribute of documentation is the professional judgment exercised by the EQ reviewer in evaluating the work of the engagement team and forming the EQ reviewer’s conclusions. Such matters are important to those responsible for reviewing documentation (in accordance with paragraph 27), and those carrying out subsequent EQ reviews when reviewing matters of continuing significance. This is not emphasised in the requirements or the application material. In particular, the EQ reviewer should document the rationale for the EQ conclusion required by paragraph 24 including, for example:

the basis for the EQ reviewer’s conclusions about the information provided by the engagement team in resolving matters raised by the EQ reviewer.
the basis for the EQ reviewer’s conclusions on the reasonableness of the engagement team’s basis for, and evidence supporting. making significant judgments.

8) Are the requirements for engagement quality reviews in ED-ISQM 2 scalable for firms of varying size and complexity? If not, what else can be done to improve scalability?

Yes.

Appendix 4

IAASB Proposed ISA 220

1) Do you support the focus on the sufficient and appropriate involvement of the engagement partner (see particularly paragraphs 11–13 and 37 of ED-220), as part of taking overall responsibility for managing quality on the engagement? Does the proposed ISA appropriately reflect the role of other senior members of the engagement team, including other partners?

We agree that the engagement partner is ultimately responsible for the direction and supervision of the audit, and that oversight and direction of the work of the engagement team is a fundamental attribute in achieving high quality audits. We agree the engagement partner needs to demonstrate sufficient involvement throughout the audit process, and that, prior to forming an opinion, “stand back" and, taking into account any changes in the circumstances of the engagement, or the firm’s policies or procedures, determine whether the requirements of proposed ISA 220 have been addressed, and whether the engagement partner’s involvement throughout the audit has been sufficient and appropriate.

Accordingly, we strongly support the enhanced requirements and application material in respect of the engagement partner’s overall responsibility for managing and achieving quality on the audit engagement, and the engagement partner’s sufficient and appropriate involvement throughout the audit. We also strongly support:

Paragraph 12, including that the engagement partner’s responsibility to take clear, consistent and effective actions for creating an environment that emphasises the firm’s cultural values and behaviors, reinforces the engagement team’s responsibility for managing quality and for exercising professional scepticisim.
Paragraph 13, in particular, that regardless of whether the engagement partner assigns procedures, tasks or actions to other members of the engagement team to assist in complying with ED-220, the engagement partner still takes overall responsibility for the engagement and remains accountable for managing and achieving quality on the engagement. We would however suggest that the emphasis on accountability is better placed in the lead in to paragraph 13, rather than in the application material (A30).
Paragraphs 14 and 15, in particular, that the engagement partner no longer blindly relies on the engagement team having the knowledge they need in respect of relevant ethical requirements but is proactive in determining that the engagement team has an understanding of the ethical requirements that are relevant to the engagement.
Paragraph A24, the important clarification that being sufficiently and appropriately involved in the engagement is directly related to the engagement partner’s responsibility for the nature, timing and extent of the direction and supervision of the engagement team, and the review of the work performed.
The enhanced requirements and application material in respect of "engagement performance" addressing nature, timing and extent of direction and supervision of the engagement team and the review of their work, including the greater specificity in how the engagement partner needs to be involved.

2) Does ED-220 have appropriate linkages with the ISQMs? Do you support the requirements to follow the firm’s policies and procedures and the material referring to when the engagement partner may depend on the firm’s policies or procedures?

We agree that ED-220 has the appropriate linkage to the ISQMs and support introductory material in paragraph 2 to 4 that explains the relationship between ISQM1 and ISA 220. We strongly support the requirements to follow the firm’s policies and procedures and agree with the explanation in paragraph 13 of the EM that they are integral to the fulfillment of the requirements of ED-220.

A key foundation for consistently delivering high quality engagements rests in the firm’s system of quality management, and therefore the engagement team’s compliance with the firm’s policies and procedures is an important component of a high quality audit. We also support paragraph 37(b) that requires the engagement partner to take into account the firm’s related policies and procedures when concluding on overall responsibility.

We also strongly support the enhancements to the requirements and application material that recognise that the engagement partner may depend on the firm’s SOQM to leverage the work necessary at the engagement level (as noted above, it is an important component of a high quality audit) but retains the caution to not blindly rely on the firm’s policies and procedures, particularly in respect of resources. In particular, we support:

Paragraph 23, the engagement partner’s responsibility to determine if the resources provided are sufficient and appropriate in the context of the nature and circumstances of the engagement. Also, paragraph 25, that where such resources are not appropriate for the engagement, the engagement partner is required to resolve the matter with the firm.
Paragraph A8 and A61, addressing matters that the engagement partner may take into account when making a determination whether, and if so, the degree to which the engagement partner may depend on the firm’s policies and procedures.

Objective

We strongly support the link between the objective of the firm in ISQM1 and the objective of the auditor in ED-220. In particular, that the objective of extant ISA 220 incorporates the concept of reasonable assurance and therefore embeds the risk-based approach to managing quality at the engagement level.

Quality Management Approach

We support the approach in the standard, that in managing quality at the engagement level and in complying with the requirements in ED-220, the engagement partner will achieve reasonable assurance through:

Implementing the firm’s responses that address the firm-identified quality risks (i.e., those designed at the firm level but which are intended to be executed at engagement level); and
Designing and implementing additional responses that address 'what could go wrong' for that specific engagement, i.e., based on consideration of the nature and circumstances of each audit engagement and changes that may occur during the engagement.

However, whilst the introductory material in paragraph 4, and application material in paragraph A5, go some way to explain this, we that in finalising the standard, the IAASB clarifies this point in the introduction or the application material.

3) Do you support the material on the appropriate exercise of professional skepticism in managing quality at the engagement level? (See paragraph 7 and A27–A29 of ED-220)

We strongly support:

The material in paragraph 7 and paragraphs A27 to A29 that highlight examples of impediments to exercising professional skepticism and offer possible actions to deal with the impediments. We believe that this guidance is necessary to support the application of the requirements in ISA 200 in respect of professional skepticism in the context of managing and achieving quality at the engagement level and in complying with the requirements of ED-220.
The requirement in paragraph 12 that emphasises and enhances the responsibility of the engagement partner to communicate the expected behaviour of the engagement team members in the context of a culture of quality, including the emphasis on the importance of professional skepticism.

4) Does ED-220 deal adequately with the modern auditing environment, including the use of different audit delivery models and technology?

Yes.

Definition of the engagement team

We strongly support the clarification of the definition of engagement team (and supporting application material) that all individuals who perform audit procedures on the engagement team are members of the engagement team. Importantly, we believe the change appropriately recognises an evolving auditing environment whilst maintaining an emphasis on the attributes of a high-quality audit. That is, regardless of where such individuals are located, or how they are related to the firm, if they are performing audit procedures, then their work needs to be appropriately directed, supervised and reviewed by the engagement partner in accordance with ISA 220. This clarification is also consistent with the proposals in PCAOB Release No. 2016-002².

Paragraph A18 clarifies that engagement teams may include individuals from network firms or other firms to perform audit procedures, and therefore captures component auditors (whether from network firms or other firms) performing audit procedures on behalf of the engagement team. We strongly support this clarification as we believe that the requirements in ED-220 that are relevant to the engagement team, should be equally relevant to other auditors performing audit procedures. Otherwise, in a group audit engagement, component auditors would not be subject to the same robust requirements set out in ED-220 as the engagement team, and this is not in the public interest.

This includes matters such as, for example:

Emphasizing to other auditors that they are responsible for contributing to the management and achievement of quality at the engagement level (paragraph 12).
Encouraging open and robust communication (paragraph 12).
Emphasizing the importance of professional skepticism (paragraph 12).
That other auditors have an understanding of, and confirm compliance with, the relevant ethical requirements including those related to independence that are applicable given the nature and circumstances of the engagement (paragraphs 14-19).
That sufficient and appropriate resources to perform the engagement are assigned or made available, and the engagement team, collectively have the appropriate competence and capabilities, including sufficient time, to perform the audit engagement (paragraphs 23-26).
Direction, supervision and review (paragraphs 27-28).

We also support the reference to ISA 500 Audit Evidence (paragraph A10) in paragraph A16 of ED-220 which describes different types of audit procedures. We believe that this gives firms an appropriate reference when determining whether the work performed by individuals on an audit engagement is categorised as an audit procedure. We encourage the IAASB to maintain this reference, and not try to be too precise about different scenarios, particularly when technology is used. This reference maintains the flexibility required in an evolving auditing environment.

Firm policies and procedures, network firms and other firms

When assessing risks to quality objectives, the firm determines the most appropriate responses to be implemented at the engagement level, including to achieve compliance with ED-220. Additionally, the firm determines which policies and procedures required at the engagement level (in addition to those policies and procedures set out to meet the requirements of ED-220) are relevant to other auditors (e.g. individuals from network firms and other firms), including component auditors. In such circumstances, the engagement partner has responsibility for the implementation of, or adherence to, those policies and procedures. We suggest these points could be clarified when finalising ISQM1 and ED-220, so as not to imply that all firm policies and procedures, beyond those required to address compliance with ED-220, are relevant to other auditors. For example, the firm’s policies in respect of the required competency of engagement team members may be the same, but the process to determine whether other auditors have the required level of competency will be different to the firm’s process in respect of their own staff.

5) Do you support the revised requirements and guidance on direction, supervision and review? (See paragraphs 27–31 and A68–A80 of ED-220)

We strongly support:

The revised requirements and application material that addresses direction, supervision and review, and the responsibility of the engagement partner to determine the nature, timing and extent of direction, supervision and review. We believe the proposals have the potential to significantly improve audit quality.
The emphasis in paragraph A83 that the engagement partner develops and tailors the nature, timing and extent of direction and supervision of the members of the engagement team, and the review of the work performed, to the nature and circumstances of the engagement.
The guidance on matters that may constitute a significant judgment.
Greater specificity on matters that need to be reviewed by the engagement partner, including to review the financial statements and the auditor’s report prior to dating the auditor’s report, and formal written communications to management, those charged with governance, or regulatory authorities.

6) Does ED-220, together with the overarching documentation requirements in ISA 230, include sufficient requirements and guidance on documentation?

Yes.

7) Is ED-220 appropriately scalable to engagements of different sizes and complexity, including through the focus on the nature and circumstances of the engagement in the requirements?

We agree with the approach of the IAASB in respect of scalability. ED-220 clarifies that the engagement partner applies professional judgment in addressing the requirements in light of the nature and circumstances of the audit engagement. Therefore, in our view, ED-220 is adaptable to audits of different sizes and complexity, and also appropriately takes into account different structures of engagement resources or audit delivery models.

Appendix 5

Editorial Suggestions

ISQM1 Requirements

Editorial Suggestions

| Paragraph |

Header 1	Header 2
Data 1	Data 2

```

Output should start here.

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0)20 7492 2300 Fax: +44 (0)20 7492 2301 www.frc.org.uk The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered office: as above. Please see our privacy page at https://www.frc.org.uk/about-the-frc/procedures-and-policies/privacy-the-frc if you would like to know more about how the FRC processes personal data or if you would like to stop receiving FRC news, events, outreach or research related communications.

Enhancing Audit Quality in the Public Interest: A Focus on Professional Skepticism, Quality Control and Group Audits (December 2015) ↩
https://pcaobus.org/Rulemaking/Docket042/2016-002-other-auditors-proposal.pdf See Appendix A, definition of engagement team. ↩

File

Name FRC Response to IAASB Quality Management Consultation

Publication date 27 September 2023

Type Response to external consultations

Format PDF, 218.9 KB

Download original

Back to top

FRC Response to IAASB Quality Management Consultation

File

Is this page useful?