Proposed statement of auditing standards 240 (revised) - quality control for audit work
The
consultation document issued by the Auditing Practices Board
Comments from The Association of Chartered
Certified Accountants
1. General
1.1 The Association of Chartered Certified Accountants (ACCA) welcomes the opportunity to comment on the proposed Statement of Auditing Standards 240 (revised), Quality control for audit work, published by the Auditing Practices Board (APB).
1.2 We recognise the need for all auditors to establish quality control procedures to ensure that their work meets the high standards of auditing established by the APB and we therefore strongly support the current proposals. ACCA has always held the view that audits should be performed to the same standards irrespective of the size of the audit firm (including sole practitioners) or that of the entity being audited. We are concerned, however, that much of the detail and terminology of the proposed Statement of Auditing Standards (SAS) in the ‘grey’ lettering paragraphs gives the impression of being written from a large firm perspective. We recommend that the revised draft include sufficient guidance on the practical implementation of individual Standards (indicated by bold type) by very small partnerships and sole practitioners.
2. Issues on which APB has sought views
2.1 Does the Exposure Draft (ED) adequately cover the major aspects of quality control?
Yes – there do not appear to be any major omissions.
2.2 Does the ED properly balance the responsibilities of the firm, the audit engagement partner, the independent partner and others?
The respective responsibilities of the key ‘players’ as set out in the proposed SAS are balanced appropriately. However, the explanatory material in the revised SAS needs to make it clear that very small firms and sole practitioners achieve this balance through outsourcing the review process.
2.3 Should the independent partner be expected to have industry knowledge?
In general, we agree that it is appropriate for an independent partner – or reviewer – to have industry knowledge. This is helpful in the review of audit work on specialised or regulated sectors, where there are often particular considerations which must be borne in mind. On the other hand, there is also a case for bringing a fresh mind to bear on certain audits. On balance, we do not consider that the SAS should be prescriptive on this point. It should be left to the professional judgement of the practitioner as to whether the independent reviewer of audit work needs specialist knowledge of the sector in which the audit client operates.
2.4 Are the draft bold letter paragraphs practical for audit firms of all sizes?
We consider that the bold letter paragraphs are practical for audit firms of all sizes. The difficulty, as we have explained above, is that the impression given by parts of the remaining text is that the SAS is designed for firms with many partners and listed company clients. The definitions of ‘firm’ and ‘partner’ in paragraph 6 rightly include sole or very small practices and practitioners, but the explanatory material elsewhere does not provide sufficient guidance for these constituents. We have indicated, in the section headed ‘Specific points’ below, those areas where we consider that additional material is needed.
The revised SAS goes further than the existing requirements in stating that firms should establish policies setting out the circumstances in which an independent review should be carried out on the audit work relating to clients other than listed companies (240.10). It would make the SAS seem less heavily biased towards large firms if explanatory material were added to the effect that some very small firms might not have any clients where the audit risk was high enough to warrant ‘hot’ reviews.
3. Specific points
3.1 Paragraph 1 stresses the importance of independent audit to good corporate governance, and the need for quality control in the audit function. Given the widespread agreement in the profession that there should be no distinction between auditing standards applicable to different sizes of audit client, any standards on quality control must be flexible enough to cater for all types and sizes of practice.
3.2 The last sentence in paragraph 4 comments that, for small firms, the different roles in the quality control process may all be performed by one individual. We recommend that this statement be given greater prominence, possibly by including it in a special paragraph, which sets out how the quality control standards may be applied in small practices. It needs to be made clear that sole practitioners can satisfy the requirements of the SAS.
3.3 The proposed SAS discusses the role of the audit engagement partner, and in paragraph 6(a) quite rightly indicates that he or she "assumes ultimate responsibility for the conduct of the audit and for issuing an audit report on the financial statements on behalf of the firm".
3.4 Paragraph 6(j) states that where an individual is appointed as audit engagement partner to an entity, that individual should not subsequently be appointed to undertake an independent review of the audit of that entity until at least two years have passed following the end of the appointment as audit engagement partner. Two practical points arise:
a) it is not clear whether the years referred to are chronological or accounting periods (each of the latter could be between six and eighteen months long). It might, therefore, be better if the ‘quarantine’ period were expressed in terms of months
and
b) the paragraph does not deal with the position of an audit manager on an engagement who is promoted to partnership and might therefore be chosen as independent partner on the assignment. Guidance on this point would be helpful.
3.5 SAS 240.1 (paragraph 7) deals with leadership and responsibilities within the firm. We recommend that the Standard be ended at the first semi-colon, with the remainder of the paragraph being presented as guidance. The text could usefully be expanded to take into account the arrangements that may be appropriate for a sole practitioner or small firm.
3.6 Paragraph 19 states that, if the prospective audit client refuses permission for the incumbent and proposed incoming auditors to communicate, the latter considers (our emphasis) whether to decline the appointment. This is at odds with the Rules of Professional Conduct of both ACCA and the Institutes of Chartered Accountants, which require the incumbent auditor to seek permission from the client to discuss the latter’s affairs with the prospective auditor. If permission is withheld, the incumbent auditor must inform the prospective auditor, who should then decline to act. We recommend that paragraph 19 be made consistent with the professional bodies’ rules.
3.7 SAS 240.3 is an example of a Standard which, if taken literally, does not apply to sole practitioners. It might, therefore, be helpful to add guidance in the following paragraph along the lines ‘sole practitioners consider whether they have the necessary industry knowledge and experience to audit each individual entity. They may be able to supplement their own resources by using sub-contractors or specialist consultants, whilst bearing in mind that they retain ultimate responsibility for the audit opinion and underlying procedures’.
3.8 In any case, the distinction between the circumstances covered by SAS 240.2 and SAS 240.3 is not sufficiently clear. We recommend that the end of SAS 240.3 be changed along the lines ‘to meet the requirements of continuing audit engagements’.
3.9 Paragraph 30 refers to the establishment of policies for second partners. It is not clear what the role is of this second partner, other than to be present at meetings with management of the audited entity concerning matters which are, or may be, material to the audit report. We recommend that rather more positive guidance be given as to the functions of the second partner, and as to whether the second partner may be the same person as the independent partner. Further clarification by way of grey letter text would be helpful.
3.10 The fact that the audit engagement partner carries ultimate responsibility is rather obscured in paragraph 41. We recommend that words such as ‘have ultimate responsibility for the audit opinion and are therefore responsible …’ be inserted after "Audit engagement partners" in the third sentence.
3.11 SAS 240.8 and paragraphs 43 and 44 concern threats to objectivity. We recommend that the text refer auditors to the independence rules of their professional bodies, which give examples of threats and safeguards, as well as spelling out those services which may not be provided to an audit.
3.12 Paragraph 52 appears rather feeble, as stating the obvious. If there is any doubt as to whether the audit engagement partner will see this as a necessary part of his or her duties, then it might be better for the statement to be included as a black letter requirement. If, on the other hand, there may be some doubt as to the extent of the engagement partner’s reading of the audit report and other information, then the uncertainties or other considerations should be explained in the text.
3.13 Paragraph 54 introduces a requirement for an independent review where the audited entity is a listed company and extends the principle to a matter to be considered for other audit engagements "whether on the grounds of the public interest or audit risk". We consider that guidance on the term ‘public interest’ would be helpful, as it is used differently in different contexts, both in Statements of Auditing Standards, and in CCAB member bodies’ rules of professional conduct. The DTI Consultative Document on the statutory audit requirement for smaller companies suggested that size was an issue in determining whether an entity should be audited compulsorily in the public interest, but we believe that there are additional criteria. Examples of ‘public interest’ clients with which small firms might identify include:
• charities which have a high profile locally or which have received substantial grant funding from public authorities
• OFEX companies
• public interest companies as defined in the rules of professional conduct of the ‘auditing’ professional bodies
and
• OEICS, unit trusts and other offshore funds for which a market exists (some offshore funds have a listing in Ireland, although they are not normally traded on-exchange).
Small firms need to understand that what is required is a policy for identifying engagements where there is high audit risk or where the public interest is concerned, so that there is a procedure for independent review of working papers before the accounts and audit opinion are finalised. ‘Hot reviews’ may be the exception rather than the rule for many firms, but there still need to be arrangements in place.
3.14 The guidance does not indicate whether or not the independent partner can have a proactive role. Paragraphs 56 to 60 seem to imply that the independent partner gets involved towards or at the end of the audit but in some cases the discovery of a ‘fatal flaw’ at that stage will involve significant extra work to retrieve the situation. Where there is room for disagreement over the nature and extent of procedures necessary to generate the evidence required to support the audit opinion, the independent partner should review the plan before the audit starts. We recommend that additional guidance be given on this point.