Audit Management from a Monitoring perspective 20 September 2014

AGENDA Introduction Audit management at firm level - International Standard on Quality Control No.1 (ISQC1)  Leadership responsibilities  Compliance with ethical requirements/independence  Client acceptance and continuance  Human resources  Engagement performance  Monitoring Managing specific audit engagements – ISA 220  Understanding your client  Planning, supervision and review  Documentation  Finalisation

INTRODUCTION

Audit management driven by International Standard on Quality Control No. 1 (ISQC 1) and International Standards on Auditing (ISAs). Practice monitoring covers all areas of ISQC1 and ISAs through use of programme and checklists which guides the review of an audit practice. ISQC 1 sets firm wide requirements and ISA 220 sets requirements for specific audit engagements Effective audit management protects the reputation, credibility and status of an audit practice.

INTRODUCTION continued… A good audit management culture emphasises the importance of managing risk in all aspects of an audit. The goal of creating a good audit management culture is to create a situation where partners and staff instinctively look for risks and consider their impacts when making effective operational decisions. Adopting a robust audit management framework not only protects the individual practice but the integrity of the profession as a whole.

LEADERSHIP RESPONSIBILITIES

LEADERSHIP RESPONSIBILITIES Audit quality control policies and procedures should be documented Overall responsibility for quality should be with a senior principal suitably qualified – compliance partner Role and responsibilities of compliance partner should be documented Effective line of communication between compliance partner and engagement partners in multi-partner firm Ensure adequate resources devoted to the development, documentation and support of quality control policy and procedures Ensure staff provided with training and required to confirm that have read and understood the policies and procedures

ETHICAL REQUIREMENTS

Written policy to state IFAC Code of Ethics will apply Ethics partner should be appointed in a multi-partner firm Role and responsibilities of Ethics partner should be documented Appropriate training to staff on ethical code of the firm and annual declarations Any independence threats identified and safeguards to mitigate them should be documented in a central register Mandatory partner rotation on audits of public interest audits Practice monitoring involves identifying any potential threats and how dealt with by the firm

INDEPENDENCE THREATS Threats created by range of relationships and circumstances Types of threats – self-interest, self-review, familiarity, intimidation and advocacy Section 290 of the IFAC Code covers a wide range of relationships and circumstances creating threats but not exhaustive Examples of common ethical issues identified:  Undue financial dependence on an audit client or group of connected clients – Self-interest or intimidation threat  Close family or business relationship with audit clients – Self- interest threat, familiarity or intimidation threat  Acting as an advocate for an audit client – Advocacy threat  Providing book-keeping and accounting services to audit clients – self-review threat  Long association with audit clients – familiarity threat

CLIENT ACCEPTANCE AND CONTINUANCE

Procedures should be documented before acceptance by the engagement partner – Use of an appropriate checklist which cover:  Integrity of client – identity and background checks  Conflicts of interest – No independence issues  Establish reasons for changing auditor  Understanding client’s business, key personnel, advisors, regulatory and reporting requirements and audit reports of prior years – risks involved and availability of suitable audit staff  Client’s attitude to fees – avoid unnecessary fee pressure  Possibility of limitation placed by client  Accounting standards applied – ensure acceptable and no disagreement on interpretation

CLIENT ACCEPTANCE AND CONTINUANCE Client continuance – re-visit the above and also consider any significant matters from previous engagements Professional clearance from previous auditor – also obtain carry over information Role of compliance partner – approval for high risk and public interest audits before acceptance Engagement letter issued only after all acceptance or continuance procedures completed and documented Documented policy and procedures on withdrawal of client engagement – cover legal requirements and reporting to regulatory authorities

HUMAN RESOURCES

Procedure for assessing human resources requirement – both sufficiency and competence should be considered Assessment of firm’s policies and procedures on:  Recruitment – use of consultants, advertising and milk-round  CVs and Interviews – considering, capabilities and competence  Obtaining references  Performance evaluation – on individual assignments and overall at least annually  Evaluations should cover: career development including promotion and compensation identifying training needs Training:  Based on needs identified and attendance should be monitored  Should cover application of auditing and accounting standards and updates

ENGAGEMENT PERFORMANCE

ENGAGEMENT PERFORMANCE Audit manual – proprietary or tailor-made Engagement partner involvement should cover:  Planning – Team meeting to provide background and discuss risk areas and audit approach  Supervision of audit work – tracking progress, addressing significant matters, considering matters for consultation and review of audit work  Completion – Review of FS including final analytics, subsequent events, going concern, written representation from client and formulating audit report Documented policies and procedures on:  Engagement quality control review (second partner) – High risk and PIE audits  Consultation on difficult or contentious matters  Resolving differences of opinions between partner and managers

ENGAGEMENT PERFORMANCE – AUDIT DOCUMENTATION Monitoring file assembly done in a timely manner – Within 60 days of the audit report date File archiving procedures to ensure:  Confidentiality, safe custody and integrity – stored in fire-proof room or cabinets. Back-ups of electronic papers  Accessibility – Orderly filing and control over accessibility – require partner approval and logging system Documented policy on file retention – comply with the minimum legal requirements and monitoring Procedure on file destruction – shredding, burning or use of specialist confidential disposal company

MONITORING

Annual review of the effectiveness of quality control policies and procedures Cold reviews of selected completed audit engagements:  Evaluate any deficiencies  Communicate deficiencies and recommendations  Implement recommendations Document procedures to be applied where cold reviews identify:  Audit work in key audit areas not done  Inappropriate audit reports issued Complaints procedure – should be documented and covered in letter of engagement

MANAGING SPECIFIC AUDIT ENGAGEMENTS

UNDERSTANDING YOUR CLIENT

UNDERSTANDING YOUR CLIENT Meeting with client’s key personnel to obtain information on understanding the client’s business which should include:  Nature of the business activity, organisational structure and method of operations  Accounting systems including internal controls  Legal and regulatory requirements  Related parties  Sources of funding  Customers and suppliers  Litigation  Fraud risk The above should be documented

PLANNING, SUPERVISION AND REVIEW

PLANNING, SUPERVISION AND REVIEW Ensure engagement letter issued and signed by client Ensure Independence confirmations obtain from audit team Planning meeting with audit team - Documented plan:  Risk areas from - understanding of business, fraud discussions, any non-compliance with laws and preliminary analytical review  Audit approach – full substantive testing or tests of controls and reduced substantive testing?  Determination of overall and performance materiality and sampling  Design of audit procedures – Use of a suitable audit programme  Allocation of work to team, timing of audit and budget Communicate nature and scope of audit to the client Agree arrangements for co-ordination, direction, supervision and review

DOCUMENTATION

Ensure staff understand the reasons behind performing audit tests and are aware of how the audit work should be documented. Documentation should be in compliance with ISA 230: Understanding of the business and plan Objectives, nature and extent of the audit procedures undertaken Conclusions on each test, including any professional judgments Evidence of partner and manager review Finalisation procedures Evidence of ECQR, where applicable

FINALISATION PROCEDURES

FINALISATION PROCEDURES Partner should be involved in the following procedures: Going concern and subsequent events review Review of financial statements including final analytics Drafting letter of representation for the client Formulating of the audit report Discuss the financial statements with the client including any major issues arising Communicate any weaknesses identified in internal controls to the client Ensure that the audit report is signed after the directors have formally approved the financial statements and have provided the management representation letter

CONCLUSION

Ensure that the firm has documented ISQC 1 quality controls and procedures which are effectively applied Ensure that audit work is carried out and documented in accordance with ISAs Use of suitable audit programme is essential

ANY QUESTIONS?

THANK YOU