1. Quality Assurance Building Effective Oversight Systems Paul F.M. Hurks Director NBA International Accountancy (Royal NIVRA) Paul F.M. Hurks Director NBA International Accountancy (Royal NIVRA)

2. Quality Control & Quality Assurance Why do we need –Quality Control (QC), and –Quality Assurance (QA) for high quality financial reporting? –Specific responsibility of the profession –Principle based standards –Assessments are highly judgmental –Human behavioural characteristics

3. Specific Responsibility: Public Interest IFAC/PIOB (PPP5) definition of public interest: “The net benefits derived for, and procedural rigor employed on behalf of, all society in relation to any action, decision or policy” Elements: -Public (broad scope) -Interests of the public (economic in nature, management of resources) -Responsibility of the profession (in a large variety of roles) -General assessments (cost/benefit; processes, trade-offs)

4. Principle based Standards Principle-based regulation Code of Ethics (Attitude) Clarified ISAs (Processes) ISQC1: Quality Control (Governance) SMO1: Quality Assurance (Enforcement) All assessments are highly judgmental

5. Code of Ethics (IESBA) Fundamental Principles: Integrity Objectivity Competence & Due Care Confidentiality Professional Behaviour (and Independence) Conceptual Framework Safeguards & Evaluation All assessments are highly judgmental

6. Clarified ISAs (IAASB) Standards for Auditing & Assurance An audit is an audit Principle-based requirements for processes Requirements to interprete in a case-systemic way Tailor made application All assessments are highly judgmental

7. ISQC1 (IAASB) (1) Standards for Quality Control Control: firms are required to design and implement a system of Quality Control, tailor made, according to the following concept: All assessments are highly judgmental. PDCA- CYCLE plando check act

8. ISQC1 (IAASB) (2) Obligations for Quality Control Leadership responsibility Client relationships and assignments Human resources Engagement performance Monitoring Documentation All assessments are highly judgmental

9. SMO1 Quality Assurance (IFAC) Obligations for Quality Assurance Implementation by the PAO of a Quality Assurance Review Program for Audit Engagements (minimum) of Financial Statements: “enforcement” For audits of listed entities (minimum) Best endeavours to encourage and assist other responsible authorities (government, regulators); Publish QC-standards and guidance (ISQC1) requiring firms safeguarding compliance with ISA 220 for audit professionals 3 or 4? levels All assessments are highly judgmental

10. When high quality FR is safeguarded? (1) Agency Theory for Audit & Assurance former (3 parties): client – shareholder – auditor current (4 parties): client – stakeholder – auditor – PAO, or current (5 parties): client – stakeholder – auditor – PAO - regulator (N.B.: stakeholder = public)

11. When high quality FR is safeguarded? (2) FR Infrastructure UNCTAD Capacity Building Framework Pillar A: Legal and Regulatory Frameworks Pillar B: Institutional Frameworks Pillar C: Human Resources Pillar D: Capacity Building Process

12. When high quality FR is safeguarded? (3) Why do we need oversight bodies overseeing PAO’s and auditors? Because regulation often is only adopted, ‘not really’ implemented, reflecting elements of: –lack of awareness of the concepts –lack of professional knowledge and practical experience (techniques (science) versus judgements (art)) –lack of substance over form (mirror-approach) –characteristics of human behaviour (threats, pressures) Public society heard too much of: “All this is not illegal” The profession is responsible for reliability It is all about TRUST

13. When high quality FR is safeguarded? (4) Cascade effect of IFAC development program influencing attitude - IFAC: SMO’s, CAP - PAO: QA, CPD, including Regulator - Firm: QC, daily practice - Client: ethical behaviour, CSR

14. When high quality FR is safeguarded? (5) ClientAuditorPAORegulatorPublic Legal & Regulatory Framework √√√√√ Institutional Framework √√√√√ Human Resources √√√√√

15. Challenges for PAO development (1) Development categories towards “Center of Excellence” –Managerial support (business model, governance, practices) –Technical support (rules, regulation, tools, guidance) –Intellectual support (ethics, values, mindset, principles, attitude, concepts, judgment)

16. Challenges for PAO development (2) Quality Control (firm) -Concept of ‘Public Interest’ -Definition of ‘Quality’ -Concept of ‘Control’ -Ethics & Attitude -Nature of clients -Sole Practitioners -Competence -Practical Experience -Judgments -Availability of tools (IT) -Language -Transparency Quality Assurance (PAO) -Nature of PAO -Legal environment -Government support -Size of the profession -Competition (clients/tools) -Requirements reviewers -Authority reviewers -Judgments -SMO1 business model -Language -More PAOs -Transparency

17. Challenges for PAO development (3) What can we do improve QC and QA practices? Step by step approach: 5 years (usually it will take at least double time ): Year 1: legal framework and regulation (international, convergence) Year 2: education & CPD (QC, QA, auditing) Year 3: design of Firm’s QC manual (customized) Year 4: perform assignments accordingly (documentation) Year 5: first time availability of audit documentation for review*) *) recommendation to start reviews earlier for the learning process

18. Lessons Learned (1) What can we do improve QC and QA practices? –Education and training: tone at the top, mindset, attitude, public interest, quality, control concepts, professional skepticism, unbiased judgment, awareness of individual/collective professional responsibility, practice examples, transparency; –Firms, big & small: tone at the top, culture, recruiting, promotion, incentives, training on the job, macro-responsibility, governance code; –Audit regulation: visualize in documentation, reviews, monitoring, liability; –Ethics regulation: implementation of CoE, substance over form; –Guidance: best practices, lessions learned, war stories and success stories, whistleblowers, IFAC tools; –Clients, big & small: review culture, CSR, governance, audit committee, transparency; –Government: support, legislation, collaboration (donor support) –Academia: further research.

19. Lessons Learned (2) What can be done to implement QC and QA? –Step by step approach following local economy developments –Patience: the 5 year strategy (at the minimum) –Start self assessments and QA-reviews early in the process (learning) –Accept learning process of all stakeholders involved (coaching) –Liaison with government / regulator (combine competence and authority) –Joint effort (postpone naming and shaming, avoid duplication) –Share experience and /or collaborate cross border (language / size) –Train members, reviewers and trainers (ttt) in QC, QA and audit practice –Make available sufficient tools (IFAC and local; local language, IT-based) –Start easy; postpone perfection; manage expectations –Design proper (country-) business model for QA (viability) –Include assurance and related services in the reviews (learning, viability) –No one size fits all > customized solutions

20. Conclusions (1) Elements are essential for accountants/auditors in a large variety of roles and environment: –In all roles and services: Preparer, Assurance provider and Oversight; –In all environments and sectors: from PIE to SME environment; in Private Sector and Public Sector –Joint effort: Government support in PAO development facilitates donor support

21. Conclusions (2) Professional: > contribute to reliable FR Profession:> contribute to effective and efficient markets “High quality financial reporting will not create economic growth, but for creating economic growth you cannot do without it*)” *) quote Ian Ball IFAC CEO

22. Thank you for your attention..