Standard on Quality Control (SQC) 1

QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF HISTORICAL FINANCIAL INFORMATION, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS (Effective for all engagements relating to accounting periods beginning on or after April 1, 2009)

Introduction

The firm should establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards, regulatory, legal requirements, and that reports issued by the firm or engagement partner(s) are appropriate in the circumstances.

Elements of a System of Quality Control

The firm’s system of quality control should include policies and procedures on the following elements:

Leadership responsibilities for quality within the firm
Ethical requirements
Acceptance and continuance of client relationships and specific engagements
Human resources
Engagement performance
Monitoring

Policies and procedures should be documented and communicated.

Leadership Responsibilities for Quality

Policies and procedures should be designed to promote an internal culture that quality is essential in performing engagements., the firm’s highest authority should assume ultimate responsibility for the system of quality control.

Any person or persons assigned responsibility for quality control system should have sufficient and appropriate experience, ability, and the necessary authority.

Ethical Requirements

Policies and procedures to provide with reasonable assurance that all concerned comply with relevant ethical requirements.

Policies and procedures should emphasise the fundamental principles, e.g

The leadership of the firm, Education and training, Monitoring, and A process for dealing with non-compliance

Independence

Establish policies and procedures to provide with reasonable assurance that all concerned, maintain independence where required by the Code. It should enable the firm to:

Communicate its independence requirements and
Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate or reduce those threats to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement.

Such policies and procedures should require:

Personnel to provide the firm with relevant information about client engagements, the scope of services, to evaluate the overall impact on independence requirements;
Personnel to promptly notify circumstances and relationships that create a threat to independence for taking appropriate action and
Accumulate and communicate relevant information to appropriate personnel so that:

All can readily determine about satisfaction of independence requirements;
Maintain and update records relating to independence; and
Take appropriate action regarding identified threats to independence.

Provide reasonable assurance that it is notified about breaches of independence requirements, and to enable it to take appropriate actions to resolve such situations, which include:

All to promptly notify on becoming aware about the breaches of independence;
All to promptly communicate identified breaches of these policies and procedures to:
- The one who needs to address the breach; and
- Those who need to take appropriate action; and
Promptly communicate to all about the actions taken to resolve the matter;
Annually, the firm should obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel;
Setting out criteria for determining the safeguards to reduce the familiarity threat to an acceptable level over a long period of time; and
For all audits of financial statements of listed entities, requiring the rotation of the engagement partner after a specified period in compliance with the Code. Partner should be rotated after a pre-defined period, normally not more than seven years.

Acceptance and Continuance of Client Relationships and Specific Engagements

Policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide it with reasonable assurance to undertake or continue relationships and engagements only where it:

Has considered the integrity of the client
Is competent capable and has time and resources to do so; and
Can comply with the ethical requirements and it should document how the issues regarding ethical requirements were resolved.

Policies and procedures on the continuance of the engagement and the client relationship should include consideration of:

The professional and legal responsibilities that apply to the declining engagement circumstances, including whether there is a requirement to report to the person who made the appointment or, to regulatory authorities;
and
The possibility of withdrawing from the engagement or from both the engagement and the client relationship.

Human Resources

Policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles necessary to perform its engagements in accordance with professional standards and regulatory and legal requirements, and to
enable all to issue reports that are appropriate in the circumstances.

Assignment of Engagement Teams

The firm should assign responsibility for each engagement to an engagement partner. with policies and procedures requiring that:

The identity and role of the engagement partner are communicated to key members of the client’s management and those charged with governance;
The engagement partner has the appropriate capabilities, competence, authority and time to perform the role; and
The responsibilities of the engagement partner are clearly defined and communicated to that partner.

The firm should assign appropriate staff with capabilities, competence and time to perform engagements with professional standards and regulatory and legal requirements

Engagement Performance

Policies and procedures designed to provide with reasonable assurance that engagements are performed in accordance with professional standards and regulatory and legal requirements,

Consultation

Policies and procedures designed to provide with reasonable assurance that:

Appropriate consultation takes place on difficult or contentious matters;
Sufficient resources are available to enable appropriate consultation;
The nature and scope of consultations are documented;
and
Conclusions from consultations are documented and implemented.

Differences of Opinion

Policies and procedures for dealing with and resolving differences of opinion within the engagement team, with those consulted. Conclusions should be documented and implemented.

Engagement Quality Control Review

Require an engagement quality control review for all audits of financial statements of listed entities;
Set out criteria against which all other audits and reviews of historical financial information, and other assurance and related services engagements should be evaluated to determine whether an engagement quality control review should be performed; and
Require an engagement quality control review for all engagements meeting the criteria established in compliance with sub-paragraph.

Policies and procedures setting out

The nature, timing and extent of an engagement quality control review;
Criteria for the eligibility of engagement quality control reviewers; and
Documentation requirements for an engagement quality control review.

Nature, timing and extent of the Engagement Quality Control Review Criteria for the Eligibility of Engagement Quality Control Reviewers

Policies and procedures should address the appointment of engagement quality control reviewers and establish their eligibility through:

The technical qualifications, experience and authority; and
The degree to which a quality control reviewer can be consulted on the engagement without compromising the reviewer’s objectivity.

Documentation of the Engagement Quality Control Review

Policies and procedures on documentation of the engagement quality control review should require that:

The procedures quality control reviewer have been performed;
The quality control review completed before the report is issued; and
The reviewer is not aware of any unresolved matters about inappropriate conclusions.

Engagement Documentation

Completion of the Assembly of final Engagement Files

Policies and procedures for engagement teams to complete the assembly of final engagement files on a timely basis after the engagement reports have been finalised.

Confidentiality, Safe Custody, Integrity, Accessibility and Retrievability of Engagement Documentation

Policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation.

Retention of Engagement Documentation

Policies and procedures should be in place for the retention of engagement documentation for a period sufficient to meet the needs of the firm or as required by law or regulation, which should be not be shorter than 7 years from the date of report.

Ownership of Engagement Documentation

Monitoring

Policies and procedures relating to the system of quality control are relevant, adequate, operating effectively and complied with in practice. Such policies and procedures should include an ongoing consideration and evaluation of the firm’s system of quality control, including a periodic inspection of a selection of completed engagements.

Evaluate the effect of deficiencies noted as a result of the monitoring process and should determine

Instances that do not necessarily indicate that system of quality control is insufficient to provide it with reasonable assurance that it complies with professional standards and regulatory and legal requirements, and are appropriate in the circumstances; or
Systemic, repetitive or other significant deficiencies that require prompt corrective action.

The firm should communicate to relevant engagement partners and other appropriate personnel deficiencies noted as a result of the monitoring process and recommendations for appropriate remedial action.

The firm’s evaluation of each type of deficiency should result in recommendations for one or more of the following:

Taking appropriate remedial action in relation to an individual engagement or personnel;
The communication of the findings to those responsible for training and professional development;
Changes to the quality control policies and procedures; and
Disciplinary action against those who fail to comply with the policies and procedures of the firm, especially those who do so repeatedly.

Firm should determine what further action is appropriate to comply with relevant professional standards and regulatory and legal requirements including obtaining legal advice.

Annually, the firm should communicate the results of the monitoring of its quality control system to appropriate individuals within the firm, including the firm’s chief executive officer or, if appropriate, its managing partner(s) to enable them to take prompt and appropriate action necessary in accordance with their defined roles and responsibilities. Information communicated should include the following:

A description of the monitoring procedures performed.
The conclusions drawn from the monitoring procedures.
Where relevant, a description of systemic, repetitive or other significant deficiencies and of the actions taken to resolve or amend those deficiencies.

Complaints and Allegations

Policies and procedures to provide it with reasonable assurance:

Complaints and allegations that the work performed by the firm fails to comply with professional standards and regulatory and legal requirements; and
Allegations of non-compliance with the firm’s system of quality control.