The role of auditor has evolved over a period of time. I had a good opportunity to look at some of the audit reports going back even more than 100 years. Those were the days where the auditor used to mention that they have verified the accounts and it shows true and correct view. Just couple of sentences, at best a paragraph. Now, we have a very detailed audit report with specific paragraphs and guidelines on reporting under each paragraph, besides we also have reporting under Sec. 143(3) of Companies Act 2013 (‘Act’), CARO, reporting on internal financial control over financial reporting, and other matters, as well. The role and responsibilities of auditor has also evolved over a period of time considering changes in business, regulations, professional standards, expectations of stakeholders etc., With increase in corporate failures and public money being at risk, the responsibilities of the auditor would only be enhanced.
Standards of Auditing
Auditors have to comply with various standards issued by ICAI, which is now blessed by the Act as well. There are specific standards for auditing historical financial information, review engagements, assurance engagements, and other related services like compilation, etc., Now, these are the standards which apply to a specific engagement. Standards on Quality Control (‘SQC’) are basically like an entity level control which is not specific to any engagement but provides a framework on how certain aspects in functioning of a firm is required to be adopted, to ensure that the audit firm has a control mechanism to ensure quality of the work done.
The following article aims to provide a basic knowledge on what is SQC. In my view, SQC in few places is rule based, which requires certain actions in a specific manner and in some places more like a principal framework giving flexibility to firms to adopt it in sync with their size of operations, etc., For the sake of ease of understanding, this article divides SQC into the following:
The partner(s) should establish, by having a framework on policies and procedures; and exhibit (by practicing and continuous monitoring) as to how engagements have to be accepted, compliance with Code of Ethics, responsibility to upgrade skills of the personnel, etc., It is the responsibility of the managing partner to implement and operate SQC. The managing partner can delegate some of these policies to other partners to ensure compliance. Basically, the leadership of the firm should demonstrate compliance with various professional pronouncements. Further, it is important to for the firm to showcase how they would deal with various type of threats to their independence like self-interest, self-review, advocacy, familiarity and intimidation threats. To ensure that there is an adequate monitoring mechanism, the various policies of the firm should be written down, communicated and acknowledged by the staff for their compliance.
Apart from specific technical matters, a practicing professional comes across dilemma as, to do? Or not to do? and the answer hinges on whether it is ethical or not. The ICAI has come up with a very detailed Code of Ethics for the members to adhere to. The firm should have an internal communication system to let know the staff the ethical behavior expected from them. Say for example, a staff has a relative who is the CFO of your client. If the staff don’t disclose the relationship, it would be difficult on part of the leadership of the firm to know and would it not risk the engagement where there could be question marks on the independence of the staff who did the engagement. The Code of Ethics brings out lot of regulation relating to fees, role of engagement partner, what if a partner joins as an employee of the client or vice-versa etc., The firm has to educate their staff through formal training, obtain annual declarations (or event based) on relationship or interest within any of the clients, etc.,
Acceptance and Continuance of Client Relationships and Specific Engagements
A prospective engagement may look very lucrative from commercial standpoint, but then just hold back and do a quick due diligence of the client. How long have they been in business? Who are the KMP? What is the general reputation they have in the market or industry? In this era, some information about their dealings would be available in public domain (certain portals provide historical financial information of the entities for a small fee), review this information and then take a informed decision on whether to have the client or let them go. Similar cases could be with the ongoing engagements as well and the firm has to take crucial decisions on whether to continue the relationship with the client or call it off, considering possible developments in their business or transaction which could be questionable and could pose a danger to the firm’s reputation. Even before going to the last resort of withdrawing from the engagement, the firm needs to go through a process of communicating to those charged with governance, taking legal advice, etc., Check before you take on board a client.
The biggest asset a professional firm would have is the human resource. The staff conduct the engagement at different levels / roles. The responsibilities of each of the staff would be fixed based on their experience and skill set they possess. Right from the article assistants to members, all are required to undergo some amount of professional training to upgrade their skill set to do existing and new engagements. It is the responsibility of the leadership of the firm to ensure that they have a workforce which are adequately trained and experienced to handle assignments. Members, of course, are expected to have minimum number of training mandatorily (CPE). It is essential that the firm has a formal plan to train the non-qualified / article assistants as well.
The most important aspect of SQC. This segment requires firm to document the execution of the engagement from the planning stage to the reporting stage. Policies and procedures on how the engagement partner ensures compliance with regulatory / professional requirements is the crux of this segment. What sort of documentation is available for review by any external reviewer to conclude that the engagement was performed within the framework of standards / guidelines? What was the role of the engagement partner and the review process? What policies does the firm have in place to ensure confidentiality, safe custody, integrity, accessibility and retrievability of the documents (could be in IT or non-IT environment). Importantly, there is a role for Quality Partner (QP) apart from the engagement partner (EP). QP should review the work of EP and engagement team (ET). The QP role is to ensure that the ET has performed the engagement without any material non-compliances or deviations. There is lot of emphasis placed on the role of QP, the documentation of internal discussions and consultations, what are the areas where QP should review and affirm compliance etc., QC should be done before the audit report is released and would be advisable to be done alongside the audit, where possible. This gives the ET a chance to have review by a QP, who has not participated in the assignment, and confirm adherence to the standards. NFRA in it’s recent reports has commented on the inadequacy of the role of QP in it’s review. Would encourage readers to visit the NFRA website and read the report.
In continuation with the previous segments, there is an obligation by the leadership of the firm to ensure that they continuously monitor the compliance and adherence to standards and the firm’s policies and procedures. The firm should have an internal mechanism to address any deviations or non-compliance, including having a mechanism to address the complaints and allegations against an EP/ ET / QP itself. Peer review is an excellent mechanism wherein the firm can get review of their operations by an external fellow professional who is unbiased, independent and objective.
As said earlier, SQC gives a framework on how quality control within a firm needs to be established. It is for each individual firm to adopt their own policies and procedures to ensure compliance with SQC requirements.
It is our duty to raise up to the occasion and exhibit the quality of the engagement we perform. We allhave to work together to send an assuring message to the stakeholders.
The author Aditya Kumar S is a qualified Chartered accountant with 20+ years of experience in his field. He carries immense knowledge in his areas of expertise and interest, namely statutory audit, internal audit and SOX audit gained through numerous and varied client assignments he has dealt with.
Tags :auditprofessional resource