Quality control policies and procedures in an auditing environment
To fully appreciate the need for the existence of quality control policies and procedures in an audit firm, there should focus on the assertion that auditing is a commercial activity. As such, in order to achieve the objective of (at least) maintaining the profitability of an audit firm, the audit partners need to:
From careful analysis of the above points, it is reasonable to conclude that, as a commercial organisation an audit firm should operate clearly defined quality control policies. These policies should ensure that the firm’s day to day procedures meet the needs identified above and so help to ensure the continued profitability of the firm.
Quality control policies and procedure should be considered at two levels. First, at the level of the audit firm and second at the level of individual audits.
(a) Audit firm
Policies and procedures instigated at this level should ensure that all audits are properly conducted in accordance with accepted best practice. They should include the following matters:
Whilst a detailed explanation of the points relevant to each of the above matters is outside the scope of this article, I would strongly advise students to enhance their knowledge of them by further reading. From my experience, students of auditing often have difficulty in identifying procedures relevant to the headings (i) to (vii) above, but given the importance of them, students should have this knowledge.
(b) Individual audits
It is vital that appropriate quality control procedures are applied to each audit assignment. Further, any work delegated to assistants should be directed, supervised and reviewed in a manner which provides reasonable assurance that such work is performed competently.
The direction of assistants, supervision and review are important aspects of quality control and I would recommend that students should carry out further reading to ensure they have a sound understanding of them. The aspects of direction and supervision seem to be more easily understood by students who appear to be more at ease when confronted with questions about them, as compared to questions about review of audit work. For this reason I shall not expand further on the aspects of direction and supervision.
The review of audit work forms an integral part of the audit process. Students should recognise that the term ‘review’ as applied to the work of assistants, normally describes the process whereby audit working papers are subject to a detailed check. The detailed check preferably carried out by an audit manager or partner, should seek to ensure that:
Finally, students will be aware that audit assignments are often carried out by auditors who trade as sole practitioners without any assistance. In such circumstances, arrangements should exist for their audit work to be independently reviewed by, for example, another sole practitioner. The assurances sought from such a review should be identical to those listed above.
Importance Generally Accepted Auditing Standards
The main importance of generally accepted auditing standards is that the standards are used to determine the quality of how audits are performed. They also give a set of standards that all audits should follow. The standards consist of the standards of fieldwork and standards of reporting
Definition of 'Assurance Services'
A type of professional service usually provided by CPAs. Assurance services can include review of any kind of financial document or transaction, such as a loan, contract or financial website. This review certifies the correctness and validity of the item being reviewed by the CPA.
Assurance services can come in variety of forms and are meant to provide the firm contracting the CPA with pertinant information in order to ease decision making. For example, the client could request that the CPA carefully go over all of the numbers and math that are on the client's mortgage website to ensure that all of the calculations and equations are correct.
GAAS (Generally Accepted Auditing Standards)The acronym GAAS stands for ‘Generally Accepted Auditing Standards’ and describes a set of formal and informal rules (that can be written or unwritten) acknowledged as the basis for auditors to conduct their work and have the quality of their work assessed by. These include, legislation, pronouncements from professional or standard setting bodies, legal judgements in cases involving auditors and practitioners ‘internal’ standards that are accepted practice even when no formal public pronouncements have been issued .
- Business valuation and associated services (fairness opinion, purchase price allocation, impairment testing, business modelling)
- Financial due diligence
- Internal audit
- Compliance management systems audit
- Accounting-related IT audits
- Forensic accounting
- Corporate restructuring advice
- Special advice in the field of banking finance
Five Key Trends in Internal Audit
The Chief Audit Executive (CAE) and his team of internal auditors have a clear mandate - sharpen their focus on business risk and add value by being more risk-centric. Evolved from an objective assurance and consulting activity, IA will address the growing needs of global organizations and meet the new expectations of investors and board members.
Based on our engagements with several large organizations relying on MetricStream solution for managing its audit, risk and compliance processes, five key trends we observe are:
- Evolving role of internal auditors and expanding scope of audits: Internal audit in organizations has evolved from the task of financial auditing. The traditional work of the function – operations, systems, fraud investigations, and special project audit work – has taken a back seat to the more pressing needs of regulatory compliance as well as business process optimization. A properly structured internal audit function, impacting not just regulatory compliance but also operational excellence - is being actively sought. Today, the role of an internal auditor has evolved from merely financial reporting on controls to managing risk, prioritizing goals and activities, eliminating complexity and redundancy, streamlining operations, while driving down cost and protecting and enhancing shareholder value.
- Business performance and quality assessments: Every stakeholder, management and the audit committee, relies heavily on internal audit for providing assurance and establishing trust in the organization. The answer comes in the form of performance and quality assessments—an examination of the effectiveness and efficiency of the function. Continuous performance reviews and quality assurance activities built into the job descriptions and operating routines of the department provides a window into work performed and quality of operations. Audit staff can run a check on issues like: Does a comprehensive risk assessment serve as the basis for planning and execution? Are stakeholders’ needs met in a timely fashion?
- Organizational structure for accountability and transparency: Today’s environment calls for greater collaboration and strong relationship between the auditor and the auditee at all levels. The trend therefore is moving towards developing a structure that facilitates healthy environment. This will encourage free flow of information regarding any issues or concern between the auditee and the auditor. The organization has to be structured in a way that facilitates accountability i.e. not limited to only the Audit Committee.
- Shift away from SOX compliance towards risk-based auditing: Out of necessity, internal auditors have been devoting their time, energy and resources in recent years primarily to SOX compliance activities. Now, it is time for internal auditors to reevaluate its activities and sharpen its focus on stakeholder expectations and risk-based auditing. Enterprise-wide risk management and fraud are also gaining precedence. Moreover, the modern day, technology savvy companies require additional focus on risk assessment, particularly because these risks have the potential to impact organizations more rapidly. Activities relating to fraud detection and auditing IT security are also generating more responsibility for internal audit.
- Upgrading audit infrastructure and technological advancement: Large companies, specially with complex auditing requirements that span not just financial audits but also audits, assessments and inspections related to operations, quality, safety, suppliers and IT are upgrading the technology infrastructure used to carry out auditing – from risk assessments and audit universe creating and planning to audit data collection, reporting and remediation. Companies are migrating from their legacy systems, point applications and paper-based procedures to a web-based integrated audit management system. The technological advancement allows the CAE to streamline and strengthen the internal audit function enabling it to deliver more strategic value while lowering its costs of operation. Expected benefits are better enterprise-wide visibility, a transparent and collaborative environment and data-driven decision making. Solution and tools available today provide a reliable means to monitor access controls, observe the closed-loop processes and analyze important data and KRIs.
Internal Audit 2014: Emerging Trends and the Outlook AheadThe profession of internal auditing is changing, and the skills and abilities that served us well in the past may no longer be sufficient to meet the challenges of the future. The IIA’s President and CEO Richard Chambers will share insights gathered by The IIA during recent months on where the profession finds itself in 2014 and what he sees in store for the year ahead. During this session we’ll examine:
- Recent trends and emerging challenges in internal auditing resources and priorities
- The key imperatives that Chief Audit Executives must address immediately
- New strategies for aligning internal audit with stakeholder’s expectations
- Some long term considerations for internal auditors and their profession
- “Keys” to diagnosing and maintaining continuous alignment with stakeholder expectations