Section 220.08 states that:
…the objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that
a. the audit complies with professional standards and applicable legal and regulatory requirements and
b. the auditor's report issued is appropriate in the circumstances.
Requirements
Quality Control Standards
The engagement partner is responsible for the overall quality of the engagements to which the partner is assigned. An audit firm should establish a quality control system to provide it with reasonable assurance that its staff meets the requirements of professional standards and applicable legal and regulatory requirements and that reports are appropriate. (AC 220.03)
System of Quality Control
The nature and extent of a firm's quality control policies and procedures depend on the following five factors:
1. Firm size and the number of its offices
2. The degree of autonomy of personnel and practice offices
3. The knowledge and experience of its personnel
4. The nature and complexity of the firm's practice
5. The cost of developing and implementing quality control policies and procedures in relation to the benefits provided
When a firm establishes quality control policies and procedures, it should do the following:
1. Assign responsibilities to qualified personnel to implement quality control policies and procedures.
2. Communicate quality control policies and procedures to personnel (see below).
3. Monitor the effectiveness of the quality control system. The purpose is to determine that policies and procedures and the methods of implementing and communicating them are still appropriate.
NOTE: Flaws in, or a violation of, a firm's quality control do not necessarily indicate that an audit was not performed in accordance with GAAS.
Elements of Quality Control
When establishing its quality control policies and procedures, a firm should consider the elements of quality control:
● Leadership responsibilities for quality
● Ethical requirements
● Acceptance and continuance of clients
● Assignment of engagement terms
● Engagement performance
● Monitoring
NOTE: CPA firms or individuals that are enrolled in an AICPA-approved practice-monitoring program are obligated to adhere to quality control standards. In addition, the Principles of Professional Conduct indicate that members should practice in firms that have in place quality control procedures to provide reasonable assurance that services are competently delivered and adequately supervised. The Statements on Quality Control apply to a CPA firm's accounting, auditing, and attest practices.
Independence7
The engagement partner is responsible for the independence requirements for each audit and ensuring that these requirements are met. The engagement partner should:
● Evaluate the threats to independence,
● Evaluate any breaches, and
● Take appropriate action to eliminate or reduce threats to an appropriate level. If that cannot be done, the firm may have to withdraw from the engagement. (AU-C 220.13)
To be independent, auditors must be intellectually honest; to be recognized as independent, they must be free from any obligation to or interest in the client, its management, or its owners. For specific guidance, the auditor should look to AICPA and the state society codes of conduct and, if relevant, the requirements of the Securities and Exchange Commission (SEC).
Acceptance and Continuance of Client Relationships
The engagement partner must be satisfied that appropriate procedures regarding acceptance and continuance of clients have been performed and that appropriate conclusions were reached. (AU-C 220.14)
Policies and procedures should provide reasonable assurance that the firm will not be associated with clients whose management lacks integrity. A firm should:
● Undertake only engagements that can be completed with professional competence,
● Consider the client's integrity,
● Ensure that ethical requirements can be met, and
● Evaluate significant issues during current or previous audits and their implications for continuance.
(AU-C 220.A7)
Assignment of Engagement Teams
The engagement partner must be comfortable that the engagement team and external specialists are capable and have the appropriate competencies. (AU-C 220.16)
Direction, Supervision, and Performance
The engagement partner is responsible for the direction, supervision, and performance of the engagement with compliance with GAAS and the appropriateness of the report, performance of reviews, and that sufficient appropriate evidence has been obtained. (AU-C220.17)
The auditor with final responsibility for the audit should inform members of the engagement team about:
● Their responsibilities
● The responsibilities of the partners
● The objectives of the procedures they are to perform
● Aspects of the entity's business relevant to their assignment
● Risk-related issues
● Problems that may arise
● Details of the approach to the engagement
(AU-C 220.A12)
Supervision includes:
● Tracking the engagement progress
● Considering the competence of engagement team members
● Addressing significant findings or issues
● Identifying matters for consultation or referral to other team members
(AU-C 220.A13)
Engagement Performance
Reviewing Work
The engagement partners are responsible for the reviews following the firm's policies and procedures.
