Taking responsibility for quality on the engagement – Partner or EQR

With the implementation of quality management systems to comply with ISQM, audit firms are compelled to be aware of threats to the ability of engagement teams to issue appropriate audit reports, and threats to the system of quality management to ensure that the firm as a whole does not issue inappropriate audit reports.

When an engagement partner is nervous about a new industry, a very large client, or a complex audit, as examples, this would be seen as a threat.

Typically, these threats require immediate attention, and engagement monitoring reviews will address the threat too late, i.e. after the audit report has been signed. A more suitable, and relevant safeguard, when these threats exist, is when an engagement quality reviewer (EQR) is engaged to ensure that matters significant to the audit are appropriately addressed.

The EQR review does not take away any responsibility from the engagement partner to ensure that audit procedures are compliant with standards, but, due to their expertise and experience in audit, deficiencies in documented procedures can be pointed out while the audit is in progress.

With the increased regulation and scrutiny that auditors are subjected to, the EQR sometimes comes under fire from engagement partners and regulators alike, where a deficiency in documented audit procedures is identified. On the surface, this seems like a reasonable inference to make, but there are factors that influence the reliance that may be placed on the EQR.

• The EQR needs to be qualified, skilled, and experienced for the specific engagement.
• The EQR needs to obtain sufficient knowledge of the auditee, from documentation on the engagement file, and discussions with the engagement team.
• The definition of the scope of the review should include significant matters identified beforehand, and during the audit by the engagement partner.
• The engagement partner and engagement team need to be qualified, skilled, and experienced for the specific engagement.
• Documentation in significant areas needs to include proper detail for an independent auditor to re-perform the audit; therefore, it should include information from other sections, which is considered when drawing conclusions, or determining audit procedures.
• Risk assessments for significant matters should include all relevant assertions.
• Some findings raised are incidental to the review, and not seen as significant, while issues in other parts of the same section are not identified by the EQR.
• Compiled financial statements are not available at the commencement of the review, in order to address procedures on disclosures.
• Unreasonable requirements are made to review working papers urgently at the last minute.

Therefore it is clear that the EQR can only review according to information available at their disposal, which enables them to determine incomplete documentation. The engagement partner has to have certain documentation in place for the review to be effective, including:

• Evaluation of audit team, EQR and assistants
• Engagement letter for EQR, detailing the scope of the review, and timelines.
• Detailed documentation on knowledge of the client
• Compiled financial statements
• EQR attendance at planning and kick-off meetings
• Risk assessment and audit approach
• Working papers available for review at least a week before feedback is expected, unless arranged beforehand
• Findings resolved and discussed with the EQR a few days before the intended signing date.

The EQR should keep housekeeping and incidental findings out of the formal EQR reporting and discussion documentation.

The EQR is required to walk away from the review, should their scope be limited, which can easily happen in a badly planned audit and EQR. Therefore take heed of the responsibilities of the engagement partner and make sure an efficient EQR occurs.