Since the inception of ISQC 1, it has been a requirement that audit firms perform engagement quality reviews for appropriate engagements. These reviews are aimed at providing an objective evaluation of the significant judgments made by the engagement team and conclusions reached in formulating the report. However, do you really know when these reviews need to be performed; who can perform them and what they entail?
When an engagement quality review is required
Per ISQM 1 para. 34 (f), engagement quality reviews must be performed for:
(i) audits of financial statements of listed entities
(ii) audits or other engagements for which an engagement quality review is required by law or regulation, or
(iii) audits or other engagements for which the firm determines that an engagement quality review is an appropriate response to address one or more quality risks.
ISQC 1 para. 35 also required such a review for audits of listed entities, but then further required firms to set their own criteria against which their engagements should be evaluated to determine when a review should be performed. Many firms set quantitative thresholds or criteria for this purpose, resulting in many audits falling within the criteria, while there was a very low risk attached to these engagements when considering qualitative factors.
ISQM 1 changed this by requiring firms to consider where their quality risks lay and then, implement appropriate responses to address these quality risks. Therefore, firms now need to specifically consider the qualitative factors and quality risks attached to their engagements to determine when engagement quality reviews will be required, in response to these quality risks.
Who are eligible to perform engagement quality reviews?
Firms need to establish the eligibility of engagement quality reviewers by considering their technical competence and capabilities, including sufficient time, and the authority required. The engagement quality reviewer for an audit of financial statements is likely to be a person with sufficient and appropriate experience, and authority to act as an engagement partner on such audits.
Firms also need to consider the objectivity and independence of the engagement quality reviewer. The engagement quality reviewer should not be a member of the engagement team; make significant decisions for the engagement team; be a close or immediate family member of the engagement partner or another member of the engagement team; or have a reporting line to the engagement partner. The engagement team should not consult the reviewer excessively during the engagement to prevent compromising the reviewer’s objectivity, and the subsequent appointment of a replacement reviewer. For smaller firms, it makes practical sense to use an independent service provider to perform these reviews.
ISQM 2 stipulates an additional requirement that, if an individual served as the engagement partner, that individual needs to serve a cooling-off period of at least two years before becoming eligible to be the engagement quality reviewer on that same engagement.
ISQM 2 further indicates that the engagement quality reviewer may make use of individuals to assist with the review, if the following is adhered to: they also comply with similar eligibility requirements; the engagement quality reviewer takes overall responsibility for the performance of the review; and the engagement quality reviewer directs, supervises and reviews their work appropriately.
Engagement quality review considerations
The engagement quality reviewer should perform review procedures at appropriate intervals during the engagement to provide an appropriate basis for an objective evaluation of significant judgments made by the engagement team and the conclusions reached. This would, of course, only be possible if the engagement team made the necessary work available for review at appropriate intervals.
It is critical that the engagement partner does not sign and date the audit report before the engagement quality review is completed.
The engagement quality review procedures include the discussion of significant matters with the engagement partner, review of the financial statements, review of selected working papers relating to significant judgments made by the engagement team, and evaluation of conclusions reached and the appropriateness of the proposed audit report.
Per ISQC 1 para. 38, the engagement quality reviewer should perform additional procedures for audits of listed entities: consideration of compliance with independence requirements by the engagement team and the firm; and deliberation whether appropriate consultation took place, where appropriate, and appropriate conclusions were reached; and whether documentation reviewed for significant judgments reflects the work performed and supports the conclusions reached.
In ISQM 2 para. 25 (d) to (f), it is stated that these requirements are applicable to all audits, with the addition of evaluating the basis for the engagement partner’s determination that their involvement was sufficient and appropriate throughout the engagement, such that the engagement partner has the basis for determining whether significant judgments made, and conclusions reached are appropriate.
For an engagement quality review to fulfil its purpose and add value to the audit, it is important to appoint the right individual to perform the review and to get the timing right, in accordance with the requirements.
LEAF can assist firms with assessing engagement performance through engagement quality reviews, methodology design reviews, and training staff on the relevant requirements and procedures.
1. IAASB, ISQC 1: Quality control for firms that perform audits and reviews of financial statements, and other assurance and related services engagements
2. IAASB, ISQM 1: Quality management for firms that perform audits or reviews of financial statements, or other assurance or related services engagements
3. IAASB, ISQM 2: Engagement quality reviews.