Mandatory Compliance with auditing and quality control standards

Mandatory Compliance with auditing and quality control standards

Mandatory Compliance with auditing and quality control standards, particularly those issued by the Institute of Chartered Accountants of India (ICAI), i.e SQC 1 (Standard on Quality Control)- Standards on Auditing (SAs) like SA 210, SA 300, SA 315, SA 320, SA 330, SA 240, SA 530, SA 570, etc.

Role of SQC 1 in Peer Review

SQC 1 forms the benchmark against which a firm's quality control systems are evaluated during a peer review. The Peer Reviewer assesses the extent to which the firm complies with the elements outlined in SQC 1. Key Components Reviewed under SQC 1 (Also relevant for Peer Review)

SQC 1 outlines six essential elements of a quality control system:

1. Leadership Responsibilities : Ensuring a quality-oriented culture through tone at the top and leadership commitment.
2. Ethical Requirements (including Independence) : Adherence to integrity, objectivity, professional competence, confidentiality, and independence standards.
3. Acceptance and Continuance of Client Relationships and Engagements : Procedures to accept/continue engagements with integrity, competence, and compliance.
4. Human Resources : Ensuring availability of competent personnel, training, and ethical commitment.
5. Engagement Performance : Consistent quality in engagements through supervision, consultation, documentation, and review.
6. Monitoring : Ongoing assessment of the firm’s system of quality control, including periodic file inspection.

Peer Reviewer’s Focus Areas in Line with SQC 1 :

During a peer review, the reviewer evaluates whether:

• The firm has documented policies for each of the six elements.
• These policies are actually implemented and followed.
• Engagement documentation is adequate and retained for at least 7 years as mandated.
• The firm follows required procedures for independence declarations, EQCR (Engagement Quality Control Review), and file completion timelines.
• There is a mechanism for addressing complaints and allegations, and whether monitoring reports lead to corrective actions.

Action for Firms Preparing for Peer Review :

To be ready for peer review, a firm must:

• Document and implement quality control policies as per SQC 1.
• Train staff and assign engagement responsibilities accordingly.
• Ensure engagement files are complete, reviewed, and retained properly.
• Regularly monitor quality and act upon deficiencies.

key findings of compliance with mandatory auditing and quality control standards :

SA 200 – Overall Objectives of the Independent Auditor

• Confirm audit is conducted as per applicable SAs.
• Ensure professional judgment and skepticism were exercised throughout.

SA 210 – Agreeing the Terms of Audit Engagements : Review engagement letter for:

• Defined scope and responsibilities.
• Reasonableness of fees quoted.

SA 220 – Quality Control for an Audit : Evaluate quality control at firm and engagement level:

• Leadership responsibility for quality.
• Ethical compliance.
• Client acceptance & continuance.
• Monitoring of engagement performance.

SA 230 – Audit Documentation : Working papers should:

• Reflect technical, professional, ethical compliance.
• Be maintained per SQC 1 & SA 230 timelines.
• Support sufficient appropriate audit evidence.
• Permanent files Should be relevant and regularly updated and Review procedures used by Practice Unit.

Records to be Maintained by the Practice Unit (PU) : PUs must maintain records in line with SA 230 – “Audit Documentation”, including:

• Mandatory Records (as per SA 230): As per SA 230, mandatory records include documentation for Permanent audit file: e.g., legal documents, MOA/AOA, organization chart. Current audit file: e.g., audit plan, evidence obtained, conclusions, checklists.

• Recommendatory Records (good practice but not compulsory)

Mandatory Records under SA 230

Mandatory records a PU must maintain : These include:

• Permanent Audit File, containing: Organizational details, engagement letters, legal documents, etc.
• Current Audit File, containing: Audit programs, evidence, correspondence, working papers, conclusions, etc.

Minimum Recommendatory Records for PU :

PUs may maintain records such as:

1. PU Profile, with details about:
   • Partners and firm constitution
   • Staff (including qualified professionals)
   • Articled clerks
2. List of Clients
3. Staff Files
4. Manual of Policies and Procedures, covering:
   • Engagement acceptance and client communication
   • Assessment of skills and competence
   • Assignment of authority and responsibilities
   • Consultation procedures
   • Client retention policies
   • Monitoring guidelines
   • Supervision and direction of engagements

Importance of Documentation in Audit : Per SA 200 – Basic Principles Governing an Audit:

• Documentation is essential for providing evidence of compliance with auditing standards. It includes:
  • Audit plans
  • Nature, timing, and extent of audit procedures
  • Conclusions drawn from evidence
• Serves as defense against allegations of negligence
• Ensures accountability and quality of audit work.
• Documentation:
  • Substantiates audit evidence and auditor’s opinion.
  • Is essential to demonstrate compliance with basic principles (SA 200).
  • Is the primary defense for the auditor if work is questioned.
  • Must include audit plan, nature/timing/extent of procedures, and conclusions.

Documentation is considered adequate: Adequate documentation should:

• Be complete, logical, and understandable.
• Include: client name, file number, period, subject, reference, initials, date.
• Cover:
  • Significant matters requiring judgment.
  • Basis for the audit opinion.
  • Evidence that SA 230 and other SAs have been followed.

Minimum recommendatory records a PU may maintain : Recommended records include:

• PU Profile, including:
  • Partners, constitution.
  • Staff (qualified CAs, professionals, articled clerks).
  • Regular updates.
• Client List.
• Staff Files.
• Manual of Policies and Procedures, covering:
  • Engagement acceptance and authorization.
  • Competence for various engagements.
  • Assignment delegation, consultation procedures.
  • Client retention policy.
  • Monitoring and supervision guidelines.

Summary Table- Documentation in Audit

SA 240 – Auditor’s Responsibilities Relating to Fraud : Check:

• Inquiries with management/governance on fraud.
• Evaluation of unusual analytics.
• Response to inconsistent replies from management.

SA 250 – Consideration of Laws and Regulations : Check written representations from management/governance Disclosure of all known or suspected non-compliance with laws and regulations.

SA 260 – Communication with Those Charged with Governance : Verify communication of:

• Significant audit findings.
• Timing, form, and content of communications.

SA 265 – Communicating Internal Control Deficiencies : Verify:

• Written and timely communication of significant internal control deficiencies.

SA 300 – Planning an Audit : Verify:

• Audit strategy and plan covering scope, timing, direction.
• Documentation of:
  • Audit strategy
  • Audit plan
  • Changes and reasons for changes during engagement.

SA 315 – Identifying and Assessing Risks of Material Misstatement : Ensure auditor understood:

• Industry, regulations, financial framework.
• Entity operations, ownership, governance.
• Objectives, strategies, and related risks.
• Financial performance measures and review methods.

SA 320 – Materiality : Verify documentation of:

• Materiality for F/S as a whole.
• Specific materiality for transactions or disclosures.
• Performance materiality.
• Revisions made during the audit.

SA 330 – Auditor’s Response to Risks: Review:

• Design and performance of audit procedures per risk assessed.
• Tests of controls.
• Documentation of:
  • Overall responses and procedures.
  • Linkage to assertion-level risks.
  • Results and conclusions.

SA 450 – Evaluation of Misstatements :  Confirm:

• Accumulation and timely communication of all but trivial misstatements.
• Documentation of:
  • Triviality threshold.
  • List of misstatements and corrections.
  • Conclusion on materiality of uncorrected misstatements.

SA 500 – Audit Evidence : Review:

• Sufficiency and appropriateness of audit evidence.
• Sampling methods and evidence supporting audit conclusions.

SA 501 – Specific Considerations

• Ensure evidence obtained for:
  • Inventory – existence and condition.
  • Litigations/Claims – completeness.
  • Segment Information – presentation/disclosure as per framework.

SA 505 – External Confirmations

• Verify if external confirmations are used as audit evidence.
• Identify if further audit evidence was obtained when response reliability was doubtful.
• Check for alternative procedures when there was no response to confirmation requests.

SA 510 – Initial Audit Engagements – Opening Balances

• Ensure prior year’s audited financials and audit report were obtained.
• Verify if the materiality of opening balances was assessed in the context of current financials.

SA 520 – Analytical Procedures

• Check if the suitability of analytical procedures was assessed based on risks.
• Verify if data reliability was evaluated (source, comparability, controls).
• Confirm if an expectation was developed and evaluated for sufficiency.
• Ensure that an acceptable difference amount between recorded and expected values was determined.

SA 530 – Audit Sampling

• Check if the purpose and population characteristics were considered in sample design.
• Verify if sample size was adequate

SA 700 – Forming an Opinion and Reporting on Financial Statements

• Verify: Whether the financial statements are prepared in accordance with the applicable financial reporting framework.
• Review: All required contents are included in the auditor’s report.
• Verify: If Key Audit Matters (KAM) are communicated as per SA 701 (in case of listed entities).

SA 705 – Modifications to the Opinion

• Verify: Whether a modified opinion is issued when:
  • a) Financial statements have material misstatements, or
  • b) Auditor is unable to obtain sufficient audit evidence.

SA 706 – Emphasis of Matter and Other Matter Paragraphs

• Check: If the auditor has communicated with those charged with governance about the inclusion and wording of Emphasis of Matter or Other Matter paragraphs.

SA 710 – Comparative Information

• Review: Whether the comparative information is consistent with the prior period’s disclosures.
• Check: Consistency of accounting policies or appropriate disclosure of any changes.

SA 720 – Other Information in Documents

• Review: If the auditor has made arrangements to obtain other information before the auditor’s report date.
• Identify: Any material inconsistency and whether it requires revision of the financial statements or other information.

SA 800 – Special Purpose Frameworks

• Identify:
  • a) Purpose of the financial statements
  • b) Intended users
  • c) Management's assessment of the acceptability of the framework

SA 805 – Single Financial Statements / Specific Elements

• Review: Whether the auditor complied with all relevant SAs during the audit.

SA 810 – Summary Financial Statements

• Review:
  • a) Acceptability of applied criteria
  • b) Agreement from management on its responsibilities
  • c) Agreement on the form of opinion
• Evaluate:
  • Adequate disclosure of summarised nature
  • Clear identification of audited financial statements
  • Proper disclosure of applied criteria

Implication of Non Compliance of mandatory Compliance with auditing & quality control standards

• Absence of Quality Control Policies – SQC 1 : Issue: No documented quality control policies; rudimentary practices. Implication: Indicates a systemic failure in ensuring audit quality, especially in ethical requirements and client acceptance.
• Independence Not Evidenced : Issue: No evidence that independence policies were followed or applied at the engagement level. Implication: Breach of Code of Ethics; may impair auditor’s independence and objectivity.
• Absence of Engagement Letters – SA 210 : Issue: Engagement letters not obtained. Implication: No formal agreement with the client; increased risk of misunderstandings on scope, fees, responsibilities.
• Inadequate Staff Training & No Review Process : Issue: Staff lacks industry knowledge; no senior review.  Implication: Non-compliance with SA 220 on quality control for an audit; risks improper audit execution.
• No Standard Audit Planning or Checklists – SA 300 : Issue: No documented planning or standard audit checklists. Implication: Weak audit planning, inconsistent quality, and non-compliance with fundamental auditing principles.
• No Risk-Based Approach – SA 315, SA 330 : Issue: No planning, audit strategy, risk assessment, or documented audit responses. Implication: High audit risk; failure to detect material misstatements or fraud.
• No Evaluation of Internal Controls – SA 315 & SA 330 : Issue: No control environment evaluation or testing of internal controls. Implication: Potential misstatement risks not identified or mitigated; undermines audit reliability.
• Non-Compliance with SA 240 – Fraud Responsibility : Issue: No procedures relating to risk of fraud performed. Implication: Violates a critical audit standard; exposes auditor to liability in case of fraud.
• No Audit Sampling Methodology – SA 530 : Issue: No audit sampling plan; biased and undocumented sample selection. Implication: Ineffective audit conclusions; increased detection risk.
• Lack of Documentation for Testing  : Issue: Testing only evidenced via query sheets; no clear trail. Implication: Breach of SA 230, Audit Documentation; weakens audit defensibility and quality control.
• No Audit of Significant Estimates and Judgments  : Issue: No evidence of evaluating client estimates or judgments. Implication: Contravenes SA 540, risk of unchallenged bias or misstatements in financial reporting.
• No Going Concern Assessment – SA 570 : Issue: Severe financial distress indicators ignored; no going concern evaluation. No Going Concern Assessment is major risk; misleading opinion issued without proper assessment.

Disclaimer: The content of this post isn't considered to be professional or legal advice, We aren't responsible for any damages arising from your access to the location content & must not be relied on or used as a substitute for legal advice from a lawyer professional in your jurisdiction. CARajput is among India's big digital compliance services platform which committed to helping people have started & developed their businesses. We had started with the goal of creating it easier for start-ups to start out their business. Our main aim is to assist the businessman with applicable laws & regulations compliance and providing support at each & every level to make sure the business stays compliant and growing continuously. For any query, help or feedback you may in touch on singh@carajput.com or Call or what’s-up on 9-555-555-480