Back

Appendix B (i)

IFAC ISA 220 (Revised), “Quality Control for Audits of Historical Financial Information”

The material in this Annex is excerpted from the International Federation of Accountants (IFAC) ISA 220 (Revised), “Quality Control for Audits of Historical Financial Information”. It includes the basic principles and essential procedures set forth in ISA 220, without the detailed explanatory material presented in that document. It has been further adapted to the environment of an SAI by substituting public sector terminology in lieu of private sector equivalents where it was believed that this would facilitate understanding. The Standard also provides guidance that can be helpful in the performance of other types of audits.

Public Sector Perspective

1.    Some of the terms used in this ISA such as “engagement partner” and “firm” should be read as referring to their public sector equivalents, i.e. audit team leader or audit director and SAI (Supreme Audit Institution). However, with limited exceptions, there is no public sector equivalent to “listed entities”.

2.    This ISQC states that the firm (SAI)’s policies and procedures are designed to maintain the objectivity of the audit quality control reviewer. The audit quality control reviewer may not be selected by the audit team leader or audit director. In many jurisdictions, there is a single statutorily appointed auditor-general (in audit office SAI models) who has overall responsibility for public sector audits. In other jurisdictions, such as Courts of Audit, overall responsibility may rest on a collegiate basis. In both circumstances, the audit reviewer should be selected having regard to the need for independence and objectivity.

3.    In the public sector, auditors may be appointed in accordance with statutory procedures. Accordingly, certain of the considerations regarding the acceptance and continuance of client relationships and specific engagements, as set out in this ISA, may not be relevant.

4.    Similarly, the independence of public sector auditors may be protected by statutory measures. However, public sector auditors or audit firms carrying out public sector audits on behalf of the statutory auditor may, depending on the terms of the mandate in a particular jurisdiction, need to adapt their approach in order to ensure compliance with the spirit of this ISA. This may include, where the public sector auditor’s mandate does not permit withdrawal from the engagement, disclosure through a public report, of circumstances that have arisen that would, if they were in the private sector, lead the auditor to withdraw.

5.    The capabilities and competence expected of the engagement team are set out in this ISA. Additional capabilities may be required in public sector audits, dependent upon the terms of the mandate in a particular jurisdiction. Such additional competencies may include an understanding of the applicable reporting arrangements, including reporting to a representative body, for example, the, House of Representatives, Legislature or in the public interest. The wider scope of a public sector audit may include, for example, some aspects of performance auditing or a comprehensive assessment of the arrangements for ensuring legality and preventing and detecting fraud and corruption.

Introduction

• The audit team should implement quality control procedures that are applicable to the individual audit.

Leadership and Responsibilities for Quality on Audits

• The audit team leader or audit director should be responsible on behalf of the SAI for the overall quality on each audit to which he/she is assigned.

Ethical Requirements

• The audit team leader or audit director should consider whether members of the team have complied with ethical requirements.
• Such an understanding should be documented. Where unresolved issues are identified, these should be communicated to relevant SAI personnel and resolved as appropriate.

Independence

• The audit team leader or audit director should form a conclusion on compliance with independence requirements applicable to the audit. In doing so, he/she should:

1. Obtain relevant information regarding the audit, including the scope of the audit or other activity to evaluate whether there are potential threats to independence;
2. Evaluate information regarding identified breaches, if any, of the SAI’s independence policies and procedures that represent a threat to independence for the SAI and the audit and that needs to be addressed;
3. Take appropriate action to eliminate such threats or reduce them to an acceptable level by the application of safeguards, or if not possible, to withdraw from the audit or other activity;
4. Document conclusions on independence and any relevant discussions with the SAI leadership that support these conclusions.

Acceptance and Continuance of Audit and other Relationships and Specific Audits

• The audit team leader or audit director should be satisfied that appropriate procedures regarding the acceptance and continuance of relationships with auditees and specific audits have been followed, and that conclusions reached in this regard have been documented.
• Where the audit team leader or audit director obtains information that would have caused the SAI to decline the audit if that information had been available earlier, the audit team leader or audit director should communicate promptly to the SAI so that necessary appropriate action may be taken.

Assignment of Audit Teams

• The audit team leader or audit director should be satisfied that audit team collectively has the appropriate capabilities, competence and time to perform the audit in accordance with professional standards and applicable regulatory and legal requirements, and to enable the issuance of an auditor’s report that is appropriate in the circumstances.

Audit Performance

• The audit team leader or audit director should take responsibility for the direction, supervision and performance of the audit in compliance with professional standards and regulatory and legal requirements, and for the auditor’s report that is issued to be appropriate in the circumstances.
• Before an SAI issues an audit report, the audit team leader or audit director should review the working papers in order to be satisfied that they demonstrate that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued.

Consultation

• The audit team leader or audit director should:

1. Be responsible for the audit undertaking appropriate consultation on difficult or contentious matters;
2. Be satisfied that members of the audit team have undertaken appropriate consultation during the course of the audit, both within the audit team and between the audit team and others at the appropriate level within or outside the SAI;
3. Be satisfied that the nature and scope of, and conclusions resulting from, such consultations are documented and agreed with the party consulted; and
4. Determine that conclusions resulting from consultations have been implemented.

Differences of Opinion

• Where differences of opinion arise within the audit team, with those consulted and, where applicable, between the audit team leader or audit director and the audit quality control reviewer, the audit team should follow the SAI’s policies and procedures for dealing with and resolving differences of opinion

Audit Quality Control Review

• For audits where the SAI requires that an audit quality control review be performed for an audit, the responsible SAI official should:

1. Determine that an audit quality control reviewer has been appointed;
2. Discuss significant matters arising during the audit, including those identified during the audit quality control review, with the audit quality control reviewer; and
3. Not issue the auditor’s report until the completion of the audit quality control review.

• An audit quality control review should include an objective evaluation of:

1. The significant judgments made by the audit team; and
2. The conclusions reached in formulating the auditor’s opinion and report.

Monitoring

• The SAI should establish policies and procedures designed to provide it with reasonable assurance that the policies and procedures relating to the system of quality control are relevant, adequate, operating effectively and complied with in practice. The audit team leader or audit director considers the results of the monitoring process as evidenced in the latest information circulated by the SAI’s leadership.