Firms working in the regulated area of audit are required to comply with the Audit Regulations and Guidance.
Abbreviations used in these regulations.
|ICAEW||The Institute of Chartered Accountants in England and Wales|
|ICAI||The Institute of Chartered Accountants in Ireland|
|ICAS||The Institute of Chartered Accountants of Scotland|
|APB||Auditing Practices Board|
|ACCA||Association of Chartered Certified Accountants|
|CPD||Continuing professional development|
|ISA||International Standards on Auditing (UK and Ireland)|
|ISQC1||International Standard on Quality Control (UK and Ireland) 1|
|PII||Professional indemnity insurance|
|RSB||Recognised Supervisory Body|
Changes to the audit regulations
The Audit Regulations were first issued in 1991, revised in 1995 and this is the second major revision. The following gives a brief outline of the contents of each chapter.
Chapter 1 - General
This chapter contains interpretative, transitional regulations and details of how documents may be served on the Institute and by the Institute on firms.
Schedule - Definitions and interpretation
This section contains all the definitions used in the regulations. When used in the regulations the defined terms are shown in dashed underline.
Chapter 2 - Eligibility, application for registration, continuing obligations and cessation of registration
Chapter 2 contains key regulations on eligibility requirements. These are set out as what a sole practitioner must do, and then extra requirements are added for firms. Then there are regulations about the application process and regulations covering a registered auditor's obligations to:
Where a registered auditor has other audit firms as principals, then that firm must be represented at meetings by some one with an audit qualification.
Registered auditors who are part of a network or who have affiliates have to make details of these available to the public.
There are also regulations which deal with situations when a registered auditor cannot, for some reason, comply with the regulations. Finally there are regulations about how registration may cease and the consequences that may follow.
Chapter 3 - Conduct of audit work
This chapter deals with the conduct of audit work. It requires registered auditors to act with independence and integrity, and comply with ethical and auditing (including quality control) standards and legal requirements.
A ‘predecessor’ auditor must allow the ‘successor’ auditor access to ‘all relevant information’ connected with holding the office of auditor on a change of audit appointment and there is a requirement to keep audit working papers for at least six years.
If a registered auditor has any of its audit work undertaken by another firm, or part of a group is audited by another auditor, then the registered auditor must make arrangements concerning access to the audit working papers. There are also notification requirements when a registered auditor takes on a ‘major’ audit client and an audit appointment ceases.
Other regulations cover requirements about:
Additional guidance is given in part 2 of this booklet.
Chapter 4 – Appropriate qualifications and responsible individuals
These are key concepts in the regulations. An ‘appropriate qualification’ is the qualification (or an EEA equivalent) that is needed if individuals are to be counted towards the control percentage. A responsible individual is the holder of an appropriate qualification who has been designated to undertake audit work on the firm’s behalf. Such designation must be confirmed by the Institute that registers the firm. Schedule 1 to chapter 4 sets out the relationships between the appropriate qualification (and its EEA equivalent) and responsible individual status. Under UK company law, responsible individuals are statutory auditors in their own right but can only accept audit appointments in accordance with the rules of a Recognised Supervisory Body, which the Institutes are. There is also a regulation about how responsible individual status may cease.
Chapter 5 - Audit affiliates
A principal in a registered audit firm who is not a member of an Institute, the ACCA or a registered auditor, must become an affiliate of the Institute that registers the firm. This chapter deals with how that status is obtained, continued if an affiliate moves between two firms which are registered auditors or if a firm is taken over, or how affiliate status can end.
Chapter 6 - The committees
This chapter deals with the powers and duties of the various committees involved in audit regulation.
Chapter 7 - Regulatory action
The first part of this chapter sets out the regulatory action that can be taken against registered auditors. This includes imposing conditions or restrictions on how a firm operates and suspending or withdrawing registration. It also deals with how orders come into effect. The second part of this chapter allows ICAS and ICAI to offer regulatory penalties to registered auditors.
Chapter 8 - Representation before committees, review and appeal
This chapter sets out the ways in which a registered auditor (or an applicant for registered auditor status) can seek a review and appeal against a decision of a committee.
Chapter 9 - Disciplinary arrangements
This chapter applies disciplinary arrangements to registered auditors.
Guidance chapter 1 - Guidance on fit and proper status
The guidance in this chapter is to assist firms in deciding whether or not the firm, its principals and employees are fit and proper.
Guidance chapter 2 - Guidance on monitoring compliance with the audit regulations
This chapter is to assist firms in complying with the requirements to monitor its compliance with the audit regulations.
|1.||The Institutes are all Recognised Supervisory Bodies in the UK and Recognised Bodies in the RoI for the purposes of regulating auditors. They must have rules setting out how auditors are regulated, which this booklet contains, with guidance on how they should be followed.|
|2.||The Institutes are also Recognised Qualifying Bodies in the UK. This means that membership of an Institute, provided it is accompanied by practical audit experience, would qualify a member as the holder of an 'appropriate qualification' (see chapter 4). This in turn allows a member to apply to become a registered auditor. There are other routes to obtaining the appropriate qualification and these are set out in chapter 4.|
|3.||The objectives of the Institutes in issuing these audit regulations are to make sure that:
|4.||Registered auditors must comply with the regulations, which require them to:
|5.||Guidance is given to help firms apply the regulations. This is normal text and the regulations shown in grey frames. Where the guidance is too long to be included with the regulations, it has been put into separate guidance chapters.|
|6.||As each firm is different, no guidance can be sufficiently comprehensive to cover all firms. Firms may develop other procedures to comply with these regulations but it is compliance with the regulations that is important.|
|7.||The regulations should be read in conjunction with:
- the Institutes' Code of Ethics (including the fundamental principles);
- publications issued by the Auditing Practices Board:
- Financial Reporting Standards issued by the Accounting Standards Board;
- relevant parts of company legislation in the United Kingdom and the Republic of Ireland;
|8.||Each Institute issues a magazine which often has new material on audit-related matters. ICAEW publishes economia, ICAS publishes The CA magazine and CAI publishes Accountancy Ireland. One of these should also be read. In addition, Audit News is issued by ICAEW and ICAS and contains information for registered auditors, including changes to the regulations. CAI members should read the CARB Regulatory Bulletin.|
|9.||Schedule 1 to chapter 1 contains definitions and interpretation of these regulations which apply both to the regulations and the related guidance. A word or phrase which is defined in schedule 1 is shown with a dashed underline when used in the regulations.|
To help firms, a brief step-by-step guide follows. This is a summary, and firms need to pay particular attention to the regulations and guidance provided in this booklet. Firms should also refer to material listed in paragraphs 7 and 8 above.
|Becoming a Registered Auditor|
|Obtain an application form from one of the Institutes.||See the list of telephone numbers at the end of this introduction.|
|Make sure that the firm meets the eligibility criteria.||See regulations 2.02 and 2.03.|
|Make sure that the firm, all principals and employees are fit and proper.||See the guidance on fit and proper status (part 2, guidance chapter 1).|
|Check that the firm has adequate professional indemnity insurance (PII).||See regulation 2.02(b) and the separate PII regulations of your registering Institute.|
|Make sure that all principals and employees who will deal with audit work are competent to do so.||See regulation 3.17.|
|Are all the principals members of one of the Institutes or the ACCA or a registered auditor?||If they are not, non-members need to become audit affiliates of the registering Institute (chapter 5).|
|Fill in and return the application form with a cheque for the registration fees.|
|Remaining a Registered Auditor|
|At least once a year check that:|
||See regulation 3.06 and the guidance on fit and proper status (part 2, guidance chapter 1).|
||See regulation 3.17 and the guidance from your registering Institute on continuing professional development.|
||See regulation 3.18.|
||See regulation 3.02 and 3.03.|
||See regulation 2.02 (b).|
||See regulation 3.20 and the guidance on monitoring compliance with the audit regulations (part 2, guidance chapter 2).|
||See regulation 3.05.|
||See regulation 2.13.|
|When necessary make sure that:|
||See regulations 2.11 and 5.09.|
||See regulation 2.12.|
||See regulations 3.02, 3.05 and 3.20.|
||See regulations 3.03 and 3.05.|
||See guidance under regulation 3.08.|
||See regulation 3.15;|
||See regulation 4.01, 4.02 and 4.05|
While registered auditors must comply with the regulations and the related pronouncements and guidelines, help and advice is available. The Institutes and other organisations (such as training consortia) can offer advice and give practical help.
Institute of Chartered Accountants in England and Wales:
Professional Conduct Department (Audit Regulation):
Institute of Chartered Accountants of Scotland:
Professional Authorisation Department:
Technical enquiries +44 (0)131 347 0241
Ethical enquiries +44 (0)131 347 0280
Audit related courses +44 (0)131 347 0232
Audit related books and manuals +44 (0)131 347 0138
Institute of Chartered Accountants in Ireland:
If you are telephoning within the Republic of Ireland, telephone 01 6680400 for all enquiries. From the United Kingdom, use the following numbers:
Chartered Accountants Regulatory Board:
Technical enquiries 00 353 1637 7200
Ethical enquiries +44 (0)28 9023 1541
Audit related courses +44 (0)28 9032 1600
Audit related books and manuals +44 (0)28 9032 1600
Education and Training Department:
This chapter deals with the scope and interpretation of the regulations, transitional arrangements and how notifications should be made between the Institute and firms.
The regulations apply to all firms regardless of the registering Institute, unless stated otherwise.
The regulations are shown with a grey frame and guidance in light type. Where defined terms (see schedule 1) are used in the regulations they are shown in dashed underline. This does not apply to the guidance.
Guidance is provided to help registered auditors to comply with the regulations. However, each firm is different and no guidance can be sufficiently comprehensive to deal with all firms. Firms may develop their own procedures to comply with these regulations, but it is compliance with the regulations that is essential. It should be noted that in some instances, for example regulation 3.09, the guidance is prescriptive and should be followed.
A copy of any changes or amendments to these regulations will be sent to the audit compliance principal.
|1.01.||These regulations apply to firms seeking registration and to firms registered by the Institute as eligible for appointment as a registered auditor under the Act. The regulations also apply to principals and responsible individuals of the firm. In certain instances the regulations continue to apply notwithstanding that registration has ceased.|
Each Institute is a Recognised Supervisory Body under the legislation of the United Kingdom, and a Recognised Body under legislation in the Republic of Ireland. Each Institute can register auditors in each country. Unless a Registration Committee decides otherwise, this usually means that a firm registered by an Institute can carry out audits of companies incorporated in the other jurisdiction.
There are exceptions as follows.
|1.02.||These regulations are issued by authority of Council.|
|1.03.||The definitions of terms used in the regulations and the rules of interpretation are in schedule 1 to this chapter. Section headings are not part of the regulations and are for guidance only.|
|1.04.||These regulations come into force on 6 April 2008 subject to regulation 1.05. From this date the Audit Regulations (December 1995 edition, as amended) are no longer in force, subject to regulations 1.05 and 1.06.|
|1.05.||Regulations 3.09, 3.13, 3.14 and 3.16 come into effect as specified in those regulations.|
|1.06.||The liability of a principal, audit affiliate or registered auditor to regulatory or disciplinary action is to be determined in accordance with the regulations in force at the time that the matter now the subject of regulatory or disciplinary action occurred, but the regulatory or disciplinary proceedings shall be conducted in accordance with these regulations (including any subsequent amendments).|
The above means that whether or not there has been an 'offence' under these regulations is determined by the regulations in force at the time the 'offence' took place, but the process of dealing with the matter will be as set out in these regulations (together with any subsequent amendments).
|1.07.||The Audit Regulations (December 1995 edition, as amended) remain in effect and must be followed in respect of an audit of an entity incorporated in the Republic of Ireland.|
Until the EU's Statutory Audit Directive is transposed into RoI law, any firm that undertakes an audit of an entity incorporated in the Republic of Ireland must comply with the 1995 audit regulations (as amended) in respect of that audit. The effect of this is that, for example, a firm with RoI audits cannot take advantage of the new provisions in chapter 2 of these regulations regarding control of an audit firm and a corporate practice cannot undertake RoI audits. Also, audit work in respect of a RoI audit should be conducted in accordance with chapter 3 of the 1995 regulations, not chapter 3 of these regulations.
|1.08.||Any notice or document may be served on the relevant registering Institute by sending it to the appropriate address as follows:
The Institute of Chartered Accountants in England and Wales: Professional Conduct Department, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ.
The Institute of Chartered Accountants of Scotland: CA House, 21 Haymarket Yards, Edinburgh, EH12 5BH.
The Institute of Chartered Accountants in Ireland: Chartered Accountants Regulatory Board, The Linenhall, 32-38 Linenhall Street, Belfast, BT1 8BG.
or as otherwise notified to firms.
|1.09.||Any notice, decision, order or other document which needs to be served on a firm or other person under these regulations will be delivered by hand, or sent by fax or post:
Guidance is provided to help with the application of the regulations. It is distinguished from the regulations by being in light type. In a few cases there is too much guidance to include it with the regulations and so it is included in a separate section after the regulations and cross-referenced.
The guidance is merely that. It is impractical to provide guidance for every situation that may arise and the regulations may be complied with in different but equally valid ways. However, registered auditors must always comply with the regulations, which take precedence over the guidance.
If a term has more than one meaning defined, the one to use will depend on the country of the registering Institute, or the country of the client being audited as appropriate.
|ICAEW||The Institute of Chartered Accountants in England and Wales|
|ICAI||The Institute of Chartered Accountants in Ireland|
|ICAS||The Institute of Chartered Accountants of Scotland|
In the regulations the following words have the following meanings.
Words and expressions have the meanings given by the Act and the Interpretation Act 1978 unless defined in these regulations. The definitions in these regulations take precedence.
In these regulations words importing the singular number include the plural number and vice versa. Words importing the masculine gender include the feminine. Headings do not affect the interpretation of these regulations. These regulations will be governed by, and interpreted according to, the law of the country of the registering Institute.
Any references to legislation, regulations, bye-laws, rules, standards or other documents, will apply to any re-enactment, re-issue or amendment.
This chapter sets out the eligibility criteria for becoming a registered auditor and how to make an application. It then sets out the continuing obligations once registered and how registration can end. Chapter 4 has the regulations concerning responsible individuals and chapter 5 has the regulations covering audit affiliates.
While there is no requirement in the regulations for a firm's notepaper to carry a legend stating that it is a registered or statutory auditor, the EU's Services Directive, as enacted into UK law, requires such a disclosure to clients and potential clients, together with the name of the member state that the registration is for. A firm is also required to give the name of the register that its details are contained on, with a reference so that the entry can be found. This information can be supplied on a firm's website, as a note on a firm's letterhead or in documents available to the client or potential client.
A suggested wording for disclosure of the registering Institute is:
For the disclosure about the audit register, a suggested wording is:
In addition a firm may describe itself as a firm of registered or statutory auditors.
|2.01.||No Institute member or firm may accept an audit appointment unless registered by a Recognised Supervisory Body.|
Under the EU's statutory audit directive and company law, responsible individuals (see chapter 4) are statutory auditors in their own right. However, statutory auditors can only accept appointment as auditors in accordance with the rules of a RSB, such as the Institutes. The Institutes, as supervisory bodies, have responsibilities under the Act to monitor the work of responsible individuals and auditors they register and to ensure that auditors are complying with legal requirements and the requirements of these Regulations. Thus an individual, even if a responsible individual in accordance with chapter 4, cannot accept audit appointments unless also a registered auditor under these regulations, or the regulations of another recognised supervisory body.
A key purpose of the Act is to make sure that only those appropriately qualified are appointed as statutory auditors. Therefore, under the Act, the Institute, as a Recognised Supervisory Body, must have rules governing the control of registered auditors. For a sole practitioner this is achieved by regulation 2.02 which only allows registration if the practitioner holds an appropriate qualification. Additional conditions for firms that are not sole practitioners are set out in regulation 2.03.
The Act distinguishes between those individuals who are responsible for the audit work on behalf of a firm and those who control the firm. Those who are responsible for the audit work must hold the 'appropriate qualification' (as well as meeting other requirements, see chapter 4). Those who control the firm may be drawn from a wider group. As well as holders of the appropriate qualification they can be other registered auditors, those who hold the equivalent of an appropriate qualification from another EEA state or who are the equivalent of a registered auditor from another EEA member state. This group must hold a majority of the voting rights, or such rights as allow them to direct the firm's overall policy or amend its constitution.
To be eligible for registration a firm must:
|2.02.||The Registration Committee may register a firm only if the committee is satisfied that:
Regulation 2.02 sets out the conditions which a firm must satisfy to become a registered auditor. The firm either meets the conditions of sub-paragraphs (a) to (f) or it does not. Although the concept of 'fit and proper' in section (a) is difficult to define, this is the most important condition. Guidance on fit and proper status is in chapter 1 of the guidance section.
If a firm knows about any matter which affects whether it is fit and proper, even if it is nothing to do with audit work, the firm must, in confidence, notify the Registration Committee. The committee will not automatically reject the application for registration but will consider the matter further.
Clearly, to be fit and proper, a firm should be complying with the fundamental ethical principles. These are contained in the Code of Ethics. The following is a summary.
To assess the competence of the firm to do regulated audit work the committee may wish to review other work of the firm. This may be other audit work done in accordance with auditing standards or work to give reports to regulators. A firm which is not working to the expected technical and professional standards might not be regarded as fit and proper.
If the committee finds out about any matters which a firm did not disclose, this will be viewed more seriously than if the firm had disclosed the information voluntarily. Voluntary disclosure also gives the firm the opportunity to inform the committee about any action it has taken to correct the problem.
|2.03.||The additional requirements for a firm which is not a sole practice are:
Any principal who is not a member of an Institute or the ACCA or a registered auditor must become an audit affiliate of the registering Institute. This is dealt with in chapter 5.
If all principals and/or shareholders have equal voting rights, at least a majority of the principals/shareholders must hold an appropriate qualification, or be EEA qualified auditors, registered auditors or EEA audit firms. However, if voting rights are not held equally then at least a majority must be held by a combination of individuals who hold an appropriate qualification, EEA qualified auditors, registered auditors or EEA audit firms.
If the firm's policies are set and implemented by a management board, then a majority of the voting rights in that board must be held by a combination of individuals who hold an appropriate qualification, EEA qualified auditors, registered auditors or EEA audit firms.
In assessing whether a partnership or limited liability partnership is eligible to be registered, the following points should be considered.
A firm may also be controlled by individuals who hold an appropriate qualification, EEA qualified auditors, registered auditors or EEA audit firms who have such rights under the firm's constitution as enable them to direct its overall policy or alter its constitution.
For investment business purposes, different considerations apply for affiliates. Being an affiliate in one regulated area does not automatically give that status in another.
As part of the annual return, firms are asked to reconfirm continued eligibility. If a firm temporarily fails to meet the eligibility requirements, it will not lose its registration if it receives a dispensation under regulations 2.17 - 2.20.
|2.04.||A firm that wishes to register must apply in the manner that the Registration Committee decides. The application must include the following:
To enable the committee to assess a firm's ability to do audit work as a registered auditor, it may wish to review other work that the firm has already done. This would be work involving auditing standards or expressing an opinion.
Each Institute has its own application form which firms should request from the appropriate Institute.
Regulation 2.04e derives from section 1218 of the 2006 Act.
|2.05.||The Registration Committee may:
Under regulation 2.05d, the Committee may decide that it can only properly consider a firm's application after it has more information about the firm. The Committee may decide this is best achieved by a monitoring visit to the firm.
A firm can apply for a review of a decision to reject registration or to grant it subject to restrictions or conditions. Details of the review process are in regulations 8.05 to 8.07 for firms registered with the ICAEW or the ICAI. Firms registered with the ICAS should refer to regulation 8.15.
|2.06.||A Registered Auditor must continue to meet the requirements of these regulations.|
|2.07.||Subject to regulations 2.17 to 2.20, a Registered Auditor must not continue as an auditor if it ceases to meet one or more of the eligibility requirements of regulation 2.02 or 2.03.|
The effect of regulation 2.07 is that a firm which for any reason has ceased to be eligible for registration must not continue with an audit appointment unless it obtains a dispensation in accordance with regulations 2.17-2.20.
|2.08.||A Registered Auditor must cooperate with the Institute, its staff, Committees, a monitoring unit or a disciplinary scheme.|
|2.09.||A Registered Auditor or former Registered Auditor on whom the Institute serves a notice requesting information or notice of a visit under regulation 2.23 or 6.02k (or upon whom a notice is served requesting information under the Act ) must comply with such notice within such period as the Institute may allow (or in the case of a notice served under the Act, as the notice provides).|
When the Institute serves a notice under the above regulation, the notice will specify by when the firm must deal with the matters in the notice. An Institute will always try to give reasonable time for the firm to respond but in some cases it may be necessary to set a short time for the firm to respond. A notice requiring information may also be served under the Act and the firm must supply the information according to the terms of the notice.
|2.10.||Where a Registered Auditor or an EEA audit firm is a principal or shareholder in another Registered Auditor, then its interests at meetings of principals, the management board or shareholders must be represented by an individual who is either the holder of an appropriate qualification or is an EEA auditor.|
A principal or shareholder in a registered auditor may be another registered auditor or an EEA auditor. The above regulation then requires that its interests are represented at meetings by an individual who has received audit training and is either the holder of an appropriate qualification or is an EEA auditor. It is important that decisions are taken at meetings by those who have audit experience.
|2.11.||A Registered Auditor must inform the Institute in writing as soon as practicable, but not later than ten business days after the event:
The eligibility criteria are set out in regulations 2.02 and 2.03.
If a firm temporarily loses its eligibility, the firm may not necessarily lose its registration as the Registration Committee can waive the eligibility requirements (see regulations 2.17 - 2.20). Therefore, firms should notify the Institute as soon as possible if they are planning any changes so that registration is not interrupted.
A firm should also, under regulation 2.11c, notify the Institute of any matter affecting its financial stability. This would include a principal entering into an individual voluntary arrangement, or a firm reaching a similar arrangement.
The Institute has a duty to keep the information on the public audit register up to date. To do this, firms must inform the Institute of changes. Also a firm that is a member of a network or has affiliates must also keep up to date information about the names of these other firms.
Before a registered auditor appoints a new responsible individual it must seek the approval of the Registration Committee, see chapter 4.
If a firm changes its legal status, for example from a partnership to a limited liability partnership, the new entity will need to register. The registration of the 'old' firm does not carry over. This also applies to a sole practitioner who becomes a partnership or a limited company, the audit registration does not carry over and a new application is needed from the new firm.
|2.12.||A Registered Auditor which is a member of a network must:
A network is a larger structure aimed at cooperation which a registered auditor belongs to and which is:
For the purpose of this regulation an 'affiliate' means any entity, regardless of its legal form, which is connected to a firm by means of common ownership, control or management.
Making the list available to the public would normally mean that the list is held on the firm's website or is on public display at the firm's office or is otherwise available on request.
The Institute has a duty to keep the information on the public audit register up to date. To do this, firms must inform the Institute of changes. Also a firm that is a member of a network or has affiliates must also keep up to date information about the names of these other firms.
|2.13.||A Registered Auditor must pay such registration fees (to include any costs that the Institute is required or has agreed to pay to any other person or body exercising a regulatory or supervisory role in relation to it) as the Institute determines, at the times and at the rates set by it.|
|2.14.||The first registration fee is due when a firm applies for registration. An application fee is also payable with this first fee.|
If a firm's application is not accepted, the first registration fee will be refunded.
|2.15.||The Institute may charge a Registered Auditor to which its representatives have made a second or subsequent visit as a result of an earlier visit. The Registration Committee will decide how much the fee will be.|
The Committee may decide that, following a monitoring visit to a firm, it wishes to return to check that the firm is making the necessary improvements in its audit work. A charge may be made for any such visits, although an estimate would normally be given.
|2.16.||If a Registered Auditor has not paid any fees under regulation 2.13 or regulation 2.15, within 60 days of the invoice date, the Institute may withdraw its registration.|
|2.17.||If a Registered Auditor ceases to meet one or more of the eligibility requirements of regulation 2.02 or 2.03 (where appropriate), or if it considers that it is impossible or impractical to comply with any other regulation, it must notify the Registration Committee in writing. The notification must be within ten business days of the situation arising and must say what has happened and the action which the Registered Auditor proposes to take.|
|2.18.||The Registration Committee will review the information provided under regulation 2.17. If the committee considers that the Registered Auditor is taking all practical steps and that these will remedy the position, it may grant the Registered Auditor a dispensation from the requirement to comply with any regulation.|
|2.19.||In the case of a matter relating to the additional eligibility requirements for a Registered Auditor (set out in regulation 2.03) the dispensation will not last for more than 90 days, starting from the date that the situation first arose. In any other case the period will be set by the Registration Committee.|
|2.20.||The Registration Committee will not grant a dispensation under regulation 2.18 unless the Registered Auditor can satisfy the committee that its continued registration during the dispensation period would not adversely affect an audit client or any other person.|
The period of 90 days is given by United Kingdom law and the committee cannot extend it. If the situation that gave rise to the dispensation is not put right in the time allowed, the firm's registration will end.
|2.21.||A firm will cease to be a Registered Auditor if:|
A firm may ask for a review if its registration is to be withdrawn under regulation 2.21c. Withdrawal at the firm's request, or because the firm no longer exists, cannot lead to a review.
If a firm which is no longer registered wishes to register again it can apply in the normal manner.
|2.22.||The Registration Committee may require a firm which has ceased to be registered to provide evidence that it has resigned from all audit appointments and provide details of any audit registrations it has in any other EEA member state.|
The committee may wish to satisfy itself that a firm, once de-registered, no longer has any audit clients. If the Registration Committee withdraws registration under regulation 7.03, and the firm is registered to undertake audits in another EEA member state, the Registration Committee will notify the registering body in that EEA member state.
|2.23.||If a firm is no longer a Registered Auditor:
|2.24.||The Institute's right to recover any unpaid fees or other amounts due from a firm under these regulations does not end when a firm is no longer registered.|
The effect of regulation 2.23 is that a firm cannot escape disciplinary action by de-registering. If, in the process of de-registering, the committee places a condition on a firm and that condition is broken then disciplinary action can be taken. There is a continuing obligation to deal with requests for access to audit working papers under regulation 3.09. Finally, de-registering does not remove the firm's obligation to pay outstanding fees.
The Act states that the Institute, as a Recognised Supervisory Body, must have certain rules and practices to govern the conduct of firms registered to do audit work and the way they do that work. Registered auditors must:
There are also other requirements, such as how firms should sign audit reports. Finally there is a requirement that the Institutes monitor registered auditors to ensure they are complying with these regulations. For some types of audit, this monitoring must be conducted independently of the registering Institute.
The law requires that the rules relating to the conduct of audit work have to be written by an independent body. Thus the Institutes have adopted the auditing, quality control and ethical standards of the Auditing Practices Board. The standards adopted are:
Competence, fit and proper status of principals and employees, and the ability to meet claims are matters that are usually dealt with when a firm first registers. These requirements are dealt with in chapter 2. Once registered, the Institute monitors firms to check that they continue to meet their obligations. Monitoring is by annual returns and visits to firms.
Firms must make sure that they continue to meet the requirements of the audit regulations. For most firms this means having procedures for doing audit work, and checks to make sure that the procedures are followed. The procedures and checks apply to individual audits (for example that audits are conducted according to auditing standards) and also to a firm's audit practice (for example that principals and employees maintain their competence to undertake audit work).
Firms of different sizes and with different types of client will adopt different procedures to comply with these regulations. However, all firms will be aiming to provide a high-quality and cost-effective service which complies with the regulations.
Firms usually have professional indemnity insurance to meet claims against them. However, another aspect of this is the use of appropriate procedures, including review procedures, to reduce the possibility of a matter occurring that could give rise to a claim.
The following regulations, and associated guidance, deal with matters that relate to firms' audit work.
|3.01.||A Registered Auditor must not accept an appointment or continue as an auditor if the firm has any interest likely to conflict with the proper conduct of the audit.|
|3.02.||A Registered Auditor must act in accordance with the fundamental principles set out in the Code of Ethics issued by Council and the ethical standards.|
|3.03.||A Registered Auditor must consider its independence and ability to perform the audit properly and record this before it accepts appointment or reappointment as auditor.|
|3.04.||A Registered Auditor must not accept or continue an audit appointment of an entity where:
The above regulation prevents a firm auditing any entity where that entity has some form of shareholder interest in the firm, is a principal in the firm, or can exert influence over the registered auditor. It also prevents a firm auditing an entity where the firm is either a principal or shareholder in the client, or can exert influence over the entity.
The extent of influence is not defined but firms should consider whether an informed third party would consider that influence could exist, even if not being exercised. For the avoidance of doubt, the forms that such influence can take do not include any influence that arises as a result of the auditor's normal relationship with the entity.
Registered auditors are also reminded that the ethical standards and in particular ISQC1 includes material about situations where a firm should consider accepting or continuing an audit appointment.
Schedule 1 sets out the above regulation in the form of a diagram.
The main considerations which should be followed are contained in the Code of Ethics. This is included in ICAEW's regulations, standards and guidance, the ICAI's Members' Handbook and in the Council Statements of the ICAS. This in turn requires firms to follow the Auditing Practices Board's ethical standards. Firms should refer to these documents for a fuller discussion of the matters that can threaten a registered auditor's independence.
Contracts of employment (with employees, sub-contactors or consultants) may include the requirement to comply with regulation 3.02. If such contracts are not used, for example in the case of principals, a separate statement or appropriate clause in a partnership agreement is advisable.
As well as material on independence, other relevant statements (for example on conflicts of interest) are contained in ICAEW's regulations, standards and guidance, the ICAI's Members' Handbook and in the Council Statements of the ICAS.
|3.05.||A Registered Auditor must always conduct audit work properly and with integrity.|
Integrity means more than just honesty. It includes fair dealing, truthfulness and the desire to follow and maintain high standards of professional practice.
|3.06.||A Registered Auditor must make arrangements so that each principal and anyone the firm employs to do audit work or permits to be involved in its audit work is, and continues to be, a fit and proper person.|
Guidance chapter 1 suggests how to assess the fit and proper status of principals and employees, as required by regulation 3.06. There are also sample checklists that firms may find useful in making their assessments. This regulation also applies to sub-contractors and consultants who may assist with audit work. They must satisfy the same requirements as anyone employed directly by the registered auditor.
It is recommended that every principal, employee, sub-contractor and consultant should confirm their fit and proper status every year. This only applies to those, including principals, who deal with audit work. But it may be easier for firms to apply these procedures to all employees, instead of making distinctions that may be a little artificial. In any case individuals must be encouraged to notify the audit compliance principal of any event that affects their fit and proper status as soon as it occurs.
When a registered auditor sub-contracts work to another firm or an individual, whether registered or not, there should be a formal engagement letter or contract. This should make clear who is responsible for the different parts of the accountancy and audit work. A sub-contractor should be treated as an employee for the purposes of the work.
Some of the auditing standards deal with procedures for auditors who use the work of others in connection with the audit. These are:
|3.07.||A Registered Auditor must make arrangements to prevent anyone who is not a responsible individual in the firm from having any influence which would be likely to affect the independence or integrity of the audit.|
Regulation 3.07 is particularly important for mixed practices or associated firms whose principals are not responsible individuals, whatever their qualification. The regulation does not prevent such people from taking part in audit work. However, responsibility for the overall direction of the audit, its supervision, performance and reaching a conclusion that sufficient and appropriate audit evidence has been obtained prior to signing the audit report must always be in the hands of responsible individuals.
Where a registered auditor uses, for the purposes of its own audit work (not being the audit of a foreign subsidiary), individuals resident in another country, it should undertake and document appropriate steps to establish, within the confines of the law of that other country, that the individuals are fit and proper, independent and competent to undertake audit work.
Each audit must be conducted in accordance with the auditing standards and the legislation under which the auditor is reporting.
|3.08.||A Registered Auditor must comply with the requirements of the 2006 Act, the RI 1990 Act and other relevant legislation.|
The requirements include:
The legislation would normally be:
This also includes statutory instruments and other regulations etc made under an act and legal instruments made by an oversight body using powers delegated under an act.
Other relevant legislation would, for example, include laws regulating banks, insurance companies, other financial service entities and so on.
Registered auditors are reminded that in certain circumstances company law requires them to notify the Institute or the oversight body if they cease to hold an audit appointment.
If a registered auditor ceases, for any reason, to act as auditor to a major audit client they are required to inform the oversight body of the reasons for the cessation at the time of cessation. In the UK, the Professional Oversight Board defines what is a 'major audit' for the purposes of these resignation statements. The current list can be viewed at www.frc-pob.org.uk.
For appointments that are not in respect of a major audit client, notification is only required if the audit appointment ceases before the normal time for the auditor's term of office to end, as set out in law. Notification is to the Institute of the reasons for the cessation. This can be either at the time the cessation takes effect or as part of the annual return.
As well as providing the reasons for the cessation, it would be helpful if registered auditors also provide details of the company's registered number and address of the registered office. In certain circumstances the company also has to make a similar statement (to the Institute or the oversight body) and it would be useful if the registered auditor reminded the company of this.
The above notifications are in addition to any other notifications that are required to be made to the client and registering bodies such as companies' house.
|3.09.||When a Registered Auditor (the 'predecessor') ceases to hold an audit appointment and another Registered Auditor (the 'successor') is appointed the predecessor must, if requested in writing by the successor, allow the successor access to all relevant information held by the predecessor in respect of its audit work. If relevant information is to be sought by the successor, it should be sought and provided in accordance with the following guidance. Any information obtained by the successor is for the purposes of its audit and must not be disclosed to a third party unless the successor is required to do so by a legal or professional obligation.|
Origin and purpose
This audit regulation ("the Regulation") gives effect to the obligation in the 2006 Act that RSBs must have adequate rules and practices designed to ensure that a person ceasing to hold office as a statutory auditor makes available to his successor in that office all relevant information which he holds in relation to that office. The requirement derives from Article 23(3) of the EU Statutory Audit Directive. The Department for Business, Enterprise and Regulatory Reform has stated that the Regulation should provide "the most appropriate minimum requirement in relation to access to relevant information".
The purpose of the Regulation is to assist in maintaining the effectiveness (including cost effectiveness) and the efficiency of the audit process in the context of a change of auditor. The Regulation is intended to reduce the (actual or perceived) risk of changing auditors.
It takes time for a successor to develop a comprehensive understanding of the business of an audit client. A wide variety of different arrangements have existed to facilitate an effective handover between successor and predecessor, including exchanges of letters, discussion, exchange of audit committee papers and minutes, and shadowing of the predecessor at key meetings such as the final audit committee meeting. Before the Regulation it was however unusual for a predecessor to share audit working papers. This was due mainly to liability concerns.
Liability concerns formerly arose in the context of access to audit working papers being allowed voluntarily, but any access will now be compulsory. Further it is no part of the purpose or object of the Regulation to involve one auditor in liability for another's audit. Also the Department for Business, Enterprise and Regulatory Reform has confirmed its view that Article 23(3) and the 2006 Act provision implementing it do not alter the existing liability of each auditor in relation to its respective audit.
Provision is already made separately by statute for the making of representations, for the attendance and hearing at meetings, and for the making of a statement of circumstances, where the predecessor has been removed as auditor, where there has been a failure to re-appoint the predecessor as auditor, where the predecessor has resigned as auditor, and where the predecessor has ceased to hold office. The Regulation and guidance do not seek to duplicate that framework, and are framed in recognition of the fact that that framework already exists.
This guidance is separate from and additional to the Institute's Code of Ethics which sets out procedures to be followed before accepting a professional appointment.
A request for relevant information may be made by a successor once the successor has been formally appointed to the audit client. In all cases the provision of information should be on a timely basis.
It should be borne in mind that the 2006 Act sets out a number of functions that are required of the registered auditor in specific circumstances. These are within the definition of an audit (and so fall within the definitions of audit report and audit work). The situations in which they arise currently include the following:
a company applying to re-register as a public company;
statement on summary financial statements issued by a quoted company;
when a private company makes a payment out of capital for the redemption or purchase of its own shares;
when a distribution is to be made by a company and the audit report was qualified; or
when initial accounts are prepared for a proposed distribution by a public company.
(Where the registered auditor is appointed to an entity that is not a company similar reporting requirements may apply.)
Before making a request for relevant information the successor should as part of its planning consider the need to make a request to the predecessor under the Regulation, and the extent of that request. This will involve judgement by the successor in each case, so as to ensure that necessary request is made and an unnecessary request is not. It is also important to assess what information will be relevant in each case and what will not.
It does not follow that a successor is required or expected to request information in every case, or to request extensive information in a case in which only limited information is necessary. The successor's consideration will include consideration of what work it would do with any information provided to it pursuant to a request. There are specific references to reviewing the predecessor's audit work in ISA 510 (opening balances), ISA 710 (comparatives) and ISA 300 (planning). Accordingly, information is likely to be necessary in particular for such purposes.
The provision of information under this regulation will be achieved more efficiently where the successor auditor is as specific as possible as to the nature of the information being sought. The successor should therefore, wherever possible, avoid a request framed simply as a request for "all relevant information held by the predecessor and concerning the audited entity" or "all relevant information held by the predecessor in relation to the office of auditor". Thus the successor should strive to identify the information required, or the type of information required, as precisely as possible.
For example, where relevant information is requested by the successor, the information will normally be that contained in the working papers produced by the predecessor, and the appropriate request may therefore be for some or all of those working papers. In some audits there will be Institute or APB guidance indicating the working papers expected for such an audit. For example in the case of a financial statement audit, ISAs will indicate the audit working papers to be prepared. In other cases, where there is no guidance, the predecessor will have determined the working papers to be prepared.
Where the information related to audit work is requested by the successor but is not filed on the current audit file but, for example, on a 'permanent' or 'systems' file, or there is a reference to a prior audit file, access should be provided by the predecessor to this information.
The predecessor should be prepared to assist the successor by providing oral or written explanations on a timely basis to assist the latter's understanding of the audit working papers.
Normally the period for which relevant information is requested would be in respect of any audit report relating to a period falling between the beginning of the last financial statements on which the predecessor reported and the date of cessation of the predecessor's audit appointment. The request would include any subsequent review conducted by the predecessor in accordance with guidance published by the APB in relation to published interim reports.
A successor may consider that it needs to have information in addition to that within the period mentioned above. In the normal case, in the interests of cost and efficiency, the successor should first review the information already provided. If after that review a judgment is made that additional information is needed, the additional information sought should be described in writing, as precisely as possible. The successor should be prepared to provide reasons which demonstrate that the additional information is "relevant" information and therefore within the Regulation. Here as elsewhere the successor should be prepared to confirm that the information is needed to aid its audit work for the audit client and not for some other purpose.
The request for information may be made of the immediate predecessor only.
Because (as indicated above) it is no part of the purpose or object of the Regulation to involve one auditor in liability for another's audit, it would be usual for the basis on which the information is to be provided to be documented in writing by an exchange of letters between the two registered auditors, copied to the audited entity. Guidance on suitable letters is available on each Institute's website as part of a technical release.
There is no obligation to allow the copying of working papers but it would be usual to allow copying of extracts of the books and records of the audit client that are contained in the audit working papers. Generally speaking, where access to relevant information is necessary, the practical arrangements to allow that access to be provided in a cost effective and efficient way should be discussed and agreed between the successor and the predecessor.
A request for information under the Regulation should not be made other than in connection with the successor's audit. The successor should refuse to accept an additional engagement, such as to act as an expert witness or to review the quality of the predecessor's audit work, where the engagement would involve the use of the information obtained by it under the Regulation. In any event, the successor should not comment on the quality of the predecessor's audit work unless required to do so by a legal or professional obligation.
The reference in the Regulation to the information not being disclosed to a third party includes to the audit client. This does not prevent the successor discussing the information with the client where to do so is a necessary part of its audit work. Nor does it prevent the provision of this information to any third party if that is required of the successor by a legal or professional obligation.
Section 1210 of the 2006 Act sets out a list of appointments to which this Regulation and guidance apply. Section 1210(h) allows additional types of appointments to be added to the list. Registered auditors are not required to allow access to their working papers in respect of other appointments.
This regulation only applies in respect appointments for the audits of financial years starting on or after 6 April 2008.
|3.10.||A Registered Auditor must comply with the auditing standards and the quality control standards.|
Guidance included with auditing standards and practice notes gives assistance on how to apply the standards. Some of these also help to show how to apply the standards to the audits of smaller companies. Such audits are likely to be less complex than those of larger national and multinational organisations, so a simpler audit approach may be more suitable. But it must still be properly planned, controlled, documented and reviewed.
A registered auditor must comply with these regulations, the auditing standards and quality control standards as applied in accordance with the explanatory and other material published therewith.
|3.11.||A Registered Auditor must keep all audit working papers which auditing standards require for an audit for a period of at least six years. The period starts with the end of the accounting period to which the papers relate.|
Both this regulation and regulation 3.12 are about the audit working papers of UK and Irish registered entities that fall within the definition of 'audit' in these regulations.
ISA 230 (audit documentation) details the content of audit working papers. Other ISAs (for example ISA 300 (planning an audit of financial statements)) detail other documentation that needs to be created during the course of an audit. All these papers must be kept for a period of six years starting with the end of the accounting period to which the papers relate.
The audit working papers and other records do not have to be on paper but could instead be held on microfilm or on computers. Whatever method of storage is used, the auditor must also keep a mechanism for gaining access to those papers.
Firms should have a procedure to make a final decision, before any papers are destroyed, that the files are unlikely to be needed again. In cases of doubt they should be kept. The decision could be to destroy every file, or to make some exceptions. Firms should also bear in mind that some papers in the audit file may serve another purpose, for example tax. Care is needed that these are not destroyed when a longer retention period may apply. A firm should keep appropriate records of what files it has destroyed.
|3.12.||A Registered Auditor must make arrangements so that if any of its audit work is carried out by another firm, then:|
Registered auditors will sometimes 'sub-contract' some of their audit work to another firm. This could be because the audit client is in a remote location and it is more cost-effective to engage a local firm to do any necessary work and it is that relationship to which this regulation is directed.
If this happens, then, under regulation 3.12, all the audit working papers created by the other firm have to be returned to the registered auditor for retention in accordance with regulation 3.11. Alternatively, the other firm may keep the papers. In this case the registered auditor must make sure that the other firm will keep the papers for as long as the auditor would. Also the registered auditor must have the right to have access to those papers at any time, and retrieve them if necessary. As with papers held directly by the registered auditor, any decision to destroy the papers should be made by the registered auditor and not the other firm.
If a registered auditor considers that, despite any agreements with the other firm, gaining access to the papers may prove difficult, the registered auditor should consider changing the arrangements. If this is not possible, the registered auditor should document the steps taken to obtain access to the audit working papers and the reasons why it cannot and any evidence of those steps or reasons. The registered auditor should also document how it has satisfied itself as to the matters dealt with in those papers and any implications for the audit opinion. The registered auditor should use the principles in ISA 230 (audit documentation) and ISA 500 (audit evidence) when considering such matters.
Whatever arrangements are made between two firms, they should be recorded in a suitable letter of engagement or contract. If the other firm is itself not subject to the audit regulations it may be appropriate to include within the letter the full text of the above regulations. The letter may also cover such matters as the scope of work to be undertaken by the other firm.
This regulation does not require the auditor of a holding company to seek and maintain access to the working papers of the auditor of a subsidiary company (but see regulation 3.13). In the United Kingdom and the Republic of Ireland the respective responsibilities of the holding company auditor and subsidiary company auditor are governed by the Act and auditing standards.
|3.13.||In the case of a group audit where part of the group is audited by a firm from a non- EEA member state, a Registered Auditor must make arrangements so that, if requested by a monitoring unit or an oversight body, it can obtain from that firm all the audit working papers necessary for a review of that firm's audit work.|
The arrangements referred to above are that the registered auditor either retains copies of the other firm's audit working papers or arranges that it can have unrestricted access to them on request. If, after taking all reasonable steps, a registered auditor cannot make such arrangements, it should document the steps taken to put such arrangements in place and the reasons why it could not and any evidence of those steps or reasons. A registered auditor need not make such arrangements if the relevant audit supervisory authorities in the non-EEA member state have established reciprocal arrangements with the oversight body. To find out if there is such an agreement in place, a list is published by the oversight body.
This regulation only applies in respect of the audits of financial years starting on or after 6 April 2008.
|3.14.||If requested by a competent authority of a country that is not an EEA member state, a Registered Auditor may transfer to that body its audit working papers provided:
|For the purposes of this regulation:
|There may be occasions when a competent authority in a country (that is not an EEA member state) requests to see a registered auditor’s audit working papers that relate to that audit. If this is so, the competent authority can carry out its function of reviewing the quality of audit work, then the competent authority has to be ‘an approved third country competent authority’, as listed in section 1253D(2) of the 2006 Act, as amended. If the request relates to an investigation that the competent authority is conducting in its own country, then the competent authority does not have to be approved.|
If a request is received, then before complying with the request, the registered auditor must obtain written confirmation that the oversight body either has approved the transfer or is not prohibiting it. The oversight body can prohibit a transfer if it considers the transfer would affect the UK’s national interests or there are legal proceedings related to the transfer. So if the firm is aware of any legal proceedings in the UK, even if now finished, regarding any of the persons or matters to which the request relates, the firm should inform the oversight body. If the request is granted, it will only be granted in respect of audit working papers relating to the audit of a body that either:
The transfer must then be in accordance with any requirements contained in the agreement between the competent authority and the oversight body. The current agreements can be viewed at frc.org.uk/pob.
If the transfer is to be by way of an inspection in the UK by an approved competent authority, then the oversight body, in practice through its Audit Inspection Unit, must participate and must lead the inspection, unless it decides not to do so. This regulation only applies in respect of appointments for the audit of UK entities and only for requests received after 15 November 2010.
While this regulation does not apply to the audit of Irish entities, regulation 109 of S.I. No. 220 of 2010 imposes similar obligations on the auditors of Irish entities.
|3.15.||If a Registered Auditor is appointed to a 'major audit' client (or a Registered Auditor becomes aware that an existing audit client is now a major audit client) it must inform the Registration Committee in writing as soon as practicable, but not later than 21 business days after the event, of the name of the audit client, unless the Registration Committee has given the Registered Auditor a waiver from compliance with this regulation.|
The Audit Inspection Unit of the Professional Oversight Board is responsible for the review of audits of major audit clients. These include listed companies and other very large companies, pension funds, charities and others. Also included are the audits of United Kingdom traded non-EEA companies (see the definition of an audit). The current list of entities for the purpose of this regulation can be viewed at www.frc-pob.org.uk. The Registration Committee must be informed if a registered auditor gains such an audit client or an existing audit client becomes a major audit client. Registered auditors may also find it useful to inform the Registration Committee if a client ceases to be a major audit client even though there is no cessation of office. It would also be useful if, when providing this information, the notification contained details of the financial year end of the first or last audit that the firm undertakes.
Where the Audit Inspection Unit undertakes a full scope inspection visit to a registered auditor which includes the review of 'firm-wide procedures', the Registration Committee will give the firm a waiver from compliance with this regulation. In these cases the firm does not need to notify when a new 'major audit' is acquired (or an existing audit client becomes a major audit client). However, such firms still need to notify the Professional Oversight Board (not the Registration Committee) when they cease to act for such a client as this is a legal requirement.
Note, the above regulation only applies to the audit of UK entities.
|3.16.||An audit report must:
An audit report has to include the description 'Statutory Auditor' but there is nothing to prevent a firm adding any other appropriate description, such as 'chartered accountants'.
In certain cases the law requires that the responsible individual in charge of the audit (known as the senior statutory auditor) should sign the audit report. The individual's name must also be given. This is only required if the audit report is a report on the annual accounts for a financial year of a 'section 1210' entity (see below), a special report on abbreviated accounts or when accounts are voluntarily revised by the directors. The individual's name need not be given in the case of other reports required under the Act (for example a report under section 714 - redemption of shares out of capital) or reports on other entities included in the definition of an audit.
The APB has published guidance (Bulletin 2008/6) on how firms should decide which responsible individual is the senior statutory auditor in relation to a particular audit.
The Act allows, where there is a serious risk of violence or intimidation to the registered auditor or responsible individual, for their names not to be given in published copies of the audit report or the copy filed at Companies House etc. If these provisions, which only apply to the 'section 1210' entities listed below, are to be invoked, it may be advisable for the entity and the firm to seek legal advice.
Other legislation that is not included in the definition of audit, or the constitution of an entity, may call for a report from an auditor. A firm may choose to sign these reports as a statutory auditor. For example, a client may require a report about it to be given to a trade association. That trade association may require the report to be given and signed by a statutory auditor. There is nothing to prevent a firm doing this and the work would not come under these regulations. However, if the Institute receives a complaint about this work, enquiries may be made into the general standard of the firm's audit work. If necessary, enquiries may be made into other work which the firm is signing as a registered auditor or conducting in accordance with auditing standards. Regulation 6.07 gives the Registration Committee the power to enquire into other work undertaken by the firm.
The requirements of this regulation apply to audit reports for financial years beginning on or after 6 April 2008. For entities listed in Section 1210 of the 2006 Act the requirement applies as follows:
There is nothing to stop firms adding the name of the responsible individual who was in charge of the audit and having the audit report signed by this person in his own name where this is not required by law. However, the statutory protection against any additional civil liability (if such a liability exists) is not extended in these situations. If a firm intends to do this, the engagement letter should make it clear that if any claim arises it would be against the audit firm and that the individual, by reason of being named and by signing the auditor's report, is not subject to any civil liability to which he would not otherwise be subject.
Audit reports for financial periods starting before 6 April 2008, or the implementation date given above, should be signed in accordance with regulation 3.10 of the Audit Regulations (December 1995 edition, as amended).
|3.17.||A Registered Auditor must make arrangements so that all principals and employees doing audit work are, and continue to be, competent to carry out the audit for which they are responsible or employed.|
Responsible individuals, and employees who are members of an Institute, should also follow other guidance on continuing professional development as detailed below.
The ICAEW has issued Continuing professional development guidelines on how individuals may maintain their competence. ICAS has issued 'Guidelines on continuing professional development' to its members and the ICAI has issued guidance entitled 'Guidance on continuing professional development'.
Audit affiliates who are also responsible individuals should follow the guidance of the registering Institute.
|3.18.||A Registered Auditor must maintain an appropriate level of competence in the conduct of audits.|
Under regulation 3.18 a firm must be able to ensure its competence in the future. Although a firm's ability to audit rests with its principals and employees, these individuals change. It is only by using audit manuals, programmes, checklists, procedures and so on that a firm has a body of knowledge beyond that of the individual principals and employees. These provide the link between the people currently in the firm and those who will join in the future.
The amount of formal documents and procedures will vary according to the nature of the firm's clients. Their use is likely to vary even between different clients of the same firm. Even the smallest firm is likely to need some documentation such as audit programmes and checklists. As a firm grows in size, it will probably develop procedures to help employees and principals use the audit programmes and checklists in order to carry out audit work and comply with the audit regulations.
Any documentation used by a firm in its audit work must be kept up to date if a firm is to retain its audit competence. Smaller firms might join some form of updating service to help them with this.
|3.19.||A Registered Auditor must make sure all principals and employees involved in audit work are aware of and comply with these regulations, the Act, any relevant rules and regulations issued under the Act and any procedures established by the firm.|
It is important that those involved in auditing should understand the:
A firm needs to communicate its requirements and procedures effectively if everyone is to understand them. This is especially important since principals, employees, laws and regulations change. Training can achieve much of this. The review of delegated work required by ISA 220, 'Quality control for audits of historical financial information', and the checks performed as part of the annual compliance review, can then reveal successful communication - or the lack of it.
|3.20.||A Registered Auditor must monitor, at least once a year, how effectively it is complying with these regulations and take action to deal with any issues found and communicate any changes in procedures to principals and employees on a prompt basis.|
Since these regulations require registered auditors to comply with the auditing, ethical and quality control standards, then the monitoring required by this regulation should also include how the firm is complying with those standards.
An annual review can focus simply on the important point of whether audit work is being carried out in accordance with these regulations and ISAs and that the firm’s system of quality control complies with these regulations and ISQC1. However, a thorough review of a firm's work can bring benefits and assurance far in excess of the above requirement.
A thorough review could identify areas in which changes could be made to enhance audit quality, situations where clients need extra services, or where excessive audit work can be reduced. Both benefit the firm and provide assurance that the firm is not needlessly exposed to risk through poor work, whatever its cause.
The annual compliance review in its simplest form is in two parts. The first part covers a firm's obligations under the audit regulations such as:
and under ISQC1 such as:
The second deals with ‘cold’ reviews of completed audit work to ensure that ISAs and the firm's audit procedures were followed. It is relatively easy to decide each year what is needed for the first part. The second part is more difficult and involves judgements on the number and frequency of reviews.
How many and which client files should be cold reviewed? Firms will consider factors such as employee turnover, high risk clients, changes to auditing standards and new statutory and accounting standard requirements in deciding which files to review. Some firms will select audits for these reasons and then a sample of other files. However, monitoring experience has shown that if a single file is representative of a responsible individual’s work, little may be gained from doing more. A representative sample of two or three audits for each responsible individual should be enough.
One approach to the question of frequency is simply to decide that the work of each responsible individual should be reviewed each year. Completed audit files would be selected and reviewed to make sure that the auditing standards and the firm's procedures had been followed. For many firms this may be the easiest procedure to adopt. In deciding how often to review someone's work, firms will consider factors similar to those used when deciding which files to review. Indeed, there may be particular reasons where the work of a particular responsible individual is reviewed more frequently.
Sole practitioners, firms with only one responsible individual and other small firms may have few audit clients. However, sole practitioners and smaller firms do face the same problems of change as described above and their responsible individuals also tend to retain their own portfolios of clients for lengthy periods. This very familiarity may cause problems and to guard against this a sample of files should be reviewed each year.
In addition, such firms should note that ISQC1 (effective for reviews of audits for periods ending on or after 15 December 2010) does not permit the responsible individual or the engagement quality control reviewer for a particular audit to undertake a cold file review on that audit. It may be that there is another individual in the firm who, although not a responsible individual, is very experienced in current auditing requirements. Assuming that this individual did not take part in the audit, the firm may decide this individual would be a suitable person to undertake the review. If this is not possible, then the firm should use an external reviewer at least once every three years.
Some well-organised firms have well-defined procedures to control the quality of audit work and the resulting audit opinions. This would be another factor in deciding how often the work of responsible individuals is reviewed. However, if the work of all responsible individuals is not reviewed each year, then it should be covered over no more than a three-year period, if this is appropriate to the circumstances of the firm.
Whatever approach a firm adopts for cold file reviews, it should be ready to justify that approach when requested by the Registration Committee.
The compliance review, and cold file reviews carried out as part of that review, are likely to vary in formality according to the size of the firm. However, every firm should be able to provide evidence of its review and, where appropriate, any action taken.
All responsible individuals should be given the results of the monitoring exercise at the earliest opportunity. If improvements are needed, any necessary changes should be made as soon as possible.
There is no need for the firm to conduct the review itself. Some firms may find it more practical and cost-effective to use a service provided by the Institute or some other organisation. In choosing a reviewer, it is important that the firm is satisfied that the reviewer has sufficient experience to undertake the review.
Sole practitioners may also benefit from this exercise if it is carried out by another registered auditor. This could highlight practical ways for a firm to improve procedures and to deliver a better service to clients. Practitioners may also benefit from reviewing another practice. Using an external reviewer does not reduce the firm's own responsibility for the review or for ensuring that any necessary action is taken There is further guidance in part 2, chapter 2 on how registered auditors can monitor their own compliance with the audit regulations.
|3.21.||Each Registered Auditor (other than a sole practice) must appoint an audit compliance principal. A sole practitioner will be the audit compliance principal.|
This diagram shows the situations which would prevent a registered auditor acting for a particular entity (PDF document).
The diagram deals with the situations set out in regulation 3.04.
There are two terms that need to be understood as they are important terms in the audit regulations.
The first is the 'appropriate qualification', commonly known as the audit qualification. This is a UK or RoI qualification that must be held if an individual is to undertake audit work under these regulations. In certain circumstances it can also be an overseas qualification, including one from another EEA member state. In these latter cases it is usual that an aptitude test has to be passed.
For a principal in a firm to count towards the control percentage for audit registration requirements, the principal has to hold the appropriate qualification (note, there are others who can count towards the control percentage and these are set out in regulation 2.03).
The second term is 'responsible individual'. These are the individuals who are responsible for carrying out audit work on behalf of a registered auditor. They must hold an appropriate qualification, which could be an overseas or EEA qualification together with any necessary aptitude test. They do not need to be principals, they can be employees of a registered auditor.
The following sections provide further detail on these matters.
The appropriate qualification is commonly known as the audit qualification. However, just because an individual has the appropriate qualification does not mean that they can undertake audit work. Under these regulations they need to be designated as a responsible individual.
An appropriate qualification is defined in the Acts. It can be gained by holding:
Under the Acts, different audit qualifications and overseas qualifications are recognised. However, the three Institutes are recognised qualifying bodies in both the UK and RoI and thus each Institute's audit qualification is recognised in both jurisdictions.
While individuals from another EEA member state may hold an equivalent 'appropriate qualification' from that country, this is not a UK or RoI qualification and so does not entitle those individuals to undertake audit work. This would only be allowed if the individual has undertaken an aptitude test. The individual then holds an appropriate qualification for the purposes of these regulations. However, since each Institute is a recognised body in both the UK and RoI, no aptitude test is required for members moving between the two countries.
People who held an appropriate qualification under previous legislation are 'grandfathered' and so hold an appropriate qualification. The main ways that members obtained the appropriate qualification under previous legislation were:
- by membership of a recognised professional body (which includes the Institutes) on the following specific dates:
If an individual is not sure about an appropriate qualification, they can obtain advice from the registering Institute (contact details are in the introduction to the regulations).
For those who want to be registered in the United Kingdom, that qualification must be recognised under the 2006 Act. For those registering in the Republic of Ireland, the qualification must be recognised under the RI 1990 Act. These acts may not recognise the same qualifications as each other, but they all recognise the qualifications awarded by the Institutes.
Responsible individuals are those individuals who are responsible for the audit work in a registered auditor.
Under company law, responsible individuals are statutory auditors in their own right. Statutory auditors can only accept appointment as auditors in accordance with the rules of a Recognised Supervisory Body, such as the Institutes. The Institutes, as supervisory bodies, have responsibilities to monitor the work of responsible individuals and auditors registered with it and that auditors are complying with legal requirements and the requirements of these Regulations. Thus an individual, even if a responsible individual in accordance with this chapter, cannot accept audit appointments unless the firm (which may be a sole practitioner) in which the individual works is also a registered auditor in accordance with chapter 2.
A sole practitioner must be a responsible individual. In all firms (including sole practices) the audit compliance principal can designate appropriately qualified principals or employees as responsible individuals as set out in the following regulations. A responsible individual does not have to be a principal.
|4.01.||Subject to regulation 4.02 and regulation 4.05 the audit compliance principal may designate as a responsible individual any of the Registered Auditor's principals or employees who:|
|4.02.||Before a principal or employee can be designated as a responsible individual, the individual must be:
|4.03.||Consultants and sub-contractors cannot be designated as responsible individuals.|
|4.04.||Only responsible individuals can be responsible for an audit and sign an audit report.|
Firms which designate employees as responsible individuals must have procedures on how the employees exercise the firm's authority. If the employee is not an Institute member or member of the ACCA, he or she must become an audit affiliate of the registering Institute.
|4.05.||Any designation in accordance with regulation 4.01 shall not be effective until application has been made to the Registration Committee in a form specified by it and the application has been approved and the Registration Committee may approve the application with conditions or restrictions.|
Each Institute has its own application form which firms should request and complete. A Registration Committee will need to be satisfied that the individual has had recent and sufficient experience of audit work before approving the application.
|4.06.||A responsible individual may not accept appointment as a director or other officer of a public interest entity if, at any time during the two years preceding the date of the proposed appointment, the responsible individual acted in the capacity of responsible individual for that public interest entity, or for a material subsidiary if the public interest entity is a group.|
For the purposes of the above regulation, a public interest entity is a UK incorporated entity whose shares or debentures (of any class) are admitted to trading on a UK regulated market. The above regulation is to prevent a responsible individual joining such an audit client until a two year period has elapsed since the individual last undertook any audit work in relation to the client. This obligation does not end if the individual ceases his relationship with the Institute. If an individual is in doubt about the application of this regulation to his specific circumstance, he should contact his registering Institute. A firm may find it useful to remind any responsible individual that leaves the firm of this regulation.
|4.07.||The disciplinary arrangements of the Institute will apply to breaches of these regulations by a responsible individual in the same way as they apply to breaches by a member.|
The status of responsible individual is linked to the registered auditor and cannot be transferred to another firm. It can cease as the following regulation sets out.
|4.08.||Responsible individual status will cease if:
Firms are reminded of the requirement to inform the Institute of any changes to the responsible individuals of the firm.
Under company law, responsible individuals are statutory auditors in their own right. However, statutory auditors can only accept an audit appointment in accordance with the rules of a Recognised Supervisory Body, such as an Institute. Thus if a responsible individual leaves a registered auditor with the intention of undertaking audit work as a sole practitioner, the individual must apply for registration as set out in Chapter 2 of these Regulations. Until such an application is approved, the individual cannot accept audit appointments as the individual will not be a registered auditor under these Regulations. If a responsible individual leaves a registered auditor to join another registered auditor, then the individual needs to be designated as a responsible individual in the new firm before being responsible for audit work.
|4.09.||If an individual is no longer a responsible individual disciplinary action
(including the imposition of a regulatory penalty) may still be taken for any
failure to keep confidential any information received in the course of audit work
and for any failure to comply with regulation 4.06.
Diagram of the relationship between appropriate (audit) qualification and responsible individual status (PDF document).
The Institute is able to register firms in which one or more principals are not members of the Institutes or the Association of Chartered Certified Accountants if these people or corporate bodies are granted audit affiliate status by the registering Institute. That status does not confer membership of the Institute or entitle the individual or corporate body to use the title 'chartered accountant'. However, it does mean that an audit affiliate is bound by the same rules and regulations as govern a full member of the Institute.
An individual who is to be a responsible individual must also either be a member of an Institute or the Association of Chartered Certified Accountants. If this is not the case, then audit affiliate status is needed under this chapter.
Different requirements apply for affiliates for investment business purposes. Affiliate status in one regulated area does not automatically give such status in another.
|5.01.||An audit affiliate can only be responsible for an audit and sign an audit report if designated as a responsible individual under regulation 4.01.|
An audit affiliate can only be responsible for audit work if they are also a responsible individual, which means holding an appropriate qualification. Chapter 4 gives details.
|5.02.||Audit affiliate status does not give the audit affiliate any rights other than those contained in these regulations. An audit affiliate must not make any public statement that they have any such rights.|
|5.03.||Persons applying for audit affiliate status must do so in the manner that the Registration Committee decides.|
Individuals should ask the appropriate Institute for an application form.
|5.04.||The Registration Committee may grant audit affiliate status if the committee is satisfied that the applicant:|
Regulation 5.04 sets out the matters the Committee will consider when it receives an application for audit affiliate status.
Regulation 5.04d means that the Registration Committee has the same rights, for example to call for information about an audit affiliate, as it does over a firm. In turn, an audit affiliate has the same rights of review and appeal against the decisions of the Registration Committee as firms have.
|5.05.||The Registration Committee may:
If audit affiliate status is refused under regulation 5.05 (or granted subject to restrictions or conditions) a person can apply for a review of the decision using the same process as for a firm (see chapter 8).
Under regulation 5.05d, the Registration Committee may decide that it can only properly consider an application after it has more information about the applicant which it may ask the applicant to supply.
|5.06.||The Registration Committee may withdraw a person's audit affiliate status if, in the opinion of the committee, the audit affiliate:
If audit affiliate status is withdrawn under regulation 5.06, a person may apply for a review of the decision using the same process as for a firm (see chapter 8).
|5.07.||Audit affiliate status will end if:
Regulation 5.07 describes a number of situations where audit affiliate status is automatically lost.
If an affiliate enters into a voluntary insolvency arrangement, the affiliate must notify the Registration Committee in accordance with regulation 5.09.
|5.08.||Audit affiliate status will not end under regulation 5.07a or 5.07b if:
If an audit affiliate is a principal in a registered auditor and if that relationship ceases, so does the audit affiliate status. In the circumstances given in regulation 5.08, audit affiliates may keep their audit affiliate status. However, this is only if the new firm is registered with the same Institute that granted the original audit affiliate status, and the Institute has been notified of the changes. If the audit affiliate will not be joining the new firm within ten business days, they need to get advice from the Institute as soon as, or before, they leave the old firm.
Firms must also make sure that the control by individuals who hold an appropriate qualification or as set out in regulation 2.03 is maintained.
|5.09.||An audit affiliate or the audit compliance principal must notify the Institute in writing within ten business days of any changes that are relevant to the matters considered by the Registration Committee under regulation 5.04, including details of any voluntary insolvency arrangement that the affiliate has entered into.|
|5.10.||An audit affiliate may apply for a review of a decision made under regulation 5.05 or 5.06 using the same procedures as a firm in chapter 8.|
|5.11.||A decision made under regulation 5.05 will come into effect as soon as notice of it is served on the audit affiliate. A decision made under regulation 5.06 will come into effect ten business days after notice of it is served on the audit affiliate, except that:
If an audit affiliate applies for a review, then a decision under regulation 5.06 is stayed pending the outcome of the review. A decision under regulation 5.05 is not stayed.
|5.12.||An audit affiliate must pay an annual fee at the time and at the rate set by the Institute.|
|5.13.||The first annual fee is due when an application is made for audit affiliate status. An application fee is also due with this first annual fee.|
If an audit affiliate's application is unsuccessful, the first annual fee will be refunded.
|5.14.||The disciplinary arrangements of the Institute will apply to breaches of these regulations by an audit affiliate in the same way as they apply to breaches by a member.|
|5.15.||An audit affiliate will be liable to disciplinary action under these regulations for any failure to observe and uphold the fundamental principles set out in the Code of Ethics issued by Council.|
|5.16.||An audit affiliate will remain liable to disciplinary action under these regulations for any acts or omissions during the period in which audit affiliate status was held, even if no longer an audit affiliate.|
This chapter describes the various committees involved in the regulatory process and their powers. Some, but not all, of the powers may be delegated by the Registration Committee to either sub-committees or the staff. But any decision not to allow registration, or to restrict, suspend or withdraw registration must be made by the committee, as outlined in regulation 6.04.
A firm generally has the right to seek a review of a decision. Details are in chapter 8.
|6.01.||The Registration Committee must:
|6.02.||The Registration Committee is responsible for:
Regulation 6.02 sets out the powers and functions of the Committee, which include the powers under regulations 6.02j and 6.02k to make monitoring visits to firms.
Each Institute deals with the procedures for regulatory penalties differently, as shown in chapter 7 for the ICAS and ICAI and chapter 9 for the ICAEW.
|6.03.||Except where regulation 6.04 applies, the Registration Committee may delegate its duties to sub-committees, the Institute's staff, a monitoring unit, or another duly appointed agent.|
The committee may delegate many of its powers except in the situations set out in regulation 6.04.
|6.04.||If the matters to be considered by the Registration Committee include:
Regulation 6.03 allows the committee to delegate some of its duties to the Institute's staff. Duties that may be delegated include withdrawing registration under regulations:
However, regulation 6.04 reserves certain specified decisions to the committee. These include withdrawing registration for other reasons and placing restrictions on a firm's registration.
The power to withdraw audit affiliate status under regulations 5.06b to 5.06d may also be delegated.
When the Registration Committee has to decide if a Registered Auditor has
|6.06.||In carrying out its responsibilities under regulation 6.02, the Registration Committee, any sub-committee, the Institute's staff, or a monitoring unit may, to the extent necessary for the review of a firm's audit work or how it is complying or intends to comply with these regulations, require a Registered Auditor or an applicant for registration to provide any information, held in whatever form (including electronic), about the firm or its clients and to allow access to the firm's systems and personnel.|
Regulation 6.06 gives the committee (or its delegated agents) power to call for information from a firm to help the committee carry out its functions. Requests may be to all firms on a routine basis through annual returns, or specific to individual firms.
|6.07.||The Registration Committee may, for the purposes of these regulations, treat as audit work any work carried out by a Registered Auditor if such status is a requirement for that work.|
This regulation allows the committee to look at other work where the firm has signed a report as a statutory or registered auditor. This is particularly so where a firm has little or no regulated audit work but is signing other reports as a statutory or registered auditor. The committee may wish to review this work to assess the firm's ability to carry out audit work. Also, if a complaint is received about other work signed as a registered auditor the committee may wish to review this or similar work for the same reason.
|6.08.||All information obtained under regulation 6.06 will be confidential but may be disclosed by the Institute or a monitoring unit (directly or indirectly) to any person or body undertaking regulatory, disciplinary or law enforcement responsibilities for the purpose of assisting that person or body to undertake those responsibilities or as otherwise required or allowed by law.|
All information that an Institute or a monitoring unit receives will remain confidential except in the above circumstances.
|6.09.||A firm which is no longer a Registered Auditor will continue to be subject to regulations 6.02j, 6.02k and 6.06 if the enquiries or information relate to any period in which the firm was registered.|
|6.10.||In carrying out its responsibilities under regulation 6.02, the Registration Committee may consider any disciplinary findings, orders, ongoing investigations or any other information concerning or affecting the fit and proper status of any responsible individual, audit affiliate or applicant for audit affiliate status, the firm or its principals. In particular the Registration Committee may take into account the following:
Regulation 6.10 allows the Committee to consider any disciplinary or other matter that affects the fit and proper status of the firm. The scope is very wide and not limited to the principals in the firm.
Subparagraph (a) includes employees and associates of the firm. For partnerships, subparagraph (b) includes the partners, any director or controller of a partner that is a company, any other company that is in the same group as that company and any controller of any other group company. Subparagraph (c) deals with situations where a principal (ie a partner, member or director) is a body corporate (ie a company or a limited liability partnership).
So included are any director, member or controller of that body corporate, any other body corporate that is in the same group as that body corporate and any controller of any of those other bodies. Finally, subparagraph (d) deals with a firm that is a body corporate (ie a company or a limited liability partnership). Thus included are directors/members/shareholders of the firm, and any other body corporate that is in the same group as the firm and any controller of any of those other bodies.
|6.11.||The Registration Committee must notify the Investigation Committee about any fact or matter which:|
|6.12.||The Investigation Committee must inform the Registration Committee about any fact or matter which appears to it to be relevant to the powers and duties of the Registration Committee under these regulations.|
Under regulations 6.11 and 6.12, information may be exchanged between the Institute departments responsible for regulation and discipline.
|6.13.||Certain matters decided by the Registration Committee may be considered afresh by the Review Committee (as described in regulation 8.06) or Panel (as described in regulation 8.15). It may then carry out any of the responsibilities of the Registration Committee under regulation 6.02 and may make any order that the Registration Committee may make. In carrying out these duties, regulation 6.06 applies to the Review Committee or Panel as it applies to the Registration Committee.|
Firms registered by the ICAEW and the ICAI may ask the Review Committee to reconsider a Registration Committee decision. This request must be made within a specified time period. Regulations 8.05 to 8.07 give further details of how the review process works.
Firms registered by the ICAS may apply for a hearing under regulation 8.15.
|6.14.||Appeals against decisions of the Review Committee or Panel will be decided by the Appeal Committee.|
If a firm is dissatisfied with a decision of the Review Committee or Panel, it may apply for the case to be heard before the Appeal Committee. This request must be made within ten days of the decision being given to the firm.
Unlike applications for a review, the Appeal Committee will only hear an appeal on one of a number of specified grounds. It will not reopen the case from the beginning. The specific grounds are given in chapter 8.
For firms registered by the ICAEW and the ICAI, detailed procedures are given in regulations 8.08 to 8.10. Regulations 8.19 to 8.21 give the procedures for firms registered by the ICAS.
The Appeal Committee's procedures and powers are given in the Bye-laws or Rules.
|6.15.||When considering any matter before it, the Registration Committee, the Review Committee or Panel or the Appeal Committee shall, for the purposes of these regulations, accept any previous disciplinary finding, conviction, decision, sentence or judgement (including criminal and civil court decisions) as conclusive evidence of that prior matter.|
|6.16.||Subject to the Act, the Bye-Laws or Rules and these regulations, the Registration Committee, the Review Committee or Panel and the Appeal Committee may, in carrying out their duties under these regulations, decide on their own procedures.|
This regulation allows the committees to decide on their own internal procedures.
Each Institute must arrange for complaints against the Institute in its capacity as a Recognised Supervisory Body to be investigated. The ICAEW has appointed an independent Reviewer of Complaints. The ICAS and the ICAI have panels of lay members of Institute committees to investigate complaints.
This chapter explains how the Registration Committee may take regulatory action against a registered auditor, including withdrawal of registration if necessary.
Regulatory decisions come into effect as set out in regulations 7.09 to 7.10.
A firm may ask for a review of a decision made by the Registration Committee and this is dealt with in chapter 8. A firm must apply for a review within ten days of the decision being given to the firm.
The chapter is in two parts, the first applies to all three Institutes and the second part applies only to the Institute of Chartered Accountants of Scotland and the Institute of Chartered Accountants in Ireland.
|7.01.||The Registration Committee may impose restrictions or conditions on a Registered Auditor if it considers that:
|7.02.||The Registration Committee may at any time vary or end a restriction or condition made under regulation 7.01.|
The committee may place conditions on how a registered auditor carries out or manages its audit work. These could be that a firm should undertake specified training, change its procedures or have 'cold reviews' of audit files by another registered auditor.
The committee may place restrictions on a registered auditor such as:
Where conditions or restrictions are imposed by the committee, a firm will have to undertake to comply with the terms of the restriction or condition. Any failure to deal with these matters is likely to be viewed extremely seriously by the committee.
|7.03.||The Registration Committee may withdraw a firm's registration if:
The Registration Committee can, under regulation 6.03, delegate its power to withdraw registration in the cases that come under paragraphs (b) to (f) of regulation 7.03. However, under regulation 6.04, only the committee can withdraw a firm's registration on the grounds of paragraphs (a), (g), (h) and (i) of regulation 7.03.
The Registration Committee may, as an alternative to regulatory action, accept a written undertaking from a firm that it will undertake a particular course of action.
|7.04.||The Registration Committee may suspend a Registered Auditor's registration for a period if it considers that:|
|7.05.||During a period of suspension a Registered Auditor:|
|7.06.||The Registration Committee may vary or end a suspension made under regulation 7.04.|
The committee can order that a firm's registration is suspended rather than withdrawing registration. This allows the committee to consider further evidence while protecting the public interest. It also means that a firm cannot accept new audit appointments or sign audit reports without the committee's agreement.
|7.07.||The Registration Committee may impose restrictions or conditions or suspend a firm's registration in the terms permitted by regulation 7.01 or 7.04 by means of an urgent order if it considers that there is a need to do so.|
|7.08.||Regulation 7.07 is subject to the Registration Committee allowing the firm an opportunity to make oral or written representations within ten business days of the urgent order being made. Having considered any representations the committee may:
Regulation 7.07 allows the committee to take immediate regulatory action if the need arises. The committee would probably do this if there were serious allegations of fraud or other criminal activity or if there was a potential or actual loss of client money. As well as making immediate representations on the fact that an urgent order has been made, a firm can ask for a review or hearing of the underlying order under regulation 8.05 or 8.15. The order comes into force when it is served on the firm (see regulation 7.09) and is not lifted if a review is requested.
|7.09.||A decision made under regulations 2.05, 2.18, 4.05, 7.04, 7.07, 8.09 or 8.20 will come into effect as soon as notice of it is served on the firm.|
The regulations quoted in regulation 7.09 relate to the following:
|7.10.||A decision made under regulations 7.01, 7.03 or 4.08e will come into effect ten business days after notice of it is served on the firm or responsible individual or any later time that the committee specifies, except:
Except for decisions made under regulation 7.09, decisions come into effect ten business days after the firm has been given the decision. However, the decisions listed in regulation 7.10 are postponed if an application for review or appeal is made. The decision of the Review or Appeal Committee is the one that will come into effect.
The regulations quoted in regulation 7.10 relate to the following:
Regulation 1.09 details how decisions and orders are served on firms.
The Registration Committee may decide that a referral to the Investigation Committee to investigate an apparent failure to comply with these regulations is not appropriate. Instead, with the agreement of the firm, the Registration Committee may propose a regulatory penalty. The following regulations explain this process.
|7.11.||The Registration Committee may propose a regulatory penalty to a Registered Auditor subject to the following:
|7.12.||There are no rights of review or appeal under regulations 8.05 to 8.10 (applicable to Registered Auditors registered by the ICAI ) or regulations 8.15 to 8.21 (applicable to Registered Auditors registered by the ICAS ) against a regulatory penalty.|
|7.13.||The Registration Committee will take account of any comments a Registered Auditor makes about the terms of the regulatory penalty. It may then reduce the amount of the penalty.|
|7.14.||If the Registered Auditor accepts the penalty under regulation 7.11c, the Registration Committee, as soon as is practical:
|7.15.||Details of any penalty accepted, and the order made, will be kept by the Institute and the committee may, if it wishes, use that information in the future.|
|7.16.||If a Registered Auditor does not agree that the breach has been committed, or does not agree to the terms of the penalty proposed or fails to comply with the terms of the penalty, the matter may be dealt with as set out in Chapter 9.|
Regulatory penalties are likely to be used, for example, where a firm has consistently been late in replying to letters from the committee or staff, has failed to submit annual returns, given incorrect information on the return, or has not honoured undertakings given to the committee.
There is no right of appeal as a regulatory penalty can only be made with the firm's agreement. Once a matter has been settled by a regulatory penalty, there will be no further regulatory or disciplinary action against the firm on the matter. However, the details of the regulatory penalty will be put on the firm's record and may be taken into account in the future.
This chapter explains how a firm can apply for a review and appeal against a regulatory decision or proposed order of the Registration Committee. It also explains when a firm can be represented before a committee. Where appropriate, these regulations also apply to audit affiliates.
This chapter is divided into sections according to which Institute has registered the firm.
|8.01.||In regulations 8.02 to 8.10, "affected party" means a firm, an applicant for responsible individual status, a responsible individual, an applicant for audit affiliate status or an audit affiliate.|
|8.02.||Only the following may attend a meeting of the Registration Committee:|
|8.03.||At meetings of the Review Committee and the Appeal Committee, the affected party, a representative or agent of the Institute, or a monitoring unit may attend and be represented. Witnesses may be present at the Review Committee and the Appeal Committee in accordance with the committees' procedures or regulations.|
|8.04.||The Registration Committee, the Review Committee and the Appeal Committee may ask the affected party, the Institute, a monitoring unit, any employee or agent of the Institute to clarify relevant points. The affected party must be given the opportunity to comment on any clarification made by others.|
An affected party that is dissatisfied with a decision listed in regulation 8.05 can apply for a review. A decision under regulation 2.18, 5.06, 7.01, 7.03 is postponed until the Review Committee's decision has been put into effect.
|8.05.||Within ten business days of the Registration Committee serving a decision or order on the affected party, it can apply to the Review Committee for a review of that decision or order. The affected party must apply in writing to the Institute. This applies to the following regulations:
Regulations 7.09 to 7.10 explain when orders come into effect.
|8.06.||A meeting of the Review Committee will be arranged as soon as is practical after an affected party has applied under regulation 8.05. The Review Committee will consider the matter afresh and will hear new material put forward by the affected party. The Review Committee may make any decision which the Registration Committee could have made.|
|8.07.||The Review Committee may order an affected party to contribute to the costs of the review.|
The Review Committee has the same powers as the Registration Committee when making orders against firms, responsible individuals, applicants for audit affiliate status or audit affiliates. It can impose the same, more severe or less severe orders. It can also award costs. Costs are likely to be awarded if, for example, the affected party fails to attend the review when it said it would, does not send in further material it has promised, or the application is frivolous.
If an affected party is dissatisfied with the Review Committee's decision it can apply to the Appeal Committee. The Appeal Committee can only consider an appeal on any of the grounds in regulation 8.08. On appeal, the decision of the Review Committee is postponed until the Appeal Committee confirms or varies the decision (see regulation 7.10).
The Appeal Committee has the power to accept or reject the appeal, or reduce the severity of the order. It cannot change the Review Committee's order in any other way, but it can ask the Review Committee to reconsider the order.
The Appeal Committee can also award costs against an applicant for an appeal.
|8.08.||Within ten business days of the Review Committee serving its decision on an affected party under regulation 8.06 the affected party can appeal to the Appeal Committee by writing to the Institute. An appeal can only be made on one or more of the following grounds:
An appeal cannot be made if this is only against the costs awarded by the Review Committee. Regulations 7.09 and 7.10 explain when orders come into effect.
|8.09.||As soon as is practical after notice of appeal has been received under regulation 8.08, the Appeal Committee will consider the appeal and may:
|8.10.||If the Appeal Committee sends a matter back to the Review Committee under regulation 8.09 then regulation 8.06 will apply when the Review Committee reconsiders. The meeting of the Review Committee to reconsider the matter will be arranged as soon as is practical.|
|8.11.||In regulations 8.12 to 8.21, "affected party" means a firm, an applicant for responsible individual status, a responsible individual, an applicant for audit affiliate status or an audit affiliate.|
|8.12.||No affected party has the right to attend or be represented at Registration Committee meetings, other than for a hearing.|
|8.13.||Except for urgent orders under regulation 7.07, the Registration Committee must be satisfied that an affected party has been given a reasonable opportunity to make written submissions before the committee considers any matters.|
|8.14.||When it first considers a matter, except urgent orders under regulation 7.07, the Registration Committee will:
|8.16.||If the affected party has not asked for a hearing within the time allowed, the order comes into force at the end of that time.|
|8.17.||The Registration Committee may waive requirements of regulations 8.15 and 8.16, in favour of the affected party.|
|8.18.||The Panel may order an affected party to contribute to the costs of the hearing.|
|8.19.||Within ten business days of the Registration Committee serving an order following a hearing, the affected party can appeal to the Appeal Committee by writing to the Institute. An appeal can only be made on one or more of the following grounds:
An appeal cannot be made if this is only against the costs awarded by the Registration Committee.
|8.20.||As soon as is practical after notice of appeal has been received under regulation 8.19, the Appeal Committee will consider the appeal and may:
|8.21.||If the Appeal Committee sends the matter back to the Registration Committee under regulation 8.20, the Appeal Committee will inform that committee how to proceed.|
The purpose this chapter is to apply the disciplinary arrangements of each Institute to the firms that it registers.
The Registration Committee does not have the power to apply the disciplinary arrangements of an Institute to the firms that it registers. Only the Disciplinary or Investigation Committees (or the Disciplinary Scheme) can do this. The bye-laws or rules already provide a framework for disciplinary action to be taken against members or firms and the purpose of this chapter is to apply the disciplinary arrangements of each Institute to the firms that it registers.
This chapter also contains the regulations relating to regulatory penalties for the ICAEW, for ICAS and ICAI these are in chapter 7.
|9.01.||The disciplinary arrangements of the registering Institute apply to complaints of breaches of these regulations by a Registered Auditor.|
For the ICAEW the disciplinary arrangements are set out in the Disciplinary Bye-laws, for ICAS they are in Chapter XII of the Rules (Discipline, Insolvency, etc) and for the ICAI in Chapter IX of the Bye-laws (Discipline).
The Registration Committee may decide that a referral to the Investigation Committee to investigate an apparent failure to comply with these regulations is not appropriate. Instead, with the agreement of the firm, the Registration Committee may propose a regulatory penalty. The following regulations explain this process.
|9.02.||The Registration Committee may propose a regulatory penalty to a Registered Auditor subject to the following:
|9.03.||There are no rights of review or appeal under regulations 8.05 to 8.10 against a regulatory penalty.|
|9.04.||The Registration Committee will take account of any comments a Registered Auditor makes about the terms of the regulatory penalty. It may then reduce the amount of the penalty.|
|9.05.||If the Registered Auditor accepts the penalty under regulation 9.02c, the Registration Committee, as soon as is practical:
|9.06.||Details of any penalty accepted, and the order made, will be kept by the Institute and the Registration Committee may, if it wishes, use that information in the future.|
|9.07.||If a Registered Auditor does not agree that the breach has been committed, or does not agree to the terms of the penalty proposed or fails to comply with the terms of the penalty, the matter may be dealt with under the Disciplinary Bye-laws.|
Regulatory penalties are likely to be used, for example, where a firm has consistently been late in replying to letters from the committee or staff, has failed to submit annual returns, given incorrect information on the return and so on, or has not honoured undertakings given to the committee.
There is no right of appeal as a regulatory penalty can only be made with the firm's agreement. Once a matter has been settled by a regulatory penalty, there will be no further regulatory or disciplinary action against the firm on the matter. However, the details of the regulatory penalty will be put on the firm's record and may be taken into account in the future
|1.||Regulation 2.02 expressly requires a firm to be `fit and proper'. Regulation 3.06 puts the responsibility on the firm to make sure that the principals and employees are and continue to be fit and proper. This chapter gives guidance to firms on this requirement.|
|2.||The Act requires the Institute, as a recognised supervisory body, to have adequate rules and practices to make sure that registered auditors are fit and proper to be appointed as registered auditor. This chapter helps firms to assess the fit and proper status of the firm and its principals and employees.|
|3.||As part of the criteria for registration, the Institute requires a firm to be fit and proper. The application for registration looks into a firm's financial integrity, disciplinary record and professional standing (see appendix A). An applicant will be asked, for example, whether it has failed to satisfy creditors in full or been refused the right to carry on any trade, business or profession for which a specific licence, registration or other authority is required.|
|4.||Guidance in chapter 2 of the regulations has already discussed the fundamental ethical principles. Firms should be complying with these to be fit and proper.|
|5.||If a firm admits that it does not meet all the fit and proper standards, the firm may still be eligible for registration. However, the Registration Committee will weigh up the implications of all the circumstances. A firm which knowingly withheld information from the Registration Committee would not be fit and proper to act as an auditor.|
|6.||For a firm to be fit and proper, the principals and employees involved in audit work must also be fit and proper. Under the audit regulations a registered auditor must make sure that anyone who is or will be employed by, or associated with, the firm in connection with audit work is fit and proper.|
|7.||A firm's procedures must cover:
|8.||The Registration Committee may take account of any matters affecting the fit and proper status of those people listed in paragraph 7.|
|9.||The Act recognises that partnerships may include one or more partners which are bodies corporate. In such a firm, the fit and proper procedures should extend beyond the corporate partner to any:
|10.||The Act also notes that the fit and proper procedures should include those associated with a practice which is a body corporate. They are any:
|11.||The procedures which a firm should introduce to assess the fit and proper status of principals, employees and others detailed above will vary depending on the size and structure of the firm.|
|12.||An example of a `fit and proper' form for individuals is at appendix B. All new recruits, employees newly involved in audit work and people who fall into the categories described in paragraphs 7 to 10 for the first time should be required to fill in such a form. Firms may find it easier to apply these procedures to all employees rather than make artificial distinctions.|
|13.||At regular intervals a firm should have all principals and employees revise and update their last return or complete a new one. Firms might find it easier to update this information annually as part of their independence confirmation procedure or appraisal system. Principals and employees must be encouraged to immediately notify the audit compliance principal of anything that has a bearing on their fit and proper status. Firms are reminded that, in accordance with quality control standards, they should annually obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent.|
|14.||If the firm is required to consider its own fit and proper status, a form similar to appendix A (which is similar to that used in the application form) would be appropriate. This could be used when a firm reviews its fit and proper status as part of its annual review of compliance with the audit regulations.|
|15.||The procedures in paragraphs 11 to 13 above may seem excessive for a sole practitioner with no employees. But a sole practitioner must be aware of the situations described in this guidance. The checklists provided in appendices A and B also apply to the sole practitioner. Regulation 2.11 requires a firm to notify the Registration Committee of any matter that may bring the fit and proper status of the firm into doubt. Formal consideration of any matter raised by the firm could be recorded when the annual compliance review is completed.|
|16.||If a firm receives information, from any source, that indicates a principal or employee may not be a fit and proper person to be involved with audit work, the firm must evaluate its own fit and proper status. Matters a firm should consider include the:
|17.||For example, a recent disciplinary finding against an audit principal would weigh more heavily than a ten-year-old finding of misconduct (and a reprimand by a professional body) against a tax principal who does not hold an appropriate qualification and so does not count towards control requirements and is not involved in audit work.|
|18.||In the same way that a firm's failure to disclose information about its fit and proper status would jeopardise its continued registration, a failure by a principal, employee or other person to answer related questions truthfully would cast serious doubt on the suitability of the person to be involved in audit work.|
|19.||If in doubt, the firm should notify the Institute of the circumstances and the Registration Committee will advise on the firm's fit and proper status. The following are matters which should be reported:
Example of a 'fit and proper' form for a Registered Auditor (PDF document)
Example of a ‘fit and proper’ form for individuals (PDF document)
|1.||Audit regulation 3.20 requires a registered auditor to monitor its compliance with the audit regulations. This is a key part of the overall system of audit regulation.|
|2.||Many firms will already be carrying out internal monitoring, quality assurance or practice reviews. The term ‘audit compliance review’ (ACR) is used in this guidance and also on the annual return.|
|3.||This guidance will help firms, whether sole practitioners or larger firms, to monitor their compliance with the audit regulations cost effectively and efficiently.|
|4.||All kinds of enterprises conduct periodic reviews to assure management that proper safeguards are in place to lessen the likelihood of sub-standard goods and services being produced or supplied. Auditing is a complicated process involving a series of professional judgements culminating in the audit opinion. Whether this is a product or service, testing that it is of a satisfactory standard is just as important for a registered auditor as it is for any other organisation. This may be increasingly relevant where there is a public interest in the firm's clients.|
|5.||The firm’s principals are effectively collectively responsible for the work of the firm, and they will want to satisfy themselves that the audit work is being done according to the regulations.|
|6.||Many firms, of all sizes, use reviews to assess the effectiveness of the way that they conduct their work - not only audit. A review can be a powerful tool to improve working practices. The questions in this type of review go far beyond testing the firm's compliance with the audit regulations and could include such fundamental questions as:
|7.||The nature of the questions asked depends on the objectives of the review. This guidance is intended to help firms meet the requirements of audit regulation 3.20.|
|8.||An ACR is to assure the firm that it has complied with the audit regulations and the audit regulations require a registered auditor to carry out audits according to ethical standards and comply with auditing and quality control standards. These in turn require the firm to have certain procedures and arrangements in place for its audit work. Appropriate documentation should exist which sets out the monitoring procedures, records the evaluation, and identifies the deficiencies and any further action.|
|9.||In many ways an ACR is an internal audit of the way a firm conducts its auditing work. Because each firm is unique, through its principals, employees and clients, there is no single approach that will suit all firms.|
|10.||An ACR is usually in two parts. The first part, the ‘whole firm’ is about how the audit practice works. The second part is about ‘cold file reviews’ and asks how a sample of audit assignments has been completed. The expression ‘cold file review’ has been used in the profession for many years - the review is ‘cold’ because it takes place after the whole audit process has been completed and the audit opinion given. It provides assurance to the firm that the quality control procedures which are built into the audit process have worked satisfactorily.|
|11.||As part of their quality control procedures some firms also carry out ‘hot’ reviews (that is before the audit report is approved). The ACR programme would check that, if necessary, the required hot reviews have taken place.|
|12.||There are many commercial ACR programmes and checklists available for firms to use. Compliance principals or sole practitioners should consider their own practices and amend these programmes as necessary so that the ACR is appropriate to their firm.|
|13.||Cold file reviews are an important part of the ACR but how many client files should be cold reviewed? Some firms will select audits for a particular reason (for example because it is a high risk audit or perhaps a new client) and then a sample of other files. However, monitoring experience has shown that there is a law of diminishing returns. If a single file is representative of a principal's work then that can reveal virtually all that is needed and little may be gained from doing more. A representative sample of two or three audits for each principal should be enough.|
|14.||Although the main purpose of an ACR is to assure a firm that it is complying with the audit regulations, there is a further important aim. This is to add value to the audit practice, either by identifying potential areas for improvement or by giving assurance that everything is satisfactory. For both reasons the review must be done effectively. A half-hearted attempt which fails to identify significant risks or inefficiencies would be a waste of time and give a false sense of security.|
|15.||The first step is to identify the person best placed to conduct the review. The monitoring process should be entrusted to a principal, principals or other persons with sufficient and appropriate experience. The choices are someone from:
|16.||Sole practitioners, firms with only one responsible individual and other small firms should note that ISQC1 does not permit the responsible individual or the engagement quality control reviewer for a particular audit to undertake a cold file review of that audit. It may be that there is another individual in the firm who, although not a responsible individual, is very experienced in current auditing requirements. Assuming that this individual did not take part in the audit, the firm may decide this individual would be a suitable person to undertake the review. If this is not possible, then the firm should use an external reviewer at least once every three years.|
|17.||Each Institute can offer direct assistance with audit compliance and cold file reviews.|
|18.||The whole firm aspects of the review could be dealt with completing the annual return. However, an individual practitioner might find it difficult to remain objective in cold reviewing his or her own completed assignments. The tendency will be to fill gaps in the audit process from memory and not to see that the audit evidence or process is deficient. Therefore, it is better to use someone independent of the assignment for the cold file review. As mentioned above, this may be necessary for small firms on a periodic basis.|
|19.||Qualified employees within the firm can do the detailed cold file reviews. Some firms feel that, as a principal approved the issue of the audit opinion, only principals should do cold file reviews. There is an obvious anxiety for an employee in criticising the work of the person who decides future salaries. The most common approach is to have a combined team of principals and staff. However, it may be more helpful to the person being reviewed if the feedback is given by someone of equal standing and authority. A person who has had experience of being a responsible individual can add those touches of practicality which come from dealing with clients and add further benefits to the process. Also, the individual should not have had any previous involvement in the particular audit.|
|20.||If an ACR is to add value, those doing the review must be technically up to date and have experience of assignments similar to those being reviewed. It can also save time if that person knows how the firm carries out its audits. For a sole practitioner, a suitable person may be the alternate or consultant for technical matters, provided they had not been consulted on the particular audit.|
|21.||Any outsider doing the ACR should complete a confidentiality declaration. An outsider who is a chartered accountant would, of course, also be bound by the Institute’s Code of Ethics and would have to seek the consent of the firm before acting for any of its clients.|
|22.||Both the reviewer and the reviewed can learn from the experience. Much benefit can be obtained from two sole practitioners, who have no employees, meeting for an afternoon and reviewing one of the other's completed audit files. That would leave each sole practitioner to complete the whole firm part of the ACR.|
|23.||Audit regulation 3.20 requires a registered auditor to monitor compliance with the regulations at least once a year. The following paragraphs explain how this can be done.|
|24.||The ACR is based on verifying that effective action is taken to mitigate the risk to the firm of not complying with the audit regulations and of producing poor audit work. Problems can arise because the people making decisions are stressed; there are changes in a client's business; there are changes to the law or to accounting or auditing standards. It may therefore be appropriate for the scope of the ACR to focus on any changes that may have amended the previous risk assessment. So, for example, cold reviews may concentrate on how the firm has adapted its procedures to implement a new auditing standard. The timing and frequency of the ACR should take all these factors into account. This calls for flexibility in the timing and the programme of work.|
|25.||If the ACR identifies matters that have gone wrong, the firm will want to deal with that risk as soon as possible. This suggests that the ACR should be done early enough so that any changes can be made to the firm's procedures before the reviewed audits (and others) are started for the next year.|
|26.||The ACR would normally be in two parts. The first part would cover a firm's obligations under the audit regulations such as:
|27.||The second part would deal with reviews of completed audit work to ensure that the firm's audit process had been followed and the audit reports issued are appropriate. Deciding how much work to do for this is more difficult and involves judgements on the number and frequency of reviews.|
|28.||For many firms the easiest way is simply to decide that the work of each principal and senior employee should be reviewed each year. Completed audit files would be then selected and reviewed to make sure that the work was in accordance with the auditing standards and the firm's procedures.|
|29.||Firms may have well-defined procedures to control the quality of the work produced and to make sure appropriate audit opinions are given. This will be a factor in deciding how frequently each principal's work is reviewed. Other factors might be the rate of employee turnover and the number of clients that the firm has identified as high risk. So while some files will be reviewed every year, the work of each principal and senior employee will not. However, even the most well-organised firm should review the work of each principal at least every three years. In other circumstances the timing may need to be more frequent.|
|30.||For a firm with only one responsible individual, much of the quality control of the work produced depends on that individual's final review. Additional factors to those above may be relevant in deciding the frequency of cold file reviews. For example, the size of the audit portfolio and factors affecting the audit work such as new auditing standards or new disclosure requirements. In a period of change, it would be sensible if, at least once a year, a sample of audit files were cold reviewed.|
|31.||All the ACR work needs to be documented so that the detailed findings can be discussed with the responsible individual in charge of the audit. This discussion should start with the positive points and then with any points that show change may be needed. If action is needed the timing should be agreed. The effect of the deficiencies should be evaluated and the firm should determine if the audit reports issued are appropriate or if they require prompt corrective action. Where there are a number of people with whom there are post- ACR discussions, the findings need to be consolidated to give an overall view.|
|32.||The summary must be kept to plan future ACRs and to confirm that follow-up action has been taken as agreed. This summary, without identifying which clients' affairs were reviewed, could be the means of disseminating the results of the ACR within the firm. At least annually, the firm should communicate the result of the ACR within the firm. Information communicated should include a description of the monitoring procedures performed, the conclusions drawn, a description of the deficiencies, and action taken. Once the summary has been prepared and the results communicated, unless a monitoring visit has been arranged, the detailed ACR papers can be shredded.|
|33.||The annual return asks questions about the firm's ACR. The first question asks when the most recent ACR was completed. If a firm uses the annual return for considering the whole firm aspects of ACR, then the time of completion is the date when the annual return was completed.|
|34.||When the ACR is finished there must be feedback to those involved. That feedback should answer two questions:
|35.||An ACR takes time and other resources. To justify that expenditure the exercise needs to be planned and carried out effectively. And it is essential that the reporting is honest. Otherwise those involved in audit work may be falsely reassured.|
|36.||Being ‘in practice’ implies learning through experience. The ACR is a powerful way of making sure this happens, regardless of any requirement set out in the audit regulations. It can have real impact on the quality of work, its efficiency, and the motivation of everyone involved. Firms want to do their work properly and gain satisfaction from it, but improvements cannot be made unless the areas needing adjustment are identified. The ACR is not an imposition, but a way to help firms do work they can be justly proud of.|