The starting point with ISQM 1 implementation is the quality objectives that you must establish. Mandatory ones are included in the standard. “The task is to go through these objectives and list down what might happen in practice to stop the firm achieving them,” Hollis explains. The identification and assessment of quality risks then provides a basis for the design and implementation of responses.
“Of course, if you are a sole practitioner on your own or with a handful of staff this is challenging,” says Hollis. “You start off feeling confident that with your direct involvement in planning, conduct of audit field work and file review that nothing is going to slip through the net.” But the challenge is getting this down on paper.
Quality risks and the ways they can be mitigated may be quite similar across small practices. Hollis highlights below some of the quality risks he has identified for his practice, and possible ways these may be mitigated. Many of these risks will be a threat to more than one objective. Firms need to remember, however, that the risk assessment is tailored to the firm and its unique way of operating, so they may identify different risks, or more granular ones, than those highlighted below.
- The firm does not comply with the requirements of UK GAAP, Company Law, ISAs, ICAEW Regulations and FRC Ethical Standards.
Possible ways to mitigate: Provision of training to staff. Use of a reputable audit system. Use of proprietary checklists and software to prepare accounts.
- Leadership is the responsibility of one person and deficient behaviour may therefore go unchallenged.
Possible ways to mitigate: The principal invites and welcomes criticism from staff. Contentious matters are always discussed with staff and decisions are reached through mutual agreement.
- Staff assigned tasks that form part of the system of quality management lack the skills necessary to perform them.
Possible ways to mitigate: The firm monitors its performance each year by completing a Whole Firm Audit Compliance Review. The firm also monitors the performance of staff through engagement file reviews and annual appraisals. Cold file reviews identify deficiencies. CPD requirements are reviewed annually to ensure adequate training is provided to staff.
- The firm does not anticipate future resource needs (and as a result has inadequate resources to perform high-quality engagements).
Possible ways to mitigate: The firm considers resource requirements when new engagements are considered. The firm also considers future resource needs at least annually when it conducts its annual assessment.
- The firm undertakes an engagement in breach of ethical requirements.
Possible ways to mitigate: As part of the client engagement procedure a money laundering risk assessment checklist is completed. Some ethical requirements are reviewed annually and form part of checklists on the audit engagement file. New audit staff are required to complete an independence checklist and are provided with a list of prohibited investments. This is reviewed annually.
- Client confidentiality is breached.
Possible ways to mitigate: Client confidentiality is included in the employment contract for each employee. It is confirmed annually by completion of a confidentiality form as part of the Whole Firm Audit Review. The firm has implemented all security measures for its IT system, which have been recommended by its IT support team. Unsupervised access to the office premises is not allowed. Confidential waste is disposed of by trusted specialist contractors. External service providers are subject to the same confidentiality requirements as staff.
- The audit fee is insufficient to enable the firm to carry out an engagement that complies with professional standards and regulations.
Possible ways to mitigate: Work is billed based on time spent, which is the contractual basis of the firm’s charges.
- Staff do not comply with the firm’s procedures, professional standards and the law.
Possible ways to mitigate: The principal reviews all work completed by staff and is in regular contact with staff throughout the assignment. Integrity and honesty are considered at recruitment and on an ongoing basis through the close personal relationship between staff and the principal.
- Professional scepticism is not appropriately applied on audits.
Possible ways to mitigate: Audit procedures are designed to encourage staff to seek out high-quality audit evidence. The principal ensures that management is sufficiently challenged over key areas where there is a risk of material misstatement in the accounts and where professional judgement is needed.
- Not all audit work completed by staff is recorded on the audit engagement file in support of conclusions reached.
Possible ways to mitigate: Procedures set out in the audit manual and checklist require staff to record all audit work on the file. Review of the file by the principal may identify omissions. Cold file review may also identify systemic problems with unrecorded work and findings are shared with staff in order to reduce the chance of recurrence.
Finally, Hollis offers some reassuring words: “While few of us relish starting with a blank piece of paper and conducting this sort of exercise, it does get easier once you start to write some things down and can see progress.”
ISQM 1: Resources for small practices
Discover more from ICAEW Insights
Insights showcases news, opinion, analysis, interviews and features on the profession with a focus on the key issues affecting accountancy and the world of business.
Hear a panel of guests dissect the latest headlines and provide expert analysis on the top stories from across the world of business, finance and accountancy.Find out more
News in brief
Read ICAEW's daily summary of accountancy news from across the mainstream media and broader financing sector.See more
Stay up to date
You can receive email update from ICAEW insights either daily, weekly or monthly, subscribe to whichever works for you.Sign up