Cold file audit compliance review

This helpsheet has been issued by ICAEW’s Technical Advisory Service to provide a checklist of matters to be addressed when conducting an audit compliance cold file review in accordance with the Audit Regulations and Guidance for Registered Auditors regulated by the ICAEW and the International Standard on Quality Control (UK) (ISQC 1).

Members may find the checklist requires additions and amendments to address their firm’s particular circumstances and for listed company, regulated or specialist audits, or audits not conducted under the Companies Act.

This checklist is for use when conducting audit compliance cold file reviews in respect of audits which have applied the revised International Standards on Auditing (UK) (ISAs).

Members may also wish to refer to the following related helpsheet:

• Whole firm audit compliance review

A Registered Auditor is required by Regulation 3.20 to monitor, at least once a year, how effectively it is complying with the Audit Regulations. The International Standard on Quality Control (UK) (ISQC 1) issued by the Financial Reporting Council (FRC) also requires a firm to monitor its policies and procedures relating to the system of quality control including a periodic inspection of a selection of completed engagements.

The annual compliance review is in two parts:

• a review of the firm’s compliance with its overall obligations (known as a whole firm review, see helpsheet Whole firm audit compliance review checklist) and
• cold reviews of completed audit work.

Cold file reviews are required every year for all firms

Cold file reviews are undertaken to ensure that the firm’s audit procedures, the FRC Ethical Standard (ES), the FRC International Standards on Auditing (ISAs) and the ICAEW Audit Regulations (Reg) have been complied with and that the accounts comply with all the appropriate disclosure requirements.

Cold file reviews should be conducted by persons with the appropriate expertise and authority (Reg 3.20). They should be done by someone independent of the audit team. Under ISQC1, the responsible individual and the engagement qualify control reviewer are not permitted to undertake the review.

Smaller firms may not have sufficient resource in-house to do independent reviews, and should therefore arrange for an external review at least every three years. However, the requirement to do cold file reviews every year still applies. Therefore such firms must still do a cold file review in the intervening two years, even if this is done by someone who was involved in the audit. If firms do not think they can do an effective review in-house, they should arrange an external review.

Where the reviewer is external to the practice, competence, independence, fit and proper status and confidentiality should be confirmed, preferably in writing. The scope of the review and reporting procedures to be adopted also need agreement. The reviewer’s liability, and an undertaking not to accept appointment for professional services in respect of clients reviewed, should also be considered (see Appendix 1). To protect the auditor against any claim of breaching client confidentiality, the client should be advised of external quality control reviews, normally within the engagement letter.

Once the review has been undertaken, the reviewer should consider the areas where issues of non-compliance have been identified and ensure that a suitable action plan has been agreed.

The results of the cold file review and the action plan should be communicated to those in the firm involved in the audit work.

• Cold File Audit Compliance Review Checklist
• Draft external reviewer declaration

Download the full helpsheet to access the documents:

• PDF
• Word

ICAEW members, affiliates, ICAEW students and staff in eligible firms with member firm access can discuss their specific situation with the Technical Advisory Service on +44 (0)1908 248 250 or via webchat.