Auditing and Corporate Governance

ISA 220 (Revised): Quality Management for an Audit

Understand the ISA 220 (Revised) framework for quality management and the specific responsibilities placed on the auditor at the individual engagement level.

International Standard on Auditing (ISA) 220 (Revised) outlines the auditor’s responsibilities for managing quality at the individual audit engagement level. Effective for audits of financial statements for periods beginning on or after December 15, 2022, the standard requires a proactive approach from the engagement team to achieve a quality audit.

This standard operates within a firm’s larger system of quality management, established under International Standard on Quality Management (ISQM) 1. While the firm creates the overarching quality system, ISA 220 (Revised) applies to a single audit. It places direct responsibility on the audit engagement team, led by the engagement partner, to implement the firm’s quality policies and procedures on every audit performed.

The Engagement Partner’s Responsibilities

The engagement partner holds the ultimate responsibility for the quality of the audit engagement. This accountability covers the entirety of the engagement, from acceptance to the final audit report. The partner must be sufficiently and appropriately involved throughout the audit, using their leadership and experience to guide the engagement’s execution.

This leadership role requires the partner to take overall responsibility for the direction, supervision, and performance of the audit. They must set a tone that emphasizes professional ethics and skepticism. The partner ensures the audit plan is responsive to the assessed risks of material misstatement and is adjusted as necessary based on audit evidence. Their involvement includes reviewing audit documentation and discussing significant matters with the team, ensuring their expertise is applied to high-risk areas of the audit.

Core Quality Management Components

Relevant Ethical Requirements

Adherence to relevant ethical requirements, with a primary focus on independence, is a core component of quality management. The engagement partner must form a conclusion on compliance with independence requirements applicable to the audit. This involves a proactive process of identifying and evaluating threats to independence and taking appropriate action to eliminate them or reduce them to an acceptable level by applying safeguards.

This process begins by obtaining information from the firm to identify circumstances and relationships that create threats to independence. If a threat is identified, the partner is responsible for ensuring that appropriate safeguards are applied, such as removing an individual from the team or having an external professional review the work. The partner must remain alert for new information throughout the audit that might suggest a threat.

The engagement partner must also ensure all team members are aware of their independence obligations. If the partner becomes aware of a breach of an independence requirement, they must promptly report it to the appropriate person within the firm for action. The partner’s conclusion on independence must be documented, providing a clear record of the evaluation and actions taken.

Acceptance and Continuance

The process of accepting a new client or continuing with an existing one is an important quality control measure. The engagement partner must be satisfied that the firm has followed its policies for this process. This involves evaluating whether the firm and the engagement team have the competence, capabilities, and resources to perform the audit.

A key consideration in this process is the integrity of the client’s principal owners, key management, and those charged with governance. The partner must consider any information that calls their integrity into question, as this can directly impact the risk of material misstatement. If significant issues are identified, such as concerns about management’s integrity or the firm’s ability to remain independent, the partner must ensure these are resolved, which may lead to declining or withdrawing from the engagement.

Engagement Resources

The engagement partner is responsible for determining that the resources assigned to the audit are sufficient and appropriate. These resources fall into three main categories:

  • Human resources, which refers to engagement team members who collectively possess the appropriate competence, capabilities, and time to perform the audit.
  • Technological resources, which encompass the tools used in the audit, such as data analytics software and audit management systems.
  • Intellectual resources, which include the firm’s audit methodologies, industry-specific guides, and access to subject matter experts.

Performing the Audit Engagement

Direction, Supervision, and Review

The engagement partner is responsible for directing the engagement team to ensure the audit is performed in accordance with professional standards. This involves clearly communicating the nature, timing, and extent of planned audit procedures.

Supervision includes tracking the progress of the audit and addressing any significant matters that arise. The engagement partner must ensure that team members have a clear understanding of their responsibilities and that there is open communication. This allows for the timely identification and resolution of issues.

The review of audit work is a substantive evaluation of the work performed, the evidence obtained, and the conclusions reached. The engagement partner must be satisfied that the work of team members has been reviewed in accordance with the firm’s policies. This review must be sufficient to support the final audit opinion.

Consultation

The engagement partner is responsible for ensuring the engagement team undertakes appropriate consultation on difficult or contentious matters. This involves identifying situations where the team lacks the necessary expertise or where a high degree of judgment is involved. The partner must seek advice from appropriate internal or external sources.

The partner must be satisfied that the nature and scope of the consultation are appropriate and that the conclusions are properly implemented and understood by the team. The results of the consultation must be documented, including the issue, the identity of the consultant, and the conclusions reached. The partner is responsible for determining that these conclusions are properly reflected in the audit documentation.

Engagement Quality Review

For certain audits, an engagement quality review is a required part of the quality management process. This is a formal review conducted by an objective evaluator from outside the engagement team, known as the engagement quality reviewer. The engagement partner must cooperate with the reviewer and bring significant judgments made by the team to their attention.

This review is required for audits of listed entities and other audits that the firm’s policies designate as needing one. The reviewer evaluates the significant judgments made by the engagement team and the conclusions reached in the auditor’s report. The engagement partner is not permitted to date the auditor’s report until the engagement quality review is complete, ensuring any issues identified by the reviewer are addressed before the report is issued.

Monitoring and Documentation

Monitoring and Remediation

The engagement partner is responsible for monitoring quality management activities as the audit progresses. This ongoing process of observation and inquiry helps identify any instances where the quality management approach is not being followed or is ineffective. If the partner becomes aware of a deficiency in the firm’s system of quality management that could affect the audit, they are required to evaluate its impact and communicate it to the appropriate individuals within the firm. The partner must also take action to remediate any identified issues at the engagement level.

Documentation

The engagement partner must be satisfied that the audit documentation is sufficient to demonstrate how the requirements of ISA 220 (Revised) were met. This documentation serves as the evidence of the partner’s involvement and the basis for their conclusions on key quality matters.

The documentation should include records of:

  • Consultations on significant matters.
  • The review of the audit work.
  • The partner’s conclusion on compliance with independence requirements.
  • The completion of the engagement quality review, where applicable.

This creates a clear audit trail that supports the accountability of the engagement partner and the team. The partner must ensure that the final assembly of the audit file is completed on a timely basis after the date of the auditor’s report.

Previous

Audit Walkthrough: Purpose, Preparation, and Procedure

Back to Auditing and Corporate Governance
Next

The Audit Inquiry Letter: Purpose and Process