MODULE 1 THE AUDITING AND ASSURANCE FRAMEWORK + Theintemationalisation of auditing ‘Assurance environment © | + Regulation of auditing in Australia and New Zeslana + Ethical principles + Quality management standards + Description of attestation, direct, ‘Assurance engagement framework ——}-— reasonable and limited assurance engagements + Scope of the Framework + Elemants of an assurance engagement + Audits + Reviews + Historical non-financial reports “Typas of assurance engagements. ——|— * putwrecorionted information + systems and process ‘+ Aspects of behaviour + Performance of an activity + Application of ISAs, ISREs,ISAEs Applicaton of standards. = ——}—_ and ISRSs + Australian perspective + Evolving business models (Changing environment =< | —— * Climate-isk cisclosure + Technological nnavations ee eer ayLEARNING OBJECTIVES ‘After completing this module, you should be able to: 41.4 apply the International Framework for Assurance Engagements (te Framework) and the related standards and other guidance to assurance engagements 1.2 apply the Code of Ethics for Professional Accountants to assurance engagements, RELEVANT STANDARDS AND GUIDANCE MATERIALS International standards IESBA Intemational Cade of Ethics for Professional Accountants (nclucing Intemational Independence ‘Standards) International Framework for Assurance Engagements na na ISA 200 Overall Objectives of the Independent Auditor And the Conduct ofan Audit in Accordance with International Standards on Aualting ISA 220 (Revised) Quality Management for an Audit of Financial Statements IA 290 Audi Documentation ISA 300 Planning an Audi of Financial Statements ISA.315 (Revised) loentiving and Assessing the Risks of Material Mizstatement ISA 402 Aucit Considerations Relating to an Entity Using a Service Organization ISA 510 inital Auait Engagements — Opening Balances ISA 540 Revised) Auclting Accounting Estimates and Related Disclosures ISA 600 Special Considerations — Auclts of {Group Financial Statements (cluding the Werk of Compenent Aucitors) ISA 610 Revised) Using the Werk of internal Auditors ISA 800 Revisec) Special Considerations — Audits (of Financial Statements Prepared in Accordance with ‘Special Purpose Frameworks ISA 805 (Revised) Special Considerations ~ Audits of Single Financial Statements and Specific Elements, ‘Accounts of toms ofa Financial Statement ISA 810 (Revised) Engagements to Report on ‘Sunymary Financial Statements Australian standards APES 110 Code of Ethics for Profesional Accountants (ireluding independence Standards) Framework fr Assurance Engagements ASA 101 Preamble o AUASB Standards (Compiled) ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements [ASA 200 Overall Objectives of the Independent Auditor ‘and the Conduct ofan Audit in Accordance with ‘Austrian Auating Standards (Compiled) ‘ASA 220 Quality Management for an Ausit of Financial Roport and Other Historical nancial Information (Compiled) [ASA 280 Audit Documentation (Compiled) 'ASA 300 Planning an Aucit ofa Financial Report (Compiled) |ASA.15 Identiying and Assessing the Fisks of ‘Material Misstatement (Compiled) ‘ASA 402 Audting Considerations Relating to an Entity Using a Service Organisation (Compiled) [ASAIO Ital Audit Engagements — Opening Balances (Compiled) [ASA 540 Audting Accounting Estates and Related Disclosures (Compiled) [ASA 600 Special Considerations — Aucits of «Group Financial Report (Corspied) [ASA 610 Using the Work of ntonal Auditors (Comiled) [ASA 800 Special Considerations — Aucits of Financial Reports Prepared in Accordance with Special Purpose Frameworks (Compiled) [ASA 808 Special Considerations — Aucits of Single Financial Statements and Specific Elements, Accounts lor toms ofa Financial Statement (Compiled) [ASA 810 Engagements to Report on Summary Financial Statements 2 Advanced Audit and AssuranceISQM 1 Quality Management for Firms that Perform ‘Audits or Reviews of Financial Statements, or Other ‘Assurance or Related Services Engagements ISQM 2 Engagement Quaity Reviews SRE 2400 (Revieed) Engagements to Review Historical Fnancial Statements ISRE 2410 Review of Interim Financial Information Performed by the Independent Autor ofthe Entity a ISAE 3000 (Revised) Assurance Fogagements (Other than Aucits or Reviews of Historical Financial information na na SAE 2400 The Examination of Prospective Financia Information ISAE 3402 Assurance Reports on Controls ata Service Organization ISAE 3410 Assurance Engagements on Greenhouse Gas Statements SAE 3420 Assurance Engagements fo Report on the Compiation of Pro Ferma Financial nfermation Included in a Prospectus nia ria na SRS 4400 Revised) Agreed-Upon Procedures Engagements ISAS 4410 Revised) Compilation Engagements ra na nia ‘ASM 1 Qualty Management for Firms that Perform ‘Audits or Reviews of Financial Reports and Other Financial Inermation, or Other Assurance or Related Services Engagements ASQM 2 Engagement Qualty Reviews [ASRE 2400 Review of a Financial Report Performed bby.an Assurance Practitioner Who is Not the Auaitor of the Entity ASRE 2410 Review ofa Financial Report Performed by the Independent Autor ofthe Eniy (Compiled) [ASRE 2415 Review ofa Financial Report: Company Limited by Guarantee or an Entity Reporting under the ACNC Act or ther Applicable Legisiation or Regulation (Compiled) [ASAE 3000 Assurance Engagements Other than Aus cor Reviews of Historical Financial Information ASAE 3100 Compliance Engagements ASAE 3150 Assurance Engagements on Controls na ASAE 3402 Assurance Reports on Controls at a Service Organisation [ASAE 3410 Assurance Engagements on Greenhouse Gas Statements ASAE 8470 Assurance Engagements to Report fon the Complation of Pro Ferma Historical Financial information included in a Prospectus or other Document [ASAE 3450 Assurance Engagements involving Corporate Fundraisings andor Prospective Financial information [ASAE 3500 Performance Engagements ASAE S610/AWAS 2 Assurance Engagements on General Purpose Water Accounting Reports [ASRS 4400 Agreed-Upon Procedures Engagements na [ASRS 4450 Comfort Letter Engagements [APES 310 Clont Monies ‘APES 820 Quaity Management for Firs that provide Non-Assurance Services [Note ISA 600 Revised) elective for audits of Sinancil statements frp sods beginning ono alter Doseber 15,2023, MODULE 1 The Auditing and Assurance FrameworkPREVIEW This module begins by describing the assurance environment. The institutions behind the development of the International Framework for Assurance Engagements (the Framework), which shapes auditing and other assurance engagements, ae introduced. The regulation of auditing in Australia is also outlined, Next, the following key requirements of the assurance engagement framework are discussed: + ethical principles + quality management standards + description of assurance engagements + attestation and direct engagements + reasonable and limited assurance engagements + scope of the Framework + clements of an assurance engagement, The audit profession has developed its reputation, methodology and expertise through financial state- ‘ment audits and reviews and, in the public sector, on performance engagements, More recently, the profession has expanded its range of assurance services to cover numerous situations where there is a desire to have the credibility of report enhanced for users. ‘Some of the common types of assurance engagements are discussed, including: + audits and reviews of historical financial information + other assurance engagements {nancial information (c.g. sustainability or business performance reports) = fature-oriented information (c.g. prospectuses) systems and processes (c.g. internal control) = aspects of behaviour (c.g. compliance with regulations) = performance of an activity. Next, the module discusses the application of the standards, including + auditing standards that are applied to audits of historical financial information (ic. audits of financial statements) + review engagement standards + other assurance engagement standards + related services engagement standards, Lastly this module introduces material to be covered in subsequent modules, discusses how the business and regulatory environment is evolving and highlights potential impacts on the auditing profession largely due to technological innovations. 1.1 ASSURANCE ENVIRONMENT Assurance services are independent professional services that aim to improve the quality, relevance and reliability of information necessary for decision making. The terms ‘auditing’ and ‘assurance’ axe sometimes confused. An audit is a specific type of assurance engagement that focuses on historical financial information. That is, an audit is a subset of assurance engagements. As shown in table 1.1, assurance services are divided between: + audits of historical financial information + reviews of historical financial information + assurance engagements other than audits and reviews of historical financial information, Further information on the structure and hierarchy of assurance standards is provided later in this module, ‘The International Framework for Assurance Engagements (para. 7) defines assurance engagements as sn engagement in which a practitioner aims to obtain suiient appropiate evidence in order to express a conclusion designed to enltance the degree of confidence ofthe intended users other than the responsible party about the outcome ofthe messurement or evaluation ofan underlying subject matter agains criteria ‘This definition provides five essential elements of an assurance engagement. or an audit of financial statements, an auditor evaluates the presentation of the financial statements against criteria (e.g. accounting standards) and expresses a conclusion (audit report) based on their findings. ‘The audit is designed to provide users (such as shareholders) with a reasonable level of confidence about the truth and faimess of the financial statements. 4 Advanced Audit and AssuranceTABLE 1.1 Population of assurance services nnd Cee eee eee Level of assurance Reasonable Limited Reasonable olinted provided Examples, ‘Audit of financial Review of nancial _* Corporate social responsibilty (CSR) statements statements reports + Greenhouse ges (GHG) statements + Sustainability reports + Wiater accounting reports + Business performance measurement + integrated reports + Future-orented information + Systems and processes + Aspects of behaviour + Performance ofan activity International I5As 100-999 ISREs 2000-2699 _ISAFs 3000-3699 International standards International International Standards on Assurance Engagements Standards on ‘Standards on Review Auditing Engagements Source: CA Ausala 2023 Auditing and assurance arc governed by two separate but closely related sets of standards: auditing standards that are concerned with audits of historical financial information; and assurance standards that ate concemed with al other types of assurance engagements. Both the Intemational Standards on Auditing and International Standards on Review Engagements continually evolve to keep pace with changes in business and social expectations ‘The demand for assurance services continues to grow and so does the range of assurance services offered by public accountants, As a result, the role of regulators and regulation in maintaining the quality of the assurance services is pivotal. Assurance engagement providers aperate in a complex environment that is subject to a number of important influences, such as the internationalisation of auditing and regulation. ‘This section will explain these influences on the provision of assurance services, THE INTERNATIONALISATION OF AUDITING Auditing has become an international market with a large increase in the number of multinational corpora tions as audit clients, The auditing profession, the auditing standard-setting process and the regulatory process have also become internationalised. This internationalisation has led to the promulgation of international assurance pronouncements to harmonise auditing practices across jurisdictions, Figure 1.1 shows the structure and hierarchy of the international pronouncements, including the International Standards on Quality Management and the International Framework for Assurance Engagements. The Framework and Standards on Quality Management will be discussed in section 1.2, ‘The types of assurance engagements will be discussed in section 1.3, and the application of the standards ‘will be discussed in section 14 ‘The pronouncements shown in figure 1.1 govern assurance engagements conducted in accordance with International Standards. However, they do not override the local laws and regulations that govern historical financial statement audits or assurance engagements on other information that are required to be followed ina particular country Regulatory agencies implement and enforce laws and regulations. Globally, regulators want greater consistency in the delivery of quality audit services (Deloitte 2019), This includes increasing coordination ‘through the International Forum of Independent Audit Regulators (IFIAR) by ‘sharing knowledge, collaborating and promoting consistency in the way auditing is regulated’ (Deloitte 2019). The main regulatory agencies that have an impact on auditing and assurance engagements in a global setting include: + International Federation of Accountants (IFAC) + International Forum of Independent Audit Regulators (IFTAR) + International Bihics Standards Board for Accountants (IESBA) + International Auditing and Assurance Standards Board (TASB). MODULE 1 The Auditing and Assurance Framework[EERE or osrcererisissuad oy he ase ——— Sour: ernatonalAutting and Assrace Sands Board GAASE 2022 Handbook of Itermatonal Quali Cota ‘Auding Review Other Aturance and Related Services Pronouncement, 2021 ed, wl 1p, sted Feary 2025, Ip nach npc hundnok trata qay-conl- aia cnet asa and relteeraces International Federation of Accountants (IFAC) ‘The International Federation of Accountants (IFAC) is the global organisation for the accountancy profession dedicated to serving the public interest by strengthening the profession. With headquarters in Now York, IFAC's members are the associations of professional accountants from around the world ‘CPA Australia for example, is a member of IFAC. The IFAC council comprises one representative of each ‘member body. In 2021, IFAC had over 180 members from 130 countries and jurisdictions (IFAC 2021), International Forum of Independent Audit Regulators (IFIAR) ‘There has been increased oversight of the auditing profession by independent audit regulatory authorities, resulting in the formation in 2006 of the International Forum of Independent Audit Regulators (IFIAR), which in 2023 had a membership of S8 independent public oversight bodies (such as the Australian Securities and Investments Commission (ASIC) in Australia) from different counties (IFIAR 2023). International Ethics Standards Board for Accountants (IESBA) ‘The International Ethies Standards Board for Accountants (IESBA's) restructured code of ethics, the International Code of Ethics for Professional Accountants (including International Independence ‘Standards) (Whe Code), which was issued in April 2018, isthe fundamental pronouncement for assurance practitioners, The Code was developed with a view to enhancing ease of navigation, use and enforcement, ‘The Code, which was updated in 2022, tates that ‘a professional accountant shall comply with the Code (the Code, para, R100.6) except for parts where laws and regulations in a specific jurisdiction preclude ‘compliance, All other standards and related guidance issued by the IAASB shall be applied in the context of the ethical framework presented in the Code. Similarly, all standards other than the Code shall be applied in the context of the International Standards on Quality Management, It is not possible for a practitioner to comply with the standards without first complying with the Code. © Advanced Audit and AssuranceInternational Auditing and Assurance Standards Board (IAASB) ‘The International Auditing and Assurance Standards Board (AASB) is an independent standard-setting body that serves the public interest by setting high-quality international standards fr auditing. quality control, review, olher assurance, and related services, and by facilitating the ‘convergence of international and national standards (IASB 2023), ‘The convergence of intemational and national standards enhances the quality and consistency of practice throughout the world and strengthens the public’s confidence in the global auditing and assurance profession. ‘The IASB develops and issues standards for three types of assurance engagements: audits, review ‘engagements and other assurance engagements. 1. International Standards on Auditing (ISAs) — to be applied to the audit of historical financial information. 2, International Standards on Review Engagements (ISREs) — to be applied to the review of historical financial information 3. Intemational Standards on Assurance Engagements (ISAEs) — to be applied in assurance engagements dealing with information other than historical financial information (e.g. prospectuses, sustainability reports) Information that is ‘other than historical financial’ may be future oriented and/or non-financial ‘The application of these standards will be discussed later in this module. As shown in figure 1.1 the IAASB also issues International Standards on Related Services (ISRSs), which are not assurance ‘engagements (in that they are not designed to offer a degree of assurance), but which do utilise assurance type. evidence-gathering procedures (c.g, agreed procedures engagements to report factual findings). This ‘will be discussed in more detail in module 5 Tn addition, the TASB issue other pronouncements such as the International Framework for Assurance Engagements and A Framework for Audit Quality. Both of these frameworks are discussed in section 1.2 REGULATION OF AUDITING IN AUSTRALIA ‘This section describes Australian institutional arrangements surrounding the Australian auditing pro- nouncements, which are based on the international pronouncements. ‘There are a number of regulators and institutions that have an impact on the audit process, either directly or indirectly. They include the: + Financial Reporting Council (FRC) + Australian Securities and Investments Commission (ASIC) + Accounting Professional and Ethical Standards Board (APESB) + Auditing and Assurance Standards Board (AUASB) + Companies Auditors and Liguidators Disciplinary Board (CALDB) + Australian Securities Exchange (ASX) + professional accounting bodies: = CPA Australia = Chartered Accountants Australia and New Zealand (CA ANZ) — Institute of Public Accountants (IPA) Financial Reporting Council (FRC) ‘The Financial Reporting Couneil (FRC) is an independent statutory agency that was established in 1999 to oversee the accounting standards-setting process Is duties were expanded in 2005 to include the oversight, of the auditing standard-seting process and the monitoring of auditor independence. Its responsibilities include appointing the members of the AUASB. Australian Securities and Investments Commission (ASIC) ‘The Australian Securities and Investments Commission (ASIC) is an independent Commonwealth body that was set up under the Australian Securities and Investments Commission Act 2001 (Cwlth) (ASIC Act), ASIC carries out most of its work under the Corporations Act 2001 (Cwith) (Corporations Act) ASIC regulates the corporate markets and financial services sectors in Australia by overseeing activities to protect investors, Their aim is to ensure investors have access to adequate information, are treated fairly and have adequate avenues for redress. Of particular interest to auditors is the expanded role of ASIC in recent years to include responsibility for reviewing the quality of audit work performed ‘(Leung etal. 2019) MODULE 1 The Auditing and Assurance Framework 7is responsibilities with regard tothe oversight ofthe auditing profession include registration of auditors, enforcement of rules regarding auditor independence and use of auditing standards, and inspection of uit firms, Accounting Professional and Ethical Standards Board (APESB) ‘The Accounting Professional and Ethical Standards Board (APESB) is responsible for setting ethical standards in Australia. It is funded by the professional accounting bodies in Australia (however, its ‘members are independent). It is responsible for setting standards on quality management, ethical conduct and compliance with auditing and assurance standards, Australian Auditing and Assurance Standards Board (AUASB) The Australian Auditing and Assurance Standards Board (AUASB) was established in Australia as an independent statutory agency under the ASIC Act, The AUASB's mandate requires it to consider revisions and improvements to the pronouncements initiated by the IASB, ‘The Australian Framework for Assurance Engagements (Australian Framework) conforms with the International Framework for Assurance Engagements (the Framework) with only minor differences, Pronouncements are issued in Australia by the AUASB and are, in general, the same as the pronounce- ments of the [AASB. However, they are nor identical to the international pronouncements and differences mainly arise to accommodate the requirements of Australian legislation. Differences also arise because the Australian Auditing Standards (ASAs) include a small number of paragraphs that are not found in the ISAs, These paragraphs are labelled Aus (e.g. Aus 14), and in most cases, Aus paragraphs impose requirements on Australian auditors that are additional to those found in the international standards Figure 1.2 illustrates a simplified version of the AUASB standard-setting process and identifies the procedures followed when international or Australian technical issues axe identified and research and. Consultation with stakeholders are undertaken prior to issuing a standard or other pronouncement, (simplifed) AUASS Austraan ‘Strategic directives, stakeholders ‘oversight, ae ‘frameworks and y cere] erty technical Develop ED and Consider feedback Jang complete AASB ~~ - Meee ‘submission y and supporting Issue Standard and materials > supporting materials final Standard Seal Postimplemantation eee peak review ‘compkance Source: Bused on Ausealian Auditing and Assurance Standards Board (AUASB) 2020, Due Process Framework for Developing, fring and Moitaining AUASB Pronoancements and Other Pblrations December, pA, secosed Febriary 2025 Ini aac gov sladminlie/conten | 02/eDueProsesPramework_12-20 pa 8 Advanced Audit and AssuranceTable 1.2 shows the equivalent Australian pronouncements to the international pronouncements cover- ing various aspects of audit and assurance engagements. TABLE 1.2 Equivalent Australian pronouncements ary Board (CADB) ‘The CADB is astatutory body initially established as the Companies Auditors and Liquidators Disciplinary Board (CALDB) in 1990. It heats applications from ASIC to determine whether auditors or liquidators hhave breached the Corporations Act. It also has the power to impose a penalty if it determines that a registered auditor or liquidator has failed to carry out duties properly or is nota fit and proper person to ‘be registered. Penalties include the cancellation or suspension of registration, an imposition of restrictions ‘on conduct, or an admonition (Leung et al. 2018). CADB members are appointed by the Treasurer based on the requirements of the ASIC Act and have a breadth of knowledge and experience encompassing the law, accounting and business (Leung et al. 2019), The Australian Securities Exchange (ASX) ‘The ASX is also an important participant in the market, but itis not a regulator. The ASX became a public company in 1998 and operates as the main national securities exchange for equities, derivatives and fixed-interest securities. It facilitates capital raisings and trading for listed companies, settlement and capital matching, and provides comprehensive market data and information to a range of users. The ASX describes itself as ‘an integrated exchange offering listings, trading. clearing, settlement, technical and information services, technology, data and other post-ttade services’ (ASX 2023), To list a company on the ASX, there are a number of Listing Rules designed to protect investors ‘The Listing Rules are enforceable against listed entities under the requitements of the Corporations Act. Listing Rules create obligations that are additional and complementary to the statutory obligations under the Corporations Act. One pasticular example of the enhanced requirements under the Listing Rules is Listing Rule 4.10.3, which requires an entity to make a statement of the extent to which their corporate ‘governance practices have followed the best practice recommendations of the ASX Corporate Governance Council and disclose reasons for any non-conformity. Another example of enhanced requirements is in relation to continuous disclosure, where Listing Rule 3.1 requires that once a company becomes aware of ‘any information that a reasonable person would expect to have a material effect on the price of value ff its securities, it should inform the market. The ASX has a role in maintaining the integrity of the capital market, Professional Accounting Bodies Professional accounting bodies represent the interests of their members by lobbying governments and provide the framework for self-regulation, where permitted by statute. Professional bodies also administer ‘raining and examinations for students and members. There are three professional accounting bodies in ‘Australia, They ate’ + CPA Australia + Chartered Accountants Australia New Zealand + Institute of Public Accountants ‘CPA Austral (CPA Australiais a professional body with more than 170 000 members working as finance, accounting and business professionals, academics, and public servants in Australia and around the world. CPA Australia’s ccore services to their members include education, training, technical support and advocacy. To become a CPA itis necessary to undertake the CPA Program and have three years of work experience mentored by member of CPA Australia, MODULE 1 The Auditing and Assurance Framework 8Chartered Accountants Australia and New Zealand (CA ANZ) CA ANZ is a professional body with more than 135000 members working in public practice (including the Big-4 and mid-tier chartered accounting firms), industry, academia and government. Its members work in Australia, New Zealand and more than 100 other countries. To become a chartered accountant itis nevessaty to undertake the Chartered Accountants (CA) Program, which combines study and mentored work experience, Institute of Public Accountants (IPA) The IPA is a professional body with more than 42000 members working in industry, commerce, government, academia and public practice, To become an IPA member it is necessary to meet eligible accounting qualifications equivalent to the IPA Program Stage 1 and industry experience equivalent to the Mentored Experience Program. An alternative path is available for those who have a current membership with an IFAC Member level body. ‘Several private and public sector organisations are associated with the public accounting profes- ‘ion. The following are functions pertaining to these organisations. 1. Hear applications from ASIC to determine whether auditors have breached the Corporations Act. 2. Oversee the accounting standards-setting process. 3. Formulate auditing standards and audit guidance statements. Regulate the distribution and trading of securities offered for public sale. . Establish a code of professional ethics. (Oversee the Australian Auditing and Assurance Standards Board 7. Issue auditing standards. 8, Take punitive action against an independent auaitor, 8, Establish quality management standards for audit work. (0. Unclertake investigation of perceived breaches of the Corporations Act. Indicate the organisation associated with each activity. pao REGULATION OF AUDITING IN NEW ZEALAND In the previous (wo sections we have described the regulation of auditors and institutional arrangements around auditing pronouncements inthe international setting and then some specific Australian differences. Here we consider the New Zealand environment. ‘The Extemal Reporting Board (XRB) is an independent Crown entity established under the Financial Reporting Act 1993 with the following functions: 1. developing and implementing an overall strategy for financial reporting standards and auditing and assurance standards (including developing and implementing ers of financial reporting and assurance) 2. preparing and issuing accounting standards; 5. preparing and issuing auditing and assurance standards, including the professional and ethical standards chat wll govern the professional conduct of auditors; and 4. liaising wath national and international organisations that exercise functions that correspond with, or are similar o, those conferred on the XRB (FRC 2022). ‘The XRB consists of the New Zealand Accounting Standards Board (NZASB) and the New Zealand Auditing and Assurance Standards Board (NZAUASB), The auditing and assurance standards issued by the NZAUASB consist of four suites of standards: 1. Professional and Ethical Standards: these ate the professional and ethical standards applying to assurance practitioners issued by the XRB Board/NZAUASB. 2. Auditing Standards: apply to the conduct of audit engagements (reasonable assurance) undertaken by assurance practitioners. 3. Review Standards: apply to the conduct of review engagements (limited assurance) undertaken by assurance practitioners. 4, Other Assurance Engagement Standards: apply to the conduct of assurance engagements (other than on historical financial information) undertaken by assurance practitioners (XRB 2023). 10. Advanced Audit and AssuranceThe key strategic objectives set out by the XRB Board for the NZAUASB related to harmonisation are: 1. to adopt international auditing and assurance standards to apply in strong reasons why we should not 2. [for] the NZAUASB and AUASB (to work] together towards the establishment, over time, of a harmonised st of assurance standards based on itexnational standards (XRB 2022), sw Zealand, unless there ate very ‘The equivalent of the Australian regulator (ASIC) in New Zealand is the Financial Markets Authority (EMA), which is an independent Crown authority responsible for ensuring public confidence in New Zealand financial markets. Its responsibilities include: + the licensing of New Zealand and overseas auditors and audit firms + monitoring the audit firm performance + performing quality reviews of New Zealand audit firms and auditors + overseeing and monitoring accredited bodies to make sure they carry out thei statutory duties. Further details of the FMA's role can be obtained from the Auditor Regulation and Oversight Plan 2019-2022 (FMA 2019), “The key points covered in this part, and the learning objectives they align to, are as follows, 1.1 Apply the International Framework for Assurance Engagements (the Framework) and the rlated standards and other guidance to assurance engagements. + The Intemational Framework for Assurance Engagements distinguishes assurance engage- ments from other engagements and provides a hierarchy of standards applicable to different engagements. 1.2 Apply the Code of Ethics for Professional Accountants to assurance engagements. * All professional accountants have to comply with the fundamental sthical principles set out in the Code. 1.2 ASSURANCE ENGAGEMENT FRAMEWORK ‘The International Framework for Assurance Engagements (the Framework) issued by the IAASB applies to all assurance engagements. It helps in understanding the engagements to which ISAs, ISREs and ISABs apply. Engagements for non-assurance and related services including consulting engagements are outside the scope of this Framework, but accountants undertaking such engagements must also adhere to the IESBA International Code of Ethics for Professional Accountants (including International Independence Standards) (dhe Code). The Framework is not a standard and does not include any requirements for performance. The Framework refers to the applicable assurance standards and the Code where requite- ‘ments ae prescribed. As such, this section will outline information contained in the Framework as well ‘as requirements of the Code and applicable standards. Matters contained in the Framework that will be discussed in this section include: + ethical principles + quality management standards + description of assurance engagements + attestation and direct engagements reasonable and limited assurance engagements + scope of the Framework + elements of an assurance engagement = three-part relationship — underlying subject matter = criteria = evidence = assurance report. ETHICAL PRINCIPLES ‘The Framework specifies that firms that perform assurance engagements must comply with the fun- damental ethical principles outlined in IESBA’s Code. The Code’s conceptual framework (the Code, MODULE 1 The Auditing and Assurance Framework 115,120) outlines circumstances in which threats to compliance with the fundamental principles may occur, ‘The Code’s conceptual framework also specifies how accountants may identify, evaluate and address the Uhreats by eliminating them or reducing them to an acceptable level, The Code IFAC established the IESBA to develop ethical principles for accountants. IESBA's Code is the central standard. The Ethics and Governance subject ofthe CPA Program examines the Code in depth. The aspects of the Code that ate of particular interest to assurance practitioners are discussed next. The Code is divided into four pasts + Part | introduces and describes the fundamental principles and conceptual framework + Part 2 applies to professional accountants in business + Part 3 applies to professional accountants in public practice. + Part 4 covers independence standards for: = 4A audits and review engagements = 4B other assurance and non-assurance engagements. ‘After providing an overview of the fundamental principles included in Part 1 of the Code, this section will focus on Part 3 “Professional accountants in publie practice’, which includes professional accountants in the auditing and assurance profession, Part 3 is extensive and describes many of the circumstances and relationships that could be encountered by an assurance practitioner and the associated threats to compliance with the fundamental ethical principles. This will be followed by a review of the independence requirements outlined in Part 4 of the Code, Part 2 is outside the scope of this study guide as it concentrates on the Code that relates to professional accountants in business. Fundamental Principles The Code begins by establishing the fundamental principles of professional conduct and outlining the requirements and application of the conceptual framework to identify, evaluate and address the threats (0 compliance with the fundamental principles set out in the Code. The following (opies are discussed next, + Fundamental principles (the Code, s. 110) ~ integrity = objectivity — professional competence and due care = confidentiality — professional behaviour. + Conceptual framework (dhe Code, s. 120) = threats and safeguards. Integrity The principle of integrity imposes an obligation on professional accountants to be straightforward and ‘honest (the Code, para. R111). Objectivity Accountants, and in particular auditors, may be exposed to numerous situations that could reduce objectivity in their professional judgements. Therefore, they have a duty to avoid relationships or situations that allow prejudice, bias, conflict of interest or the undue influence of others, which might compromise their professional and business judgements (the Code, para, R112.1), Professional Competence and Due Care ‘The principle of professional competence and due care (the Code, para. R113.1) is an obligation that thas two distinct parts: (@) Attaining and maintaining professional knowledge and skills necessary to provide competent professional service tothe client (b) To act ‘diligently and in accordance with applicable technical and professional standards’ (the Code, para. R113.1(b)) ‘This obligation requires continuing awareness of relevant technical, professional and business developments, which can be obtained through continuing professional develepment (the Code, para. 113.1 A2). The Code explains that ‘diligence encompasses the responsibility to act in accordance with the requirements of an assignment, carefully, thoroughly and on a timely basis’ (the Code, para. 113.1 A3). Professional accountants are required to decline a job unless they possess the necessary skills to perform it properly. 12. Advanced Audit and AssuranceBrenda Jones is a newly qualified accountant who is carrying out her first audit as the in-charge auditor for a construction company cliont thats engaged in arange of long-term contracts. Brenda has litle experience of these types of clients and the accounting requirements in relation to long term contracts. John Bull is the CFO of the clint — heis a busy man and has a notorious reputation {for being unfriendly te auditers. It has become apparent that Brenda has not fully understood the accounting issues involved and has avoided asking the necessary questions of John Bull to gain {an understanding of the company's transactions and the necessary audit work required to obtain evidence on the long-term contract transactions. ‘As Brenda's supervisor, how would you explain to her the importance of professionalism, using the International Code of Ethics for Professional Accountants (including Intemational Independence Standards) and particularly referring to its guidance on competence? What advice would you give as to how she should proceed? Confidentiality A professional accountant must respect the confidentiality of information acquired as a result of professional and business relationships. They must not + use the information for the personal advantage of themselves or third parties + disclose any such information (o third parties without proper and specific authority, unless there are responsibilities under law, regulation or relevant ethical requirements to disclose (the Code, para. R114.1) Circumstances where disclosure of confidential information may be required or appropriate include: {@) Disclosure is required by law, for example: (@) Production of documents or other provision of evidence in the course of legal proceedings; ot (ii) Disclosure to the appropriate public authorities of infeingements of the law that come to lik (©) Disclosuee is permitted by law and is authorized hy te cient or the employing organization; and (©) There is a profesional duty or right to disclose, when not prohibited bylaw: (@) To comply with the quality eview of a professional body: (@ To respond to an inquiry or investigation by a professional ar regulatory body, (ji) To protect the professional interests of a professional accountant in legal proceedings; or (Gv) To comply with technical and professional standards, including ethics requirements (the Code, para, 114.1 AL) Professional Behaviour ‘An accountant must demonstrate professional behaviour by complying with relevant laws and regulations and avoid any conduct that discredits the profession (the Code, para. R115.1). They must actin a way that promotes the good reputation of the profession. Threats and Safeguards ‘Using the conceptual framework approach recommended by the Code, members must identify any threats to compliance with the fundamental principles, evaluate those threats and address threats to compliance ‘with the fundamental principles in section 110 of the Code, Where the threats are significant, members ‘must apply safeguards to eliminate them or reduce them to an acceptable level (i, so that compliance with the fundamental principles is no longer compromised). If members cannot implement appropriate safeguards, they must either decline or discontinue the specific professional service, or consider resigning from the client or employer. Compliance with the fundamental ethical principles can be jeopardised by a range of threats, + Self-interest threat may occur as a result of the financial or other interests of a professional accountant. Self-review threat may occur when the assurance team needs to form an opinion on their work or work performed by others in their fir, + Advocacy threat may occur when an auditor is asked to promote or represent their client in some particular way. This could happen when a client asks the auditor to promote their shares on the stock exchange, argue their client's position on a proposed accounting disclosure or represent them in a court cease. The auditor's objectivity may be impaired. Further, the auditor’s independence of mind and in appearance could be compromised, + Familiarity threat may occur when a professional accountant becomes too accepting of, of too sympathetic towards, a clients interests and/or works. This might occur if a professional accountant develops a close or longstanding relationship with a client. MODULE 1 The Auditing and Assurance Framework 13+ Intimidation threat may occur when a professional accountant is deterred from acting objectively. because of actual or perceived threats (the Code, para, 120.6 A3) Many of the safeguards that eliminate or reduce threats are discussed in the Code, Safeguards may be created by the following, + ‘The profession, legislation or regulation — for example: — the issue of quality standards, member education, establishment of code of ethics, and the enactment of legislation such as the Corporations Act and the ASIC Act. + In the work environment ofthe assurance client — for example: — when the client’s management appoints the auditor, people other than management ratifying or approving the appointment the client having competent employees to make managerial decisions policies and procedures emphasising the client's commitment to ir financial reporting internal procedures ensuring objective choices in commissioning non-audit work strong corporate governance, including an effective audit committee. + In the work environment ofthe aualt firm — for example: — systems and procedures to ensure compliance with ethical standards (e.g. rules on share ownership, relationship with clients, client acceptance procedures) — partner rotation policies to enhance audit partner independence = peer review policies to provide other partners with feedback In exercising judgement on the significance of threats and safeguards, accountants must consider what a reasonable and informed third party would likely conclude on whether compliance with the fundamental principles has been compromised. You should now read paragraphs 200.1-200.8 of Part 2 of the Code, ‘Professional accountants in business’, which provide guidance on identifying, evaluating and addressing threats. Professional Accountants in Public Practice Part 3 of the Code, ‘Professional accountants in public practice’, provides guidance on applying the conceptual framework from Part 1. In this section, we consider specific issues relevant to public practitioners, including + conflicts of interest + professional appointments + second opinions + fees and other types of remuneration + inducements (including gifts and hospitality) + custody of client assets + responding to non-compliance with laws and regulations. You should now read paragraphs 300.6-310.13 of Part 3 of the Code, ‘Professional accountants in Public practice’, which provide many examples of the various threats and safeguards for professional ‘accountants in public practice. Conflicts of Interest A professional accountant should not allow a conflict of interest to compromise their professional judgement. ‘A conflict of interest creates threats to compliance with the principle of objectivity and might create threats to compliance with the other fundamental principles” (the Code, para, 310.2). Such threats ‘may be cteated, for example, when the interests of the client and the professional accountant conflict or ‘when a professional accountant in public practice performs services for two or mote clients whose interests are in conflict. In these circumstances, its the responsibility of the professional accountant to notify the relevant parties that they are acting for two or more parties whose respective interests are in conflict and obtain their consent to so act. ‘Safeguards to address threats created by a contlict of interest include: 1. Having separate engagement teams: ‘confidentiality. 2. Having an appropriate reviewer, who s not involved in providing the sevice or otherwise affected by the conflict, review the work performed toassess whether the key judgments and conclusions are appropriate (the Code, para. 310.8 A3), are provided with clear policies and procedures on maintaining Professional Appointments Before accepting a new client, a professional accountant in public practice must determine whether acceptance would create any threats to compliance with the fundamental principles, 14 Advanced Audit and Assurance+ A threat to integrity or professional behaviour may be created from behaviours of the ‘elient (ls owners, ‘management or activities), such as ‘illegal activities, dishonesty, questionable financial reporting practices or other unethical behavior’ (Uhe Code, para. 320.3 Al). The professional accountant can safeguard against this threat by obtaining knowledge and understanding of the client or securing the client’s commitment to address the questionable behaviours, + A threat to professional competence and due care arises if the engagement team does not passes the competencies necessary to properly carry out the engagement. In these circumstances, an obvious safeguard would be for the practitioner to acquire knowledge of the relevant industry and its regulatory In Australia, there are additional requirements that apply to the appointment of auditors. Ifthe auditor has been an officer or audit-crtical employee of the proposed client within the 12 months immediately before the proposed audit period, accepting an appointment is not permitted (Corporations Act, s. 324) In respect of a change of auditor, an accountant who is asked to replace an existing auditor will generally need to obtain the prospective client's permission to communicate withthe existing auditor. On receipt of permission, they should request the necessary information to enable a decision to be made as to whether the ‘aadit engagement should be accepted, If permission is not granted, the accountant must carefully consider if ae appointment should be declined. In this situation, the accountant must take reasonable steps to obtain {information by other means about the circumstances of the change of appointment and any possible treats. ‘These steps include enquiries of thitd parties or background investigations of senior management or those charged with governance of the prospective client (the Code, paras 320.4-320.5 Al). Second Opinions In accounting, an intimidation threat arises when a client succeeds in obtaining a second opinion favourable 1 their position — for example, an opinion on the use of particular accounting policies — and uses this to apply pressure on the existing accountant. The fundamental principle threatened is objectivity. Safeguards include the accountant who is asked to provide the second opinion seeking client permission to contact the existing accountant, describing the limitations surrounding the opinion with the client as well as providing the existing accountant with a copy of the second opinion (the Code, para. 321.3 A3), Fees and Other Types of Remuneration Even though auditors, may quote whatever fee they consider as appropriate, quating fees that arc too low ‘may make it difficult forthe auditor to perform the assurance engagement in accordance with the applicable technical and professional standards. This is ikely to impact on the principle of professional competence ‘and due care, Safeguards to address this type of self-interest threat include: + Adjusting the level of fees or the scope of the engagement + Having an appropriate reviewer review the work performed (the Cade, para, 330.3 Ad), Additionally, contingent fees may create a threat to compliance with the principle of objectivity. Having ‘an appropriate reviewer review the work performed or obtaining a written agreement with the client on the basis of remuneration prior (o commencement of work may address such self-interest risks (the Code, para, 330.4 A3), A self-interest threat ‘with the principles of objectivity and professional competence and due care is created if a professional accountant pays or receives a referral fee or commission relating to a client” (the Code, para. 330.5 Al), Such self-interest threats can be addressed by having the client ‘outline commission arrangements prior {o commencing work or ‘disclosing to clients any referral fees or ‘commission arrangements’ with other professional accountants (the Code, para, 330.5 2), Inducements — Gifts and Hospitality Professional accountants may find themselves in situations where they, or their immediate or close family ‘members, are offered inducements to influence their behaviour, such as: + Gites + Hospitaiy + Boterainment + Political or charitable donations + Appeals to friendship and loyalty + Employment or other commercial opportunites + Preferential treatment, sights or privileges (the Case, para. 340.4 A). MODULE 1 The Auditing and Assurance Framework 18Offers of inducements may create self-interest, familisrty or intimidation threats to the principles of Integrity, objectivity or professional behaviour (the Code, para, 340.2). Professional accountants need to understand and comply with the relevant laws and regulations as offering or accepting inducements are prohibited in many jurisdictions Custody of Client Assets A professional accountant should not take “custody of client money or other assets unless permitted to do so by law” because doing so may create a self-interest threat to the principles of professional behaviour and objectivity (the Code, para, R350.3). Before taking custody, a professional accountant should make enquiries about the source of the assets as they may be derived from illegal activities such as money laundering. After taking custody of client money ot other assets, a professional accountant must comply with the relevant laws and regulations, keep the assets separate from personal of firm assets, use them only for the intended purpose and be ready to account for them at all times (the Code, para, R350.5), Responding to Non-Compliance with Laws and Regulations The Code incorporates the IESBA’s standard, Responding to Non-Compliance with Laws and Regulations (NOCLAR), which became effective in July 2017 UESBA 2017). The Code sets out an approach to guide professional accountants who encounter of become aware of a potential NOCLAR committed by a client (the Code, s. 360), Section 360 of the Code outlines provisions relevant o professionals in public practice, which are also reflected in auditing standards, as explained in module 2. ‘While providing professional services toa client, a professional accountant may encounter or be made aware of non-compliance or suspected non-compliance with laws and regulations. Regardless ofthe nature of the client, including whether or not itis a public-interest entity, the accountant has a responsibility to act in the public imerest. If they encounter, or are made aware of NOCLAR, their objectives are (@) To comply withthe principles of integrity and professional behavior, (@) By alerting management or, where appropriate, those charged with governance ofthe client, ta seck to: (6) Enable them to rectify, remediate or mitigate the consequences of identified or suspected non-compliance; (Gi) Deter the commission ofthe non-compliance where it has not yet occurred: and (6) To take such further action as appropriate in the publi interest (the Code, para. 360.4, ‘The following circumstances raise questions about an auditor's ethical conduct. ‘An auditor accepts an engagement knowing that they do not have the specialist knowledge required ‘An auditor discloses confidential information about a client to a successor auditor. ‘An audit firm advertises their firm as ‘The best auditing firm in the country’ te attract new clients. ‘A public accountant agrees to be the committee chairperson for a local fundraising activity. ‘An auditor accepts a Christmas gift from a client. ‘An auditor accepts an engagement for a firm managed by his sibling who is the CEO of the firm, ‘An auditor has a bank lean with a bank thatis an audit client. ‘An auditor retains a client's records as a means of enforcing payment of an overdue auait fee. 4. Discuss the fundamental principles of the International Code of Ethics for Professional ‘Accountants (including International Independence Standards) in relation to each of the above. 2. Indicate, in each of the above circumstances, whether the effect on professional ethics Is (a Violation, (ij net a violation or (i) indeterminate, and explain. Independence Independence is generally considered to be the cornerstone of the auditing and assurance profession. The definition of independence in the Code stresses thatthe accountant must be independent both of mind and in appearance. Accordingly, the accountant must act with integrity, and exercise objectivity, professional judgement and professional scepticism, In addition, the accountant must remain alert for new information, changes in facts and circumstances and avoid circumstances that a reasonable and informed third party might think indicate that a member's integrity, objectivity or professional scepticism has been compromised. The reasonable person must perceive that the accountant is impartial and free of bias. When fraudulent practices and large business 16 Advanced Audit and Assurancefailures occur without apparent warning, the independence of the profession is questioned. As a result, the Code establishes a conceptual framework that requires a member to identify, evaluate and address threats to compliance with the fundamental principles (the Code, para, 120.2), ‘The Code provides extensive application material in Part 4A describing numerous circumstances of Ubeats to independence and safeguards to reduce these threats, One of the major features of the Code is the independence requirements in relation to long association of personnel with an audit client, in particular the audit partner rotation requirements (the Code, s. 540). Audit partner rotation and independence requirements in relation to the conduct of an audit are discussed further in module 2, Under the Corporations Act, ASIChas responsibility forthe surveillance, investigation and enforcement ‘of auditor independence. Principles of Professional Conduct Identity the fundamental principles of professional conduct outlined in the Code that are under threat for teach of the situations below, (@) You become aware that one of your clients is inoWed in legal activites. (@) Your largest clent (and the related ees) is growing at a much quicker rate than the rest of your business. The cller’sfe0s have increases tem 109% to 16% of your frm’s total feos, (6) Youare the auditor ofa cant whose CEO Is your long-time next-door neighbour (@) othe past, you have not caried out audits of creit unions. Most of your clients are clubs and small local businesses. You decide to taka on a credit union as a new client and hope thera is @ professional evelopment program available to update your sta on specialised issues for this industry (6) The audit assistant is asked to randomly select ten items for a stock Ist, then sight and count the Falovant invantary. The assistant solec's tho ton tems, fads ne, and is tod the tenth itam fein te lt. ‘The assistant is wearing naw clothes and, krowing how dusty the lft is, nstead ranciomy selects and locates another tem. (0. A partner recolvod a loan fiom an audit clont that is an Australan crodt union. (@) Amombe: of your assurance team is considering resignng to take up ajob oer with the assurance clent during the year (h) Aprospeatve clent asks for an aut to be completed within a month to meet bank requirements. It ofers 28 fxed foe plus a bonus for completing the auc on tee, Acurrent cent, for whom you have provided consulting sevice that involved hiring francial accounting staff and des ning an information system, asks for an auot to be completed within a month to meet bank raquitements. ft ofars a fxad fea for complting the auelt on ta but thora is no bonus attach © Anavett managers concerned that ther ellent ie not investing tal funds wisely By having large amounts ff casi in the Bank. To halp the client without attending the ban manager, the auat manager explains this Issue to a frend who @ qualfied ‘nancial adviser, who then sends the relevant information to the client ‘The ausit firm places an advertsoment stating they have had fewer legal suits than any other fem of accountants in Australia or Asia, ‘Check your response agains the suggested answer atthe end of the book, Independence Policies and Procedures ‘Auclt fms are required to comply with independence requirements. % For aach ofthe three sted auc frm requirements, describe practical policies and procedures a frm could Implement to ensure complnce, 1. Audit frms must have polcies and procedures to provide reasonable assurance that the frm and its ‘personnel maintain nagpenclence. 2. Audit frms must communicate with and educate partners and professional staf, including nor-aucit personnal, to ensure they understand the indepandence policies that relate to ther actives. 3. Aut rms must maintain adequate records to identiy, communicate and monitor complance with spaciic Independence requirements (e.g. prohisied investment Ist) (Check your response against the suggested answer at the end ofthe book MODULE 1 The Auditing and Assurance Framework 17‘Australian Perspective Note that in Australia, the APESB issued APES 110 Code of Ethics for Professional Accountants (including Independence Standards}, which is based on the Code in both structure and content. The updated APES 110 code is now in effect. You should now read the Preface section of APES 110 on the application of APES 110 to members of CPA Australia and auditors who conduct audits in Australia ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements states that the auditor, assurance practitioner, engagement quality reviewer, and firm shall comply with the Code. ‘ASA 102 was designed to suit Australian law so there is no equivalent ISA. It allows references to ethical requirements in other AUASB standards to remain current, Whenever APES 110 is amended, the AUASB amends ASA 102, thereby climinating the need to amend other AUASB standards, QUALITY MANAGEMENT STANDARDS: ‘The Framework specifies that ethical principles, independence requirements and quality management (QM) within firms are widely recognised as being in the public interest and are an integral part of high-quality assurance engagements, The Framework outlines that professional accountants performing assurance engagements are subject to ISQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements and ISQM 2 Engagement Quality Reviews ‘The auditing standard ISA 220 (Revised) Quality Management for an Audit of Financial Statements discusses specific engagement matters, Much of the content of ISQM 1 is repeated in ISA 220 (Revised), but as indicated, the difference is that ISA 220 (Revised) relates (o the specific engagement while ISQM 1 is broader and relates to the audit firm as a whole. Some detailed requirements of ISA 220 (Revised) are covered in the modules. In Australia and New Zealand, APES 320 Quality Management {for Firms that provide Non-Assurance Services cavers the quality management of firms that provide nan- assurance services. Following changes (o the international standards on quality management, the [AASB issued the ISQM standards in December 2020. The new quality management changes aim to address the following: + Enhancing the robustness of frm’s systems of quality control through various means, including = Introducing a more proactive and tailored approach to managing quality = Increasing firm leadership responsibilies and accountahility, and improving firm governance. = More rigorous monitoring of systems of quality control and more effective remediation etiiencies, + Modemizing the standard for an evelving and inezeasingly complex environmen, including adsessing the impact of technology, networks, and use of external service providers + Improving the scalability ofthe standard AASB 2020), ISQM 1 establishes basic principles and essential procedures for firms to establish and maintain a system of quality management for assurance engagements. Some key elements of quality management will be discussed, followed by an overview of the Framework for Quality Management. Elements of Quality Management Some key areas where firms should focus their attention when managing quality of engagements performed by the firm are: 1. risk assessment process (ISQM I, paras 23-27) 2. governance and leadership (ISQM 1, para. 28) 3, relevant ethical requirements (ISQM 1. para, 29) 4, acceptance and continuance of client relationships and specific engagements (ISQM 1, para. 30) 5, engagement performance (ISQM |, para. 31) 6 1 resources (ISQM 1, para. 32) information and comnvunication (ISQM 1, para, 33) 8, monitoring and remediation process (SQM 1, paras 3547). Risk Assessment Process The firm is required to design and implement risk assessment processes including establishing quality objectives, identifying and assessing risks, and subsequently designing and implementing its response to address the risks identified 18 Advanced Audit and AssuranceAssessment of quality risks commences with getting an understanding of the conditions, events, circumstances, actions or inactions that could negatively affect the achievement of quality objectives. + Examples of factors that should be considered with respect to the nature of the firm could include the complexity and operating characteristics of the firm, its strategic and operational decisions, characteristics and management style of leadership, firm resources, the legal environment and the network the firm belongs to, + Examples of factors affecting nature of engagements performed by the firm include the types of engagements it performs and the type of reports issued, and the types of entities for which those engagements are undertaken, Following the identification of such risks, the firm is required to design and implement responses to address the risks. Additionally, policies should be in place to identify information that could indicate the requirement for changes in the nature or circumstances of the firm or its engagements. Read ISQM 1, paragraphs 23-27 and A39-A54, for discussions on these responsibilities. Governance and Leadership ‘The firm's cultue is a key factor influencing the behaviour ofits employees. The firm is required to demonstrate & commitment to quality through its culture. The leadership of the firm is responsible and accountable for quality, and they should demonstrate this commitment through their actions and behaviours. The structure ofthe firm and the assignment of roles responsibilities and authority is essential to allow the design, implementation and operation of quality management. Tho resources required for the implementation of these responsibilities, including financial resources. should be obtained and allocated in a manner that isin adherence tothe firm's commitment to quality ‘Read ISQM 1, paragraph 28 and paragraphs ASS-A6I, for discussions on these responsibilities. Relevant Ethical Requirements ‘The assurance firm should develop, document and implement policies and procedures to guide and reinforce ethical behaviour. These include independence policies describing permitted and prohibited ‘behaviour reflecting the advice in the Code, and independence consultations that allow staif and partners to refer independence threats to relevant partners so that timely action can be taken. Systems that support ethical behaviour include databases to match staff disclosures with a prohibited securities list, and (in ‘Austraia) tracking the firm's management of the auditor rotation requirements of the Corporations Act Read ISQM 1, paragraph 29 and paragraphs A62-A74, for discussions on these responsibilities. ISA 220 (Revised) explains the ethical requirements, including independence, of the engagement team in relation to audit engagements. In particular, the engagement partner should have a good understanding ‘of the relevant ethical requirements that are applicable to the audit engagement. The engagement partner should also take responsibility for other members of the engagement team being made aware of ethical requirements including (@) Mentiying, evaluating and addressing threats to compliance with relevant ethical requirements including those zlated to independ (©) Circumstances that may cause a breach of relevant ethical requirements, including those related to independence, andthe responsibilities of members of the engagement team when they become aware of breaches; and (©) The responsibilities of members ofthe engagement (eam when they become aware ofan instance of ‘non-compliance with laws and regulations by the entity (SA 220 (Revised), para. 17) Further, if @ threat to compliance arises, the partner should evaluate the threat through compliance with firm policies and procedures to take appropriate action. ‘The engagement partner should also remain alert through the audit for breaches of relevant ethical requirements. If matters come to the partner's attention through the system of quality management, or other sources, the partner, in consultation with others in the firm, should take appropriate action. Prior to dating the auditor's report, the partner should also take responsibilty for determining if all relevant ethical requirements, including those related to independence, have been fulfilled Non-compliance can be at the firm level (e.g. the control system to monitor employee ownership of shares in listed companies is not adequate) or atthe individual client level e.g. the audit manager and the (CFO axe related), In most firms, senior personnel (¢ g. risk management partners) will be assigned to Look alter these issues atthe firm level. However, individual partners are responsible at the engagement level. ASIC’s 2022 audit inspection report discusses compliance with these independence requirements, ‘The objective of this audit inspection process is to improve confidence in the quality of financial reports MODULE 1 The Auditing and Assurance Framework 18which would help keep markets and investors informed. However, there were some instances of non- compliance, For example, several instances did not obtain reasonable assurance that the statement as a whole was free of material misstatements. That is, auditors did not have sufficient basis to support their opinion on the financial report Examples such as these can undermine actual or apparent independence of auditors ‘Acceptance and Continuance of Client Relationships and Specific Engagements The assurance firm should establish the following objectives to address the acceptance and continuance of client relationships. {@) Judgements by the firm abou: whether to accep ‘appropriate based on: (@) Information obained about the naure and circumstances ofthe engagement and the integrity and chieal values of the client, that i sufficient to support suc judgments; and (i) The firm's ability to perform the engagement in accordance with professional standards and applicable legal and regulatory requirements, (@) The financial and operational priorities ofthe frm do not ead toinappropriate judgments about whether te accept of continue a client relationship oe specific engagement (ISQM 1, para, 30) continue scien relationship or specific engagement ‘The acceptance and continuance decisions should focus on independence considerations, possible conflicts of interest and the ability to provide requisite skills to conduct the audit (e.g. whether the firm has staff with the required expertise to do this aut) For each engagement, the engagement partner should determine the firm’s policies or procedures relating to the acceptance and continuance of client relationships, and make sure that the conclusions reached are appropriate (ISA 220 (Revised), para, 22), While planning and performing the audit, the partner should also consider specific significant account-related information in the acceptance and continuance process, fhe engagement team becomes aware of information that would have caused the firm to decline the audit (had that information been available earlier) the pariner should communicate the information promptly within the firm so that the firm and partner can take the necessary actions (ISA 220 (Revised), para, 24), Read ISQM I, paragraph 30 and paragraphs A67-A74, for discussions on these responsibilities. List four factors that the flrm may consider when deciding whether appropriate resources are available to perform the audit. Engagement Performance The following quality objectives address the performance of quality engagements: (@) Engagement veams undesstand and fll their responsibilities in connection withthe engagements () The nature, timing and extent of direction and supervision of engagement teams and review of the ‘work performed is appropriate based onthe nature and circumstances ofthe engagements .. (This also means that the work performed by les experienced engagement team members is directed, supervised and reviewed by more experienced engagement team members. (6) Engagement teams exercise appropriate professional judgment, including professional skepticism (@) Consultation om difficult or contentious matiers is underiaken and the conclusions agreed are implemented. (6) Differences of opinion within the engagement team, of between the engagement team and the engagement quality reviewer ot indiviguals performing activites within the firm's system of quality management are brought tothe attention of the firm and resolved (© Engagement documentation is assembled on a timely basis after the date of the engagement report, and is appropriately maintained and retained to meet the needs of the fim and comply with law, regulation, selevant ethical requirements, or professional standards (ISQM 1, para. 31). Direction, Supervision and Review As before, the responsibility for the direction and supervision of the team members should lie with the partner. Their work would also need to be reviewed by the partner (ISA 220 (Revised), para, 29), The partner should also determine that the nature, timing and extent of direction, supervision and @ Pi and performed in accordance with the firm's policies or procedures, professional standards sd applicable legal and regulatory requirements; and 20 Advanced Audit and Assurance(©) Responsive to the nature and circumstances of the audit engagement and the resources assigned or rade availabe to the engagement team hy the frm (ISA 220 (Revised, para 30), Review of relevant auditing documentation should be conducted by the partner at appropriate times, ‘This documentation could be considered important based on significant matters, significant judgements and other matters that, inthe partner's professional judgement, are relevant tothe partner's responsibilities. ‘The partner should also determine, by the date of the audit report or before, that sufficient and appropriate audit evidence has been obtained (ISA 220 (Revised), paras 31-32) Read ISQM 1, paragraph 31 and paragraphs A75-A85, for discussions on these responsibilities. Consultation Consultation is an important responsibility of the engagement partner. This includes the requirements to: (a) Take responsibilty forthe engagement team undertaking (appropriate) consultation on dificult or contentious matert (&) Determine that members of the engagement team have undertaken appropriate consultation during the audit engagement, both within the engagement team, and between the engagement team and others at the appropriate level within or outside the firm (©) Determine thatthe nature and scope of, and conclusions resulting from, su with the party consulted; and (6) Determine that conclusions agreed have been implemented (ISA 220 (Revised), para 35). consultations are agreed In most assurance firms, specialist partners are available for consultation on technical or complex aspects of auditing and accounting issues, tax, systems and legal matters. Often, a technical query database is compiled and firms designate partners to consult on conflict of interest and independence issues. In addition, many firms have a mentoring scheme in place where audit staf are assigned to a mentor who is a more senior auditor, The mentor provides the staff member with career planning advice and can be another source of consultation when needed Tis common for the larger firms to emphasise their culture of consultation, For example, the professional services firm Frnst & Young (BY) states that thei consultation policies are built upon a culture of cellaboration, whereby audit professionals ae encouraged. to share perspectives on complex accounting, auditing and reporting issues. Consultation requirements and zelated polices are designed to involve the ight resources so that util teams reach appropriate conclusions (Ernst & Young Australia 2018, p 1D. Engagement Quality Review For audit engagements in which a quality review is required, the partner should * confirm the appointment of a quality reviewer + ensure cooperation with the reviewer and ensure other members have been informed of their esponsi- bility to cooperate with the reviewer also + ensure tha significant maters and judgements have been discussed with the reviewer + ensure the auditor's report is not dated until the quality review has been completed (ISA 220 (Revised) para. 36). ‘An Engagement Quality Review policy should identity + the natuze, timing and extent of an engagement quality review + criteria for eligibility of an engagement quality reviewer + documentation required of an engagement quality review + how diferences of opinion are tobe resolved Read ISQM 1, paragraphs 34, A133-137 and AISS, for discussions on these responsibilities, in addition to ISQM 2. Differences of Opinion Ifthe team and the reviewer (or any assurance member) experiences differences of opinion, relevant firm policies need to be followed in resolving such differences. ‘The engagement partner shal (a) Take responsibility for differences of opinion being addressed and resolved in accordance with the firm's policies or procedures: (@) Determine that conclusions reached axe documented and implemeated; and (©) Not date the auditor's report until any differences of opinion are resolved (ISA 220 (Revised), par. 38) MODULE 1 The Auditing and Assurance Framework 21Resources Quality objectives need to be appropriately established by the audit firm to ensure that the design, implementation and operation of the system of quality management can be met, This can be through obtaining, developing, using, maintaining, allocating and assigning resources in a timely manner: Human Resources (@) Personnel ae hited, developed and retained and have the [necessary] competence and capabilities (@) Personnel demonstiate a commitment to quality through thei actions and behaviors (6) Individuals are obtained from extemal sources... when the firm does net have sufficient or appropriate personnel to enable the operation of [the] firm's system of quality management (@ Engagement team members ace assigned to each engagement [hased on their] competenes and capabilities, (6) Individuals are assigned to perform activities within the system of quality management who have appropriate competence and capabilites Technological Resources (9, Appropriate technological resources are abtsined or developed, implemented, maintained, and used, to tenable the operation of the firm's eystem of quality management Intellectual Resources () Appropsiate intellectual resources are obtained or developed, implemented, maintained, and used, to tenable the operation ofthe firm's system of quality management... and such inelletual resources are consistent with professional standards and applicable legal and regulatory requirements Service Providers (0) Human, technological or intellectual resources feom service providers are appropriate for use in the firm's system of quality management ..0SQM 1, para. 32). Sufficient and appropriate resources required to perform the audit should be assigned and allocated by the partner in a timely manner (ISA 220 (Revised), para. 25). The partner should also ensure that individuals who provide direct assistance, including the members of the team, and any auditor’s experts and internal auditors possess appropriate competence and capabilities, which includes the time to perform the audit (ISA 220 (Revised), para, 26). However, ifthe pariner concludes that resources are insufficient or inappropriate after complying withthe standard, they should take necessary action, such as by raising it with the appropriate personnel (ISA 220 (Revised), para. 27). Information and Communication In order (o appropriately obiain, generate or use the information regarding quality management systems ‘and communicate such information with the firm or external parties, the following objectives should be established (@) The information system identifies, captures, processes and maintains relevant and reliable informa tion that supports the system of quality management, whether from intemal of external sources (Bet: Pare, AIO-AI11) (@) The culture ofthe fim recognizes and reinforces the responsibility of personnel to exchange informs- tion with the firm and with one another. (Ref: Para. A112) Relevant and reliable information is exchanged throughout the firm and with engagemest teams, including: (Ref: Para. A112) (@) Informations communicatedto personnel and engagement teams, andthe nature, ning and extent ofthe information is sufficient to enable them to understand and carry out thie responsibilities relating to performing activities within the system af quality management or engagements; and (Gd) Personne! and engagement teams communicate information tothe firm when performing activities within the system of quality management or engagements (@) Relevant and reliable information is communicated o external pastes, including: (@) Information is communicated by the firm to or within the firm's network oo service providers, i any, enabling the network or service providers to fulfil their responsibilities relating tothe network requirements or network services or resources provided by them: and (Ref: Para. ALI3) (i) Information is communicated externally when required by law, regulation or professional stan- dards, orto suppor extemal partes’ understand (Ref Para. AL4-A115) (SQM 1, para 33). © cof the system of quality management Read ISQM 1, paragraphs 33 and A109-A11S, for discussions on these responsibilities. 22 Advanced Audit and AssuranceProvide some examples of when law, regulation or professional standards may require the firm to communicate information to external parties, Monitoring and Remediation Process “Monitoring” refers to the ongoing examination of quality management systems and procedures to ensure that they are appropriate and are carried out consistently and properly. Remediation relates to the firm responding to the identified deficiencies by taking any necessary actions. These changes need to be implemented in a timely manner. Designing and Performing Monitoring Activities ‘The assurance firm should design and perform monitoring activities to help identify deficiencies (ISQM 1 para. 36). When determining the nature, timing and extent of monitoring activites, the audit firm should (@) The seasons forthe assessments given tothe quality risks (©) The design ofthe responses; (6) The design ofthe firm's risk assessment process and monitoring and remediation process; (@) Changes in the system of quality management (@) The results of previous monitoring activities, whether previous monitoring activities continue fo be relevant in evaluating the fiem’s system of quality management and whether remedial actions to adress the previously identified deficiencies were effective; and (© Other relevant information... (SQM 1, para 37) Inspection of completed audits needs to be included in the audit firm's monitoring activities. These should identify which engagement partners to be selected for each engagement. Additionally, necessary policies and procedures need to be established to ensure that the individuals performing the monitoring activities have the necessary competence, capabilities and time to perform the activities, and address the ‘objectivity of such individuals (ISQM 1, paras 38-39), Evaluating Findings and Identifying Deficiencies ‘The audit firm should evaluate findings to help them identify if deficiencies exist. These could include any deficiencies related to the monitoring and remediation process (ISQM I, para. 40). Evaluating Identified Deficiencies ‘The audit firm should check the significance of the deficiencies by referring (o the severity and pervasive- ness of the deficiencies, and also investigate the root cause of the deficiency. These deficiencies need to bbe evaluated on an individual and an aggregate basis (ISQM 1, pare. 41). Responding to Identified Deficiencies ‘After the identification of the deficiencies, the audit firm should conduct a oot cause analysis and should design and implement corrective actions on the basis of this analysis. The responsible individuals in the ‘monitoring and remediation process should check if the proposed actions ate appropriate to addvess the root cause issues identified (SQM 1, paras 42-43), Ongoing Communication Related to Monitoring and Remediation ‘The individuals assigned responsiblity for the monitoring and remediation process should communicate the deficiencies to the individuals who arc assigned the final responsibility of the management system. ‘This should be done on a timely basis. This communication should include the deficiencies along with the severity of the deficiency and the remedial actions undertaken (ISQM 1, para, 46) As per ISA 220 (Revised) (para, 39), the engagement partner should take responsibility for: (a) Obtaining an understanding ofthe information from te firm's monitoring and remediation process, nation from the monitoring and remediation process ofthe network including, as applicable, the and across the network firms (b) Determining the relevance and effect on the audit engagement of the information refered to in paragraph 39(a) and take appropriate action; and MODULE 1 The Auditing and Assurance Framework 23(6) Remaining alex throughout the audit engagement for information that may be relevant tothe firm's ‘monitoring and remediation process and communicate such information to those responsible for the process. Read ISQM 1, paragraphs 35-47 and A138-A174, for discussions on these responsibilities. Inspection Programs in Australia ‘As mentioned previously, in addition to an audit firm’s internal monitoring process, external monitoring also takes place. In Australia, for example, in order (o review compliance with audit quality and auditor independence requirements, ASIC started an audit firm inspection program in 2004, The purpose of the inspection program is to focus on audit quality and promote compliance with the requirements of the Corporations Act, auditing standards, and professional and ethical standards. The audit firms to be Inspected are selected based on a number of criteria, but there is an emphasis on audit firms that audit publicly listed or public interest entities. With auditing moving beyond national borders, there is a need for effective global auditor oversight. ASIC, through its membership of IFIAR. has sought arrangements with other international audit oversight bodies with the intention of conducting work either jointly or on. their behalf, ASIC regularly releases a report of its inspection program. At the time of writing, the most recent report released was in October 2022 and related to ASIC's audit inspection program for the 12 months to 30 June 2022 (ASIC 2022). The report posits that, to improve audit quality, audit firms should: + identify root causes of negative findings from internal quality reviews of their audits + develop and implement action plans to address those identified root causes + monitor and revise action plans to ensure their effectiveness (ASIC 2022, p. 3). ‘The previous version of the standard did not mandate root cause analyses. However, following the recent adoption of the amended standard (ISQM 1/ASQM 1), firms will be required to conduct root cause analyses. As further evidence of monitoring, in 2013, Australis mandated the preparation and release of lransparency reports by the larger audit firms of significant entities, with a focus on the disclosure of their Internal governance systems, Under section 322 of the Corporations Act, all audit firms must publish a transparency report on their website if they have conducted audits under the Corporations Act of ten or more significant entities. Just over 20 audit firms in Australia are required to publish such reports. The information to be published includes: + description of the firm or company's legal structure and ownership + adescription of the auditor's governance structure and internal quality management system + a statement by the management body on the effectiveness of the functioning of the internal quality ‘management system + information concerning the basis for remuneration of the audit firm’s partners or the authorised audit company's directors (ASIC 2013). ‘The KPMG Transparency Report 2022 for auditors can be viewed at htips://kpmg.com/aulen/homel insights/2022/10transparency-report-2022. htm] Outline procedures that a firm could implement to demonstrate its commitment to quality above ‘commercial considerations. Isqm 2 Building on the requirements of ISQM 1, ISQM2 Engagement Quality Reviews applies to all engagements for which an engagement quality review is required by ISQM 1 (SQM 2, para. 2). Following this, ISQM 2 addresses the guidelines relating to the appointment and eligibility of the reviewer. In addition, this standard focuses on the reviewer's responsibilities relating to the performance and documentation of ‘a quality review (ISQM 2, para, 1), with some key content outlined as follows. + Appointment and eligibility: The assurance firm should establish policies or procedures to ensure that reviewers ate competent, have the requited capabilities and the appropriate authority to fulfil their responsibility. These policies and procedures, as well as requiring that the reviewer not be a member of the engagement teams, should also require thatthe reviewer 24 Advanced Audit and Assurance