ICPAK AUDIT MANUAL

4. ETHICAL REQUIREMENTS AND QUALITY CONTROL IN RELATION TO AUDIT

ENGAGEMENTS (INCORPORATING ISQC 1, ISA 220 AND COE)

Each firm should develop policies to comply with the requirements of ISQC 1 and the COE and
procedures to monitor compliance with such policies. While it is not possible to cover all the
requirements of ISQC 1 and the COE within the scope of this manual, this section provides a
framework which covers the key aspects of ISQC 1 and the CEO in relation to audit
engagements that firms may adopt in developing their policies and procedures. The policy and
procedures in relation to ISQC 1 and the CEO should be communicated to the firm’s personnel
and others subject to them.

4.1. Ethical Requirements in Respect to Audit Engagements

ISQC 1 requires that the firm establish policies and procedures designed to provide it with
reasonable assurance that the firm and its personnel comply with the relevant ethical
requirements, while ISA 220 requires the engagement partner to consider whether members of
the engagement team have complied with the ethical requirements.

The engagement partner must remain alert to evidence of non-compliance with ethical
requirements. If such matters come to the engagement partner’s attention through the firm’s
systems or through inquiry and observation during the engagement, the partner, along with other
partners, should determine the appropriate course of action.

Part A and Part B of the COE establishes fundamental principles which should be followed by
the firm and include:
 Integrity;
 Objectivity;
 Professional competence and due care;
 Confidentiality;
 Professional behaviour; and
 Independence.

4.1.1. Integrity and Objectivity

Integrity implies not merely honesty but also fair dealing and truthfulness. The principle of
Objectivity imposes an obligation on all professional accountants to be fair, intellectual, honest
and free of conflict of interest. While it is not possible to identify all potential cases of conflict of
interest, a professional accountant should be constantly conscious of and be alert to factors
which give rise to such conflicts. The following are some of the situations which may impair
objectivity:
 Undue pressure exerted by the client or an overbearing supervisor or partner. Relationships,
including family and personal, which allow prejudice, bias or influence should be avoided.
Reasonableness should prevail in establishing relationships that could impair objectivity.
 Accepting or offering gifts which might have a significant or improper influence on
professional judgement or which bring the profession into disrepute.
 Being asked to act contrary to a technical and / or a professional standard.

4. Quality Control 1 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

 Divided loyalty between the professional accountant’s superior and a professional standard.

Where ethical conflicts arise, the following should be considered:

 Review the conflict with an immediate superior. If this does not resolve the issue, then go to
the next higher level. Where the superior is involved in the conflict, then one should go to the
next higher level.
 Seek counselling on a confidentiality basis with an independent advisor or ICPAK.
 If the significant ethical conflict still exists, one should consider resigning from the position
and submit the appropriate details to an appropriate representative of the organisation. One
could also consider reporting to the issue to ICPAK.

4.1.2. Professional Competence

A professional accountant should not portray as having expertise or experience unless they
possess the necessary professional competence. Professional competence is obtained
through obtaining the necessary professional qualifications, practical experience and through
continuous professional development which includes keeping abreast of developments in the
accountancy profession.

4.1.3. Confidentiality

Professional accountants have a duty to maintain confidentiality on all information obtained

during the course of professional services and not to use such information for personal gain or
advantage or for the advantage of a third party. The duty continues even after the end of a
professional relationship with the client or with the employer who services the client. In certain
cases, the working papers may have to be availed to third parties where required by law or there
is a professional duty e.g. for quality control and peer reviews. To protect the firm, the instances
where the papers may be availed to third parties must be agreed with the client in the terms of
engagement. It is the duty of the firm to ensure that staff and persons who form part of the
engagement or from whom professional advice is obtained also respect the principle of
confidentiality.

Where required to disclose confidential information, the following points should be considered:
 Whether all the relevant facts are known and substantiated to the extent that it is practical to
do so. When the situation involves unsubstantiated facts or opinion, professional judgement
should be used in making the disclosure.
 The type of communication expected and the addressee. In particular, one should be
satisfied that the parties to whom the communication is to be addressed to are appropriate
recipients and have the responsibility to act on it.
 Whether any legal liability would be incurred and the consequences thereof. In all cases, it is
important to consult legal counsel and / or ICPAK.

4.1.4. Professional Behaviour

A professional accountant should not do anything that will bring himself, the firm or the
profession into disrepute.

4. Quality Control 2 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

4.1.5. Independence

Part B of the COE states that independence requires:

 Independence of mind that permits the provision of an opinion without being affected by
influences that compromise professional judgement, allowing an individual to act with
integrity, and exercise objectivity and professional scepticism.
 Independence in appearance which involves the avoidance of facts and circumstances that
are so significant that a reasonable and informed third party, having knowledge of all relevant
information, would reasonably conclude that the firm’s or a member of the engagement
team’s integrity, objectivity or professional scepticism have been compromised.

While it is not possible to list all potential threats to independence, the COE gives the following
instances which may affect independence:

 Self-interest threat which occurs when a firm or a member of the engagement team could
benefit from a financial interest or other self-interest conflict with client. These include:
 Direct financial interest or a material indirect financial interest.
 Loan or guarantee from the client or any of its directors of officers.
 Undue dependence on total fees from a client or a group.
 Concerns about the possibility of losing the engagement.
 Close business relationship with the client.
 Potential employment with the client.
 Contingency fees relating to assurance assignments.

 Self-review threat which occurs where any product or judgement of a previous assurance or
a non-assurance engagement needs to be re-evaluated in reaching conclusions on the
assurance engagement, or where a member of the engagement team was an employee in a
position to exert significant influence on an engagement related matter or was a director or
officer of the client.

 Advocacy threat which occurs when a firm or a member of the engagement team promotes
or may be perceived to promote the client’s position or opinion to the point that objectivity
may or perceived to be compromised. This may occur where the firm or member of the
engagement team promotes the debt or equity securities of the client or acts as an advocate
on behalf of the client in a litigation or dispute resolution with third parties.

 Familiarity threat which occurs when, by virtue of a close relationship with the client, it’s
directors, officers or employees, the firm or a member of the engagement team becomes too
sympathetic to the client’s interest. Such threats could occur where:
 An immediate family member of a person on the engagement team is an employee of the
client with the ability to exert significant influence on an engagement related matter, or is a
director or an officer of the assurance client.
 A former partner of the firm is an employee of the client with the ability to exert significant
influence on an engagement related matter, or is a director or an officer of the assurance
client.
 There is a long association of a senior member of the engagement team with the client.

4. Quality Control 3 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

 The firm or any member of the engagement team accepts a gift from the client, its directors,
officers or employees whose value is significant.

 Intimidation threat which occurs when a member of the engagement team may be deterred
from acting objectively and exercising professional scepticism by threats, actual or perceived,
from the directors, officers or employees of the client. Such threats could include:
 Threats over replacement over a disagreement with the application of an accounting
principle.
 Pressures to reduce inappropriately the scope of work or the fees.

The COE requires firms to adopt appropriate safeguards to eliminate threats or reduce them to
an acceptable level. The nature of the safeguard applied will vary depending on the individual
circumstances. Consideration should always be given to what a reasonable and informed third
party having knowledge of all the relevant information, including safeguards applied, would
reasonably conclude to be unacceptable threats to independence. All decisions should be
documented. Safeguards fall into three broad categories:

 Safeguards created by the profession, legislation or regulations which include:

 Education and training.
 Adherence to continuing professional development requirements.
 Adherence to professional standards, and monitoring and disciplinary procedures.
 External review of the firm’s quality control systems.
 Adherence to legislation governing the independence requirements of the firm.

 Safeguards with assurance clients which include ensuring that the:

 Client has competent employees to make managerial decisions.
 Policies and procedures promote fair financial reporting.
 Control environment is sound, and that the management has a positive attitude and
awareness concerning the internal controls and its importance in the entity.
 Management team is not dominated by one individual with unfettered powers to influence
matters affecting audit risk.
 There are no significant changes in management, those charged with governance or
shareholding which give rise to doubts over the client’s integrity.
 The client’s solvency and liquidity is not dependent on future plans which are ambitious and
not attainable.
 Internal procedures ensure objective choices in commissioning non-assurance
engagements.
 Corporate governance structures provide appropriate oversight and communication of the
firm’s activities.

 Safeguards within the firm’s own systems and procedure which include:
 Communication to the engagement team on the importance of independence and the
expectation that the members of the engagement team will act in the public interest.
 Developing policies and procedures to implement and adhere to, and monitor quality
control procedures and the COE.

4. Quality Control 4 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

 Developing procedures to identify and monitor threats to independence.

 Use of different partners or teams with separate reporting lines for the provision of non-
audit services to assurance clients.
 Developing policies and procedures to manage reliance on revenue from a single
assurance client or a related group.
 Prohibiting individuals who are not members of the assurance team from influencing the
outcome of assurance engagements.
 Communicating the firm’s policies and procedures and amendments thereto to all partners,
professional staff and all persons concerned with the assurance function through
appropriate communication channels, training and education.
 Designating an appropriate person or a group of persons with the relevant qualifications
and experience to oversee the firm’s systems of quality control, and developing a
disciplinary mechanism for non compliance.
 Developing engagement specific safeguards.

 Engagement specific safeguards include:

 Engagement quality control review.
 Consultation on difficult or contentious matters.
 Rotation of senior personnel.
 Maintaining open lines of communication with those charged with the client’s governance
including the audit committee on independence issues, nature of services provided and the
fees charged.
 Ensuring that the engagement team does not make or assume responsibility for the
management decisions of the client.
 Involving another team to re-perform the non-assurance services to the extent necessary to
enable it to take responsibility for that service.
 Removing an individual from the assurance team when that individual’s financial interests
or relationships create a threat to independence.

At least annually, the firm should obtain a written confirmation from its personnel that they have
complied with the independence requirements. A specimen Independence Confirmation is set
out in Appendix 1 of this section. ISA 220 states that it is the responsibility of the engagement
partner to ensure that the engagement team complies with the independence requirements for
each audit engagement. In particular, he should:
 Obtain relevant information from the firm and, where applicable, network firms to identify and
evaluate circumstances that could create threats to independence.
 Based on the firm’s polices and procedures, evaluate information on identified breaches to
determine whether they create a threat to independence for the audit engagement.
 Take appropriate action to eliminate such threats or reduce them to an acceptable level by
applying safeguards. The engagement partner should promptly report to the firm any failures
to resolve the matter for appropriate action.
 Document conclusions on independence and any relevant discussions with the firm that
support these conclusions.

4. Quality Control 5 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

Where the engagement partner concludes that the safeguards may not be able to eliminate or
reduce the threat to an acceptable level, he should with appropriate consultation, determine the
appropriate course of action which may include eliminating the activity or interest that creates
the threat or withdraw from the audit engagement. Such decisions and conclusions should be
documented.

4.1.6. Rotation of Engagement Partner

The COE requires that the engagement partner of listed companies be rotated after a pre-
defined period, normally not more than seven years. It also requires that the outgoing partner
should not participate in the audit engagement until a period of at least two years has elapsed
from the date of rotation. The Prudential Guideline 9 - Guideline on Appointment, Duties and
Responsibilities of External Auditors issued by the Central Bank of Kenya requires that the
engagement partner for an audit of a banking institution be rotated once every five years.

Each firm should establish its own criteria on rotation of the engagement partner and senior
members of the engagement team based on factors such as:
 The length of time that the individual member has been a member of the assurance team.
 The role of the person on the team.
 The structure of the firm.
 The nature of the assurance engagement.

The significance of the threat should be evaluated and, if the threat is other than significant, the
following safeguards should be considered:
 Rotating the senior personnel on the team.
 Involve an additional professional accountant who is not a member of the engagement team
to review the work done by the senior members or otherwise advice as necessary.
 Engagement quality control review.

In case of sole proprietors or small audit firms where the rotation of the engagement partner may
not be possible and there is no limit set by legal or professional requirements, it is a good
practice to rotate the audit manager on the team once every five to seven years and other senior
members of the team once every three years. The persons rotated should not participate in the
engagement for at least two years from the date of rotation. Moreover, such engagements must
undergo a quality control review at least once every five to seven years.

4.2. Quality Control

The firm should ensure that it fully complies with the quality control requirements as stipulated in
ISQC 1. Each partner and each of the firm’s personnel has a personal responsibility for quality
and is expected to comply with the firm’s requirements in respect to quality.

ISA 220 requires that the engagement partner take the responsibility for the overall quality on
each audit engagement he undertakes. The Manual covers the quality control requirements in
relation to audit engagements, but does not cover all the quality control requirements of ISQC 1.

4. Quality Control 6 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

4.3. Engagement Quality Control Review

ISQC 1 requires the firm to establish policies and procedures requiring, for appropriate
engagements, an engagement quality control review that provides an objective evaluation of
significant judgements made by the engagement team and the conclusions reached in arriving
at the audit opinion. An engagement quality control is required for all audits of listed entities. As
a guide, a quality control review should be carried out before the audit report is issued for:
 All audits of companies whose equity and debt securities are listed on a securities exchange.
 All companies which offer to the public investment and savings products including insurance
products, mutual funds, collective investment schemes, hedge funds, options, medical covers
and micro-finance schemes which have a savings element.
 All engagements of public interest entities. This would include audits of clients in the banks,
insurance companies, co-operative societies including SACCO’s and associations which are
of public nature and whose membership is open to the public.
 Engagements or classes of engagements which display unusual circumstances or risk. This
could include sectors facing an economic downturn.

The extent of the review depends on the complexity of the engagement and the risk that the
audit report may not be appropriate in the circumstances. Where the engagement quality control
reviewer makes recommendations that the engagement partner does not accept and the matter
is not resolved to the reviewer’s satisfaction, the report should not be issued until the matter is
resolved following the firm’s procedures for dealing with differences of opinion. This could
involve the use of an arbitrator who possesses the relevant experience and has the
independence to make appropriate recommendations.

Part E of the Manual contains Form 03.07 - Engagement Quality Control Review Notes
which should be used by the Engagement Quality Control Reviewer to record all points
arising from the review and the clearance of the issues the issues raised, while Form
03.08 - Engagement Quality Control Review Checklist provides areas which the
Engagement Quality Control Reviewer is required to cover during the review.

4.4. Engagement Quality Control Reviewer

ISQC 1 requires that the firm develops policies and procedures covering the appointment of
engagement quality control reviewers and establish their eligibility through defining the:
 Technical qualifications, experience and the authority required to perform the role.
 The degree to which an engagement quality control reviewer can be consulted on an
engagement without compromising the reviewer’s objectivity.

ISQC 1 defines an “engagement quality control reviewer” as a partner, other person in the firm,
suitably qualified external persons, or a team made up of such individuals, with sufficient and
appropriate experience and authority to objectively evaluate, before the auditor’s report is
issued, the significant judgements the engagement team has made and the conclusions they
reached in formulating the auditor’s report.

4. Quality Control 7 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

On the aspect of technical qualification and experience, as a minimum, the person should be
a member of a recognised professional accounting body with sufficient and appropriate
experience in handling the type of engagements being undertaken by the firm.

On the issue of authority, the reviewer should be sufficiently independent reporting directly to
the partner or the board of partners who have the ultimate responsibility for the firm’s system of
quality control. To ensure that the authority and the objectivity of the reviewer be maintained, he
should not:
 Be selected by the engagement partner.
 Participate in the engagement.
 Make decisions for the engagement team.
 Be subject to considerations that would threaten his objectivity.

In the case of sole proprietors and small firms, suitably qualified external persons may be
contracted to carry out the engagement quality control review, or alternatively the group of firms
may use each other to facilitate the reviews. In all such cases, it is important to ensure that the
authority of the reviewer is maintained. This is demonstrated by ensuring that all the procedures
in respect of the review are duly carried out, and that all the issues arising out of the review are
resolved to the satisfaction of the reviewer prior to the issue of the audit report.

The engagement partner may consult the engagement quality control reviewer, but such
consultations should not compromise the reviewer’s eligibility to perform the review or his
objectivity. Where such consultations compromise the objectivity, another suitably qualified
person should be engaged to take on the role of the engagement quality control reviewer or the
person to be consulted. Situations which may lead to the engagement quality control reviewer’s
objectivity being compromised when consulted include:
 Where the unadjusted errors are individually or collectively material.
 Which display unusual circumstances or risk.
 Of companies which are required by law or regulations to undergo such reviews.
 Where there are unresolved differences between the partner and other members of the
engagement team on fundamental matters, or engagements where the partner is going to
take a firm stand with the client on a particular accounting or disclosure issue or over fees.

4.5. Consultations

The engagement partner is responsible for undertaking appropriate consultation on difficult or

contentious matters which would include significant technical and ethical matters and
judgements and estimates, conclusions drawn from audit procedures adopted or any other
matter deemed appropriate. Consultations could also be undertaken where there are issues on
client acceptance and continuation considerations. Such consultations, through the use of
collective experience and the technical expertise of the team, help to promote quality and
improve the application of professional judgement. The firm should promote a culture in which
consultation is recognised as a strength and a key component of quality control and reduction of
audit risk.

4. Quality Control 8 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

Consultations should be obtained from individuals within or outside the firm who have the
specialised expertise to resolve such difficult or contentious matters. Effective consultation
requires that those consulted be given all the relevant facts that will enable them to provide
advice on technical, ethical or other matters. Sole proprietors and small firms which may not
have such expertise in-house should develop relationships with other practitioners, network
firms or other relevant bodies that have the necessary experience and expertise to provide such
consultations.
All consultations, including those obtained verbally, should be sufficiently documented to enable
an understanding of the issue on which the consultation was sought, the results of the
consultation, the decision taken and the basis of the decision, and how they were implemented.
It is also important to record as to who was consulted, and if necessary on highly technical
matters, the reason for selecting the person. Part E of the Manual contains Form 03.06 -
Consultations and Conclusions, which should be used to record all consultation and the
conclusions therefrom.

ISA 220 requires the engagement partner to:

 Be responsible for the engagement team undertaking appropriate consultation on difficult or
conscious matters.
 Be satisfied that appropriate consultation have been undertaken during the course of the
engagement both within the engagement team and between the engagement team and
others at appropriate levels within or outside the firm.
 Be satisfied that the nature and scope of, and conclusions resulting from such consultations
are documented and agreed with parties consulted.
 Determine that the conclusions resulting from the consultations have been implemented.

4.6. Resolving Differences in Opinions

There are a number of possible situations which could result in differences in opinion:
 Differences within the engagement team.
 Differences between the engagement partner and the engagement quality control reviewer.
 Differences between the engagement partner and those consulted.
 Difference within the firm on how to deal with a particular technical issue that affects a cross-
section of engagements.
 Differences between the engagement partner and the client.

The audit report should not be issued until all differences of opinion are satisfactorily resolved.
Each firm based on its size and structure, should develop a structure to resolve such
differences. This could involve the use of another practitioner who possesses the relevant
experience and has the independence to make appropriate recommendations.

All differences in opinion should be sufficiently documented to enable an understanding of the

issue on which the difference arose, the person consulted, the results of the consultation and the
basis on which the difference was resolved.

4. Quality Control 9 of 10
Version 1 – 6th October 2006
ICPAK AUDIT MANUAL

APPENDIX I: ANNUAL INDEPENDENCE CONFIRMATION

Objective: To obtain reasonable assurance that all partners and staff required to be independent by
the COE have complied with the firm’s policies and procedures on independence.

Yes / No
1. Do you or any members of your family (spouse or equivalent, dependents, parents,
non-dependent child or siblings) have a family or personal relationship with
directors or employees in positions of influence in the firm’s clients?
2. Do you or any member of your family (spouse or equivalent, dependents, parents,
non-dependent child or siblings) have a direct financial interest or material indirect
financial interest in any of the firm’s clients?
3. Do you or any member of your family (spouse or equivalent, dependents, parents,
non-dependent child or siblings) hold shares on trust for any of the firm’s clients?
4. Have you or any member of your family (spouse or equivalent, dependents,
parents, non-dependent child or siblings) received any financial support or any
benefit from any of the firm’s clients?
N.B.: This includes loans, grants, gifts of significant value of over Shs. and any
other financial support, either directly or indirectly.
5. Are you aware of any conflicts of interest that an engagement may create with any
of the firm’s existing clients?
6. Do you provide any services to any of the firm’s clients directly or indirectly through
your family (spouse or equivalent, dependents, parents, non-dependent child or
siblings) or other business associates?
7. Do you have any potential employment with, or have you been employed in the
last two years by any of the firm’s clients?
If the answer to any of the above questions is yes, or if you aware of any other threats to
your independence, provide full details including the client names in the space below or as
an attachment.

I confirm that I and my family (spouse or equivalent, dependents, parents, non-dependent child or siblings)
have, except where noted above, complied with all requirements of the firm’s independence policies and that
the above details are correct to the best of my knowledge and based on the information I have to the date of
this declaration. I undertake to keep the firm fully informed of any changes, within a week of them arising. I also
acknowledge that I am fully aware that the firm has the right to take disciplinary and other appropriate action if
any of the declaration above turns out to be false.

Name:___________________________ Signature: _____________________ Date: __________________

4. Quality Control 10 of 10
Version 1 – 6th October 2006