NBAA Seminar on Accounting & Auditing

15th Feb. 2023 Malaika Beach Resort – Mwanza

Adopting and Implementing New International

Standards on Quality Management
(1) ISQM 1: Quality Management for Firms that
Perform Audits or Reviews of Financial
Statements, or Other Assurance or Related
Services Engagements

(2) ISQM 2: Engagement Quality Review (EQR)

Presentation by CPA Joseph Sheffu

Quality, Quality & Quality
IFAC Audit Quality Management Standards
Driving greater confidence
and trust in the economy
and functioning of the
markets by:
• Responding to a changing
environment
• Improving the robustness
and effectiveness of the
quality management
standards
• Addressing growing
market participant needs
Rationale
 Address the most relevant public interest issues related to
Firms’ systems of quality control
 Financial
crisis, major audit failures, technological
advancements
 Corporate Governance & business practices have evolved,
hence the need for us to align to these development
 Growing public interest, address SME practitioners' issues
 Pervasive inspection findings, lessons learned
 Related services are increasingly prominent
 Uphold our professionalism/relevance
 Suite of QM standards; ISQM 1,2, ISA 220R
ISQM 1: Firm/Organisational Level
International Standard on Quality
Management 1 (ISQM 1)

Quality Management for Firms that

Perform Audits or Reviews of Financial
Statements, or Other Assurance or
Related Services Engagements
ISQM 1: The System and Its Components

❑New focus on quality

management, through a risk-
based approach
❑Evolved from a linear and siloed
system, to a system that
operates in an iterative and
integrated manner
❑Proactive approach, with a
continual flow of remediation
and improvement
❑Tailored system, scalable to the
nature and circumstances of the
firm and the engagements it
performs
Quality Elements/Components – old Vs new
ISQC 1 - Elements ISQM 1 Components
1 Leadership responsibilities 1 Governance and leadership
for quality within the firm
2 The firm’s risk assessment process
2 Relevant ethical 3 Relevant ethical requirements
requirements
3 Acceptance and continuance 4 Acceptance and continuance of client
of client relationships and relationships and specific engagements
specific engagements
4 Human resources
5 Engagement performance 5 Engagement performance
6 Resources
7 Information and communication
6 Monitoring 8 The monitoring and remediation process
What’s new – Scope

 Same – Audit FS, reviews & other assurance or relates

services
 Remains – Firm level Standard, ISQM 2 deals with Firm’s
responsibility for EQR and role of EQRr, whereas ISA220 (R)
deals with engagement level auditor responsibility
 ISQM 1 is more descriptive on Design, Implementation &
Operationalisation of FQMS
 It requires Firms to incorporate local laws and regulations
into its design of FQMS
 To be read in conjunction with Ethical standards
What’s new – establishing Quality
Objectives
 ISQC 1: Establish and maintain systems of QC……providing
reasonable assurance…
 Firm & its people comply
 Reports/products are appropriate

 ISQM 1: Design, Implement & Operate FQMS for assurance……..

providing reasonable assurance….
 Firm & its people comply
 Reports/products are appropriate
Firm’s Quality Objectives
Relationship between FSQM components:
Governance & leadership

Setting the tone at the Top

 Firms Strategic Plans, Financial & Operational Decisions,
puts Firms Quality & Public Interest at the forefront
 Culture reflects Firms Quality and Public Interest at the
forefront
 Firms must mind its public perception about it, poorly
Governed perceived to lack public interest
 Demonstrate commitment to quality through walking-the-
talk, role modelling
 Demonstrate Public Interest priority over financial gains
Governance & leadership

 Appropriate organisation structure that support FQMS

 Establish environment & quality culture,
 Establish expected behaviours of leaders & personnel
 CEO or chairperson, ultimate responsible
 QRM part of Performance Evaluation process with override
provision
 Role of Independence compliance
 Undertaking periodic assessment of the Firm’s
leadership & Partners appraisal
 Some best practices – NED in Firm boards
Firms’ Risk Assessment Process

 ISQM 1 Borrows from COSO ERM Framework

Establish Quality Objectives

(QOs) for each of the 8
components, Each would/may
have more than 1 QO
Identifying and Assessing Quality Risks
Identifying and Assessing Quality Risks
Design & implement responses

 Responses same as old fashioned terms

“Controls, policies and procedures”

 ISQM1 uses term “Responses” underpinning

underlying principles, proactiveness

 Appropriate Policies and Procedures

 Awareness
Typical scenario – Client Acceptance
 What Quality Objectives do we set for this?
 We only serve “Right” clients
 Right means – we are proud to associate with, ethical, pays our fees
etc; We can serve them competently
 What can go wrong with our accepting any Client?
 Our reputation impaired, misaligned expectations – conflict,
reputation
 Sanction due to conflict of interest
 Loss other client due to conflict of interest
 Sanction due to independence issue – breach regulation e.g. BOT,
CMSA, NBAA etc
Resources
 Firm to embrace technological advancements
in support of its FQRM system, as well as at
engagement level. Expectations are provided
by ISQM1, Reliance of technology, inhouse or
outsource - firm’s responsibilities

 Intellectualresources – conducive environment

for personnel development, building technical
expertise, awareness, appropriate staffing –
accreditation – IT, Tax, valuation etc
Information and communication

 Was largely lacking in ISQC1 firms must

establish formal system to enable effective
two way communications in addressing QM
issues at firm as well as engagement level

 Musthave rules for communication with

clients and outsiders as well
Information and communication

 Firms communication with third parties

 Important for Firms to be aware of Risk

associated with reporting to third parties or any
other communications, thought leadership or
other publications etc

 Media policy
ISQM2: Engagement Quality Review –
determined at acceptance level
 EQR is Firm wide QRM issue:
 ISQM 1 address engagements for which EQR should be
placed but the specifics of the EQR person, procedures
etc are addressed at ISQM2.
 EQR engagement criterial are:
 Audits of Listed companies
 Audit of PIEs – significant public interest
 Where EQR is required by law or regulations; or Firm
determines EQR is appropriate due to some criteria
during client/engagement acceptance
Monitoring and remediation process

 Internal and external monitoring and remediation (similar

to IA in corporate setting)
 FQMS may remain ineffective if no lessons are learned
 Firm should periodically evaluate the design,
implementation and operation of its systems FQMS
through monitoring and remediation process
Monitoring and remediation process
Practical Expectations – Future Firm
level Reviews
 Governance review; Firm leadership – documented periodical
board minutes and resolution, QRM committees, SOPs etc
 Visible ERM Framework - Firm wide up-to-date Risk Register in
place?
 Client & Engagement acceptance – documented DD, wider
coverage with evidence such as bankers & lawyers references etc,
PEP search – annually,
 Personnel – evidence of regular structures training of staff, &
refresher, HR plan, succession plans
 Independence confirmation – engagement level and periodical,
family etc
Practical Expectations – Future Firm
level Reviews
 Conflict checking
 Evidence of internal sanctions for QRM breaches
 Evidenceof Consultation policies & actual consultations
performed
 Appropriate staffing – staff planning
 Performance appraisal with Quality objectives- MP
performance appraisal, Partners performance appraisal
 QRM division is in place – structures, has senior manager
running it. PPD, IFRS desk, independence team in place
 Audited Financial statements
Conclusion
 ISQM 1 requires Firms to modernise their QRM Systems to
align with the evolved stakeholders’ expectations, the
changing environments and emerging technological
developments
 Borrowing from corporate World – methodical COSO
framework
 Impetus placed on the core “principles” of quality and risk
management rather than “rules” and provides for scalability
 Making it as lively, evolving integrated process
 If implemented successfully, would place Public Interest at
the heart of what we do
Thank you

 Asante Sana
ISQM 2: EQR
Questions to be explored

 What is EQR
 Why EQR?
 When is EQR performed?
 Who performed EQR, The “EQR”?
 What are the responsibilities of EQR?
Questions to be explored
 Is EQR required for all audits?
 Can anyone – Senior/Manager be EQR, or only Partner?
 What does EQR do exactly?
 Can EQR boss the boss, or s/he is the boss of EP/PIC? Whose
conclusion is it anyway?
 EQR make decision or mere recommendations?
 EQR documents his reviews and signs WPs?
 Should EQR also be at client’s, team’s meeting, charge time?
 Can EQR sign audit opinion for which he/she is EQR?
 Are independence restrictions equally apply to EQR?
Objective of ISQM 2
 Further guides ISQM 1 and ISA 220R
 Define appointment and eligibility of EQR
 Assigns Responsibilities to (i) the FIRM and (ii), the
EQR - clarity
 Framed with the FIRM’S objective
 FIRM’S response to identified Quality Risk
 Outcome-oriented objective
 EQR to perform Objective Evaluation of Significant
Judgement made by ET and their conclusion
 Performance and documentation of EQR
Is ISQM 2 New?

 The requirements for EQR were included in ISQC 1 and

ISA 220 (old) But:
 Definition of EQR, EQCR were ambiguous, not aligned
with renewed QM objectives
 Previously known as EQCR,
 Ethical Requirements of the QQCR were not aligned with
IFAC code of Ethics
 Alignment - the Change from QC to QM introduced by
ISQM1
 Places more important to EQR
Key Definitions

 Engagement Quality Review (EQR): An objective

evaluation of the significant judgments made by the
engagement team and the conclusions reached
thereon, performed by the engagement quality
reviewer (EQRr) and completed on or before the date
of the engagement report.

 EQRr is A partner, other individual* in the firm, or an

external individual, appointed by the firm to perform
the EQR.
Key Definitions

 Relevant Ethical Requirements: Principles of

professional ethics and ethical requirements that are
applicable to a professional accountant when
undertaking the EQR as per IFAC Code of Ethics,
together with national requirements that are more
restrictive (e.g., BOT).
ISQM 1 & ISQM 2 Linkages
 ISQM 2 is designed to operate as part of the firm’s system of
quality management, and therefore the requirements in
ISQM 1 and ISQM 2 are organized in a manner that provide
appropriate linkages between the standards:

 ISQM 1 addresses the scope of engagements subject to an

EQR; and

 ISQM 2 addresses the specific requirements for the

appointment and eligibility of the EQRr and the performance
and documentation of the review.
ISQM 2 & ISA 220R Linkage
 There are no longer requirements for EQR stated in ISA
220R, it still contains requirements regarding the EP/PIC’s
responsibilities relating to the EQR, which largely focus on
how the EP/PIC and her team interact with the EQRr
 Clearly responsibilities for all reviews (incl. significant
judgement) rest SOLELY with the EP/PIC
 EP/PIC should beware of impediments to exercising
professional skepticism at engagement level & unconscious
auditor biases
 EP/PIC requirements for ethical compliance and sufficient
executive involvement.
Scope of Engagements requiring EQR
Paragraph 34(f) of
ISQM 1 extends the
scope EQR beyond
listed entities.
The scope now covers
(i) those requiring EQR
pursuant to law or
regulation, AND those
which the (ii) FIRM
determines that an
EQR is an appropriate
response to address
Quality Risks.

Examples….
ISQM 1: Provides Examples of law & regulations
 Are Public Interest Entities (PIE) as defined in a particular
jurisdiction;
 Public Enterprises:- Operate in the public sector or which are
recipients of government funding, or entities with public
accountability;
 Operate in regulated industries (e.g., financial institutions
such as banks, insurance companies and pension funds);
 Meet a specified asset threshold; or
 Are under the management of a court or judicial process
(e.g., liquidation).
 NBAA Guidance?
ISQM 1: Examples of Firm’s own election
 entities operating in an industry that typically has
accounting estimates with a high degree of estimation
uncertainty;
 Going concern risk
 Assurance/review engagements that require specialized
skills and knowledge in measuring or evaluating evidences
 IPO, reporting accountant, forensic
 Unusual circumstances in acceptance e.g., disagreement
with previous professional
 High public profile engagement
 Emerging industry, not very conversant with
Appointment and Eligibility of EQR

 Appointing EQR i) Competence,

requires a bit of ii) Capabilities,
considerations – so iii) Sufficient time
not anyone can be iv) Appropriate authority
EQR!
ELIGIBILITY CRITERIA
 EQR may need an Comply with Laws
assistant – he/she Comply with IFAC & Regs. Relevant
also faces Code of Ethics incl. to eligibility of
eligibility tests ☺ Objectivity & EQR
Independence
Appointment and Eligibility of EQR

 COMPETENCE, i) Competence,
CAPABILITY & TIME! ii) Capabilities,
iii) Sufficient time
iv) Appropriate authority
 Prof. Standards, legal
& Regs. Firm policies
ELIGIBILITY CRITERIA
 Industry knowledge Comply with Laws
 Complexities & Comply with IFAC & Regs. Relevant
Code of Ethics incl. to eligibility of
specialist skills EQR
Objectivity &
 History of passing AQR Independence
 Sufficient Time –
nature, timing &
extent
Appointment and Eligibility of EQR

 APPROPR. i) Competence,
AUTHORITY! ii) Capabilities,
iii) Sufficient time
iv) Appropriate authority
 Avoid intimidation of
EQR, hierarchical
structure ELIGIBILITY CRITERIA
 Culture & policy Comply with Laws
 Policy on conflict Comply with IFAC & Regs. Relevant
resolution/ Code of Ethics incl. to eligibility of
differences of Objectivity & EQR
opinion Independence
 Prof. responsibility
Appointment and Eligibility of EQR

 Ethical i) Competence,
ii) Capabilities,
considerations! iii) Sufficient time
 Independence threats, iv) Appropriate authority
self review, familiarity,
ELIGIBILITY CRITERIA
 Intimidation threat –
from EP/PIC Comply with Laws
Comply with IFAC & Regs. Relevant
 Should consider Code of Ethics incl. to eligibility of
safeguards; policy for Objectivity & EQR
=>2yrs cooling-off Independence

 External EQR pose

risks, safeguard be
applied
Performance of EQR
 The Three EQR Performance Tasks: Discuss, Review &
Evaluate
1. Discuss Significant Judgements (SDs) & Significant
Matters (SMs) with the EP;
2. Review selected engagement documentation relating
to SM and SDs the EP & engagement team made and
the conclusions it reached; and
3. Evaluate the conclusions reached in formulating the
report and consider whether the proposed report is
appropriate. Evaluate if the team exercise sufficient
Professional Skepticism?
Performance of EQR
 The Other EQR Performance Tasks (Evaluate):
1. Independence & Consultations
2. Sufficient and appropriate involvement of EP
Documentation of EQR

 EQR takes responsibility for documentation

 Documentation filed as Working Papers in the
audit file, evidences of timing of procedures
 Must be self- sufficient
 Issues resolved means no issues
 Clearly state conclusion of EQR
Conclusion - Implication for Firms

 Effective since 15 December 2022

 Firms must revised their Audit Manuals and Programmes
 Train its personnel/auditors on the new requirements
 Documented QM process at Engagement Level
 Nature, timing and extent
 Future FY 23/24 NBAA AQR will base on these standards
ASANTE SANA