Embed Size (px)
Citation preview
© Copyright ICAS 2011
ICAS Regulatory Monitoring
Lesley Byrne, Director
Worldbank
Financial Reporting Technical Assistance
Programme (FRTAP)
© Copyright ICAS 2011
Contents of Presentation
• ICAS Audit Monitoring Visit Process
• Sanctions
• Interaction with FRC
• eMonitoring
• Annual reporting
• Support to firms
© Copyright ICAS 2011
ICAS regime: Quick overview
• Every audit firm must be registered with a
Recognised Supervisory Body (e.g. ICAS) -
• Only Responsible Individuals (audit engagement
partners) approved by ICAS can sign audit
reports – on public audit register
• 232 firms, 576 Responsible Individuals
• Each audit firm pays an annual audit fee (based
on no. partners, offices, PIE audits)
• Required to comply with Audit Regulations-set by
Chartered Bodies
http://icas.org.uk/Audit_Regulation.aspx
© Copyright ICAS 2011
ICAS regime: Quick overview
• Audit Monitoring team – all ICAS Chartered
Accountants and experienced auditors
• Tend to recruit Senior Manager level from firms
• Significant training programme, independent and
fit and proper
• Training programme:
• start by observing visits;
• lead sections of visit;
• start to lead visits supervised
• All visits are quality reviewed/review points
• KPIs for turnaround times (30 days), outcomes
© Copyright ICAS 2011
ICAS regime: Quick overview
Oversight
ICAS
FRC Audit
Quality Review
Regulation Board
ARC Audit
Monitoring
© Copyright ICAS 2011
Visit Process – Visit Selection
• Visit selection:
• EU Directive requirements:
Firms auditing PIEs – at least once every 3 years
Firms auditing other audits – at least once every 6 years
• Time until next visit (poor performance -shortened
cycle)
• Firms Annual Return:
Form (Handout 1)
Risk database/risk report (Handout 2)
Desk top monitoring
• Follow up (paid)
• Requested (eg investigations, market intelligence)
© Copyright ICAS 2011
Visit Process – Notification
• Resource scheduling (3 months in advance)
• Standard budget times
• 6-8 weeks notice
• Notification letter, documents and records list,
visit booklet
• Audit client listed one month before visit
• Planning information to Reviewer one month
before
© Copyright ICAS 2011
Visit Process – Pre Visit Planning
• Review pre visit information to obtain
understanding of (a) firm (b) risks
• This includes:
Review client list – possible internet search
Companies search by auditor (Bureau van Dijk
www.bvdep.com) FAME
Firms Annual Return/risk report
Previous visit report and correspondence from then to
now (e.g. changes in firm, submissions since last visit)
• Pre visit call
• For PIE visits: liaise with FRC
© Copyright ICAS 2011
Visit Process – On site initial meeting
• Tailored opening meeting agenda (Handout 3)
tailored after pre visit planning
• Meet with Audit Compliance Partner/others to:
Understand firm’s audit practice; audit clients, policies
and procedures;
Identify risks
• For PIE visits – pre visit planning meeting –
longer agenda (Handout 4)
Ethics discussion (Handout 5):
• Discuss ethical compliance with firm - checklist
• Includes discussion on key risks
• Reflects Ethical Standards (based on IFAC code)
© Copyright ICAS 2011
Visit Process – Post Meeting Planning
• Template (Handout 6)
• PIE visits – Audit Visit Planning Memo (Handout
7)
• Update risk analysis after opening meeting
• Risk based approach to file selection e.g. Cover all RIs - cover off concerns (eg competence,
portfolio size)
Specialist/regulated audits
Large/complex audits
Audit report qualifications etc.
• Minimum of 2 files per visit
• Some full and some restricted reviews
© Copyright ICAS 2011
Visit Process – File reviews
• Credibility review of accounts – identifies
significant audit areas, accounting treatment
issues (Handout 8)
• File review:
Looking for documented audit evidence in support of
audit opinion – key assertions being audited
Looking for compliance with International Standards on
Auditing, Audit Regulations, Ethical Standards etc.
Looking for accounts disclosure compliance
Review documentation of significant auditor judgement
© Copyright ICAS 2011
Visit Process – File reviews
• Raise review points (Handout 9)
• Firm given time to respond & discuss
• Re-visit credibility review
• Consider what areas are not compliant (breach)
and what are ‘needs improvement’
• Underlying causes (e.g. procedures,
competence, RI review etc)
• *NEW* grade each file
© Copyright ICAS 2011
Grade Description Guidance
1 Satisfactory No concerns regarding the sufficiency and quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed.
Only limited weaknesses in documentation of audit work. AND
Any concerns in other areas are limited in nature (both individually and collectively).
2A Generally acceptable but a small number of improvements required
Only limited concerns regarding the sufficiency or quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed. AND/OR
Weaknesses in documentation of audit work are restricted to a small number of areas AND/OR
Some concerns, assessed as less than significant (individually and collectively), in other areas.
2B Some improvement required
Some concerns, assessed as less than significant, regarding the sufficiency or quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed. AND/OR
More widespread weaknesses in documentation of audit work. AND/OR
Significant concerns in other areas (individually or collectively).
3 Significant improvements required
Significant concerns regarding the sufficiency or quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed (not limited to the documentation of the underlying thought processes). AND/OR
Very significant concerns in other areas (individually or collectively).
© Copyright ICAS 2011
Visit Process – Firm Wide (ISQC1)
• Independence, fit and proper, confidentiality
procedures (e.g. declarations safeguards)
• Training/CPD;
• Firm’s manuals/templates
• Professional indemnity insurance
• Money laundering procedures
• Review of appraisal/HR process
• Review of consultation process/differences of
opinion
© Copyright ICAS 2011
Visit Process – Audit Compliance
Review
• Called ‘Monitoring’ in ISQC1
• We place emphasis on this – self diagnosis
• Will review this year and previous year reviews
• Whole firm review – consistent with our findings?
• Cold file reviews – consistent with file findings?
• Timely follow up action?
• Report on effectiveness
© Copyright ICAS 2011
Visit Process – Closing Meeting
• Handout 10
• Pull together all findings of visit into a report –
done on-site on last day of visit
• Conclude on compliance with ISAs/Audit
Regulations
• Balanced, includes positive points
• All ethics issues discussed even if safeguarded
• Identify underlying causes of problems
• Discuss with firm
• Firm given 14 days for formal responses
© Copyright ICAS 2011
Visit Process – Visit Report
• Grading of outcome based on:
Extent of findings
Firm’s responses
Assessment of ability/commitment
• Format of report depends on grading:
A-C: short summary of proposed grading/action
(Handout 11)- internal document
D: long form report to firm for comment (Handout 12)
• All PIE visits – long form reports
• Time to next visit determined
© Copyright ICAS 2011
Grade Suitable when ARC action Examples of follow up action
A No breaches • Cleared by Chair • For noting only –
letter sent to confirm end of visit
No follow up action
B Some breaches but firm’s action plan appropriate
• Cleared by Chair • For noting only –
letter sent to confirm end of visit
No follow up action
C Breaches more serious – confirmation needed of improvement (C1: systemic C2: non systemic)
• Nominated to committee member
• Decide whether agree with proposed action
• Request submission of follow up action.
• Assess when submitted
• CPD records to evidence training
• Cold file reviews • Procedures
purchased • Procedures
implemented
© Copyright ICAS 2011
Grade Suitable when
ARC action Examples of follow up action
D The most serious issues e.g. repeat serious breaches; integrity or ethics issues; lack of commitment D1/D2: minded to withdraw D3: continue with stringent conditions/ restrictions
• Full report to firm for formal response and consider any further actions
• Full review by Committee
• Decide whether to withdraw or continue
Example conditions: • ACR • Cold file reviews • Hot file reviews • CPD • Procedures Example restrictions: • No new audits • No specialist audits • If continue – restrictions
and conditions • Financial
penalties/referral to Investigations
• If withdraw – inform firm. Default publicity. Most firms request hearing.
© Copyright ICAS 2011
Audit Registration Committee (ARC)
• ARC meet every two months.
• 6 RIs (mainly ACPs), 3 Public Interest
• Powers include:
Accept/reject audit licence RI applications
Withdraw/suspend audit registration
Consider monitoring reports
Require information
Impose sanctions: conditions and restrictions
Impose regulatory penalties (eg repeat issues, ethics)
Refer for disciplinary action
• Independent appeal process
© Copyright ICAS 2011
Sanctions
• ICAS prefers ‘educational’ approach to prevent
repeat offences
• However this approach still costs the firm:
• Cost of cold file review approx. £300-£400 approx. (to
ICAS, training provider or another firm);
• Cost of full Audit Compliance Review £1,000 approx.
(whole firm review and 2 cold file reviews – as above);
• Hot file review: £500 approx. (as above)
• CPD training (cost per course £100-£200 – any training
provider)
• Follow up visit by ICAS (£1,000 a day)
• Procedures eg £300 per annum
• Withdrawal (with publicity)/restriction – hurts
financially/reputation
© Copyright ICAS 2011
Financial Sanctions
• In more serious cases - ethics, integrity, serious
repeat issues, failure to comply with committee
decisions, audit opinions without audit work,
failing to cooperate etc
• Based on (a) seriousness of findings (b) extent of
mitigating/aggravating circumstances
• Small number of penalty decisions made by ARC
– only starting to raise penalties now after series
of visits
• Withdrawal – default publicity
© Copyright ICAS 2011
Recent ARC sanctions
Reason for Regulatory Penalty Action Failure to submit cold file reviews of audits as directed by ARC
Consent Order issued with £750 fine
Failure to submit 2 hot file reviews, an audit compliance review, accounts disclosure procedures and training to ARC.
Consent Order issued with £250 fine
An audit opinion was signed by the Audit Compliance Partner without having undertaken the appropriate acceptance procedure and without performing audit work to support the opinion given
Consent Order issued with £1,000 fine
The Firm had a principal who is not a member and has not applied for Affiliate status- firm ineligible
Consent Order issued with £1,000 fine
© Copyright ICAS 2011
Recent Investigations Sanctions
• 2: order of reprimand with financial
Offence Sanction
Audit reports when not a ‘Responsible Individual’:
Order for severe reprimand (with financial penalties around £5-10k) and exclusion of membership
Failing to take proper account of audit independence issues
Order of severe reprimand and financial penalty £5-10k.
Failing to advise a client that an audit was required:
Warning/admonishment with a low-level fine (around £1-2k).
Failing to conduct sufficient work to justify audit conclusions:
This led to an exclusion from Membership (although there were aggravating factors).
© Copyright ICAS 2011
Investigations considerations
• Findings are more serious where there is
misconduct, rather than simple incompetence.
• If it is a technical error in audit work then if
unintentional and no financial benefit:
reprimand, with
a low-ish financial penalty.
• The Committee/Tribunals take a dim view of
anything that casts doubt on integrity: e.g. ethical,
Member has unduly profited:
• High end penalty;
• Possible exclusion from membership.
© Copyright ICAS 2011
Investigations considerations
• The most common aggravating factor is a failure
to respond to ICAS correspondence in
connection with an investigation.
• All decisions – publicity default
• Common sanctions guidance – considering
• However ICAS has only small no. of audit
complaints/small population
© Copyright ICAS 2011
Electronic checklists
• We currently word process forms
• eMonitoring needed to:
• Streamline filing;
• Report automation
• Support turnaround times
• Recently looked at Pentana (based on Internal
audit programme)
• Good for longer visits (PIE visits) – AQR use
© Copyright ICAS 2011
Electronic checklists
• We have decided to go for bespoke option
because:
• Our average visit is 2 day visit: we don’t have time to
complete many programme steps
• We would like to be able to have default setting for
checklist so only need to complete the ‘exceptions’
• ICAS planning to look at this in 2014
© Copyright ICAS 2011
Financial Reporting Council UK:
Oversight Function • Annual stats to FRC every year (March)
• Annual inspection visit – targeted review of
aspects of RSB function
• Reviews ICAS procedures/policies
• Review completed monitoring visits &
accompanied visits
• Discuss findings and agree recommendations
• Issue report
• Power to sanction
© Copyright ICAS 2011
Interaction with FRC on PIE firm visits
Big four/mid teir firms:
• FRC: lead, review firm wide, Audit Compliance
Review (monitoring) and PIE audits
• ICAS: review residual audit client population/ RIs
• Start of visit: ICAS send FRC visit planning memo
• End of visit: ICAS will issue draft report to FRC
• FRC and ICAS will liaise throughout visit on
issues
• *New* FRC decide outcome of FRC inspection
• FRC report goes to ICAS ARC for actioning FRC
decision
• ICAS report to ARC
© Copyright ICAS 2011
Interaction with FRC on PIE firm visits
Other firms:
• Previously: ICAS led visit, FRC conducted review
of at least one PIE audit
• Now:
for all firms with 10 or less PIE audits, ICAS solely will
conduct the visit including a review of PIE audits
FRC review ICAS work on firm wide procedures, all PIE
audit file reviews, and the draft report
• EU Barnier – likely most will go back to FRC
© Copyright ICAS 2011
How we support our firms
FRC have required audit quality initiatives
• Annual Monitoring Report (Handout 13)
• Mandatory audit course
• Quarterly Audit News (Handout 14 example)
• Helpsheets (Handout 15 example)
Practice Support (commercial):
• Procedures/manual
• Cold file reviews
More information available on our website
© Copyright ICAS 2011
And finally…..
• Any Questions?
• ICAS Audit Monitoring section of website:
http://icas.org.uk/Audit_Monitoring.aspx
THANK YOU
