ISQM2, or International Standard on Quality Management 2, deals with the engagement quality review (EQR). This deals with the evaluation of judgements and conclusions, is performed by an engagement quality reviewer involved throughout the audit. EQR must be carried out by a competent and appropriate authority over a sufficient period of time and comply with ethical and legal requirements.
An EQR has a two-year cooling-off period, meaning that if one should act as an EQR Reviewer one cannot be an engagement partner for a period of two years. This is important to keep in mind when assigning your roles and responsibilities so that one knows exactly who is going to be available and eligible to carry out these roles.
ISQM2 will be implemented when ISQM1 requires it. It is the audit of listed entities, audits/other engagements where EQR is required by law or regulation and audits and engagements for which the firm determines that an EQR is appropriate to address quality risks.
ISA 220 deals with quality management for an audit of financial statements and focuses on the responsibilities of an auditor in relation to quality management. It carries ISQM1 through to individual engagements. The focus of the audit partner is to achieve audit quality, to be involved throughout the audit, to provide direction, supervision and review as well as to consider if there are sufficient and appropriate resources while maintaining professional scepticism.
There has been an audit standards update with ISA 600 and it is special considerations – audits of group financial statements (including the work of component auditors). ISA600 will only be effective for periods beginning on or after December 2023, early adoption is permitted, however, if you are a component auditor and the group auditor has perhaps implemented this new standard and the requirements it will undoubtedly affect you before that date. As an overview, the ISA600 revision is an enhanced focus on the risk of material misstatement at a financial statement level and it calls for robust communication between both group and component auditors.
Remember that the group engagement partner has the ultimate responsibility for compliance with all ISAs while ensuring the audit report issued is appropriate and overseeing the design, implementation and operation of system quality management. The new explicit requirement is that group engagement partners are to obtain confirmation from component auditors (CAs) that CAs are able to comply with the requirements of IAASA Revised Ethical Standard 2019 (as far as relevant to group engagement) and that, prior to signing the audit report, confirmation that ethical requirements relevant to engagement have been fulfilled.
The list of items the CAs must supply or confirm to the group auditor now includes the events and conditions that may cast significant doubt on the group’s ability to continue as a going concern. Where the group auditor is unable to evaluate and review the CA’s work, they will need to take appropriate measures (for example, carry out additional work) and inform IAASA or the relevant designated body. There are also now additional information and requirements in terms of the provision of documentation to IAASA in case of quality reviews.
To read more about ISQM1, you can read a previous blog by clicking here.