CVOCA

Standard on Quality Control

Divesh Shah April 1, 2023 Auditing & Ethics ⏱️ 17 min read

Background   

The role and responsibilities of a chartered accountants has evolved over a period of time considering changes in business, regulations, expectations of stakeholders, increased compliance, constant scrutiny from regulatory authorities etc.

Especially, role of chartered accountants as auditors has undergone paradigm shift. Some of notable changes in recent years that have increased role of chartered accountants include:

  • Regulatory changes in IRDA, companies act, SEBI regulations and Banking regulations
  • Convergences to new accounting standards viz. Indian Accounting Standards (‘Ind AS’)
  • Increase in reporting requirements in statutory audit including reporting on internal financial controls, reporting on fraud to central government, reporting on going concern, reporting of Key audit matters (‘KAM’), increased reporting Company Auditor’s Report Order (‘CARO’) and reporting on round tripping of funds.
  • Increased reviews and actions by NFRA

To cope up with increased scope and role, ICAI has provided guidance and standards such as Standards on Auditing (‘SA’), Standards on Review Engagements (‘SRE’), Standards on Internal Auditing (‘SIA’), Standards on Valuation, guidance notes, implementation guidance etc. These guidance or standards have helped practitioners to execute engagements.

Performing an engagement involves exercising professional judgement and when applicable to the type of engagement, exercising professional skepticism. As role increases, there is increased responsibility on firms to maintain the quality. The Council of the Institute of Chartered Accountants of India (ICAI) issued the Standard on Quality Control 1, “Quality Control for Firms that Perform Audits & Reviews of Historical Financial Information, and Other Assurance & Related Services Engagements” (‘SQC 1’), which is a mother standard for all other standards and is an all pervasive standard in respect of quality control. As the name suggests, the SQC 1 contains extensive requirements in relation to establishment and maintenance of a system of quality control (‘QC’) in the firms including sole practitioners.

The purpose of SQC 1 is to establish standards and provide guidance regarding a CA firm’s responsibilities for its system of quality control for audits and reviews of historical financial information, and for other assurance and related services engagements. The firm should establish a system of quality control that consists of policies designed to achieve the objectives and the procedures necessary to implement and monitor compliance with those policies.

This SQC applies to all firms. Extent of application depend on various factors such as the size and operating characteristics of the firm, and whether it is part of a network.

The Six Elements of SQC 1

SQC 1 envisages six elements of system of QC, Leadership responsibilities for quality within the firm, Ethical requirements, Acceptance and continuation of client relationships and specific engagements, Human resources, Engagement performance and Monitoring. All firms are required to implement policies and procedures addressing each of these six elements as described next.

  1. Leadership responsibilities for quality within the Firm

The objective of this element of QC is to promote an internal culture based on the recognition that quality is essential in performing engagements. Of particular importance in promoting an internal culture based on quality is the need for the firm’s leadership to recognise that the firm’s business strategy is subject to the requirement for the firm to achieve quality in all engagements that the firm performs. The promotion of such internal culture depends on clear, consistent and frequent actions and messages from all levels of the firm’s management that emphasise the firm’s QC policies and procedures.

Following are key matters that shall be addressed with respect to this element:

  • The firm’s highest authority and their ideologies sets the tone at the top to commitment to quality. Policies and procedures of the firm shall identify or designate firm’s managing partners, chief executive officer or equivalents to assume ultimate responsibility for the firm’s system of QC. Such person shall have sufficient and appropriate experience and ability that enables them to identify and understand QC issues and to develop appropriate policies and procedures.
  • The firm should ensure that it devotes sufficient and appropriate resources, time, authority for the development, communication, and support of its system of QC policies and procedures along with its documentation.
  • The firms policies, procedure and actions shall address:
  • Assigning of management responsibilities such that commercial considerations do not override quality
  • Performance evaluation systems are designed to recognise and reward high quality work
  • Importance of quality or actions taken by firm with respect to system of QC may be communicated by trainings, meetings, formal / informal dialogue or briefing memorandum
  • Communication of firm’s Vision, Mission and Values that demonstrates firm’s commitment to quality.
  • Ethical Requirements

This element envisages that the firm shall have policies and procedures designed so that firm and its personnel comply with relevant ethical requirements. Ethical requirements relating to audits and reviews engagements and other assurance and related services engagements are contained in the Code of Ethics (‘Code’). Code establishes the fundamental principles of professional ethics which include integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour. The Code also includes a conceptual approach to independence for assurance engagements, including aspects such as threats to independence, accepted safeguards and the public interest.

Firm’s may address requirement of this element in following manner:

  • The firm may communicate importance of compliance with ethical requirements as envisaged by Code via trainings, briefing by leadership of the firm, consultations on ethical matters faced by firm’s personnel.  
  • The firm may implement separate independence policy that addresses:
  • Independence requirements at firm level, engagement level and personal level.
  • Independence requirements with respect to financial interest, loans, business relationships, family and personal relationships, employment with clients, employments and gifts and hospitality received from the clients.
  • Rotation of partners and senior team members in assurance engagements.
  • Provision of services to the assurance clients that may impair independence
  • Identification and assessment of threats to independence viz. Self-interest, self-review, advocacy, familiarity and intimidation threats.
  • Safeguards that may be taken to eliminate or reduce threats to acceptable level, in case  same is not possible withdrawing from the engagement
  • Communication of breach of independence and course of action to remedy the threats
  • At least annually, the firm should obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent in terms of the requirements of the Code.
  • Engagement specific independence confirmation which shall be obtained from respective engagement team members and engagement partner for each engagement performed.
  • Personnel are trained on ethics and independence requirements and providing frequent communication of professional responsibilities to personnel.
  • Acceptance and continuance of client relationships and specific engagements  

This element gives guidelines on policies and procedures for the acceptance and continuance of client relationships and specific engagement, designed to provide it with a reasonable assurance whether to undertake or continue relationships and engagements after considering the integrity of the client, is the firm competent to perform the engagement and has capabilities, time and resources to do so; and can comply with the ethical requirement.    

A prospective engagement may look lucrative from commercial aspect, but it is very crucial to obtain relevant information about the client and to do a quick diligence of the client. Review of all the relevant information would be helpful for the firm in taking an informed and crucial decision on whether to accept/ continue a particular client engagement.

To address requirements of this element, firms can do following:

  • The firm shall have policies and procedures in place for accepting and continuation of client
  • The firm shall consider integrity of clients and does not have any information that conclude that client lacks integrity. Firm may consider following information with regards to integrity
  • The identity and business reputation of the client’s principal owners, key management, related parties and those charged with its governance.
  • The nature of the client’s operations, including its business practices.
  • Information concerning the attitude of the client’s principal owners, key management and those charged with its governance towards such matters as aggressive interpretation of accounting standards and the internal control environment.
  • Whether the client is aggressively concerned with maintaining the firm’s fees as low as possible.
  • Indications of an inappropriate limitation in the scope of work.
  • Indications that the client might be involved in money laundering or other criminal activities.
  • The reasons for the proposed appointment of the firm and non-reappointment of the previous firm.
  • The firm shall have mechanism to assess and assign risk to client and engagements.  Based on such assessment, a firm may decline a engagement or accept / continue the engagement with adequate safeguards.
  • Comply with the know your client (KYC) norms of the Institute as mentioned in the Code.
  • The firm shall assess its capabilities, competence, time and resources to continue or accept an engagement considering knowledge of industry, experience and sufficiency of firm personnel, time of engagement etc.
  • In case of audit engagements, Firm shall communicate with previous auditors as per requirements of the Code and any other regulatory requirement.
  • Prepare a written engagement letter for each engagement documenting all the aspects of the engagement with the client and obtain the client’s signature on that letter, thus minimizing the risk of misunderstanding regarding the nature, scope, and limitations of the services to be performed.
  • The firm shall have policies and procedures on withdrawal from an engagement or client relationship which considers communication with client management and TCWG, regulatory requirements for the firm to withdraw together with reason for withdrawal and documentation of significant issues and consultation with respect to withdrawal 
  • The firm shall review of existing or changes in conditions that trigger the requirement to re-evaluate a specific client or engagement.
  • The firms shall document their assessment of client acceptance and continuation, issues identified and their resolution, communication with client, previous auditors or external parties and reason for withdrawal from an engagement or client relationship.
  • Human resources

The biggest asset a professional firm would have is the human resource. The objective of this element of SQC 1 is to provide the firm with reasonable assurance that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles necessary to perform its engagements in accordance with professional standards and regulatory and legal requirements.

The responsibilities of each of the personnel should be fixed based on their experience and skill set they possess. Right from the article assistants to members and partners, all are continuously required to undergo some amount of professional training to upgrade their skill set to do existing and new engagements.

The firm shall establish policies and procedures for managing the human resource function addressing activities such as,

  • Managing the human resource function including the evaluation of firm’s personnel need.
  • Maintaining and updating details of all the personnel containing details such as qualifications, experience, integrity, knowledge, skills, etc.
  • Recruitment process and setting guidelines for the additional procedures to be performed when hiring entry level or experienced personnel (qualifications, integrity, competence, attributes, achievements, and experiences desired).
  • Properly determine capabilities and competencies required for an engagement, including those required of the engagement partner. So that responsibility is assigned for each engagement to an appropriate engagement partner and the engagement team is appropriately selected who has the appropriate industry experience, knowledge, skills capabilities, competence, authority, time to perform the role, nature and the extent of supervision needed to perform the engagement. Some of the other factors which shall be considered are type of engagement, size, significance, complexity, specialized experience required   
  • Career development through evaluation of personnel, assessment of their progress, proper guidance and training of personnel.
  • The firm shall ensure that personnel participate in general and industry-specific continuing professional education and development (‘CPED’) activities and other training (in house or external) that enable them gain relevant knowledge and skills to accomplish assigned responsibilities.
  • Performance evaluation by establishing criteria for evaluating personnel at each professional level, and rewarding with promotion and compensation.
  • Engagement performance

This is the most important aspect of SQC. The firm should ensure that there is uniformity in quality and engagements are performed in accordance with professional standards and regulatory and legal requirements, and that the firm or the engagement partner issues reports that are appropriate in the circumstances. Overall, this element requires the firm should establish policies and procedures around matters such as consistency in the quality of engagement performance, supervision, review, consultation, engagement QC review, dealing with differences of opinion, and engagement documentation.

Engagement performance comprehends all aspects of an engagement including planning, allocation of budget and resources, performing the engagement, supervision, documentation, reporting, consultations, difference of opinion and QC review. Accordingly, it is termed as most important aspect of SQC.

Firms can undertake the following with respect to engagement performance:

  • An engagement shall be adequately planned. Planning process and planning document for each engagement is properly carried out it may vary depending on the size and complexity of the engagement.
  • Planning shall consider:
  • Assessing staffing and specialisation requirements of the engagement and assigning responsibilities to appropriate personnel
  • Developing and updating background information of client
  • Preparation of proposed work programs tailored to specific engagement
  • Assessment of risks, including fraud considerations, affecting the client and the engagement and how the risks may affect the procedures to be performed.
  • A budget that allocates sufficient time for the engagement to be performed in accordance with professional standards and the firm’s QC policies and procedures.
  • Providing adequate supervision during the course of an engagement, including briefing the engagement team on the objectives of their work and maintain details of work performed by each personnel of the engagement team.
  • Written work programme is used and monitored for all engagement.
  • There should be consistency in the quality of engagement performance. Consistency may be accomplished through written or electronic manuals, software tools, checklists, templates, models or other forms of standardized documentation, and industry or subject matter-specific guidance material.
  • Based on the issues and risk identified arising during the engagement, considering their significance, appropriate modification should be made to the planned approach.
  • Form and content of work performed shall be standardised across the firm. Standardisation can be achieved via standardised report, checklist and questionnaire.
  • Suitable audit summary memorandum shall be documented and kept among the engagement working papers to provide a history of the planned risks (including fraud risks), by what audit procedures those risks were mitigated, conclusions on controls and substantive testing, and whether the extent and quality of audit evidence examined supports the audit opinion.
  • There should be effective review by experienced and qualified team members of work performed by other team member on a timely basis.
  • The firm shall establish procedures for consultation. Also, sufficient and appropriate resources are available to enable appropriate consultation as required. The conclusions resulting from such consultations are documented and implemented.
  • The firm shall deal with and resolve and document differences of opinion and conclusion reached and does not release the report till the matter is resolved.
  • The firm shall establish policy and procedure for enabling engagement QC review. Such policy shall define criteria which engagement require QC review, eligibility of reviewer and extent of involvement of reviewer.
  • There should be effective documentation of workpapers involved in engagement. Documentation shall complete assembly of final engagement files on timely basis. Such a time limit is ordinarily not more than 60 days after the date of the auditor’s report.
  • Engagement documentation shall be retained for a period of time sufficient to meet the requirements of the applicable professional standards, laws and regulations. The Firm shall maintains the confidentiality, safe custody, integrity, accessibility, and retrievability of such engagement documentation. The retention period ordinarily is no shorter than seven years from the date of the auditor’s report.

Firm may employ technology to effectively perform the engagements. With usage of technologies many processes can speed up and firm can focus on critical areas of engagement.

  • Monitoring

Monitoring envisages policies and procedures designed to provide it with reasonable assurance that the policies and procedures relating to the system of QC are relevant, adequate, operating effectively and complied with in the firm.

For the purpose of this element, firms shall:

  • Entrust responsibility monitoring process to a partner or partners with sufficient and appropriate experience and authority in the firm
  • Inspect select completed engagements on cyclical basis. Such inspection shall cover atleast one engagement for each engagement partner which may span over not more than three years. Inspection cycle may differ considering size of firm, number of offices, nature and complexity of firm’s practice and risk associated with firm’s client and engagements. Small firms and sole practitioners may use a suitably qualified external person or another firm to carry out inspections.
  • Evaluate deficiencies noted in monitoring process, communicate such deficiencies and take appropriate remedial action.
  • Establish procedures to deal with complaints and allegations with regard to any work performed by firm that fails to comply with professional standards and regulatory requirements and non-compliance with the firm’s system of QC
  • Review system of QC to reflect new development in professional standards and regulatory requirements and result of previous monitoring

The conclusion

As said earlier, SQC gives a framework on how quality control within a firm needs to be established. The six elements of SQC 1 as mentioned in the preceding paragraphs are interrelated.  

ICAI has issued Implementation Guidance to SQC 1 which helps firms to implement SQC 1. Guidance also provides set of illustrative policies that firm may adopt with or without modification.  It is for each individual firm to adopt their own policies and procedures to ensure compliance with SQC requirements. The firm should not only establish such policies and procedures but also ensure that the same is followed within the firm. It is very important that all the policies and procedures and with respect to SQC 1 are documented and communicated to its personnel. There should be message that each individual of the firm has a personal responsibility for quality.

As we move forward, SQC 1 is getting further highlighted in CA practice. Some of notable developments in quality control are as under:

  • Internationally, ISQM 1 replaced the existing standard ISQC 1 w.e.f. 15 December 2022. ISQM 1 aims to enhance the robustness of the firm’s system of quality control. ISQM 1 is more proactive and tailored approach to managing quality, focused on achieving quality objectives through identifying risks to those objectives, and responding to the risks. Some of the key changes include:
  • Enhanced requirements to address firm governance and leadership.
  • New requirements addressing information and communication.
  • Enhanced requirements for monitoring and remediation to promote more proactive monitoring.
  • Emphasis on appointment of Engagement QC reviewer.
  • In India, SQC 1 still prevails which was implemented on basis of ISQC. But we can assume, SQC 1 may get replaced with converged version of ISQM
  • W.e.f. 1 April 2023, firms auditing certain categories of entities shall mandatorily required to undertake an evaluation of their audit quality maturity using Audit Quality Maturity Model (‘AQMM’). Compliance with SQC 1 would be key to achieving scores envisaged in AQMM.
  • NFRA have conducted reviews of firms. They have raised issues with regards to compliance with SQC 1. This has been additional push for firms to comply SQC 1.

Technology can play an important role in implementation of SQC. Recently, there are cost effective technologies available that are very easy to use. Harnessing such technology in daily task to implement and monitor activities can create huge impact in implementation or improvement in SQC in the firm.

Though there is impeccable push from regulatory side to comply with SQC 1. However, designing policies and procedures just sake for compliance or achieving AQMM score, may not be a fruitful exercise and eventually may become a compliance burden. SQC 1 should be looked upon as guiding tool that can assist in developing an efficient practice.

Share on:

Related Posts

Auditing & Ethics
CSR Reporting and Audit: Practical Implementation Challenges
Corporate Social Responsibility (CSR) has moved from boardroom intent to...
Auditing & Ethics
The New Era of Professional Visibility: Understanding ICAI’s Revised Advertising and BrandingFramework for Chartered Accountants (Effective 1 April 2026)
The Strategic Shift in Professional Visibility Introduction The Institute of...
Auditing & Ethics
Forensic Accounting – Response to Corporate Fraud and Governance Failures
Introduction: The rising incidence of global financial fraud and accounting...
Scroll to Top