by John McCarthy Consulting Ltd. | Mar 10, 2023 | News
As part of the new ISQM 1 audit quality management standard, there has been much commentary about a new procedure called Root Cause Analysis or RCA.
Root cause analysis is now a compulsory requirement of audit quality control under paragraph 41 of the ISQM. It focuses on understanding the underlying cause behind the deficiencies identified on audit files and in audit quality processes to help provide valuable insights to the firm and help with remedial action.
It’s not practical to apply RCA to every deficiency. Firms will need to design a way of appropriately targeting RCA at the most appropriate reviews and findings.
The selection of deficiencies on which to focus RCA will involve taking the following factors into account:
- The quantum/frequency of the audit risk and/or whether the audit is high profile;
- The reviews it could be applied to, cold file reviews, engagement quality reviews and/or external monitoring reviews;
- The possible selection of all low scoring/graded files, in cold file reviews; and
- Whether the findings in question are recurring themes.
Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.
Publications and AML webinars:
- The ISQM TOOLKIT 2022 is available to purchase here.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Jun 18, 2024 | Blog, News
Following on from last week’s blog on cold file reviews and ISQM 1, this week we look at the various factors that can cause changes to the monitoring and remediation elements of ISQM 1.
The following variables are usually areas that need updated:
- The quality objectives set out in the system of quality management (SoQM);
- The quality risks of their assessments; and
- The responses to those risks.
Changes in these areas are mainly a result of:
- Changes in the nature and circumstances of the firm and its engagements; and
- Remedial actions to address deficiencies in the system of quality management.
These changes can arise in a variety of ways, such as:
- Changes to quality objectives;
- A need for new additional quality objectives g. if the firm opens a new office, merges with another firm or starts providing a new service;
- Additional quality objectives established by the firm may no longer be needed, or may need to be modified; and
- Root cause analysis (RCA) may identify that previous attempts at fixing issues from past cold file reviews are no longer be needed, need to be modified, or require a new solution.
Remember that the Specified Responses prescribed by the standard (detailed here in paragraph 34) must not be modified or removed, unless one or more of them is no longer relevant to the firm. The firm may decide that it’s appropriate to modify how these Specified Responses are designed and implemented.
The types of changes that can be triggered by the cold file review process broadly fall into two categories:
- Changes to quality risks such as:
- New quality risks are identified;
- Existing quality risks no longer qualify as quality risks;
- Existing quality risks need to be modified; and
- Existing quality risks need to be reassessed.
- Changes to responses to quality risks such as:
- New responses may be designed and put into action;
- Existing responses may be discontinued and deemed no longer appropriate; and
- Existing responses may need to be adjusted for changes in circumstances such as a new audit programme.
For more on the whole ISQM process please see our ISQM 1 Toolkit on our website here.
Please go to our website to see our:
- Anti-Money Laundering Policies Controls and Procedures Manual (March 2022) — View the table of contents
- AML Webinar (December 2023) available here, which accompanies the AML Manual. It explains the latest legal AML reporting position for accountancy firms and includes a quiz. Upon completion you receive a CPD certificate for attendance in your inbox.
- Letters of engagement and similar templates—Please visit our website here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items bought together.
- ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by email at john@jmcc.ie.
- We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.
by John McCarthy Consulting Ltd. | Jan 14, 2024 | Blog, News
The International Standards on Quality Management (ISQM) has been effective since December 2022.
It is applicable to all audit firms and is a step-change from the requirements of the, now defunct, ISQC 1. The ISQM introduced:
- a new risk-based quality management approach that requires audit firms to
- design and implement a System of Quality Management (SoQM); and
- operate that system of quality management for audits, reviews of financial statements or other assurance engagements.
Now that the standard has been in effect for just over 12 months, each firm must compulsorily carry out a documented review of their System of Quality Management to assess its effectiveness since coming into force in December 2022.
Part of this assessment before the 2024 audit season commences, will be:
- documenting the results of hot and cold file reviews that took place during 2023;
- analyse the root causes of these findings; and
- extract from these issues the reasons why the more significant/most frequent findings arose;
- decide as a firm how best to avoid repeating the same mistakes; and
- adjust the SoQM accordingly for a more effective audit approach in 2024.
Anyone who may like to migrate to a very user friendly version of the ISQM or use it as a benchmarking tool against which to measure the effectiveness of your current ISQM, may purchase our ISQM Toolkit for €250+VAT here.
Key features:
The Toolkit comprises three parts that are downloadable in Word format, with associated instructions in pdf format.
Part 1 – Setting Objectives and Risks.
Part 2 – Risk Assessment and Responses.
Part 3 – Monitoring and Remediation including Root Cause Analysis (RCA).
The toolkit comes with three additional optional questionnaires to help with documenting an assessment of the firm’s:
- Methodology and software providers;
- Training providers; and
- File review and Technical Queries consultants.
More information on the ISQM Toolkit is available here.
In addition, during 2023 we also published a very helpful IT Controls Assessment questionnaire tool for audit firms to help implement ISA 315.
IT Controls Assessment
Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying and Assessing the Risks of Material Misstatement which was first applicable for accounting Periods Ended 21 December 2022 and of course Periods Ended 21 December 2023.
Auditors dealing with audits of affected entities will already have adopted new audit programmes in 2023, in additional to the normal audit tests, will also need to assess the entity’s IT controls (no matter what the size of that entity).
This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.
For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.
Please also go to our website www.jmcc.ie/training to see our latest:
- Latest updated AML for Accountants webinar (December 2023) which explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox. A 20% discount is available for orders of five or more webinars/products, if bought together.
- There are other accounting/audit webinars on the site and more will follow throughout 2024.
- Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
- ISQM TOOLKIT – We can also tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.
by John McCarthy Consulting Ltd. | Dec 6, 2022 | Blog, News
Root cause analysis (RCA) is a requirement of the new ISQM 1 which comes into effect in less than 10 days. It is one of the eight main components of that standard.
Audit firms will be expected to carry out RCA from 15 December 2022 and have the results and implementation action plan available for inspection by audit monitoring teams in 2023.
RCAs main objective is to examine the more serious audit deficiencies that have occurred during either hot or cold file reviews and involves asking ‘why’ questions, typically five times. The ultimate aim being to prevent them from happening again.
Known as the ‘5 Whys’ technique – it is allegedly attributed to the famously successful Toyota vehicle manufacture process.
In the audit world you might find that the source of a problem is lack of adequate staff training or staff performing audit work with an out of date disclosure checklist – the root problem occurs there.
But what is the root cause of the problem? The answer lies in going deeper by asking why the problem occurred. Asking “Why?” five times requires taking the answer to the first why and then asking why that occurs.
Typically, the process of asking “Why?” leads upstream in the process. It may be a defect that occurs in planning, but the root cause may be in the poor quality of client records, or perhaps a lack of sufficiently critical sceptical thinking on the part of the audit team.
Some typical root cause that we have come across include:
- risk assessment at the planning stage of the audit;
- the extent of audit evidence obtained and the level of documentation; and
- the degree of disclosure within the financial statements.
A common reason for these types of issue is a lack of understanding of the ISAs (Ireland) or accounting standards. Some firms insist on staff reading the ISAs as a basic starting point. What a good idea?
The 2022 book of the ISAs (Ireland) is available from the CAI store here. (We promise we don’t get a commission!). These standards are essential reading for all audit teams, especially with so many modifications to the standards coming into play for accounting periods ending 31 December 2022.
Other reasons that can be root causes include:
- flaws in the design of audit tests and
- inadequate review by senior audit team personnel (i.e. the audit manager or the audit engagement partner) as well as;
- Client familiarity which can play a part in leading to poorer quality audit documentation.
For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie
Publications and AML webinar
To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Nov 25, 2022 | Blog, News
Continuing our series of blogs where we looked at the scalability of the ISQM(Ireland) 1, this week we look at the question: ‘What are the Main Elements Within a System of Quality Control (SoQM)?
Establishing the SoQM
ISQM 1.6 requires each audit firm to establish and maintain a system of quality control (SoQM) which includes policies and procedures addressing each of the following six processes:
- Governance and leadership;
- Relevant ethical requirements;
- Acceptance and continuance;
- Engagement performance;
- Resources; and
- Information and communication.
There are two other elements of the SoQM that we have covered in our other blogs –
- The risk assessment and responses;
- The monitoring/remediation stage which includes Root Cause Analysis as a key component.
Each audit firm must have written policies and procedures which ensure that its independence and objectivity cannot be jeopardised by the intervention of any partner or member of staff in the carrying out of an audit engagement.
As well as the above policies/procedures, each audit firm must also have:
- Sound administrative and accounting procedures;
- Internal quality control mechanisms;
- Effective procedures for risk assessment; and
- Effective control and safeguard arrangements for information processing
For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie
Publications and AML webinar
To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
