The PIOB’s recommendations are based on the proposals discussed by the IAASB as of September 2019.
For further information and details about the IAASB projects, please refer to the IAASB website: http://www.iaasb.org/consultations-projects
Update of this document: October 25, 2019
Impact and risk of the use of technology
The PIOB encourages the IAASB to address the impact and risk of the use of technology on risk identification and risk assessment (e.g. big data, data analytics, cyber risks and cyber security), and the importance of professional skepticism.
The PIOB appreciates the inclusion in the standard of several provisions addressing technology and application material that include references to automated tools and techniques and gives more emphasis to professional skepticism.
Requirements and scalability in the standard
The separation of the “what” (in the requirements), from the “why” and the “how” (in the application material) in the redrafted ISA 315 generally achieves greater clarity.
The PIOB stresses the importance to include all requirements in the standard. Moreover, the PIOB suggests integrating the concept of scalability in the standard, rather than in the application material.
Scalability paragraphs have been separately signposted in the standard, as well as considerations for Less Complex Entities, and placed in the application material, providing illustrative examples of how scalability applies.
Strengthening Professional Skepticism in the ISAs
At the time of the “Invitation to Comment”, the PIOB recommended the IAASB to pay attention to PS, because it relates to going concern, auditor independence, and management bias.
The PIOB welcomes placing greater focus on PS across the projects currently or recently developed by the IAASB, such as ISA 540, the three Quality Management Standards, ISA 315 and Extended External Reporting. The PIOB highlights the need to consider how auditors should document PS and encourages the IAASB to further strengthen the notion of PS throughout the standards.
Projects to be included in the Strategy and Work Plan (SWP)
The 2020-2023 Strategy and 2020-2021 Work Plan should include projects with a strong public interest impact: data analytics and technology, going concern, fraud, and consideration of the audit firm business model in the ISAs.
The PIOB acknowledges that some of these topics, such as fraud, going concern, data analytics and technology, are listed in the draft SWP as “Information Gathering” activities.
The SWP needs to be clearer on how the IAASB will address Going Concern and Fraud within the timeframe of the Strategy.
Regarding technology, this is a current workstream which aims to produce non-authoritative guidance on the impact that technology and automated tools have on ISAs.
Considerations regarding the business model should be incorporated into standards under development.
Need to broaden the consultation on the Strategy
The PIOB welcomes the outreach efforts of the IAASB to solicit responses from a broad number of stakeholders.
Identification and prioritization of resources to execute the SWP
The IAASB’s agenda includes a large number of important projects, with ambitious and tight timelines. It would be helpful, in the SWP document, to identify project prioritization and the resources allocated for each project and determine whether they are sufficient.
The IAASB added a paragraph in the draft SWP (under the section “Managing Delivery of the Strategy and Work Plan”), explaining, with general criteria, how the IAASB determines its new activities and priorities, including the role of resources. However, the paragraph does not provide any detailed information and does not address the issue whether resources available could be considered sufficient.
The objective of a QMS should focus on high quality audits
The standard should state clearly that the objective of the quality management system is to produce high quality audits. The PIOB welcomes the redrafting of the objective but continues to encourage the IAASB to be clear that the objective of QMS is AQ and not only compliance with standards.
The firm’s business model (BM) should not interfere with Audit Quality (AQ)
The audit firm’s BM should promote AQ. The BM includes the governance structure of the firm, adherence to ethical requirements by the firm’s management and by the auditors, the incentive structure of partners and staff, and auditor’s accountability.
When non-audit services (NAS) are delivered in the context of an audit, the standard should consider the impact of all the above on AQ.
The IAASB should continue coordinating with the IESBA aspects related to ethical requirements
The PIOB welcomes the coordination between the IAASB and the IESBA on topics overlapping with the Code of Ethics (e.g. ethical requirements, auditor independence and engagement quality control reviews).
ISQM1 could highlight that NOCLAR, conflicts of interest, and the provision of non-assurance services constitute risks to AQ.
Networks need to be better addressed in ISQM1
Investors and those who use audit services from a global “branded firm” should receive uniform quality from that brand.
ISQM1 should contemplate the coordination at network level of all those aspects that affect AQ of that brand. The standard has made some progress, but QMS should also be set at network level with a focus on internal inspections and quality control monitoring.
Transparency Reports (TR) should be required in ISQM1
ISQM1 should require audit firms to publish TR.
Communicating externally insights into the firm’s quality management systems is in the public interest. The minimum content of TR should be indicated in the standard, and include the firm’s corporate governance structure, relative audit and non-audit professional services and related fees, remuneration schemes and incentives for partners, a description of the firms’ quality management system, the outcome of the QMS in terms of deficiencies, and the measures taken to correct them.
The PIOB acknowledges that TR are listed in the ED as an example of “other communication to external parties”.
Complexity and scalability of the standard should be addressed
The length and complexity of the standard are a major concern, as they may impede the implementation by smaller firms.
Scalability needs to be addressed as well and guidance may be provided for smaller firms.
Engagement Quality Reviews (EQRs) should be required for all PIEs
EQRs should be required for all PIEs.
The PIOB acknowledges the IAASB proposal to require EQRs for “significant public interest” entities, such as banks, insurance companies and pension funds, however it recommends the use of the PIE concept, to ensure consistency with the Code of Ethics.
Coordination with the IESBA on aspects related to ethical requirements
The PIOB welcomes and supports the ongoing coordination between the IAASB and the IESBA on topics overlapping with the Code of Ethics (e.g. auditor independence, objectivity, engagement quality control reviews, cooling off period of EQCR).
The requirements for EQR performance should be strengthened
According to IFIAR’s inspections Report in 2018, one of the most important quality findings relates to the “insufficient depth/extent of engagement quality reviews.”
EQRs should be performed as the audit is being performed (“continuous quality control through the audit”), not at the end of the audit or after the auditor’s report is issued.
The PIOB acknowledges the current IAASB proposals to review the audit documentation at appropriate points in time, throughout all the stages of the engagement and on or before the date of the engagement report.
Respect of Public Interest and of Ethical Standards
Respect of public interest and of ethical standards are an important objective of a Quality Management System. Audit Quality is not just compliance with professional standards and regulatory requirements.
The PIOB acknowledges that the ED explicitly addresses the Engagement Partner’s responsibility to act in the public interest when performing audit engagements.
Engagement Partner’s Responsibilities
It is not enough for the Engagement Partner to be satisfied that the firm’s policies and procedures have been complied with, but also applicable rules and regulations. If necessary, the engagement may need to be discontinued.
The PIOB acknowledges that the ED makes a reference to the applicable legal and relevant ethical requirements, as well as the possibility to withdraw from the engagement.
Importance of Group Audits
Group audits affect the most systematically important entities, so the project could better document what are the public interest issues it intends to address.
The IAASB has made clearer which are the key public interest issues addressed in the project (e.g. encouraging quality management at engagement level; fostering an independent and skeptical mindset of the auditor; reinforcing the communication during the audit between the group engagement team and the component auditors).
Societal impact of EER
It is important for the public to understand the IAASB’s work on EER, as it has a very strong impact on groups which work for environmental, social and governance improvements.
The TF should try to make the ED understandable for these non-technical stakeholders to ensure their important input is achieved. Additionally, the ED needs to clarify what is possible to achieve in terms of providing assurance.
Scalability of standards for LCEs
The PIOB welcomes the IAASB initiative to explore the needs and concerns of LCEs and others. The LCEs project needs to deal with calls from SMEs on scalability and, at the same time, ensure that assurance is not weakened.
Importance of Technology
Technology is an issue which deserves deeper consideration. Standards should be revisited to reflect the impact of technology on the audit profession. Given the pace of change, a lengthy project is not in the public interest. Non-authoritative guidance could be considered as a solution for a timely response.
Clarifying the concept of professional judgment in an AUP
It would be helpful to explain more clearly the extent by which professional judgement is applied when performing an AUP versus an assurance engagement. The IAASB has drafted a text which explains the difference between an assurance engagement and an AUP.
There is also a proposal to exclude professional judgment in the execution of an AUP. However, the text drafted includes examples on how to exercise professional judgment at specific stages of an AUP, where required.
Clarity is needed and professional judgment should be applied throughout all the stages of an AUP.
Transparency in disclosing the non-independence of the practitioner
The AUP requires the practitioner to be objective but not independent.
Whenever independence is not required, it would be beneficial to disclose whether the practitioner is independent or not, for transparency purposes.