Audit Practice Reviews

Every statutory auditor in public practice is required to periodically undertake a Whole Practice Review, including an Audit Compliance Review. The selection of the reviewer and the frequency of this review is determined by the size of the audit practice.

The Whole Practice Review focuses on whether the requirements of International Standard on Quality Control (ISQC 1), have been implemented and addressed by the audit practice. The Audit Compliance Review determines – through interviews, walk-through tests, and file inspections (cold file reviews) — whether, and to what extent, this control system is operating effectively.

The selection of the reviewer and the frequency of this review is determined by the size of the audit practice and should comply with the Guidance Note on Compliance Reviews under ‘Clarified’ ISQC 1 as issued by the Quality Assurance Oversight Committee (February 2011) of the Accountancy Board of Malta.

WHOLE PRACTICE REVIEW

The Whole Practice Review focuses on whether the requirements of International Standard on Quality Control (ISQC 1), have been implemented and addressed by the audit practice. This involves an independent assessment on (i) leadership and extent of ‘tone at the top’ of the audit practice; (ii) independence, ethics and conflict of interest; (iii) methodologies adopted in accepting a new audit client and in assessing continuance of client relationships; (iv) value and authority of human resources in the practice; (v) engagement performance and (vi) feedback received from professional association, network or regulatory practice inspection regime.

The auditor will be provided with an External Independent Review Report on the monitoring process’ results, including a detailed description of the monitoring process and its conclusions on the audit practice’s overall compliance and effectiveness, in a number of areas including:-

  • Audit practice structure and its connected undertakings
  • Adequacy of the Practice’s ISQC 1 Manual of Policies and Procedures
  • Adequacy of the Transparency Report issued on websites of practitioners auditing Public Interest Entities
  • Professional indemnity insurance cover
  • Values, Ethics, Attitudes and Independence requirements
  • Independence declarations for auditors and staff
  • Client Acceptance and Continuance
  • Practice marketing and promotion
  • Attracting and Retaining Staff
  • Continuous Professional Education and staff training records
  • Results of staff performance appraisal
  • Audit programme usage and updating
  • Effectiveness of monitoring programme implemented by the firm
  • Adequacy of financial reporting frameworks (IFRS as adopted by the EU / GASPME)
  • Follow up action taken following previous reviews carried out internally, by the international network firm or by the Regulator

AUDIT COMPLIANCE REVIEW

The Audit Compliance Review is the most comprehensive review exercise that can be undertaken as it addresses both Whole Practice Review considerations and also a selection of a completed audit engagement(s) otherwise known as Cold File Review.

Audit Compliance Review = Whole Practice Review + Cold File Review

The auditor will be provided with an External Independent Review Report on the monitoring process’ results, including a detailed description of the monitoring process and its conclusions on the audit practice’s overall compliance and effectiveness, in a number of areas including:-

  • The degree of compliance with quality control policies and procedures
  • The relevance and adequacy of the quality control policies and procedures
  • Determination of the effectiveness of the audit practice’s monitoring
  • Appropriateness of the nature, timing and extent of audit documentation on selected client(s)
  • Extent of adherence to the International Standards on Auditing regime on selected client(s)
  • Extent of adherence with the applicable financial reporting framework on selected client(s)

An External Independent Review Report will be submitted following each review process and as established in the letter of engagement agreed with the statutory auditor. The external reviewer and the statutory auditor (usually the Compliance Principal of the Audit Practice) will meet to discuss the findings of the External Independent Review Report (along with other appropriate personnel) and decide on the corrective action and/or changes to make to the system, roles and responsibilities, disciplinary action, recognition, and other matters as determined. This Report also includes developing recommendations to improve the system, especially if weaknesses are detected or if professional standards and practices have changed.