Audit Monitoring Visit Process
Regulatory Monitoring is one of ICAS' key functions and Audit Monitoring is responsible for checking that firms registered with ICAS to conduct audit work are conducting this audit work properly, with integrity, and upholding the required professional standards. The Audit Monitoring visit consists of an opening meeting, fieldwork and a closing meeting. These are discussed below.
How often are Audit Monitoring Visits Conducted?
In relation to Audit Monitoring Visits, ICAS complies with the EU 8th Directive requirements, as follows:-
- The aim is to visit all firms at least once every six years and for firms auditing Public Interest Entities on a more regular basis, in conjunction with the Financial Reporting Council's Audit Quality Review Team.
- Although the minimum requirement is six years, firms may receive visits within a shorter space of time depending on the results of the outcome of their previous audit monitoring visit and depending on any risk factors that may arise from their Annual Return.
How are firms selected for a visit?
Most monitoring visits are usually selected based on risk, although some visits may be selected for other reasons, such as a random selection; or a visit being conducted at the request of the Authorisation Committee. The risk process works as follows:
- Each registered firm must complete a Firms Annual Return;
- The Firms Annual Return computer system will then identify risk factors for each firm which will then be assessed by Audit Monitoring;
- In addition to these risk factors Audit Monitoring will also take into account the results of firms' past monitoring visits and may also take into account other information such as company search information or other regulatory information received;
- Based on an assessment of the above information, which is considered in conjunction with the minimum cycle requirements, and possibly company search information, the firm may be selected for a visit.
How are firms notified of a visit?
Audit Monitoring contacts firms when they are selected for a monitoring visit, usually six weeks before the visit (unless this visit has already been postponed or rescheduled). This notification will provide details of the proposed date for the visit, the time the visit is estimated to take and the name of the reviewer(s) who will conduct the visit.
In addition to the notification, each firm will receive a visit feedback form in order to provide useful feedback on what it thought of the visit process, and Visit Questionnaire and Documents and List that explains what information requires to be made ready for the visit.
What is the visit process?
The onsite part of the process comprises 3 stages:
The Opening Meeting
The visit will start with a meeting to discuss the firm's audit practice and audit clients, and allows the reviewer to understand the firm and its associated risks. This allows the reviewer to focus the fieldwork on areas of risk.
As part of the visit fieldwork the reviewer will select a number of files for review. As part of this review the reviewer will be checking the quality of audit work and how the audit file supports the final audit opinion. The reviewer will also assess compliance with International Standards on Auditing, financial reporting requirements and Companies Act requirements. Each audit engagement principal/Responsible Individual (RI) will be required to respond in writing and by discussion, to any review points or findings raised by the reviewer. This will mean that each audit engagement principal/RI should ensure that time is set aside to do this on the day requested.
Review of System of Quality Management (ISQM (UK) 1)
In addition to reviewing audit files, the reviewer will also review the firm’s System of Quality Management to assess the firm’s compliance with the new quality management standards being International Standard on Quality Management 1 and 2 (ISQMs (UK) 1 & 2) and ISA 220 (UK) (Revised)*. The firm’s System of Quality Management will be assessed for all the ISQM (UK) 1 components ISQM (UK)2 and ISA 220 being:
- The firm’s (a) Quality Objectives (b) Quality Risks (including (i) risk identification and (ii) risk assessment of the likelihood and impact for each risk identified) and (c) Quality Responses (being the firm’s policies, controls and procedures which are put in place to mitigate the risks) in relation to the following components :
- Risk assessment process
- Governance and Leadership;
- Relevant Ethical Requirements;
- Acceptance and Continuance of client relationships/engagements (including anti-money laundering);
- Engagement performance;
- Information and communication; and
- Monitoring and remediation.
and also ISQM (UK)2 requirements in relation to Engagement Quality Reviews, as well as more broadly consider the firm’s compliance with the Audit Regulations and Guidance.
The reviewer's consideration of these matters includes: appraisal processes (where appropriate); 'fit and proper' declarations; CPD; and PII.
*ISQM (UK) 1 New Requirements:
As explained in the Winter 2022/23 edition of Audit News, the new audit quality management standards International Standard on Quality Management (UK) 1 (ISQM (UK) 1) and International Standard on Quality Management (UK) 2 (ISQM (UK) 2) replaced International Standard on Quality Control (UK) 1 (ISQC (UK) 1) on 15 December 2022.
ICAS Audit Monitoring is monitoring ISQM compliance for visits conducted after 15 December 2022.
For practical helps and tips in relation to ISQM (UK) 1 implementation please refer to the resources and links listed in that edition of Audit News.
The Closing Meeting
The main deficiencies and/or findings coming from the file reviews and the review of the of the firm’s System of Quality Management will be pulled together into a preliminary report. This will be discussed in detail with the firm, which is then usually given a deadline of at least 14 days to respond and produce an action plan to any deficiencies or findings.
All visits are independently quality reviewed to ensure that the visit methodology has been met, and that the visit conclusions are fair and balanced. The Authorisation Committee includes members who are qualified Chartered Accountants from ICAS registered audit practices, and makes the decisions on the continuance of a firm's audit registration and of any corrective action that requires to be taken. The Committee will take into account the follow up action taken from previous monitoring visits. The Committee is also responsible for referring any disciplinary issues to the ICAS complaints and disciplinary process. The Committee is also bound by confidentiality rules.
What is the process after the visit?
The timing of when a firm hears about the outcome of a visit will depend on whether there is anything to follow up on post visit, or if registration will continue without any additional information being provided to the Committee. As the Committee only meets every two months, it may be some time before a firm receives notification of the decision.
If you are concerned about the delay in hearing back after the visit, please contact us via firstname.lastname@example.org.