All registered audit firms and individual auditors who are not members of a registered audit firm are subject to a quality review at least once every 4 years. In practice, we aim to keep our review cycle consistent with the EU’s three year cycle, to stay aligned internationally. The frequency of our inspections varies. We inspect larger firms every two years, while other firms are generally inspected every three years.
Under the Auditor Regulation Act 2011, we must carry out a quality review of systems, policies, and procedures of registered audit firms and licensed auditors at least once every four years. Where we note significant misconduct we refer these matters to the appropriate disciplinary bodies.
We are required to prepare an annual report on the quality reviews we completed in the preceding financial year in the audit quality monitoring report. Download the Audit Quality Monitoring Report.
Quality review methodology
We assess an audit firm’s compliance with the standards and the requirements of the AR Act by:
- looking at the firm’s overall quality control systems for performing compliant FMC audits
- reviewing a selection of individual FMC audit engagement files to see if a file complies with the above systems and the Auditing and Assurance Standards issued by the XRB.
We review the ’Big Four’ firms every two years, and all other firms every three years. As a result of our Memorandum of Understanding (MOU) with the Auditor-General, we may review audits of FMC reporting entities carried out by private audit firms on behalf of the Auditor-General. The results of these reviews are included in this report and our findings are communicated directly to the Auditor-General.
All of our reviews undergo a robust moderation process. Each audit quality review assessment report is peer-reviewed by a reviewer not involved in the initial review. Our final report goes to the Auditor Oversight Committee (AOC) for consideration. The AOC provides an independent forum to review the consistency and fairness of all quality review reports. The AOC comprises a diverse group of professionals including Ex auditors, company directors, and others with relevant experience who are independent of the audit profession.
Quality control framework
The requirement of a quality control system is set out in the Professional and Ethical Standards, and Auditing Standards. Our assessment of an audit firm’s quality control system focuses on whether:
- the system complies with the relevant standards
- the system’s policies and procedures are followed
- the system contributes to high quality FMC audits.
We also evaluate whether the firm’s internal monitoring of its audit quality control system is effective. This internal monitoring includes the firm performing an internal engagement quality control review (EQCR) on each FMC audit file.
The EQCR is a process designed to provide an objective evaluation of the significant judgements the audit team has made, and the conclusions reached in the auditor’s report.
We have prescribed additional requirements7 for this EQCR given its importance to the audit process. We expect the EQCR partner to be suitably qualified and have relevant experience to enable them to give an objective evaluation. They should also be involved in key decision-making to make sure the audit has an effective process.
7 Paragraph 8(1)(f) of the Auditor Regulation Act (Prescribed Minimum Standards and Conditions for Licensed Auditors and Registered Audit Firms) Notice 2012
Individual file reviews
We carry out individual audit file reviews to check the auditor has complied with Auditing and Assurance Standards, and exercised reasonable care, diligence and skill in carrying out the audit.
Key attributes of audit quality are:
- an independent audit is carried out by a licensed auditor
- the auditor demonstrates appropriate levels of professional scepticism
- adequate and appropriate audit evidence is obtained
- the auditing and assurance standards are followed
- an appropriate audit opinion is issued.
File selection
The number of audit files we select for each audit firm is determined by the number of licensed auditors at the firm, the number of FMC audits completed and the results of the firm’s previous review.
In selecting specific files for review, we take into account:
- businesses of significant public interest given the value of financial products issued to the public (such as KiwiSaver schemes, banks, insurance companies and businesses listed on the NZX)
- businesses and industries that are more vulnerable to risks from existing and emerging market conditions, such as newly listed businesses, or businesses that experienced significant growth
- other businesses considered higher risk, for example finance companies, or businesses that have non-compliance issues such as qualified audit reports, or non-compliance with laws and regulations
- a cross-section of different licensed auditors in each registered firm.
If a previous review found an audit file did not meet the required standards, it is likely we would review that auditor or audit file again.
File ratings
When we complete a file review, the reviewer gives each individual finding on that file a rating from low to high, and proposes a final overall file rating from the following categories:
Good
We either had no findings or the findings relate to improving some documentation or minor non-compliance with the auditing standards. The reviewer is satisfied that all audit procedures have been performed around key risk areas and sufficient audit evidence was obtained.
Compliant, but improvements needed
We identified areas in the file where the audit wasn’t performed in accordance with the audit standards. However, overall, the reviewer found there was sufficient and appropriate audit evidence obtained in the key risk areas.
Non-compliant
The file showed several areas where the audit wasn’t performed in accordance with the standards. The reviewer found insufficient or inappropriate audit evidence obtained in at least one key risk area of the audit, or the review showed a material misstatement that required restatement of the financial statements and/or the audit opinion.
The ratings are moderated by the AOC.
Possible actions taken
Following an audit quality review, we consider if further action is required. Actions we could take include:
- Requiring an audit firm to perform additional work to address our findings
- Requiring an entity to restate the financial statements, if we find material misstatements
- Completing a follow-up review within six to 18 months of the previous review to ensure the firm has taken appropriate action to address our findings
- Issuing directions to remediate any findings
- Referring complaints to the licensed auditors’ professional body to be dealt with under its disciplinary procedures.