Chapter 1: Quality Control

Background Eg.– Quality Control

Jagriti works in a CA firm with 7 partners. Due to rapid growth, the firm accepted new clients without
proper verification and handled complex audits without experienced staff. During audits, Jagriti noticed
serious reporting errors, such as using “profit” instead of “profit before tax” and mentioning a cash flow
statement that did not exist in the financial [Link] realized the firm lacked a proper quality
control system, which could lead to professional and regulatory problems, and decided to inform the
senior partner about the need for effective quality control policies.
1. AUDIT QUALITY
High audit quality is central to the auditing profession. It helps in creating trust in users of financial
information. Industry, government and public at large are the stakeholders who rely upon assurance
given by auditors. It is, therefore, necessary to ensure a high audit quality throughout the audit process.
Audit quality involves the application of a rigorous audit process by auditors and quality control
procedures that comply with laws, regulations and applicable professional standards.
SQC 1, “Quality Control for firms that perform audits and reviews of historical financial information, and
other assurance and related services engagements” and SA 220, “Quality Control for an audit of
financial statements” deals with issue of establishing quality control systems and responsibilities of
auditors in this regard. Both the standards deal with framework of audit quality. SQC 1 applies to all
engagements and deals with quality at the level of firm. SA 220 deals with audit quality at individual
audit engagement level. Besides the above two standards, other Standards on Auditing, Code of Ethics
issued by ICAI and certain provisions of the Companies Act, 2013 facilitate quality control process.
There also exists a mechanism for review of quality control through Peer Review Board, Quality Review
Board and NFRA (National Financial Reporting Authority).
2. SQC 1 – QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF HISTORICAL
FINANCIAL INFORMATION, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS
SQC 1 requires that the firm should establish a system of quality control designed to provide it with
reasonable assurance that the firm and its personnel comply with professional standards and
regulatory and legal requirements and that reports issued by the firm or engagement partners are
appropriate in the circumstances. The firm's system of quality control should consist of policies
designed to achieve these objectives. This quality control standard applies to all firms irrespective of
their constitution.
2.1 Elements of System of Quality Control
The firm’s system of quality control should include policies and procedures addressing each of the
following elements:
(a) Leadership responsibilities for quality within the firm
(b) Ethical requirements
(c) Acceptance and continuance of client relationships and specific engagements
(d) Human resources
(e) Engagement performance
(f) Monitoring
Quality control policies and procedures should be documented and communicated to the firm’s
personnel. By communicating, the firm recognizes the importance of obtaining feedback on its quality
control system from its personnel. Therefore, the firm encourages its personnel to communicate their
views or concerns on quality control matters.
2.1.1 Leadership Responsibilities for Quality within the Firm
SQC 1 requires firms to establish policies and procedures designed to promote an internal culture
based on the recognition that quality is essential in performing engagements. Such policies and
procedures should require the firm's chief executive officer or the firm's managing partners to assume
ultimate responsibility for the firm's system of quality control. The example set by firm's leadership
encourages an inner culture that recognizes high quality audit work. Further, persons assigned
operational responsibilities for the firm's quality control system by the firm's chief executive officer or
managing partners should have sufficient and appropriate experience, ability, and the necessary
authority to assume that responsibility. It has been laid down clearly that the firm's business strategy is
subject to the overriding requirement for the firm to achieve quality in all the engagements that the
firm performs. Essentially, it implies that audit quality is paramount in all engagements. It is non-
negotiable. In this regard, it should be ensured that:
(a) The firm assigns its management responsibilities so that commercial considerations do not
override the quality of work performed.
(b) The firm's policies and procedures addressing performance evaluation, compensation, and
promotion (including incentive systems) with regard to its personnel are designed to demonstrate
the firm's overriding commitment to quality.
(c) The firm devotes sufficient resources for the development, documentation and support of its
quality control policies and procedures.
Even if the client offers higher fees or has personal connections with partners, the firm must ensure
audit quality is not compromised and should accept the engagement only after proper risk evaluation
and independence considerations.

2.1.2 Ethical Requirements

The firm should establish policies and procedures designed to provide it with reasonable assurance
that the firm and its personnel comply with relevant ethical requirements contained in the Code of
Ethics issued by ICAI. The Code establishes the fundamental principles of professional ethics, which
include: Integrity, Objectivity, Professional competence and due care, Confidentiality and Professional
behaviour.
Fundamental principles should be emphasized by:
1. Actions of the leadership of the firm
2. Spreading awareness and training
3. Monitoring
4. A process for dealing with non-compliance
Independence Requirement: Observance of “Independence” in all engagements is the founding
requirement. The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm, its personnel (including experts contracted by the firm and network firm
personnel) maintain independence where required by the Code.
Such policies and procedures should enable the firm to:
(a) Communicate its independence requirements to its personnel
(b) Identify and evaluate circumstances and relationships that create threats to independence, and
take appropriate action to eliminate those threats or reduce them to an acceptable level by
applying safeguards, or, if considered appropriate, withdraw from the engagement.

There should exist a mechanism in the firm by which engagement partners provide the firm with
relevant information about client engagements and personnel of the firm promptly notify the firm of
circumstances and relationships that create a threat to independence. All breaches of independence
should be promptly notified to the firm for appropriate action. Its objective is to ensure that
independence requirements are satisfied. At least annually, the firm should obtain written confirmation
of compliance with its policies and procedures on independence from all firm personnel required to be
independent in terms of the requirements of the Code.
Familiarity Threat – SQC 1
SQC 1 lays special emphasis on familiarity threat. Using the same senior personnel on assurance
engagements over a prolonged period may impair the quality of performance of the engagement.
Therefore, the firm should establish criteria for determining the need for safeguards to address this
threat. In determining appropriate criteria, the firm considers such matters as:
(a) The nature of the engagement, including the extent to which it involves a matter of public interest.
(b) The length of service of the senior personnel on the engagement.
Examples of safeguards include rotating the senior personnel or requiring an engagement quality
control review. The familiarity threat is particularly relevant in the context of financial statement audits
of listed entities. For these audits, the engagement partner should be rotated after a defined period,
normally not more than seven years (except in cases where audit of listed entities is conducted by a
sole practitioner). However, to ensure quality control exists in such firms and appropriate reports are
issued, there is a process for mandatory peer review of such firms.
Example – Sudhanshu’s conduct is unethical because he offers a favourable report in exchange for
audit work. This shows lack of independence and weak quality control in the firm.

2.1.3 Acceptance and Continuance of Client Relationships and Specific Engagements

A firm before accepting an engagement should acquire vital information about the client. Such
information should help the firm to decide about:

1. Integrity of client, promoters and key managerial personnel.

2. Competence (including capabilities, time and resources) to perform engagement.
3. Compliance with ethical requirements.
The firm should obtain such information as it considers necessary in the circumstances before
accepting an engagement, engagement with a new client, when deciding whether to continue an
existing engagement, and when considering acceptance of a new engagement with an existing client.
Where issues have been identified, and the firm decides to accept or continue the client relationship or
a specific engagement, it should document how the issues were resolved.
Information to be Obtained Before Accepting an Engagement
The firm should obtain such information as it considers necessary in the circumstances before
accepting an engagement with a new client, when deciding whether to continue an existing
engagement, and when considering acceptance of a new engagement with an existing client. Where
issues have been identified, and the firm decides to accept or continue the client relationship or a
specific engagement, it should document how the issues were resolved.
1. Integrity of the Client – Matters Considered. With regard to the integrity of a client, matters that the
firm considers include:
Identity and business reputation of the client’s principal owners, key management, related parties
and those charged with governance.
Nature of the client’s operations, including its business practices.
Information concerning the attitude of principal owners, key management and those charged with
governance towards matters such as aggressive interpretation of accounting standards and the
internal control environment.
Whether the client is aggressively concerned with maintaining the firm’s fees as low as possible.
Indications of inappropriate limitation in the scope of work.
Indications that the client might be involved in money laundering or other criminal activities.
Reasons for the proposed appointment of the firm and non-reappointment of the previous firm. The
extent of knowledge a firm will have regarding the integrity of a client will generally grow within the
context of an ongoing relationship with that client.
2. Capability, Competence, Time and Resources. In considering whether the firm has the capabilities,
competence, time and resources to undertake an engagement, the following matters have to be taken
into consideration:
Firm personnel have knowledge of relevant industries or subject matters.
Firm personnel have experience with relevant regulatory or reporting requirements, or the ability to
gain the necessary skills and knowledge effectively.
The firm has sufficient personnel with the necessary capabilities and competence.
Experts are available, if needed.
Individuals meeting the criteria and eligibility requirements to perform engagement quality control
review are available, where applicable.
The firm would be able to complete the engagement within the reporting deadline.
Conflict of Interest Before Accepting Engagement: If there is any conflict of interest between the firm
and client, it should be properly resolved before accepting the engagement. Where the firm obtains
information that would have caused it to decline an engagement if that information had been available
earlier, policies and procedures on the continuance of the engagement and the client relationship
should include consideration of:
(a) Professional and legal responsibilities that apply to the circumstances, including whether there is a
requirement for the firm to report to the person or persons who made the appointment or, in some
cases, to regulatory authorities.
(b) The possibility of withdrawing from the engagement or from both the engagement and the client
relationship.
Policies and Procedures on Withdrawal from Engagement: Policies and procedures on withdrawal from
an engagement or from both the engagement and the client relationship address issues that include the
following:

Discussing with the appropriate level of the client’s management and those charged with
governance regarding the appropriate action the firm might take based on the relevant facts and
circumstances.
If the firm determines that it is appropriate to withdraw, discussing with the appropriate level of the
client’s management and those charged with governance withdrawal from the engagement or from
both the engagement and the client relationship, and the reasons for the withdrawal.
Considering whether there is a professional, regulatory or legal requirement for the firm to remain in
place, or for the firm to report the withdrawal from the engagement or from both the engagement
and the client relationship, together with the reasons for the withdrawal, to regulatory authorities.
Documenting significant issues, consultations, conclusions and the basis for the conclusions.
Example – CA M should evaluate the client’s integrity, legal issues, risk of association, and compliance
with ethical requirements before accepting the engagement.

2.1.4 Human Resources

The firm should establish policies and procedures designed to provide it with reasonable assurance
that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles
necessary to perform its engagements in accordance with professional standards and regulatory and
legal requirements, and to enable the firm or engagement partners to issue reports that are appropriate
in the circumstances. Such policies and procedures should address relevant HR issues, including:
Recruitment, Compensation, Training, Career development and Performance evaluation. There should
be emphasis on the continuing professional development of the firm’s personnel. The firm should
assign responsibility for each engagement to an engagement partner. The firm should establish policies
and procedures requiring that:
(a) The identity and role of the engagement partner are communicated to key members of the
client’s management and those charged with governance.
(b) The engagement partner has appropriate capabilities, competence, authority and time to
perform the role.
(c) The responsibilities of the engagement partner are clearly defined and communicated to that
partner.
Each engagement team should be able to carry out its responsibilities with necessary competence and
skill. Therefore, the firm should ensure that suitable people are available and groomed for their roles.
The firm should also assess the performance of partners and team members, keeping in mind their
commitment towards quality.
2.1.5 Engagement Performance

Consistency in quality of engagement performance is achieved through: Briefing of engagement teams

regarding their objectives. Processes for complying with engagement standards. Engagement
supervision and [Link] of reviewing performance of work. Proper documentation of work
performed.
Consultation in Difficult or Contentious Matters
Consultation should take place in difficult or contentious matters pertaining to an engagement.
Consultation includes discussion at the appropriate professional level, with individuals within or
outside the firm who have specialized expertise, to resolve difficult or contentious matters. It helps to
promote quality and improve the application of professional judgment. Consultation procedures
require: Consultation with persons having appropriate knowledge, seniority and experience within the
firm (or outside the firm) on significant technical, ethical and other matters. Appropriate
documentation and implementation of conclusions resulting from consultations. If the firm does not
have appropriate internal resources, it may take advantage of advisory services provided by other firms
or professional/regulatory bodies. Proper documentation should be maintained on issues involved and
results of consultation.
Engagement Quality Control Review (EQCR)
Significant judgments made in an engagement should be reviewed by an engagement quality control
reviewer before the report is issued. The extent of review depends on the complexity of the
engagement and the risk that the report may not be appropriate in the circumstances. The review does
not reduce the responsibilities of the engagement partner.
Applicability: Mandatory for audits of financial statements of listed entities. For other engagements,
the firm should devise criteria to determine cases requiring engagement quality control review.
(EQCR) – Listed Entity Audits: An engagement quality control review for audits of financial statements
of listed entities includes consideration of the following:
The engagement team’s evaluation of the firm’s independence in relation to the specific
engagement.
Significant risks identified during the engagement and the responses to those risks.
Judgments made, particularly with respect to materiality and significant risks.
Whether appropriate consultation has taken place on matters involving differences of opinion or
other difficult or contentious matters, and the conclusions arising from those consultations.
The significance and disposition of corrected and uncorrected misstatements identified during the
engagement.
The matters to be communicated to management and those charged with governance and, where
applicable, other parties such as regulatory bodies.
Whether working papers selected for review reflect the work performed in relation to significant
judgments and support the conclusions reached.
The appropriateness of the report to be issued.
EQCR Reviewer: An engagement quality control reviewer may be: A partner,, Another person in the firm
(who should be a member of ICAI), A suitably qualified external person, or A team of such individuals.
The reviewer should have sufficient and appropriate experience and authority to act as an engagement
partner. For example, a partner or employee with appropriate experience of financial statements of
listed entities may act as the reviewer. In addition, the engagement quality control reviewer for an audit
of financial statements of a listed entity should have sufficient and appropriate experience and
authority to act as an audit engagement partner.
It is necessary to maintain objectivity of the reviewer. Therefore: Participation in the engagement or
decision-making for the engagement team should be avoided. However, the engagement partner may
consult the reviewer during the engagement so as not to compromise the reviewer’s objectivity and
eligibility. Where the engagement team and reviewer disagree on matters, the firm’s policies should
provide a mechanism to resolve the issue. If the reviewer’s objectivity is affected, another individual
within the firm or a suitably qualified external person may be appointed to act as the reviewer or to be
consulted.
Differences of Opinion
There may be differences of opinion within the engagement team, between the engagement partner
and engagement quality control reviewer, or with those consulted.
The report should only be issued after the resolution of such differences.
If recommendations of the engagement quality control reviewer are not accepted and the matter is
unresolved, it should be resolved through the firm’s policies and procedures, such as consulting
with another practitioner, professional or regulatory body.
Engagement Documentation
The firm should establish policies and procedures for engagement teams to complete the assembly of
final engagement files on a timely basis after the engagement reports are finalized.

Engagement files should normally be completed within 60 days after the date of the auditor’s
report (for audit engagements).
The time limit may vary depending on the nature of engagements.
Where two or more different reports are issued relating to the same subject matter, the firm’s policies
should treat each report as a separate engagement for assembling final engagement files.
Example: An auditor’s report on component financial information for group consolidation, and A
subsequent auditor’s report on the same financial information for statutory purposes.
Policies for Safeguarding Engagement Documentation: Policies and procedures should ensure the
confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation.
Care should be taken that policies on documentation of engagement quality control review require
documentation that:
(a) The procedures required by the firm’s policies on engagement quality control review have been
performed.
(b) The engagement quality control review has been completed before the report is issued.
(c) The reviewer is not aware of unresolved matters that would cause the reviewer to believe that
the significant judgments made and conclusions reached by the engagement team are
inappropriate.
Ownership and Retention of Documentation: Unless otherwise specified by law or regulation:
Engagement documentation is the property of the firm.
The firm may allow access, at its discretion, to clients, provided such disclosure does not undermine
the validity of work performed or, in case of assurance engagements, the independence of the firm
or its personnel.
Engagement documentation should be retained for a period sufficient to enable those performing
monitoring procedures to evaluate the firm’s compliance with its system of quality control, or for a
longer period if required by law or regulation. In the case of audit engagements, the retention period
ordinarily should not be shorter than seven years from the date of the auditor’s report or, if later, the
date of the group auditor’s report.
2.1.6 Monitoring

The firm should ensure that policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice. Such policies and procedures
should include an ongoing consideration and evaluation of the firm’s system of quality control,
including a periodic inspection of a selection of completed engagements.
Quality control of engagements has to be monitored taking into account the following factors:
Deciding whether the quality control system of the firm has been appropriately designed and
effectively implemented.
Examining whether new developments in professional standards, legal and regulatory requirements
have been reflected in the quality control policies.
Conducting monitoring by entrusting responsibility of monitoring process to a partner or other
persons with sufficient and appropriate experience and authority in the firm.
Dealing with complaints and allegations against the firm or any employees of it regarding non-
compliance with professional standards or appropriate regulatory requirements, either from within
or outside the firm.
Taking appropriate remedial actions against personnel who did not conform to quality control
policies.
Taking action when deficiencies in the design or operation of the firm’s quality control policies and
procedures or non-compliance with the firm’s system of quality control are identified.
3. SA 220 – Quality Control for an Audit of Financial Statements
Based upon the quality control system of the firm, quality control policies relating to audit
engagements are decided by engagement teams. The engagement partner and team are responsible for
applying quality control procedures for a particular audit engagement in accordance with SA 220. SA
220 is based on the premise that the firm is subject to SQC 1. Within the context of the firm’s system of
quality control, engagement teams are responsible for implementing quality control procedures
applicable to the audit engagement and providing the firm with relevant information to enable the
functioning of the firm’s quality control system relating to independence. Engagement teams are
entitled to rely on the firm’s system of quality control, unless information provided by the firm or other
parties suggests otherwise.
Objective of the Auditor under SA 220
As per SA 220, the objective of the auditor is to implement quality control procedures at the
engagement level that provide the auditor with reasonable assurance that:
(a) The audit complies with professional standards and regulatory and legal requirements.
(b) The auditor’s report issued is appropriate in the circumstances.
Responsibilities/ Elements of Engagement Partner under SA 220
SA 220 is modelled on the lines of SQC 1. It describes the responsibilities of the engagement partner in
relation to the following matters:
(a) Leadership responsibilities for quality on audits
(b) Relevant ethical requirements
(c) Acceptance and continuance of client relationships and audit engagements
(d) Assignment of engagement teams
(e) Engagement performance
(f) Monitoring
3.1 Leadership Responsibilities for Quality on Audits

The engagement partner is responsible for the overall quality on each audit engagement. The actions of
the engagement partner and the appropriate messages to the engagement team emphasize the
importance of maintaining audit quality. The engagement partner should emphasize:
(a) The Importance of Audit Quality of:
(i) Performing work that complies with professional standards and regulatory and legal
requirements.
(ii) Complying with the firm’s quality control policies and procedures, as applicable.
(iii) Issuing auditor’s reports that are appropriate in the circumstances.
(iv) Ensuring that the engagement team can raise concerns without fear of reprisals.
(b) The Fact that Quality is Essential in Performing Audit Engagements The engagement partner must
communicate clearly to the team that audit quality is fundamental and must not be compromised in
any engagement.

3.2 Relevant Ethical Requirements

The responsibilities of an engagement partner in relation to ethical requirements in an audit

engagement include:
Identifying a threat to independence regarding the audit engagement that safeguards may not be
able to eliminate or reduce to an acceptable level.
Reporting the matter to relevant persons within the firm to determine appropriate action. Such
action may include:
Eliminating the activity or interest creating the threat, or
Withdrawing from the audit engagement, where withdrawal is legally permitted.

3.3 Acceptance and Continuance of Client Relationships and Audit Engagements

The engagement partner should ensure compliance with SQC 1 while deciding:
Whether to accept a new client,
Whether to continue an existing engagement, or
Whether to accept a new engagement with an existing client.
The engagement partner should obtain information regarding: Integrity of principal owners and key
management. Competence of the engagement team, including time and resources. Compliance with
relevant ethical requirements. Such information assists the engagement partner in determining
whether the conclusions regarding acceptance or continuance of client relationships and audit
engagements are appropriate.

3.4 Assignment of Engagement Teams

The engagement partner should ensure that the engagement team and any auditor’s experts who are
not part of the engagement team collectively have the appropriate competence and capabilities to
perform the audit engagement in accordance with: Professional standards, and Regulatory and legal
requirements.

3.5 Engagement Performance

The engagement partner is responsible for the direction, supervision and performance of the audit
engagement in accordance with professional standards and regulatory and legal [Link]
engagement partner should also ensure that appropriate consultation takes place on difficult or
contentious matters within the team or with experts outside the firm. The engagement partner should
be satisfied that:
Appropriate audit evidence has been obtained to support the conclusions reached.
Audit documentation is sufficient and appropriate before the auditor’s report is issued.

3.6 Engagement Quality Control Review (EQCR)

For audits of financial statements of listed entities, and other audit engagements where the firm
determines that an engagement quality control review is required, the engagement partner should:
(a) Determine that an engagement quality control reviewer has been appointed.
(b) Discuss significant matters arising during the audit engagement, including those identified during
the engagement quality control review, with the engagement quality control reviewer.
(c) Not date the auditor’s report until the completion of the engagement quality control review.
Matters Considered During EQCR: The engagement quality control reviewer evaluates significant
judgments made by the engagement team and the conclusions reached in formulating the auditor’s
report. This evaluation normally includes:
(a) Discussion of significant matters with the engagement partner.
(b) Review of the financial statements and the proposed auditor’s report.
(c) Review of selected audit documentation relating to the significant judgments the engagement
team made and the conclusions it reached.
(d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of
whether the proposed auditor’s report is appropriate.
Additional Considerations for Listed Entity Audits: For audits of financial statements of listed entities,
the engagement quality control reviewer also considers:

(a) The engagement team’s evaluation of the firm’s independence in relation to the audit
engagement.

(b) Whether appropriate consultation has taken place on matters involving differences of opinion or
other difficult or contentious matters, and the conclusions arising from those consultations.

(c) Whether audit documentation selected for review reflects the work performed in relation to
significant judgments made and supports the conclusions reached.
Differences of Opinion
If differences of opinion arise within the engagement team, with those consulted, or between the
engagement partner and the engagement quality control reviewer, the engagement team should follow
the firm’s policies and procedures for resolving such differences.
Even though expert opinion from ICAI resolved the issue, appointment of an engagement quality
control reviewer is still relevant, since EQCR is mandatory for listed entity audits and must be
completed before issuing the audit report.

3.7 Monitoring

An effective system of quality control includes a monitoring process designed to provide the firm with
reasonable assurance that its policies and procedures relating to the system of quality control are
relevant, adequate and operating effectively. The engagement partner should consider the results of
the firm’s monitoring process as evidenced in the latest information circulated by the firm and, if
applicable, other network firms, and whether deficiencies noted in that information may affect the
audit engagement.

3.8 Documentation

The engagement partner should document the following matters pertaining to an audit engagement:
(a) Issues identified with respect to compliance with relevant ethical requirements and how they
were resolved.
(b) Conclusions on compliance with independence requirements that apply to the audit
engagement, and any relevant discussions with the firm that support these conclusions.
(c) Conclusions regarding the acceptance and continuance of client relationships and audit
engagements.
(d) The nature and scope of, and conclusions resulting from, consultations undertaken during the
course of the audit engagement.
Documentation by Engagement Quality Control Reviewer: The engagement quality control reviewer
shall document for the audit engagement reviewed that:
(a) The procedures required by the firm’s policies on engagement quality control review have been
performed.
(b) The engagement quality control review has been completed on or before the date of the
auditor’s report.
(c) The reviewer is not aware of any unresolved matters that would cause the reviewer to believe
that the significant judgments made and conclusions reached by the engagement team were not
appropriate.

4. SQC 1 vs SA 220 – Key Differences in Nature, Scope and Applicability

S. SQC 1 SA 220
No.

1 It applies to the entire firm and fixes the It applies to a particular audit
responsibility of the firm to be assumed by CEO or engagement and the engagement
managing partners. partner takes responsibility.

2 It is applicable to audits, reviews of historical It is applicable to audit engagements

financial information, and other assurance and only.
related services engagements.

3 It relates to setting up a quality control system It deals with the responsibilities of

consisting of policies and procedures for the firm as engagement teams to implement
a whole. quality control procedures applicable
to audit engagements.

4 It pertains to establishing a system of quality control It is premised on the basis that the
designed to provide reasonable assurance that the firm is subject to SQC 1. Within the
firm and its personnel comply with professional firm’s system of quality control,
standards and regulatory requirements, and that engagement teams implement
reports issued by the firm or engagement partners quality control procedures applicable
are appropriate in the circumstances. to audit engagements.

The reporting may not fully comply with SA 220. The auditor should properly evaluate and verify the
regularity of statutory dues before making such a comment. Simply stating that the company is
“generally regular” without adequate audit evidence may not meet the quality control and reporting
requirements of SA 220.
5. Mechanisms for Review of Quality Control

5.1 Peer Review Board

The Peer Review Board is constituted by the Council of ICAI. The main objective of the Peer Review
Board is to ensure that, in carrying out assurance assignments:
Technical, professional and ethical standards, including regulatory requirements, are complied with
by members of ICAI.
Proper systems exist in place, including documentation, which clearly demonstrates the quality of
assurance services provided by members.
Peer review aims to enhance the quality of professional work, resulting in more reliable and useful audit
reports. Peer review involves an examination and review of systems and procedures to determine
whether the firm has been putting in place the practice unit mechanisms necessary to ensure quality of
assurance services, as envisaged by the technical, professional and ethical standards or any other
regulatory requirements. Once a practice unit is selected for peer review, its assurance engagement
records for the Peer Review period are examined and reviewed by the Peer Reviewer. After completion
of the review:
A Peer Review Certificate is issued if there are no qualified reports issued by the reviewer.
If a qualified report is issued, it is communicated to the Practice Unit, along with the reasons and the
due date for conducting a follow-on review as decided by the Board.
5.2 Quality Review Board (QRB)
The Quality Review Board has been set up by the Central Government. It consists of members
nominated by the Central Government and the Council of ICAI.
Functions of QRB:
(a) To make recommendations to the Council regarding the quality of services provided by members
of the Institute.
(b) To review the quality of services provided by members, including audit services.
(c) To guide members of the Institute to improve the quality of services and adherence to various
statutory and other regulatory requirements.
The statutory auditors in respect of the companies identified for their audit quality review based on an
upcoming risk-based approach are subject to review. The review is carried out by technical reviewers
empanelled by QRB on an engagement basis from across the country.
5.3 National Financial Reporting Authority (NFRA)
NFRA has been constituted under Section 132(1) of the Companies Act, 2013.
Duties of NFRA
Monitor and enforce compliance with accounting standards and auditing standards.
Oversee the quality of services of professionals associated with compliance with such standards
and suggest measures for improvement in the quality of services.
NFRA has the power to:
Monitor and enforce compliance with accounting and auditing standards.
Oversee the quality of services under Section 132(2).
Undertake investigation under Section 132(4) of auditors of certain classes of companies.
Companies Covered Under NFRA, These include: Listed companies, Insurance companies, Banking
companies, Other companies as specified under Rule 3 of the NFRA Rules, 2018
Scope of Review
The quality of audit services of listed companies falls under the purview of NFRA.
The Quality Review Board (QRB) reviews audit services provided by members of ICAI in respect of
entities other than those specified under Rule 3 of the NFRA Rules, 2018 and those referred to QRB
by NFRA under relevant rules.