Chapter 1

Quality Control

SQC 1 applies to all engagements and deals with quality at the level of firm.
SA 220 deals with audit quality at individual audit engagement level.

SQC 1, “Quality Control for firms that perform audits and reviews of historical financial information, and
other assurance and related services engagements”
SQC 1 requires that the firm should establish a system of quality control designed to provide it with reasonable
assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements
and that reports issued by the firm or engagement partners are appropriate in the circumstances. The firm’s system
of quality control should consist of policies designed to achieve these objectives. This quality control standard
applies to all firms irrespective of their constitution.

Elements of System of Quality Control

1. Leadership responsibilities for quality within the firm: SQC 1 requires firms to establish policies and
procedures designed to promote an internal culture based on the recognition that quality is essential in performing
engagements. Such policies and procedures should require the firm’s chief executive officer or the firm’s managing
partners to assume ultimate responsibility for the firm’s system of quality control. The example set by firm’s
leadership encourages an inner culture that recognizes high quality audit work. Further, persons assigned
operational responsibilities for the firm’s quality control system by the firm’s chief executive officer or managing
partners should have sufficient and appropriate experience, ability, and the necessary authority to assume that
responsibility. Essentially, it implies that audit quality is paramount in all engagements. It is non-negotiable. In this
regard, it should be ensured that: - (a) The firm assigns its management responsibilities so that commercial
considerations do not override the quality of work performed. (b) The firm’s policies and procedures addressing
performance evaluation, compensation, and promotion (including incentive systems) with regard to its personnel
are designed to demonstrate the firm’s overriding commitment to quality and (c) The firm devotes sufficient
resources for the development, documentation and support of its quality control policies and procedures.

2. Ethical Requirements: The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm and its personnel comply with relevant ethical requirements contained in the Code of Ethics
issued by ICAI. The Code establishes the fundamental principles of professional ethics which include integrity,
objectivity, professional competence and due care, confidentiality and professional behaviour. Fundamental
principles should be emphasized by: Actions of the leadership of the firm, Spreading awareness and training,
Monitoring, A process for dealing with non-compliance. Observance of “Independence” in all engagements is the
founding requirement. The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm, its personnel and (including experts contracted by the firm and network firm personnel)
maintain independence where required by the Code. Such policies and procedures should enable the firm to: - (a)
Communicate its independence requirements to its personnel (b) Identify and evaluate circumstances and
relationships that create threats to independence, and to take appropriate action to eliminate those threats or
reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the
engagement. There should exist a mechanism in the firm by which engagement partners provide the firm with
relevant information about client engagements and personnel of firm promptly notify firm of circumstances and
relationships that create a threat to independence. All breaches of independence should be promptly notified to firm
for appropriate action. At least annually, the firm should obtain written confirmation of compliance with its
policies and procedures on independence from all firm personnel required to be independent in terms of
the requirements of the Code. SQC 1 lays special emphasis on familiarity threat. Using the same senior
personnel on assurance engagements over a prolonged period may impair the quality of performance of the
engagement. Therefore, the firm should establish criteria for determining the need for safeguards to address this
threat. Examples of safeguards include rotating the senior personnel or requiring an engagement quality control
review. The familiarity threat is particularly relevant in the context of financial statement audits of listed entities. For
these audits, the engagement partner should be rotated after a pre-defined period, normally not more than
seven years (except in cases where audit of listed entities is conducted by a sole practitioner). However, to
ensure quality control exists in such firms and appropriate reports are issued, there is a process for mandatory peer
review of such firms.

3. Acceptance and Continuance of Client Relationships and Specific Engagements: A firm before accepting an
engagement should acquire vital information about the client. Such an information should help firm to decide about:
- Integrity of Client, promoters and key managerial personnel; Competence (including capabilities, time and
resources) to perform engagement; Compliance with ethical requirements. The firm should obtain such information
 as it considers necessary in the circumstances before accepting an engagement with a new client, when deciding
whether to continue an existing engagement, and when considering acceptance of a new engagement with an
existing client. Where issues have been identified, and the firm decides to accept or continue the client relationship
or a specific engagement, it should document how the issues were resolved. With regard to the integrity of a
client, matters that the firm considers include, for example: • The identity and business reputation of the
client’s principal owners, key management, related parties and those charged with its governance. • The nature of
the client’s operations, including its business practices. • Information concerning the attitude of the client’s principal
owners, key management and those charged with its governance towards such matters as aggressive
interpretation of accounting standards and the internal control environment. • Whether the client is aggressively
concerned with maintaining the firm’s fees as low as possible. • Indications of an inappropriate limitation in the
scope of work. • Indications that the client might be involved in money laundering or other criminal activities. • The
reasons for the proposed appointment of the firm and non-reappointment of the previous firm. In considering
whether the firm has the capabilities, competence, time and resources to undertake an engagement,
following matters have to be taken into consideration: - • Firm personnel have knowledge of relevant industries
or subject matters; • Firm personnel have experience with relevant regulatory or reporting requirements, or the
ability to gain the necessary skills and knowledge effectively; • The firm has sufficient personnel with the necessary
capabilities and competence; • Experts are available, if needed; • Individuals meeting the criteria and eligibility
requirements to perform engagement quality control review are available, where applicable; and • The firm would
be able to complete the engagement within the reporting deadline.
If there is any conflict of interest between the firm and client, it should be properly resolved before accepting the
engagement. Where the firm obtains information that would have caused it to decline an engagement if that
information had been obtainable earlier, policies and procedures on the continuance of the engagement and the
client relationship should include consideration of: (a) The professional and legal responsibilities that apply to the
circumstances, including whether there is a requirement for the firm to report to the person or persons who made
the appointment or, in some cases, to regulatory authorities; and (b) The possibility of withdrawing from the
engagement or from both the engagement and the client relationship. Policies and procedures on withdrawal
from an engagement or from both the engagement and the client relationship address issues that include
the following: • Discussing with the appropriate level of the client’s management and those charged with its
governance regarding the appropriate action that the firm might take based on the relevant facts and
circumstances. • If the firm determines that it is appropriate to withdraw, discussing with the appropriate level of the
client’s management and those charged with its governance withdrawal from the engagement or from both the
engagement and the client relationship, and the reasons for the withdrawal. • Considering whether there is a
professional, regulatory or legal requirement for the firm to remain in place, or for the firm to report the withdrawal
from the engagement, or from both the engagement and the client relationship, together with the reasons for the
withdrawal, to regulatory authorities. • Documenting significant issues, consultations, conclusions and the basis for
the conclusions.

4. Human Resources: The firm should establish policies and procedures designed to provide it with reasonable
assurance that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles
necessary to perform its engagements in accordance with professional standards and regulatory and legal
requirements and to enable the firm or engagement partners to issue reports that are appropriate in the
circumstances. Such policies and procedures should address relevant HR issues including recruitment,
compensation, training, career development, performance evaluation etc. There should be emphasis on the
continuing professional development of the firm’s personnel. The firm should assign responsibility for each
engagement to an engagement partner. The firm should establish policies and procedures requiring that: (a) The
identity and role of the engagement partner are communicated to key members of the client’s management and
those charged with governance; (b) The engagement partner has the appropriate capabilities, competence,
authority and time to perform the role; and (c) The responsibilities of the engagement partner are clearly defined
and communicated to that partner. The firm should assess the performance of their partners and team members
keeping in mind their commitment towards quality.

5. Engagement Performance: Consistency in quality of engagement performance is achieved through briefing of

engagement teams of their objectives, processes for complying with engagement standards, processes of
engagement supervision and training, methods of reviewing performance of work, appropriate documentation of
work performed. Consultation in difficult or contentious matters: Consultation should take place in difficult or
contentious matters pertaining to an engagement. Consultation includes discussion, at the appropriate professional
level, with individuals within or outside the firm who have specialized expertise, to resolve a difficult or contentious
matter. It helps to promote quality and improves the application of professional judgment. Consultation procedures
require consultation with those having appropriate knowledge, seniority and experience within the firm (or outside
the firm) on significant technical, ethical and other matters and appropriate documentation and implementation of
conclusions resulting from consultations. Complete and proper documentation should be maintained on issues
 involved and results of consultation. Engagement quality control review: Significant judgments made in an
engagement should be reviewed by an engagement quality control reviewer for taking an objective view before the
report is issued. The extent of the review depends on the complexity of the engagement and the risk that the report
might not be appropriate in the circumstances. The review does not reduce the responsibilities of the engagement
partner. Engagement quality control review is mandatory for all audits of financial statements of listed
entities. In respect of other engagements, firm should devise criteria to determine cases requiring performance of
engagement quality control review. An engagement quality control review for audits of financial statements of
listed entities includes considering the following: - • The engagement team’s evaluation of the firm’s
independence in relation to the specific engagement. • Significant risks identified during the engagement and the
responses to those risks. • Judgments made, particularly with respect to materiality and significant risks. • Whether
appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious
matters, and the conclusions arising from those consultations. • The significance and disposition of corrected and
uncorrected misstatements identified during the engagement. • The matters to be communicated to management
and those charged with governance and, where applicable, other parties such as regulatory bodies. • Whether
working papers selected for review reflect the work performed in relation to the significant judgments and support
the conclusions reached. • The appropriateness of the report to be issued. Engagement quality control reviewer
is a partner, other person in the firm (who should be member of ICAI), suitably qualified external person, or
a team made up of such individuals. In this regard, suitably qualified external person refers to an individual
outside the firm with the capabilities and competence to act as an engagement partner, for example a partner or an
employee (with appropriate experience) of another firm. It is necessary to maintain objectivity of such reviewer.
Therefore, participation in engagement or making decisions for engagement team is to be avoided at all
costs. However, engagement partner may consult engagement quality control reviewer during the engagement so
as not to compromise his objectivity and eligibility to perform the role. Where the nature and extent of the
consultations become significant, however, care is taken by both the engagement team and the reviewer to
maintain the reviewer’s objectivity. Where this is not possible, another individual within the firm or a suitably
qualified external person is appointed to take on the role of either the engagement quality control reviewer or the
person to be consulted on the engagement. The firm’s policies should provide for the replacement of the
engagement quality control reviewer where the ability to perform an objective review may be impaired. Differences
of Opinion: There might be differences of opinion within engagement team, with those consulted and between
engagement partner and engagement quality control reviewer. The report should only be issued after resolution of
such differences. In case, recommendations of engagement quality control reviewer are not accepted by
engagement partner and matter is not resolved to reviewer’s satisfaction, the matter should be resolved by
following established procedures of firm like by consulting with another practitioner or firm, or a professional or
regulatory body. Engagement documentation: The firm should establish policies and procedures for engagement
teams to complete the assembly of final engagement files on a timely basis after the engagement reports have
been finalized. Engagement files should be completed in not more than 60 days after the date of auditor’s
report in case of audit engagements and in other cases within the limits appropriate to engagements.
Where two or more different reports are issued in respect of the same subject matter information of an entity, the
firm’s policies and procedures relating to time limits for the assembly of final engagement files should be
considered for each report as if it were for a separate engagement. This may, for example, be the case when the
firm issues an auditor’s report on a component’s financial information for group consolidation purposes and, at a
subsequent date, an auditor’s report on the same financial information for statutory purposes. Policies and
procedures should be designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability
of engagement documentation. Care should be taken that policies and procedures on documentation of the
engagement quality control review should require documentation that: - (a) The procedures required by the firm’s
policies on engagement quality control review have been performed. (b) The engagement quality control review
has been completed before the report is issued and (c) The reviewer is not aware of any unresolved matters that
would cause the reviewer to believe that the significant judgments the engagement team made and the conclusions
they reached were not appropriate. Unless otherwise specified by law or regulation, engagement
documentation is the property of the firm. The firm may, at its discretion, make portions of, or extracts
from, engagement documentation available to clients, provided such disclosure does not undermine the
validity of the work performed, or, in the case of assurance engagements, the independence of the firm or
its personnel. Engagement documentation has to be retained for a period of time sufficient to permit those
performing monitoring procedures to evaluate the firm’s compliance with its system of quality control, or for a longer
period if required by law or regulation. In the specific case of audit engagements, the retention period
ordinarily is no shorter than seven years from the date of the auditor’s report, or, if later, the date of the
group auditor’s report.

6. Monitoring: The firm should ensure that policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice. Such policies and procedures should
include an ongoing consideration and evaluation of the firm’s system of quality control, including a periodic
 inspection of a selection of completed engagements. Quality control of engagements has to be monitored taking
into account following factors:  Deciding whether the quality control system of the firm has been appropriately
designed and effectively implemented.  Examining whether new developments in the professional standards, legal
and regulatory requirements have been reflected in the quality control policies.  Conducting monitoring by
entrusting responsibility of monitoring process to a partner or other persons with sufficient and appropriate
experience and authority in the firm.  Dealing with complaints and allegations against the firm or any employees of
it of noncompliance with professional standards or appropriate regulatory requirements by a person within or
outside the firm.  Taking appropriate remedial actions against the personnel who did not conform to quality control
policies.  Taking action when deficiencies in the design or operation of the firm’s quality control policies and
procedures, or non-compliance with the firm’s system of quality control are identified.

SA 220 – Quality Control for an Audit of Financial Statements

As per SA 220, the objective of the auditor is to implement quality control procedures at the engagement level that
provide the auditor with reasonable assurance that: - (a) The audit complies with professional standards and
regulatory and legal requirements and (b) The auditor’s report issued is appropriate in the circumstances.

SA 220 is modelled on lines of SQC 1. It describes responsibilities of engagement partner in relation to:
1. Leadership Responsibilities for Quality on Audits: Leadership responsibility of an engagement partner is to
take responsibility for the overall quality on each audit engagement. (a) The importance to audit quality of: - (i)
Performing work that complies with professional standards and regulatory and legal requirements; (ii) Complying
with the firm’s quality control policies and procedures as applicable. (iii) Issuing auditor’s reports that are
appropriate in the circumstances and (iv) The engagement team’s ability to raise concerns without fear of reprisals.
(b) The fact that quality is essential in performing audit engagements.

2. Relevant Ethical Requirements: The responsibilities of an engagement partner in relation to ethical requirements
in an audit engagement are -  Identifying a threat to independence regarding the audit engagement that
safeguards may not be able to eliminate or reduce to an acceptable level.  Reporting by engagement partner to
the relevant persons within the firm to determine appropriate action, which may include eliminating the activity or
interest that creates the threat, or withdrawing from the audit engagement, where withdrawal is legally permitted.

3. Acceptance and Continuance of Client Relationships and Audit Engagements The responsibility of an
engagement partner in this regard in an audit engagement is on lines of SQC 1 which requires the firm should
obtain such information as it considers necessary in the circumstances before accepting an engagement with a
new client, when deciding whether to continue an existing engagement, and when considering acceptance of a new
engagement with an existing client. Information like integrity of principal owners, competence of engagement team
and consideration of necessary capabilities including time and resources, compliance with relevant ethical
requirements and significant matters arisen during current or previous audit engagement and their implications
assist the engagement partner in determining whether the conclusions reached regarding the acceptance and
continuance of client relationships and audit engagements are appropriate.

4. Assignment of Engagement Teams It should be ensured by engagement partner that the engagement team and
any auditor’s experts who are not part of the engagement team, collectively have the appropriate competence and
capabilities to perform the engagement in accordance with professional standards and regulatory and legal
requirements.

5. Engagement Performance: Engagement partner has the responsibility for direction, supervision and performance
of audit engagement in accordance with professional standards and regulatory and legal requirements. He is
responsible for the auditor’s report being appropriate in circumstances. Further, review of audit documentation
before issue of audit report is his responsibility. It has to be ensured that sufficient appropriate audit evidence has
been obtained to support the conclusions reached and for the issuance of the auditor’s report. The engagement
partner is also responsible for ensuring undertaking appropriate consultation on difficult or contentious matters by
engagement team not only within the team but also with others at appropriate level within or outside the firm.

6. Engagement Quality Control Review: For audits of financial statements of listed entities, and those other audit
engagements, if any, for which the firm has determined that an engagement quality control review is required, the
engagement partner shall: (a) Determine that an engagement quality control reviewer has been appointed (b)
Discuss significant matters arising during the audit engagement, including those identified during the engagement
quality control review, with the engagement quality control reviewer (c) Not date the auditor’s report until the
completion of the engagement quality control review. The engagement quality control reviewer shall perform an
objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in
formulating the auditor’s report. This evaluation shall involve: (a) Discussion of significant matters with the
 engagement partner (b) Review of the financial statements and the proposed auditor’s report (c) Review of
selected audit documentation relating to the significant judgments the engagement team made and the conclusions
it reached and (d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of
whether the proposed auditor’s report is appropriate For audits of financial statements of listed entities, the
engagement quality control reviewer, on performing an engagement quality control review, shall also consider the
following: (a) The engagement team’s evaluation of the firm’s independence in relation to the audit engagement; (b)
Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or
contentious matters, and the conclusions arising from those consultations; (c) Whether audit documentation
selected for review reflects the work performed in relation to the significant judgments made and supports the
conclusions reached. Differences of Opinion: If differences of opinion arise within the engagement team, with
those consulted or, where applicable, between the engagement partner and the engagement quality control
reviewer, the engagement team shall follow the firm’s policies and procedures for dealing with and resolving
differences of opinion.

7. Monitoring: An effective system of quality control includes a monitoring process designed to provide the firm with
reasonable assurance that its policies and procedures relating to the system of quality control are relevant,
adequate, and operating effectively. The engagement partner shall consider the results of the firm’s monitoring
process as evidenced in the latest information circulated by the firm and, if applicable, other network firms and
whether deficiencies noted in that information may affect the audit engagement.

8. Documentation: The engagement partner should document following matters pertaining to an audit engagement -
(a) Issues identified with respect to compliance with relevant ethical requirements and how they were resolved. (b)
Conclusions on compliance with independence requirements that apply to the audit engagement, and any relevant
discussions with the firm that support these conclusions. (c) Conclusions reached regarding the acceptance and
continuance of client relationships and audit engagements. (d) The nature and scope of, and conclusions resulting
from, consultations undertaken during the course of the audit engagement. Besides, the engagement quality
control reviewer shall document, for the audit engagement reviewed, that: (a) The procedures required by the firm’s
policies on engagement quality control review have been performed. (b) The engagement quality control review
has been completed on or before the date of the auditor’s report. (c) The reviewer is not aware of any unresolved
matters that would cause the reviewer to believe that the significant judgments the engagement team made and the
conclusions they reached were not appropriate.
 Mechanisms for Review of Quality Control
1. Peer Review Board: Peer Review Board is constituted by Council of ICAI. The main objective of Peer Review
Board is to ensure that, in carrying out assurance assignments: -  Technical, professional and ethical standards
including regulatory requirements are complied with by members of ICAI.  Proper systems are in place including
documentation thereof which amply demonstrates quality of assurance services provided by members. Peer review
is meant for the purpose of enhancing the quality of professional work resulting in more reliable and useful audit
reports. Peer review means an examination and review of the systems and procedures to determine
whether the same have been put in place by the Practice Unit for ensuring the quality of assurance
services as envisaged by the technical, professional and ethical Standards or any other regulatory
requirements. Once a Practice Unit is subjected to Peer review, its assurance engagement records pertaining to
the Peer review period are subject to examination and review by the Peer Reviewer. On completion of this
exercise, a “peer review certificate” is issued in case of unqualified report issued by Peer Reviewer. In case of a
qualified report, it is informed to the Practice Unit that same cannot be issued along with the reasons therefor as
well as inform about the due date for conducting a follow-on review as may be decided by the Board.

2. Quality Review Board: Quality Review Board has been set up by Central government. It consists of members
nominated by Central govt and Council of ICAI. The functions of QRB are: - (a) To make recommendations to the
Council regarding the quality of services provided by the members of the Institute; (b) To review the quality of
services provided by the members of the Institute including audit services and (c) To guide the members of the
Institute to improve the quality of services and adherence to the various statutory and other regulatory
requirements. The statutory auditors in respect of the companies are identified for their audit quality review based
upon risk-based approach. The review is carried out by technical reviewers who are empaneled by QRB on
engagement basis from across the country.

3. National Financial Reporting Authority: NFRA has been constituted in terms of Section 132(1) of the Companies
Act, 2013. Duties of NFRA also include the following: - (a) Monitor and enforce compliance with accounting
standards and auditing standards. (b) Oversee the quality of service of the professions associated with ensuring
compliance with such standards and suggest measures for improvement in the quality of service.
It has power to monitor and enforce compliance with accounting standards and auditing standards and oversee the
quality of service under section 132(2) or undertake investigation under section 132(4) of the auditors of certain
class of companies. Such companies include listed companies, insurance companies, banking companies and
other companies as provided for in Rule 3 of the NFRA Rules, 2018. Therefore, overseeing quality of audit services
of listed companies falls under the purview of NFRA. QRB can review quality of audit services provided by the
members of the Institute only in respect of entities other than those specified under Rule 3 of the NFRA Rules,
2018 and those referred to QRB by NFRA under relevant rules.