3:39 PM - Tuesday 26 May 2020

Quality Control Standards

Quality Control Periodic Review Manaul For CPA Firms


Within SOCPA’s efforts to develop the accounting and auditing profession, the Quality Review Committee – a technical committee established by the Board of Directors – established a practice – monitoring program for CPA Firms. The program was developed after a comprehensive study and was referred to the Board of Directors by memorandum No. 48/1 dated 18.08.1415H corresponding to 19.01.1995, the Board issued its resolution No. 2/2 dated 13.09.1415H corresponding to 12.02.1995 approving the program, and to be implemented immediately upon issuance. The aim of this program is to ensure compliance by CPA’s with the provisions of Certified Public Accountants Regulations issued by Royal Decree No. M/12 dated 13.05.1412H, accounting and auditing standards, standards and professional rules issued by SOCPA, and other professional regulations issued by competent authorities for the purpose of improving professional performance of CPA Firms, continued excellent professional performance, and enhancing efficiency and reliability of professional services. The practice- monitoring program consists of three sections as follow :

Section (1) :

Includes a definition of terms used in the program, an introduction providing historical description of the stages and procedures followed in preparing the program. It also includes a discription of program objectives and performance requirements.

Section (2) :

Includes an explanation of the objectives, types and guidelines for quality control program CPA Firms, which consists of an annual review and a periodic review. The program included a detailed description of the annual review guidelines. Developing periodic review guidelines was postpond until approval of the mandatory quality control standards.

Section (3) :

Indicates CPA Firm obligations, including provision of periodic information and data to SOCPA in order to obtain a prelimenary conclusion about the extent of compliance by the CPA Firm with the proper quality control, requirements, accounting and auditing standards, and SOCPA’s rules and standards. The program requires CPA Firms to comply with the following :
  • 1. Provide SOCPA with periodic data about the Firms :
    Within a period not exceeding 90 days from the end of Firm fiscal year, CPA Firm shall provide SOCPA with such data and informations that may enable the persons responsible of program implementation to follow- up the quality and nature of CPA Firm professional practice and be acquainted of the extent of CPA Firm compliance with the regulations, accounting and auditing standards and SOCPA professional rules and standards; and that may assist the review team to plan and perform the review. Detailed explanation of those requirements is includes in section (3) of the practice- monitoring program.
  • 2. Apply proper quality control :
    A CPA Firm, requireless of its size or legal form, shall apply proper quality control consistent with SOCPA’s approved quality control standards.
  • 3. CPA Firms acceptance of review implementation :
    CPA Firms shall agree that the review team appointed by SOCPA shall conduct its review as follow :
  • 3.1 Review annual periodic data provided by the CPA Firm (annual review). Section (3) of the program includes a description of the data a CPA Firm is required to submit periodically to SOCPA.
  • 3.2 CPA Firm quality control review (periodic review). This review is to be implemented at minimum, as follow :
  • 3.2.1 Once every three years for firms auditing public companies, banks and public organizations.
  • 3.2.2 Once every five years for firms auditing other companies and establishments.
The quality control periodic review manual for CPA Firms describes the review procedures required to be complied with by, the review team, CPA Firms and other bodies responsible for implementation of the professional practice- monitoring program, regarding the organization and performance of the periodic review mentioned in section (2) of the professional practice- monitoring program, including basic requirements such as review scope, study and evalution of the system of quality control, selection of engagements to be reviewed, firm branches to be visited and the review report. It should be noted that the review manual does not add new professional requirements as the requirements mentioned in the review manual are the same stated in CPA regulations, accounting and auditing standards, rules of professional conduct and quality control and other professional and regulatory requirements. Therefore, the review manual contains procedures needed only to provide assurance that CPA Firms comply with those requirements. Yousef Al-Mobarak Secretary General

1.Review implementation procedures

Quality Control Review Manual For CPA Firm, Exposure Draft

  • 1. Review implementation procedures :
  • 1.1 In coordination with the quality review committee (the committee), SOCPA Secretary General should prepare a list of a number of competent persons (nominated reviewers). The committee selects according to its discretion the persons to be included in the list of reviewers who satisfy the requirements for qualification for appointment as a reviewer mentioned in a No. (2) below. This list shall be updated periodically using the same procedures.
  • 1.2 The committee prepares a time table for implementation of the periodic review program, in such a way that CPA Firms auditing public companies shall be reviewed at least once every three years. Other firms are to be reviewed at least once every five years. This time table shall be updated periodically.
  • 1.3 The committee determines the review period. It is not necessary for the review period to end with the date of review firm’s fiscal year.
  • 1.4 The committee shall select the captain and members for each review engagement. They should be selected from the reviewers list approved by the committee. No person shall be appointed as a team or as a review team member to review the same firm for more than two successive review periods.
  • 1.5 SOCPA Secretary General shall advice the review team and the reviewed firm of the committee’s resolution, and the review date and shall administer the review performance. He shall request the firm to name, in coordination with the review team, a liason officer.
  • 1.6 The review team shall obtain a copy of the latest periodic informations submitted by the firm to SOCPA and the reviewed firm is requested to provide an explanatory memorandum on implementation measures taken by the firm to comply with quality control standards; and shall complete the list of quality control policies and procedures for CPA Firms approved by the committee.
  • 1.7 The review team shall undertake the implementation of the quality control review for the CPA Firm, conduct compliance tests, evaluate any defeciencies that may arise from the review and prepare a review draft report, in accordance with the provisions of items (2,3,4,5,6,7) of the quality control periodic review manual for CPA Firms and in accordance with the periodic review guidance approved by the committee.
  • 1.8 The review team shall inform the reviewed firm of the draft preliminary results of the review.
  • 1.9 The review team shall prepare a report indicating the draft preliminary results, and the reviewed firm’s opinion with regard thereto. This report shall be signed by the review team members, the managing partener and parteners who have a direct relation with the review results. Matters that would be settled by the managing partener or the parteners may be removed from the draft preliminary results if that is acceptable to the review team. In all cases the review shall present to the committee all matters that have been settled.
  • 1.10 The review team shall submit the draft review report, including all work papers, to SOCPA’s Secretary General for presentation to the Committee.
  • 1.11 The committee shall study the draft review report and it may request, through SOCPA’s Secretary General, the presence of the owner of the firm, or the partner in- charge and / or the review team, if needed. The committee shall approve the review report after making any necessary changes it sees fit.
  • 1.12 The Secretary General shall provide the CPA Firm with a copy of the review report approved by the committee.
  • 1.13 The firm may object to the report findings to the committee within a period not exceeding two months from the date being informed and the committee shall decide on the objection within a period not exceeding two months from the date of receiving the objection the committee may request the presence of firm owner or the partner in- charge to hear his review. It may also request the review team or any of its members to attend the meeting.
  • 1.14 The Secretary General shall inform the firm of the persons required attend as in mentioned (1.13). In all cases, the Secretary General shall inform, a week before, the owner of the firm, or the partner in- charge of the time, the date and the place assigned for discussing the submitted objection and he has the right to attend the meeting.
  • 1.15 Within two weeks from the date of decision taken on the submitted objection, the Secretary General shall inform the firm of such decision. The firm has the right to object to the decision to SOCPA’s Board within a period not exceeding one month from the date of being informed.
  • 1.16 Within two months from receiving the review report or on submitted objection, the CPA Firm shall submit to SOCPA’s Secretary General a letter indicating the corrective actions intended to be taken or already taken by the firm with regard to the review report. The Secretary General shall present such letter to the committee.
  • 1.17 Within a period not exceeding six weeks from receiving the firm’s letter, the committee shall submit to SOCPA Board a report presenting the review results, including any vidations to the regulatory or or professional requirements, correction actions taken by the firm and the committee’s recommedations. The report shall enclose a copy of the review report and the correspondance with the firm. SOCPA Secretary General shall inform the firm of the date assigned by the Board for the discussion of the review report and shall request to indicate their desire to attend the discussionof the report.
  • 1.18 In the presence of the Chairman of the committee and the reviewed firm’s representative, if desired, SOCPA Board shall discuss the committee’s report and the objection submitted by the firm, if any, and the Board shall decides on the submitted objection. If the Board found that the firm refused to cooperate or failed to correct any substantial deficiencies, or if the firm’a performance is so defecient so that any educational or corrective : actions are not adequate, the Board may refer firm, owner or parteners to the comptent authority authorized to take diciplinary actions in accordance with the Certified Public Accountants Regulations.
  • 1.19 The Secretary General shall inform the relevant authorities and the firm, as each is concerned, of the Board’s decisions and shall follow- up their implementation.
  • 1.20 The relevant authorities, each as concerned, shall implement the Board’s decisions. The Secretary General shall periodically uniform the Board of the actions taken in regard.
  • 1.21 The committee shall follow-up the corrective taken by the firm. Follow-up procedures include new visits to the firm to be taken by the review team. Or acceleration of reviews as may be resolved by the committee. If the firm did not carry out its obligations although it has been requested to take corrective actions. The committee shall resolve whether the corrective actions required to taken by the firm, are adequate to resolve the matter.

2.Review implementation procedures

  • 2.1 Confidentiality :

  • 2.1.1 Information obtained by the reviewer during the review are confidential. This includes information concerning the reviewed firm or any of its clients or personnel, and the finfing of the review.
    Such information should not be disclosed by the reviewer to anyone not involved with the review and shall not be used in any way not related to meeting the objective of the program, unless this is done to comply with governmental regulations and requirements by legal authorities.
  • 2.1.2 The reviewer shall complete the “Confidentiality form” approved by the committee. This form shall include an undertaking by the reviewer, to comply with the confedentiality provisions and not to use any infotmationobtained for any purpose not consistent with the requirement of the practice- monitoring program. The form shall include, at minimum, the following undertakings by the reviewer :
    1st. Not to take any copies of work papers without express consent of the reviewed firm.
    2nd. Not to take from the work papers, any notes regarding any information related to the firm or its clients, that are not required for the purposes of the quality review.
    3rd. Not to use or disclose any information relating to the firm or its clients for any purpose or to any person, except for the purposes of the practice- monitoring program or in compliance with governmental regulations and rules or any requirements of legal authorities.
    4th. Not to render any services to the clients of the firm for two years after the date of the review.
    2.1.3 If the reviewer did not comply with the above obligations he shall be responsible to reimburse the reviewed firm or other parties for any damage or loss that may result from his disclosure of the information obtained, or for using such information for personal benefit.
  • 2.2 Independence :

    When performing a review the reviewer should be idependent as required by the Rules of professional conduct. Idependence would be impaired if, for example, the reviewer participated in reviewing firm in which he has a direct or indirect interest, particulary the following :

  • - Firms in which the reviewer is a partener or has family relations to the fourth degree, with one of the parteners.
    - Firms for which the reviewer her worked as an employee during the last three years preceeding the review.
    - Firms to which the reviewer has rendered consulting services during the review year.
    - Firms in which the reviewer is a partner with one of its employees or partners.
    - Firms in which the reviewer is trusteeor executor of an estate in which the firm has an interest.
    - Independence would also be impaired if the reviewer examined the working papers of any engagement in which he participated as a member of its auditing team.

  • 2.3 Confilict of interest :

    A reviewer should not have a personal interest, in the reviewed firm or the clients of reviewed firm whose engagements have been selected for review. A reviewer shouldavoid any relations with firm clients or staff, that may be taken as evidence of a conflict of interest. This rule shall not be interpreted as precluding the participation of a licenced CPA in the review team if the conditions in 2.2 above are satisfied.
  • 2.4 Due professional care :

    Due professional care should be exercised in performing and reporting on the review. This imposes an obligation on those involved in carring out the review to carry out assigned responsibilities in a professional manner similar to that of an independent auditor, auditing financial statements.
  • 3. Qualifications for service as a reviewer :

    In addition to responsibilities mentioned in (2) above the following requirements are to be observed in the reviewer :
  • 3.1 The reviewer should be comptent in the profession of accounting and auditing with sufficient academic and professional qualifications, and should have knowledge of professional standards and regulations relating to the accounting and auditing profession.
  • 3.2 The reviewer should possess current knowledge of professional services provided by the reviewed firm, including knowledge of specialized practices in the industrices for which engagements are reviewed for example, banks, insurance companies and others.
  • 3.3 The reviewer should complete a training program organized by SOCPA for praparing reviewer sufficiently enough to carry out their responsibilities.
  • 3.4 Upon committee approval, the review team may seek the assistance of persons who possess. Specialized experience in special areas such as (computer expert, statistical samples expert, an actuary) to assist the review team, if the nature of reviewed firm work recessitates the assistance of such persons. Such person shall participate in some aspects of the review as consultants to the review team provided. They comply with the reviewer’s requirements mentioned in (2) above.
  • 3.5 The reviewer should be a person of good conduct and standing and not convicted of any crime or offense relating to honour or dishonesty unless he has been reliabilitated, and not subjected to any disciplinary action (unless three years have ilapsed since the date of such action).

4. Review planning :

The objective of review planning is to identify the scope, extent and timing of compliance tests required to be performed by the review team. It also aims at determining the responsibilities of the review team and the review timing and duration. To achieve this the review team should carry out the following :
  • 4.1 Study the information and data obtained from the reviewed firm, particularly the latest periodic information submitted by the firm and the quality control questionaire.
  • 4.2 Evaluate the firm’s quality control and periodic inspection program review system; identify document and classify design defeciencies by completing the form approved for that purpose.
  • 4.3 Identify the firm’s quality control policies and procedures that are not directly related to professional engagements conducted by the firm for its clients during the review year, and determine the nature of applicable compliance tests and prepare a program for such test.
  • 4.4 Identify the firm’s quality control policies and procedures that are directly related to professional engagements conducted by the firm for its clients during review year, and prepare a check- list of those policies and procedures in order to determine that they complied with up on reviewal of engagement samples selected by the review team.
  • 4.5 To identify, for a multi- office firm, branchs that should be visited and to consider the following factors in identifying such branchs :
  • 4.5.1 Number, size and geographic distribution of branchs.
  • 4.5.2 The degree of centralization of control and supervision on professional services rendered by the firm.
  • 4.5.3 Effectiveness of the firm’s system of quality control and inspection program.
  • 4.5.4 Branches recently merged or recently established.
  • 4.5.5 The number and nature of engagements performed by branch personnel.
  • 4.5.6 Professional level of branch personel, certified accountants, and others.
  • 4.5.7 Any comments, related to branch, that may have been stated in the previous review report.
  • 4.6 Identify the size of engagement’s sample that should reviewed for the firm as whole, and for each branch that the team decided to visit.
  • 4.7 Design review files, its contents, and indexing review working papers in accordance with the periodic review guidelines issued by the Committee.
  • 4.8 Select reviewers for firms that the team decided to visit, method of supervision, and sources and procedures of consultation.
  • 4.9 Identify arrangements to be made with the CPA Firm and the review team to perform the review and to assign the responsibility for its implementation.
  • 4.10 Prepare a memorandum for documentation of the review plan and a list of the work that should be performed before the commencement of field work and assign the responsibility for performing such work.

5.Review tests :

  • 5.1 The review team shall determine the extent and quality of the CPA Firm’s compliance with quality control policies and procedures adopted by the firm. To achieve this, the review team should design and perform the following compliance tests :
  • 5.1.1 Compliance tests addvessing the CPA Firm’s policies and procedures that are not directly related to engagements performed by the firm for its clients; such as firm’s policies and procedures concerning hiring, and development and training, or compliance with Certified Public Accountants regulations. This type of compliance tests involve the review of the documents evidencing compliance and / or enquiry from the staff responsible for compliance therewith. The review team may find out as a result of these tests, that the firm did not comply with some policies and procedures. In such a cases the review team should clearly determine and document aspects of non- compliance. Firm aspects of non- compliance with its quality control policies and procedures that are not directly related to engagements performed by the firm for his clint, shall be called “Firm compliance errors”.
  • 5.1.2 Compliance tests addressing the firm’s quality control policies and procedures that are directly related to engagements performed by the firm for its clients, such as firm policies and procedures relating to supervisior or consultation. This type of compliance test involve’s the selection of a sample of engagements performed by the during the review period examining work papers, financial statements, and auditors report for each of the selected engagements. Compliance tests aim to determine the following : 1st. The extent of compliance by firm personnel with firm policies and procedures that are directly related to the performance of clients engagements. This will require the review team to examine documents evidencing compliance and / or making suitable inquiries of firm team personnel responsible for performing the selected engagement. As a result of these tests, the review team may reach a conclusion that the firm personnel on the engagement did not comply with the relevant policies and procedures of the firm. In this case the review team shall clearly determine and document the aspects of non- compliance. Non- compliance with firm policies and procedures by the firm personnel team shall called “Defeciencies in work team compliance”. These defeciences include non- compliance with the policy or procedure and incorrect application of the policy or procedure.
    2nd. Whether the executed work, was performed in accordance with applicable professional standards and rules, this will require the review team to examine the work papers and / or direct suitable inquiries of the firm team personnel responsible for the selected engagement in order to verify if applicable professional standards and rules were properly applied. As a result of these tests, the review team may reach a conclusion that the firm personnel on the engagement did not comply with or incorrectly applied applicable professional standards and rules. The work team non- compliance with or incorrect application of professional standard rules shall be called “Defeciencies in work performance”.
    3rd. Whether, the work performed in accordance with applicable professional standards and rules, is sufficiently documented. This will require the review team to evaluate the sufficiency of documentation of the work performed. As a result of such evaluation the review team may reach a conclusion that there is a deficiency in documentation. In this case the review team should determine and clearly document the aspects of defeciencies in documentation, such aspects of deficiencies in documenting work done shall be called “Documentation defeciencies”.
    4th. Whether, the financial statements and related auditor’s report were prepared in accordance with applicable professional standards, including consistency of statements and report with the evidence obtained by the certified accountant and the appropriateness of practicing accountant opinion on the financial statements. This will require the review team to read the financial statements and the practicing accountant report in the light of the evidence included in working papers. As a result of that, the review team may reach a conclusion that the financial statements and / or related accountant’s opinion are not consistent with applicable professional standards and / or applicable regulations. In this case the review team shall determine and clearly document the deficiencies in the financial statements and / or accountant’s report. Deficiencies in financial statements and / or accountant’s report shall be called “Deficiencies in preparation of financial statements or the accountant’s report”.
  • 5.2 Engagements review review should include review of financial statements, reports, working paper files, correspondence and discussion with professional of the reviewed firm. The review must include all key areas of the engagements selected to determine whether the work done was well- planned, apprapriately executed, and suitably documented in accordance with professional standards and the firm quality control policies and procedures.
  • 5.3 The review team shall document for each reviewed engagement (whether it was an audit, or review, or compilation of financial statements, or others) whether any thing came to its attention that caused it to believe that :
  • 5.4 If the review team reached a conclusion that confirms any of the items in (a,b,c) mentioned in (5.3) above, the teamcaptain should promptly inform a resposible person of the reviewed firm. The firm should investigate the matter questioned by the review team and determine what action, if any, should be taken. The firm should inform the team captain of the results of its investigation and document the actions taken or intended to be taken, or the reasons for its decision not take any action. If the firm believes that it can continue to support its previously issued report and the review team continued to believe that there may be a significant failure to reach appropriate conclusion in the application of professional standards, the review team should pursue any remaining questions with the firm and consider. Whether it is necessary to expand the scope of the review by selecting additionsl engagements to determine the extent and cause of any departure from professional standards.
  • 5.5 During review, the review team should perform the following :
  • 5.5.1 To obtain appropriate information about the reviewed engagement and to verify the validity of data requested from the firm regarding engagement. This should include, at a minimum, the following :
    1st. A copy of the engagement letter number of work hours for members of the firm personnel team that performed the work, including the certified accountant who signed the report, audit manager, engagement supervisor and other assistants, and audit fees.
    2nd. Information about the client, including nature of activity, size of assets, size of revenues, net income (loss). Significant items of financial statements auditor’s report, and the letter regarding internal control weaknesses.
    3rd. Reasons for qualifications mentioned in the auditor’s report, if any.
  • 5.5.2 Review working papers of the selected engagement to make sure that proper accounting and auditing standards and other professional applicable standards issued by SOCPA were applied.
  • 5.6 Determine and document deficiencies, if any, in work performed in the review working papers.
  • 5.7 Holding a meeting with the certified accountant who signed the engagement report, in the presence of the review team captain and any member of the team that executed the engagement if the certified accountant desired him to attend the discussion on work deficiencies discovered by the reviewer. It should be understood that, the aim of this meeting is to indicate the reviewer findings and to present any explanations that may assist the reviewer to arrive at a final determination of deficiencies in the work performed.
  • 5.8 Make and document a final determination for each area of deficiencies, in work performed, discovered by the review.
  • 5.9 On reviewing engagements the review team should comply with committee- approved questionnaires checklists and working papers approved by the committee which include review procedures to facilitate review team task to asses the reviewed firm quality control, and to test the extent of compliance with quality control and other applicable rules. Taking in consideration that departures from these procedures may occurin some cases, and the review team should sufficienlly document such departures and their reasons.
  • 5.10 On completing the review of an engagement, the reviewer shall prepare a memorandum including the following :
  • 5.10.1 The number assigned for each engagement selected for review.
  • 5.10.2 The number and type of engagement files.
  • 5.10.3 The number of files reviewed and sections covered by review in each file.
  • 5.10.4 Work hours spent by reviewers, for each reviewer separately.
  • 5.10.5 Reviewer comments on the engagement that may not be considered as defeciencies.
  • 5.11 The review team captain shall directly supervise the review and facilitate the reviewers task, including, settlement of differences that may arise between reviewers and firm staff.
  • 5.12 The review team captain shall review the work of reviewers and make sure that the contents of the review file are complete before leaving the review site.
  • 5.13 On complation of the review, the review team shall inform the firm of the findings of the review and shall prepare a report (memorandum) indicating review team comments and the firm’s opinion thereon. This report (memorandum) is to be signed by the review team, the firm’s managing partner, and other partners who have any direct relation with the comments covered by the report (memorandum).

6.Sample size :

  • 6.1 To the extent applicable to the CPA firm, the sample must include, at least the following :
  • 6.1.1 Audit engagements for public companies whose financial statements were audited by the firm during the period covered by the review.
  • 6.1.2 At least three engagements, other than public company engagements mentioned in 6.1.1 above, signed by each certified accountant working with the firm during the period covered by the review.
  • 6.1.3 At least, are general organization from the engagements signed by each certified accountant during the review year.
  • 6.1.4 Engagements for which the review team has some comments.
  • 6.2 The number and type of selected engagements should be sufficient to provide the review team with a reasonable basis for its conclusions regarding whether the firm’s quality control system has achieved the objectives of quality control standards and whether those standards have been complied with during the review year. On determining the sample size, the following factors should be taken in consideration :
  • 6.2.1 The sample selected for review should represent all types of professional engagements executed by the firm. The following engagements shall be given more weight :
  • 1st. Engagements in which the public has great interest, such as public companies in which most of the shares are awned by the public, financial institutions, lending institutions, investment companies and securities houses.
    2nd. Engagements in other specialized industries.
    3rd. Big and complicated engagements; or engagements that involve higher risks.

  • 6.2.2 The effectiveness of the firm’s quality control system and inspection program.
  • 6.2.3 Results of the firm inspection program and the results of the previous review of the firm.
  • 6.2.4 Changes in the firm’s quality control system and inspection program since the last review of the firm.
  • 6.2.5 Number of firm certified accountants who have signed reports on clients financial statements during the review year.

7.The review report :

  • 7.1 Within a period not exceeding one month from completion of the field on- site review, the review team should submit to the committee a draft review report. This draft report should include the following :
  • 7.1.1 A statement on the scope of the review, including any limitations thereon.
  • 7.1.2 The opinion of the review team regarding whether the quality control system of the reviewed firm has achieved the objectives of quality control standards issued by SOCPA, and whether it was complied with for the year reviewed and a statement specifiying the reasons that precluded such opinion.
  • 7.1.3 A detailed description of deficiencies found as a result of the review including :
  • 1st. Firm non- compliances.
    2nd. Defeciencies in work team compliance.
    3rd. Defeciencies in work performance.
    4th. Defeciencies in documentation.
    5th. Defeciencies in preparation of financial statements or accountant’s report.