Statement on Auditing Standard No. 7: Engagement Quality Review
I want to thank the staff for bringing forward this proposal. A number of people helped, but in particular I commend Greg Scates, Dima Andriyenko and Jake Lesser for all their hard work. You have thoughtfully, and thoroughly, analyzed the comments we received on two consecutive proposals, as the Board refined the requirements for this important standard. The product today not only reflects all that work, but it also reflects your untiring commitment to developing standards that put investor protection first.
As others have mentioned, this is one of a handful of standards that the Sarbanes-Oxley Act expressly requires the Board to adopt. That is by no means the only reason to adopt this standard, though. Our inspections continue to find serious audit deficiencies, at both large and small firms. Better engagement quality reviews should catch those deficiencies and prevent investor harm.
Since the Board first proposed this standard, we have refined it in several respects. I would like to call attention to two areas, in particular, which were subject to substantial comment.
First, several commenters expressed concern that engagement quality reviews should not be tantamount to a re-audit. To my mind, this is a misplaced comparison.
The standard is intended to be rigorous, because our inspection record amply demonstrates renewed rigor is justified. But it’s not intended to be a re-audit.
Rather, the review is simply that – a review of work already performed by the engagement team. To accomplish this, the reviewer uses three tools: the standard expects the reviewer to talk with the engagement partner and team members, review certain relevant documents, and apply some critical thinking to determine whether to sign off with concurring approval. The reviewer doesn’t do any testing, request any confirmations, conduct any walk-throughs, or perform any other procedures that are necessary to obtain reasonable assurance that the financial statements are fairly stated.
There’s simply no way to see this as a re-audit, which is indeed an enormous undertaking. Regrettably, in some circumstances, companies do undergo re-audits, for example when a problem has been discovered too late and a restatement is required. A well-performed engagement quality review should significantly reduce the risk of such a problem. Anyone who has been through a restatement and re-audit will tell you that a timely, high quality engagement review is well worth the burden and cost to avoid bigger burdens and costs later.
The second topic I want to raise is documentation. The Board’s proposals have gone through considerable refinement in this regard. Several commenters have cautioned that the EQR documentation should not duplicate the engagement documentation. It’s hard for me to see how it could as a practical matter. Since the reviewer performs different procedures than those performed by the engagement team, the reviewer’s documentation will be different too. But the comments have been helpful to refining our documentation requirement to be as clear as possible.
Documentation allows third parties, such as inspectors, to understand the reviewer’s work and evaluate whether it complies with the standard. The comments have focused us on this goal. Thus, quite simply, the standard requires reviewers to document the procedures they performed, in a manner that enables third party review but without requiring more than what would be necessary for that review.
I’d like to thank those who put time and effort into submitting comments on these and other matters. I support the proposal.