General Quality Control Questionnaire Form – Fill Out and Use This PDF

2| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

Review Code(s)

Reviewer

Date submitted to Reviewer

QUALITY REVIEW PROGRAM

GENERAL QUALITY CONTROL QUESTIONNAIRE

Members who provide audit and assurance services are advised to refer to ASQC1 (issued by the AUASB) in addition to APES 320 to ensure they comply with all mandatory quality control requirements.

This form has been designed to be completed electronically. It can be found at cpaaustralia.com.au/qualityreview

Should you choose to manually ill out a hard copy, please circle the appropriate yes/no answers, where applicable. The completed form should be sent to your reviewer, electronically or by mail, in advance of your planning meeting.

3| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

INTRODUCTION

This questionnaire addresses your general quality control policies and procedures.

The questions are based on APES 320 which lists the six elements a professional irm’s system of quality control shall address. The six elements are as follows:

1.Leadership responsibilities for quality within the irm

2.Relevant ethical requirements

3.Acceptance and continuance of client relationships and speciic engagements

4.Human resources

5.Engagement performance

6.Monitoring.

The requirements of APES 320 apply to all irms to the extent that those requirements are relevant to the services provided by the irm. The nature of the policies and procedures developed by irms to comply with APES 320 depends on various factors including the size and operating characteristics of the irm, and whether it is part of a network.

The application of the elements of quality control may also differ according to the type of engagement. For example, the irm’s policy on independence for assurance engagements (see below for deinition of assurance engagement and independence) differs from the independence policy for tax engagements. (Note: There are paragraphs in APES 320 which are only applicable to assurance engagements.)

This questionnaire also includes questions on:

independence, which arise from APES 110 and the Corporations Act 2001 (Cth);

marketing, which arise from APES 110; and

risk management, which arise from APES 325 Risk Management for Firms

The Corporations Act 2001 can be accessed on line: austlii.edu.au/au/legis/cth/consol_act/ca2001172/ or in the CPA Australia library.

CPAH2767_02/2018

4 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

5| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

Please note:

It is the responsibility of audit client management to ensure that accounting records are kept and inancial statements are prepared, although they may request the irm to provide assistance. If irm, or network irm, personnel providing such assistance make management decisions, the self-review threat created could not be reduced to an acceptable level by any safeguards. Consequently, personnel should not make such decisions. Examples of such managerial decisions include:

Determining or changing journal entries, or the classiications for accounts or transaction or other accounting records without obtaining the approval of the audit client

Authorising or approving transactions; and

P reparing source documents or originating data (including decisions on valuation assumptions), or making changes to such documents or data

ADVOCACY THREAT (APES 110)

This is the threat that a Member will promote a client‘s or employer‘s position to the point that the Member‘s objectivity is compromised. For example:

The Firm promoting shares in an Audit Client.

A Member acting as an advocate on behalf of an Audit Client in litigation or disputes with third parties.

FAMILIARITY THREAT (APES 110)

This is the threat that due to a long or close relationship with a client or employer, a Member will be too sympathetic to their interests or too accepting of their work. For example:

A member of the Engagement Team having a Close or Immediate Family member who is a Director or Oficer of the client.

A member of the Engagement Team having a Close or Immediate Family member who is an employee of the client who is in a position to exert signiicant inluence over the subject matter of the engagement.

A Director or Oficer of the client or an employee in a position to exert signiicant inluence over the subject matter of the engagement having recently served as the Engagement Partner.

A Member accepting gifts or preferential treatment from a client, unless the value is trivial or inconsequential.

Senior personnel having a long association with the Assurance Client.

INTIMIDATION THREAT (APES 110)

This is the threat that a Member will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue inluence over the Member. For example:

A Firm being threatened with dismissal from a Client Engagement.

An Audit Client indicating that it will not award a planned non-assurance contract to the Firm if the Firm continues to disagree with the client‘s accounting treatment for a particular transaction.

A Firm being threatened with litigation by the client.

A Firm being pressured to reduce inappropriately the extent of work performed in order to reduce fees.

A Member feeling pressured to agree with the judgment of a client employee because the employee has more expertise on the matter in question.

A Member being informed by a partner of the Firm that a planned promotion will not occur unless the Member agrees with an Audit Client‘s inappropriate accounting treatment.

CONFIDENTIALITY

Please do not identify the name of your irm, any personnel (partners, staff etc.) or clients of the irm in this questionnaire.

GENERAL ASSISTANCE

Guidance in the completion of this questionnaire may be obtained from APES 320, your reviewer or CPA Australia’s Quality Review Department.

CPAH2767_02/2018

6| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

PART A:

THIS SECTION APPLIES TO ALL MEMBERS

Please note: “Member” should read as “Members” where more than one partner is being reviewed. Please select the appropriate responses.

Are you a sole practitioner without staff?

Are you in partnership or employing staff?

Yes (Complete parts A, B and C)

Please indicate the type of ofice system you are currently running:

7 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

7.Has the irm established and maintained a system of quality control that includes policies and procedures addressing each of the six elements of quality control, as identiied on page 3 of this questionnaire? [APES 320.10]

8.Has the irm documented its policies and procedures? [APES 320.11]

Please note where and how such documentation is stored.

LEADERSHIP RESPONSIBILITIES

9.What policies and procedures have been established to promote that quality is essential in performing engagements? [APES 320.14]

10.What policies and procedures have been established to ensure that those who have been assigned responsibility for the quality control system have suficient and appropriate experience ability? [APES320.17]

RELEVANT ETHICAL REQUIREMENTS

11.What policies and procedures do you implement to ensure you and your staff are free of any self interest which might be regarded, whatever its actual effect, as being incompatible with integrity and objectivity? [APES 320.19]

12.What policies and procedures do you implement to ensure you and your staff adhere to the other ethical standards outlined in APES 110, being integrity, objectivity, professional competence and due care, conidentiality, and professional behaviour? [APES 320.19]

INDEPENDENCE

13.Has the irm established policies and procedures designed to provide it with reasonable assurance that the irm, its personnel and, where applicable, others subject to independence requirements maintain independence where required by relevant ethical requirements?

Please provide your reviewer with copies of these policies and procedures. [APES 320.24]

CPAH2767_02/2018

8 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

9| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

Self-Interest threat

20.Do you have any audit, review or other assurance engagements where a self-interest threat has been identiied?

If yes, please describe how the irm has applied safeguards to ensure independence requirements are met. [APES 110.290 & 291]

Self-Review threat

21.Do you have audit, review or other assurance engagements where a self-review threat has been identiied?

If yes, please describe how the irm has applied safeguards to ensure independence requirements are met. [APES 110.290 & 291]

Advocacy threat

22.Do you have any audit, review or other assurance engagements where an advocacy threat has been identiied?

If yes, please describe how the irm has applied safeguards to ensure independence requirements are met. [APES 110.290 & 291]

Familiarity threat

23.Do you have any audit, review or other assurance engagements where a familiarity threat has been identiied?

If yes, please describe how the irm has applied safeguards to ensure independence requirements are met. [APES 110.290 & 291]

Intimidation threat

24.Do you have any audit, review or other assurance engagements where an intimidation threat has been identiied?

If yes, please describe how the irm has applied safeguards to ensure independence requirements are met. [APES 110.290 & 291]

Corporations Act 2001 (Cth) requirements

25.Do you perform any audits subject to the Corporations Act 2001?

If ‘no’, then please ignore the remainder of the questions relating to independence.

If ‘yes’, then please respond to the following questions relating to independence.

General requirements

26.Has a conlict of interest existed in relation to any of your audit clients?

If yes: was the conlict of interest resolved within 7 days?

If no: was ASIC informed of the conlict?

[Corporations Act 2001: Sections 324CA; 324CB; 324CC; 324CD]

CPAH2767_02/2018

10 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

11 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

b.complies with relevant ethical requirements? [APES 320.38(b)]

c.appropriately assesses the integrity of the client? [APES 320.38(c)]

d.how does the irm obtain the necessary information before accepting an engagement with a new client, when deciding whether to continue an existing engagement and when considering acceptance of new engagement with an existing client [APES 320.42(a)]

30.How does your irm ensure there is a clear understanding with the client regarding the terms of the engagement?

Note: Engagement document/s are compulsory under APES 305 for non-audit engagements (Engagement documents may include letters, agreements or any other appropriate means in writing). For audit engagements, the engagement document must be in the form of a letter and are compulsory under ASA

210.See the following question for further guidance.

31.Does each engagement document adequately cover the following common elements?

Note: If the firm does not include these in their engagement documents, this does not constitute a breach of the professional/legislative standard(s). However, it is recommended they be incorporated in future. Further guidance on preparing an engagement document is found in APES 305.

a.an introduction explaining that the purpose of the engagement document is to conirm the member’s understanding of the terms of the engagement?

b.the purpose of the engagement?

c.the scope of the engagement, including the period of appointment and time schedules, the applicability of any legislation and professional standards relevant to the engagement, information required of the client or any other pertinent matter?

CPAH2767_02/2018

12 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

13| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

Non Compliance with Laws and Regulations

34.For services other than Audits of Financial statements, has the irm developed policies and procedures to ensure that in the instance of becoming aware of a non-compliance or suspected non-compliance the member will seek to:

obtain an understanding of the matter; discuss the matter with management; communicate the matter with the irm;

consider whether to communicate to client’s external auditor;

determine if further action is needed;

consider whether to inform a client before disclosing the matter to appropriate authority; and

document all decisions made and actions taken? [APES 110.225.39-56]

35.How does the irm deal with situations where new information at hand would have caused the irm to decline an engagement? [APES 320.44]

FOR AUDIT, ASSURANCE AND REVIEW ENGAGEMENTS – COMPLETE 36

36.Do you require management representation letters from clients?

Note: This is mandatory for audit engagements as per audit standard ASA 580. For engagements other than audit engagements, we recommend you suggest to the member that, where applicable, they request such representation.

37.For compilation engagements how does the client acknowledge their responsibility for the reliability, accuracy and completeness of the accounting records and disclosure to you of all material and relevant information?

Note: This is a mandatory requirement of APES 315.9.1

38.How is the client made aware that where no audit or review has been carried out, no assurance is expressed in the engagement?

39.How is the client made aware of the meaning of the compilation report?

40.Is the former accountant of each new client contacted by letter, with the new client’s written permission, requesting appropriate information to assist the irm in deciding whether to accept the appointment?

Note: This is a mandatory requirement for the acceptance of audit engagements. It is recommended for all other engagements also.

CPAH2767_02/2018

14 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

15 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

49.How does the irm establish the eligibility, and maintain the objectivity, of engagement quality control reviewers? [APES 320.80, 83, 87]

DIFFERENCES OF OPINION

50.How does the irm deal with and resolve differences of opinion regarding the performance and outcomes of an engagement?

[APES 320.89, 90]

ENGAGEMENT DOCUMENATION

51.What policies and procedures exist to:

a.complete the assembly of inal engagement iles on a timely basis? [APES 320.93]

b.maintain the conidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation?

[APES 320.96]

c.retain engagement documentation for a period suficient to meet the needs of the irm or as required by law or regulation?[APES 320.101]

52.Are the requirements of the Privacy Act being addressed in iles?

53.Are ile-notes maintained to document issues which are not addressed in the standard working papers?

54.Are carry-forward working papers maintained?

(Note: This should include file-notes which document issues for future periods.)

55.Do you have policies and procedures to ensure that you adequately monitor the tax lodgement process?

56.Do you have procedures in place to avoid the submission of misleading or incorrect information to the authorities or to the client?

Please describe.

57.If compilation reports are prepared and reviewed, do they meet the requirements of APES 315 Compilation of Financial Information and

APES 205 Conformity with Accounting Standards?

CPAH2767_02/2018

16 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

58.Are all fees charged out according to time spent at an hourly rate?

59.If fees are charged out according to any other method, please provide details.

MONITORING

60.How do you regularly monitor the irm’s quality control policies and procedures to ensure they are relevant, adequate, and operating effectively? [APES 320.106]

61.Is the responsibility for monitoring the irm’s quality control policies and procedures entrusted to personnel possessing suficient and appropriate experience and authority? [APES 320.106(b)]

62.Does the monitoring process consider issues such as new developments in professional, regulatory and legal standards, continuing professional development, issues concerned with the acceptance and continuance of client relationships, plus any other appropriate items?

FIRMS THAT PROVIDE AUDIT, ASSURANCE AND REVIEW ENGAGEMENTS – COMPLETE QUESTION 63

63.How does the irm evaluate the effect of, communicate and remedy deiciencies noted as a result of the monitoring process?

APES 320.112, 113, 115, 116, 117, 118]

COMPLAINTS AND ALLEGATIONS

64.What policies and procedures exist to appropriately deal with complaints and allegations regarding performance of engagements and/or non-compliance with the quality control system? [APES 320.119 & 122]

DOCUMENTATION

65.Does the irm have formally documented quality control policies and procedures that:

a.provide evidence of the operation of each element of the system of quality control? [APES 320.124]

b.require retention of documentation for suficient time periods to allow monitoring of performance and compliance with the system of quality control? [APES 320.128]

CPAH2767_02/2018

17| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

c.require documentation of complaints and allegations and the responses to them? [APES 320.129]

MARKETING

66.Is the irm’s marketing honest and truthful and not:

a.Make exaggerated claims for services offered, qualiications possessed, or experience gained; or

b.Make disparaging references or unsubstantiated comparisons to the work of another.

[APES 110.250]

RISK MANAGEMENT FRAMEWORK [APES 325]

67.Has your irm established a risk management framework that takes into consideration public interest obligations? [APES 325.4.1]

68.How have you documented your Risk Management policies and procedures and communicated them to your irm’s personnel? [APES 325.6.1 & 325.6.3]

69.Does your risk management framework include policies and procedures that identify, assess and manage key organisational risks? [APES 325.4.2]

70.Who is responsible for establishing and maintaining the irm’s Risk Management Framework and state how they have the necessary skills, experience, commitment and authority? [APES 325.4.6]

71.What evaluation policies and procedures have you established to assess the irm’s monitoring process of its Risk Management Framework? [APES 325.5.1]

72.What process(es) have been established so that instances of non-compliance with the Firm’s Risk Management policies and procedures are brought to the attention of the Firm’s leadership to enable to take appropriate corrective action?

[APES 325.5.2]

CPAH2767_02/2018

18 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

73.How have you documented your succession plan as part of your Risk Management Framework? [APES 325.6.6]

74.How do you ensure that all relevant documentation is retained for a suficient time for the monitoring process to evaluate the irm’s compliance with its Risk Management Framework and compliance with applicable legal and regulatory requirements for record retention? [APES 325.6.8]

75.How do you ensure that all instances of non- compliance with the irm’s Risk Management policies and procedures detected through your monitoring process and the actions taken by the irm’s leadership in respect of those instances of non-compliance? [APES 325.6.9]

76.Have you included in your Risk Management Framework polices and procedures to ensure that you meet your obligations under the Notiiable Data Breaches Scheme, as governed by Part IIIC of the Privacy Act 1988, in the instance that there is a data breach to your system which is likely to result in serious harm?

*Please note the scheme became effective from 22 February 2018 with the obligation applying to businesses with an annual turnover of $3 million or more. For those members whose turnover is less than $3 million CPA Australia recommends that is it still good practice that policies and procedures be in place but understands their is no obligation to notify.

For further guidance please visit the Office of the Australian Information Commissioner website www.oaic.gov.au/privacy-law/ privacy-act/notifiable-data-breaches-scheme

CPAH2767_02/2018

19| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

DEALING WITH CLIENT MONIES AND TRUST ACCOUNTS

77.Have you, or any of your personnel dealt with client monies? Yes No

78.Did you or your personnel have any present entitlement to the above?

Yes No

79.Have you negotiated (e.g. transferred, converted, assigned) any money on behalf of a client such as deducted your fees from client moneys banked?

Yes No

80.Did you retain the written authorities to negotiate moneys held or received which were payable to a client?

Yes No

81.Do you have a Trust Bank Account?

Yes No

If you have answered YES to any one of questions 77, 79 – 81 and NO to 78 then you are Dealing with Client Monies. You are required to have your Dealing with Client Monies transactions and/or Trust Account audited within 3 months from the Applicable Year End Date. Please provide a copy of the audit report, and please state:

82.The last inancial year end that has been audited:

83.The name of the auditor, the Accounting body they are a member of and their membership number:

84.The date of the audit report:

85.Was the audit report Qualiied or Unqualiied? Qualiied Unqualiied

86.Where the audit report was qualiied, was a copy forwarded to the Professional Conduct Business Unit of CPA Australia?

Yes No

*Please note – The Applicable Year End Date is the month-end following the Member in Public Practice opening a Trust Account or the Member obtaining the authority to operate a Client Bank Account. (eg if opening a trust account 15 April 2012, the applicable year end date will be 30 April 2013.) It is suggested for the member to have their trust account and client monies transactions audited at the same time.

CPAH2767_02/2018

20| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

PART B:

THIS SECTION APPLIES TO A MEMBER WHO IS IN PARTNERSHIP OR EMPLOYING STAFF

Please Note: “Member” should read as “Members” where a partnership is being reviewed.

21| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

10.Is there a duty statement?

11.Are the references of all prospective employees checked?

12.Do you maintain formal personnel iles?

13.Are regular staff appraisals conducted?

14.If so, are there performance criteria established for each role?

ENGAGEMENT PERFORMANCE

15.What policies and procedures have been established to ensure Engagements are performed in accordance with Professional Standards and applicable legal and regulatory requirements, and that the Firm or the Engagement Partner issue reports that are appropriate in the circumstances. Do these policies and procedures include:

a.Matters relevant to promoting consistency in the quality of Engagement performance;

b.Supervision responsibilities; and

c.Review responsibilities.

[APES 320.58]

16.Do the irm’s quality control procedures include the requirement for more senior personnel to supervise within the irm to supervise the work of new or junior staff? [APES 320.63]

CPAH2767_02/2018

22| Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only

PART C:

THIS SECTION APPLIES TO A MEMBER WHO IS A MEMBER OF A MULTI-DISCIPLINARY PRACTICE (MDP)

Please Note: “Member” should read as “Members” where a partnership is being reviewed.

1.Do Members control 75% or less with the remainder held by members of an approved professional body?

If YES, go to question 3. If NO, go to question 2.

NB: ‘Approved Professional Body’ is a body that has equivalent professional entry standards to CPA Australia.

2.Do Members control 75% or less with remainder held by members of a non-approved professional body?

NB: Non-CPAs have degrees or experience in a chosen field, Non-CPAs hold tertiary qualifications and 5 years appropriate experience in their chosen field OR Non-CPAs hold non-tertiary education and 10 years appropriate experience in chosen field.

3.Do Non-CPAs provide accounting services?

4.If so, do they comply with CPA Australia’s ethical and professional standards?

5.Do Members have full responsibility for public accounting professional standards?

CPAH2767_02/2018

23 | Quality Review Program – General Quality Control Questionnaire – Australian PPC Holders Only