FAQs

CPA firms are selected for a Quality Assurance visit on both a risk and random basis. The criteria used for risk selection include number, size and nature of engagements retained, the firm’s previous quality assurance grades, disciplinary, licensing, CPD or other regulatory history.

There are three/four essential parts to each review:
 
1. Review of your Practice and Audit activities in accordance with the Companies Act 2014 and Bye Law 7.
 
2. Review of your Anti- Money Laundering processes and procedures in accordance with Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended.

3.Review of CPD records for all statutory auditors within the firm (including member and non-member records), the purpose of which is to assess whether the statutory auditor has complied with their CPD obligations and thereby maintained their professional knowledge, skills and values at a sufficiently high level.

4. Review of your Investment Business Activities in accordance with Bye Law 14 and the Investment Intermediaries Act 1995 as amended.

All CPA audit firms will be selected for a Quality Assurance visit at least once in a six year cycle in accordance with Companies Act 2014. This is a statutory requirement and review dates cannot be facilitated beyond the six year anniversary date of your firm’s last review.

Firms granted audit registration for the first time will be listed for an initial Quality Assurance Review to take place within the first eighteen months of operation.
 
The quality assurance review of a non-audit firm shall take place on the basis of an analysis of risk. Criteria which maybe considered in making such an assessment include the number, size and nature of non-audit assignments retained, failure to complete adequate continuing professional development etc. For further detail see Bye Law 7.12.2.

The visit will be conducted by Quality Assurance Executives from the Professional Standards Department of the Institute. These are qualified accountants with relevant audit practice and regulatory experience. All reviews are then subject to an independent review by the Practice Regulation Manager before a grade is awarded to a firm.

Upon selection for review, a notice with a date and details will issue to the Compliance Principal of the firm by e-mail. The minimum period of issue of a notice of a review is four weeks. A postponement of a review can only be granted in very exceptional circumstances and must be applied for in writing. Supporting documentation may be requested.
 
The Quality Assurance review notice will advise the firm of the date that the review of a selection of engagement files will be conducted.

From the 1st of January 2023, CPA Ireland will adopt a hybrid model for the conducting of QA reviews. Opening and close meetings with Compliance Principals will take place remotely using video conferencing software.

Fieldwork may take place at the firms premises. All firms selected for an on-site review will be informed in their initial notice received.

Some reviews will continue to be conducted remotely. In those instances you will be required to make arrangements for the transfer of information and the files selected for review, in advance of the review date.

As part of the Quality Assurance process you are required to fill out a pre-visit questionnaire which you will find on our website (click here to navigate to our related website page where you can find the questionnaire under the “Links” heading)

This must be returned at a minimum 10 working days in advance of the review date together with a current client list. The client listing must be provided within the standard CPA Ireland template.

Further advance information is also required, details of such information may be found by clicking here to navigate to our related website page (where you can find the advanced information required document under the “Links” heading).
 
Following a review of this the Quality Assurance Executive will then hold the opening meeting with you virtually. The date for this meeting will be set by the Quality Assurance Executive with you directly after you have received your initial notice.

After the opening meeting, the Quality Assurance Executive will provide you with a listing of the files they intend to review.

Where your review is to be held remotely, arrangements must be made to have all of the files and other relevant information provided to the Quality Assurance Reviewer at least one day in advance of the review date.

There are a number of options available for the secure transfer of files and information to the Quality Assurance Executive such as:
 
- Files may be sent remotely/electronically.
- Files may be sent by post/courier.
- Files may be delivered to the Quality Assurance Executive by arrangement.

The scope of the Quality Assurance Reviews of audit firms, supported by adequate testing of selected audit files, shall include an assessment of:

1. Compliance with applicable accounting standards issued by the Financial Reporting  Council (FRC) or the International Accounting  Standards  Board (IASB) as relevant, all auditing and ethical standards issued by the FRC or IAASA as relevant and all quality control standards issued by the FRC or IAASA as relevant and the applicable Code of Ethics and relevant legislation.
2. The quantity and quality of resources spent.
3. The audit fees charged; and
4. The internal quality management system of the Statutory Audit Firm.
5. Compliance with the Institute’s Bye Laws.
6. Confirmation of information provided on annual returns and pre-visit questionnaires.
7. Other regulatory matters such as complaints made to the Institute, claims made against the Firm, etc.
8. Compliance with obligations as a designated person under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended.
9.Compliance with the CPD obligations for a statutory auditor per Bye Law 8.

The scope of the quality assurance reviews in Non-Audit Firms, supported by adequate testing of selected client files, shall include an assessment of:
1. Compliance with applicable accounting standards, ethical requirements and relevant legislation.
2. Compliance with the Institute’s Bye Laws.
3. Confirmation of information provided on annual returns and pre-visit questionnaires.
4. Other regulatory matters such as complaints made to the Institute, claims made against the Firm, etc.
5. Compliance with obligations as a designated person under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended.

This is a meeting with the Compliance Principal to discuss the structure and operation of the practice and the nature of the services offered to ensure that the practice operates within the authorisation levels granted. If the firm is a statutory audit firm, their annual compliance review and policy document prepared in accordance with ISQM will also be discussed. 

This opening meeting may be facilitated by phone or video conferencing facility. This will be arranged with the practitioner in advance.

A number of files will be chosen from the client list including audit, compilation engagements including audit exempt files, correspondence, tax, secretarial, permanent and investment business files in advance of the review.

The findings of the files reviewed will be discussed and recommendations made where appropriate. A grade is then awarded which will determine next steps with the review process.

Generally, the firm will be informed of the outcome on the day. Sometimes, it may not be possible for the Quality Assurance Executive to arrive at a conclusion on the day of the review and further information may be requested.

A full report on the findings of the review will issue to the firm. Whilst the review may identify both strengths and weaknesses in the operation of the firm, the report will focus on the areas of weakness which need to be addressed by the firm.

The Quality Assurance Executive may award the following grades following a Quality Assurance Review.

‘A’ - No follow up action necessary.
‘B’ - Some  follow-up action will be required by the Firm within a specified period to address particular areas of weakness identified, with a view to achieving a Grade A.
‘C’ - Where a significant number of areas of weakness or more serious problems are identified a full re-review  may be carried out at an interval to be determined by the Quality Assurance Officer(s) (normally between 6 and 18 Months). The Director of Professional Standards or the Quality Assurance Manager or Practice Regulation Manager may deem an onsite visit unnecessary and may direct a more appropriate action in accordance with bye law 7.16.3.
‘D’ - Where serious problems are identified, the matter is referred to the Director of Professional Standards or the Quality Assurance Manager or Practice Regulation Manager who may take any action in accordance with bye law 7.

If the firm is authorised by CPA for investment business purposes then a review of the firm’s investment business activities will also be conducted to ensure that the activity is conducted in accordance with Bye Law 14, Investment Business Regulations. This is usually completed in conjunction with your overall Quality Assurance review. It may take place on site or remotely. Details of which will be provided in the initial notice issued.