SECTION 5

Quality Control Review

Quality control provides reasonable assurance that the audit engagement is performed in
compliance with professional standards and applicable legal and regulatory requirements, and
the audit report is appropriate in the circumstances. (The definition and discussions are covered
by ISSAI 1220).

I. Quality Control versus Quality Assurance

Quality Control

A key challenge for SAIs is consistently delivering high-quality audits and other work, as this
directly impacts their reputation, credibility, and ability to fulfill their mandate. Similarly, for audit
firms, maintaining public trust in CPAs requires applying appropriate measures to ensure
consistent quality.

Quality control involves policies and procedures that ensure audits comply with SAI auditing
standards, rules, and best international practices. For audit firms, PSA 220 mandates a quality
control system designed and implemented to ensure all audits adhere to PSA standards.

Quality Assurance

This is a proactive process that aims to ensure that quality control is working effectively. Both
Quality Control and Quality Assurance operate within the Quality Management approach
implemented by the SAL to ensure that audit results as well as the means of achieving them, are
within the desired level of quality.

Quality Control Review ISQC 1 and ISSAI 140

ISSAI 140 is based on ISQC 1, ISSAI reflects the mandates of SAI which is often wider than that
of a professional audit and assurance firms. ISSAi provides principles and application guidance
to assist SAI in applying the key principles ISQC1 to the full range of their work, as appropriate to
their mandate and circumstances. ISSAi 140 establishes an overall framework for quality control
in SAI. s. This framework is designed to apply to the system of quality control for all the work
carried out by SAls, (i.e. financial audits, compliance audits, performance audits and any other
work carried out by an SAI).

II. Responsibility for Quality Control

 Quality Control Systems

Supreme Audit Institution External Audit Firm

The SAI has an obligation to establish and Under Philippine Standards on Quality
maintain a system of quality control to Control (PSQC) 1, a firm has an obligation
provide reasonable assurance that; to establish a system of quality control
designed to provide it with reasonable
a. The SAI and its personnel comply assurance that;
with professional standards and
applicable legal and regulatory a. The firm and its personnel comply
requirements. with professional standards and
b. Reports issued by the Auditors are regulatory and legal requirements.
appropriate in the circumstances. b. The reports issued by the firm are
appropriate in the circumstances.

III. System and Quality Control Procedures

Quality Control Procedures

Supreme Audit Institution External Audit Firm

Within the context of the SAI’s system of The engagement team shall be responsible
quality control, the audit teams are for:
responsible for: a. Implementing quality control
procedures that are applicable to
a. Implementing quality control audit engagement.
procedures that are applicable to audit b. Providing the firm with relevant
engagement. information to enabling the
functioning of that part of the
b. Providing the Sai with relevant firm’s system of quality control
information to ensure that quality relating to independence; and
controls relating to independence are c. Are entitled to rely on the firm’s
functional. systems unless information
provided by the firm or other
parties suggest otherwise.

Elements of a System of Quality Control

Supreme Audit Institution External Audit Firm

Based on ISSAI 140 – Quality Control For Based on ISQC-1

SAIS

Leadership Responsibilities for Quality Audits

Key principle adapted for SAIs: ISQC-1 Key Principle:

An SAI should establish policies and “The firm shall establish policies and
procedures designed to promote an internal procedures designed to promote an internal
culture recognizing that quality is essential culture recognizing that quality is essential
in performing all of its work. Such policies in performing engagements. Such policies
and procedures should be set by the Head and procedures shall require the firm’s Chief
of the SAI, who retains overall responsibility Executive Officer (or equivalent) or, if
for the system of quality control. appropriate, the firm’s managing board of
partners (or equivalent) to assume ultimate
responsibility for the firm’s system of quality
control”3

Relevant Ethical Requirements

Key principle adapted for Sals: ISQC- 1 Key Principle:

An SAI should establish policies and “The firm shall establish policies and
procedures designed to provide it with procedures designed to provide it with
reasonable assurance that the SAI, reasonable assurance that the firm and its
including all personnel and any parties personnel comply with relevant ethical
contracted to carry out work for the SAI, requirements”
comply with relevant ethical requirements.

Acceptance and Continuance

Key principle adapted for SAIs: ISQC-1 Key Principle:

An SAI should establish policies and “The firm shall establish policies and
procedures designed to provide the SAI procedures for the acceptance and
with reasonable assurance that it will onlycontinuance of client relationships and
carry out audits and other work where the specific engagements, designed to provide
SAI: the firm with reasonable assurance that it
will only undertake or continue relationships
a. is competent to perform the work and engagements where the firm:
and has the capabilities, including
time and resources, to do so; ● is competent to perform the
b. can comply with relevant ethical engagement and has the
requirements; and capabilities, including time and
c. has considered the integrity of the resources, to do so;
organisation being audited and has ● can comply with relevant ethical
considered how to treat the risk to requirements; and
quality that arises. ● has considered the integrity of the
client and does not have information
The policies and procedures should reflect that would lead it to conclude that the
the range of work carried out by each SAI. client lacks integrity”.
In many cases SAls have little discretion
about the work they carry out. SAIs carry
out work in three broad categories:

● Work that is required of them by

their mandate and statute and which
they have no option but to carry out;
● Work that is required by their
mandate, but where they have
 discretion as to the timing, scope
and/or nature of work;
● Work that they can choose to carry
out.

Human Resources

ISQC-1 Key Principle:

“The firm shall establish policies and procedures designed to provide it with reasonable
assurance that it has sufficient personnel with the competence, capabilities and
commitment to ethical principles necessary to:

a. perform engagements in accordance with professional standards and applicable

legal and regulatory requirements; and
b. enable the firm or engagement partners to issue reports that are appropriate in
the circumstances”.

Performance of Audits and Other Work

ISQC-1 Key Principle:

“The firm shall establish policies and procedures designed to provide it with reasonable
assurance that engagements are performed in accordance with professional standards
and applicable legal and regulatory requirements, and that the firm or the engagement
partner issue reports that are appropriate in the circumstances. Such policies and
procedures shall include:

a. matters relevant to promoting consistency in the quality of engagement

performance;
b. supervision responsibilities; and
c. review responsibilities”.

Monitoring

Key principle adapted for SAIs: ISQC-1 Key Principle:

An SAI should establish a monitoring “The firm shall establish a monitoring

process designed to provide it with process designed to provide it with
reasonable assurance that the policies and reasonable assurance that the policies and
procedures relating to the system of quality procedures relating to the system of quality
control are relevant and adequate and are control are relevant, adequate and operating
operating effectively. The monitoring effectively. This process shall:
process should:
● include an ongoing consideration
a. include an ongoing consideration and evaluation of the firm’s system
and evaluation of the SAl’s system of quality control including, on a
of quality control, including a review cyclical basis, inspection of at least
of a sample of completed work one completed engagement for each
across the range of work carried out engagement partner;
by the SAI; ● require responsibility for the
b. require responsibility for the monitoring process to be assigned to
monitoring process to be assigned a partner or partners or other
to an individual or individuals with persons with sufficient and
sufficient and appropriate appropriate experience and
 experience and authority in the SAI authority in the firm to assume that
to assume that responsibility; and responsibility; and
c. require that those carrying out the ● require that those performing the
review are independent (i.e. they engagement or the engagement
have not taken part in the work or quality control review are not
any quality control review of the involved in inspecting the
work.) engagements”.

III. Quality Control Review Process in COA

6. The responsibility for the quality of an audit and resulting Audit Report rests with the CD/RD
and SA/RSA. There are three levels of quality control review implemented in all phases of the
audit. These are summarized below:

Table 11. Levels of Quality Control Review

COA

Outputs Prepared by Reviewed and Signed by

Audit Team Member (ATM) Audit Team Leader (ATL)

Audit Team Leader (ATL) Audit Team Leader (ATL)

Supervising Auditor (SA/RSA) Cluster/Regional Director (CD/RD)

EXTERNAL AUDIT

Outputs Prepared by Reviewed and Signed by

Engagement Team Member Engagement Senior-in-Charge

Engagement Senior-in-Charge Engagement Manager

Engagement Manager Engagement Partner

7. At the first level, ATLs are responsible for the initial review of the working papers prepared
and obtained by the ATMs.

8. At the level of SA/RSA, review should sufficiently satisfy the requirements that the audit
documentation contains adequate evidence of the work done and conclusions reached, and
provide a reasonable basis for an opinion.

9. The SA/RSA is responsible for:

a. Determining whether the overall presentation of the FS, including the related
disclosures, is in accordance with the applicable FRF.

b. Ensuring that all necessary audit procedures have been completed, reviewed, and
sufficiently and appropriately documented.
 c. Monitoring compliance by the audit team with auditing standards, laws, regulations, and
ethical requirements.

d. Reviewing audit conclusions, recommendations, and professional judgements made by

the audit team.

e. Ensuring that all significant changes made to the audit strategy and audit plan are
justified and appropriately documented and approved.

f. Monitoring Management compliance with the requirements included in the Engagement Letter,
and action on deficiencies requiring corrections in the final FS.

QUALITY CONTROL REVIEW PROCESS

Aspect COA External Audit

Mandate Ensures government Ensures fair presentation

accountability and of financial statements
compliance with laws
and regulations

Standards followed ISSAIs, PPSSA, ISA, ISQM, GAAS,

Government rules regulatory requirements

Review Process Multi-level: ✓ Partner

✓ SA ✓ Quality Reviewer
✓ CD ✓ Risk
✓ RD Management

Internal QAR, public Firm QCR, regulatory

accountability inspections

Scope Government funds, Private companies,

agencies financial reports

Focus Legal compliance, Accuracy of financial

efficiency and fraud statements and risk
prevention assessement

Reporting AARs, AOMs, IARs, ARM (private

ND/NS/NC (public reports)
records)

Accountability To Congress and the To shareholders,

public regulators, and clients

Consequences of Findings Legal cases, Restatements, regulatory

administrative actions penalties

Quality Control Review for CPA Firms and Individual CPAs

The government thru Professional Board of Accountancy (BOA) has required all CPA firms
and individual CPAs in public practice to obtain a certificate of accreditation to practice public
accountancy. As a condition to the renewal of the certificate of accreditation, the Board requires
them to undergo a quality control review to ensure that these CPAs comply with accounting and
auditing standards and practices.
 The PRC has created a Quality Review Committee (QRC) which shall conduct quality
control review on:

a. Applicants for registration to practice public accountancy

b. Recommend revocation of certificate of registrations of CPAs

IV. Quality Control Documents

10. Auditor’s Declaration of Independence and Compliance with Other Ethical Standards - The
Auditor’s Declaration of Independence and Compliance with Ethical Standards is essential for
maintaining quality control in an audit as it ensures the auditor remains objective, impartial, and
free from conflicts of interest.

COA External Audit

Auditor’s Declaration of Independence

At the Preliminary Engagement Phase, this is While not explicitly called a “declaration,”
signed by all members of the team, confirmed external audit requires independence of the
by the Supervising Auditor/Regional auditor
Supervising Auditor during the Execution
Phase and concurred by the Cluster
Director/Regional Director serves as an
assurance that the audit is performed by a
team composed of competent professional
auditors.

Ethical Standards

ISSAI 130 - Code of Ethics: Code of Professional Ethics for CPAs

a. Integrity - to act honestly, reliably, in a. Professional Behavior - comply with
good faith and in the public interest relevant laws and regulations and
b. Independence and objectivity - to be refrain from any conduct which might
free from circumstances or influences bring discredit to the profession
that compromise, or may be seen as b. Objectivity - being fair, intellectually
compromising, professional honest, and free from conflicts of
judgement, and to act in an impartial interest
and unbiased manner c. Professional Competence and Due
c. Competence - to acquire and maintain care - a CPA should not undertake any
knowledge and skills appropriate for engagement or accept an employment
the role, and to act in accordance with which he/she cannot reasonably
applicable standards, and with due expect to discharge with professional
care; competence
d. Professional behavior - to comply with d. Confidentiality - obligation of the
applicable laws, regulations and accountant to respect the
conventions, and to avoid any conduct confidentiality of information about a
that may discredit the SAI client’s or employer’s affairs acquired
e. Confidentiality and transparency - to in the course of the professional
appropriately protect information, services
balancing this with the need for e. Integrity - not merely honesty but fair-
transparency and accountability dealing and truthfulness
f. Independence - taking an unbiased
RA 6713 - Section 4. Norms of Conduct of viewpoint
Public Officials and Employees:
 a. Commitment to public interest - Public
officials and employees shall always
uphold the public interest over and
above personal interest.
b. Professionalism - Public officials and
employees shall perform and
discharge their duties with the highest
degree of excellence, professionalism,
intelligence and skill.
c. Justness and sincerity - Public officials
and employees shall remain true to the
people at all times.
d. Political neutrality - Public officials and
employees shall provide service to
everyone without unfair discrimination
and regardless of party affiliation or
preference.
e. Responsiveness to the public - Public
officials and employees shall extend
prompt, courteous, and adequate
service to the public.
f. Nationalism and patriotism - be loyal to
the Filipino people, shall endeavor to
maintain and defend Philippine
sovereignty against foreign intrusion
g. Commitment to democracy - Public
officials and employees shall commit
themselves to the democratic way of
life and values, maintain the principle
of public accountability, and manifest
by deeds the supremacy of civilian
authority over the military
h. Simple living - Public officials and
employees and their families shall lead
modest lives appropriate to their
positions and income.

11. Engagement Letter - The Engagement Letter is a formal document that establishes the terms
of an audit engagement, ensuring that both the auditor and the client have a clear understanding
of their roles, responsibilities, and expectations.

COA Audit External Audit

Establishes the terms, scope, and Defines the terms and scope of the
responsibilities for audits of government audit for private entities to ensure
Purpose
agencies to ensure public accountability financial integrity and regulatory
and compliance with laws. compliance.

Ensures audits are conducted with Ensures audits are performed

Focus on Quality transparency, independence, and objectively, professionally, and in
Control adherence to government auditing compliance with financial reporting
standards. standards.

Based on International Standards of Based on Philippine Standards on

Regulatory Supreme Audit Institutions (ISSAIs), Auditing (PSA), International
Framework Philippine Public Sector Auditing Standards on Auditing (ISA), and
Standards (PPSAS), and COA rules. corporate regulations.
 COA Audit External Audit

Impact on Public Strengthens public confidence in Ensures investor and stakeholder

Trust and government financial management and confidence in corporate financial
Governance prevents corruption. reporting.

12. Engagement Planning Memorandum - The EPM is not only a planning tool, but also serves a
supervision and monitoring tool for the SA/RSA in the CD/RD the progress of work by team
members the audit procedures performed, and the timing of audit activities can be kept track
through the plan.

COA External Audit

Serves as supervision and monitoring tool for There is no specified EPM in the standard, but
the Supervising Auditor/Regional Supervising external audit uses the Audit Planning
Auditor by keeping track of the progress by Memorandum
team members, the audit procedures
performed and the timing of audit activities.

EPM and APM

Engagement Planning Audit Planning Memorandum (APM)

Memorandum (EPM)

Ensures the engagement meets Ensures audit procedures are

Quality public sector audit standards, structured, risk-focused, and aligned
Control Role independence requirements, and with auditing standards for high-quality
legal compliance. results.
Ensures the audit is executed effectively
Impact on It tracks the progress of the audit and
and efficiently, with proper risk
Quality promotes high quality and
assessment and compliance with
Control professional audit work
auditing standards.

Ensures compliance with PSA 300

Complies with public sector auditing
Regulatory (Planning an Audit of Financial
frameworks such as the ISSAIs, COA
Compliance Statements) and other relevant auditing
rules, and national laws.
standards.

V. Quality Control Review Documents

Under COA Audit.

1. Completion Compliance Checklist

This document serves as a tool for verifying that all essential steps, approvals, and quality control
procedures have been completed during the audit process.
 • It is primarily used by Supervising Auditors (SA/RSA) and Cluster/Regional Directors
(CD/RD) to ensure that the audit engagement adheres to auditing standards.
• The checklist includes a step-by-step review of key audit phases, from preliminary
engagement to the reporting phase.
• This document acts as a quality control measure that helps auditors detect any missed
steps or incomplete work before finalizing the audit report.

2. Auditee Feedback Sheet

This document is designed to assess the audit team’s performance from the perspective of
the auditee.

• It is usually sent directly by the Cluster or Regional Director to the auditee, allowing
them to provide their insights about the audit team’s conduct and efficiency.
• The feedback is based on several factors, such as:
o Professionalism of the auditors
o Timeliness of audit completion
o Communication effectiveness
o Quality of audit recommendations

3. Director’s Evaluation Form

The Director’s Evaluation Form is an internal assessment tool used by the

Cluster/Regional Director to evaluate the overall performance of the audit team. This
evaluation is based on two main sources:

• Completion Compliance Checklist (verifying the quality of audit work)

• Auditee Feedback Sheet (evaluating the auditee’s experience)

The Director’s Evaluation Form helps measure the effectiveness of the audit team’s work
and their adherence to professional standards.

4. Financial Management Performance Rating

• The final document we’ll discuss is the Financial Management Performance Rating.
• This is a tool used by auditors to assess the quality of an auditee’s financial
management performance.
• It is based on the results of the audit, specifically focusing on the effectiveness of internal
controls, financial reporting accuracy, and adherence to financial regulations.
• The rating helps identify areas where the auditee may need to improve its financial
management systems.

COA External Audit

COA is required to prepare these QRC External Audit firms also prepare such
documents to ensure audit accuracy, documents but these documents may vary
compliance with standards and accountability in depending on the firm’s policies and
public sector audits. regulation. As to the format, no specific
format is applied by the External Audit Firms,
but they are required to provide appropriate
 Completion Compliance Checklist documentation that demonstrates how each
- Enables the SA/RSA and CD/RD to element of the system is operating
verify that all essential steps, approvals, effectively. These documents, whether in
and quality control procedures have checklist, report or other forms, need to
been properly completed throughout the support the compliance with PSQC1 and
Preliminary Engagement Phase and demonstrate the firm’s adherence to the
Reporting Phase. The accomplished professional standards.
checklist serves as a basis for the
CD/RD in rating the performance of the
audit team along with the Auditee
performance rating on the audit team. Compliance Review Checklists

Auditee Feedback Sheet - It is for the Audit firm to check and

- Designed to assess the audit team's review whether the firm complies with
performance in the field. It should be its system of quality control.
sent directly by the CD/RD to the
Auditee.
- Serves as a tool to ensure COA's The client's audit committee assesses the
commitment to quality service through performance of the external auditor
quality staff. This Sheet should be (engagement partner) whereas the
addressed to the Agency Head who is engagement partner is responsible in
requested to respond within a given evaluating the performance of its audit team
timeframe. as to whether they comply with the applicable
standards and established policies and
Director's Evaluation Form procedures.
- The Audit Team's performance including
that of the SA/RSA will be assessed
based on the Completion Compliance
Checklist and the Auditee Feedback
Sheet by the CD/RD with the
assessment evaluation to the Assistant
Commissioner concerned.
- Allows the CD/RD and the Assistant
Commissioner to have a reasonable
basis for taking appropriate action to
ensure the quality of financial audit
performed by the audit teams.

Financial Management Performance Rating

- Assesses the quality of an Auditee's
financial management performance
using the results of the audit performed,
including internal control review.

Comparative Analysis:

COA’s quality control review documents are structured and mandatory, ensuring that audits of
public sector entities comply with government financial management and accountability
standards. The regulatory framework for COA is governed by ISSAI 140 and COA guidelines,
which cover the entire audit process, from engagement planning to reporting. Quality control in
COA audits is strictly implemented through a hierarchical review system involving the Audit Team
Leader, Supervising Auditor, and Cluster/Regional Director, ensuring that findings align with
government policies on transparency and accountability.

Unlike COA, external audit firms have more flexibility in implementing quality control but are
required to adhere to professional and ethical standards, with the Engagement Partner bearing
responsibility for overall audit quality. For high-risk or listed entities, an Engagement Quality
Control Review (EQCR) is mandatory to enhance oversight and ensure compliance with auditing
standards.

COA utilizes a set of predefined quality control review documents, including the Completion
Compliance Checklist, Auditee Feedback Sheet, Director’s Evaluation Form, and Financial
Management Performance Rating, which serve as internal control measures to verify compliance
and assess audit performance. These documents ensure accountability, detect irregularities, and
reinforce the integrity of financial reporting. In contrast, external auditors rely on Engagement
Quality Control Reviews, Review of Audit Workpapers, Compliance with Ethical Requirements,
and Partner and Engagement Team Assessments to maintain the quality of audits.

MULTIPLE CHOICE.

1. Which of the following best describes the purpose of the COA's quality control review
process?

a. To ensure that the audit team has followed all applicable laws and regulations.
b. To determine whether the audit team has gathered sufficient evidence to support its
conclusions.
c. To assess the overall presentation of the financial statements.
d. To ensure that all audits are conducted to the highest professional standards and promote
accountability and transparency in government financial management.

2. What is the first level of quality control review in the COA audit process?

a. Review by SA/RSA
b. Review by CD/RD
c. Review by ATL
d. Review by ATM

3. What is the main purpose of the SA/RSA's review of the audit documentation?
 a. To ensure that the audit team has followed all applicable laws and regulations.
b. To determine whether the audit team has gathered sufficient evidence to support its
conclusions.
c. To assess the overall presentation of the financial statements.
d. To monitor management's compliance with the engagement letter.

4. Which of the following is NOT a responsibility of the SA/RSA?

a. Determining whether the overall presentation of the FS, including the related disclosures,
is in accordance with the applicable FRF.
b. Ensuring that all necessary audit procedures have been completed, reviewed, and
sufficiently and appropriately documented.
c. Monitoring compliance by the audit team with auditing standards, laws, regulations, and
ethical requirements.
d. Preparing the initial audit working papers.

5. Which of the following is not a quality control document?

a. Engagement Planning Memorandum

b. Working papers
c. Auditor’s Declaration of Independence and Compliance with Other Ethical Standards
d. Engagement Letter

6. Which of the following statements regarding the Engagement Planning Memorandum is

incorrect?

a. An EPM is a planning tool

b. Through the EPM, the progress work of the team members, the audit procedures, and the
timing of the audit procedures can be tracked
c. Deviations to the activities approved in the plan need not be approved by the SA/RSA
before effected
d. The EPM serves as a gauge of how well each member in the team performed

7. At the Preliminary Engagement Phase, the Auditor’s Declaration of Independence and

Compliance with Other Ethical Standards signed by all members of the firm, is confirmed by
________ during the Execution Phase.

I. SRA
II. SA
III. CD
IV. RD
a. I and II
b. II or III
c. III and IV
d. I or II

8. An engagement letter shall include:

I. The objective and scope of the audit of the financial statements

II. A statement that there may be circumstances in which a report may differ from the
expected form and content
III. Reference to the expected form and content of any reports to be issued by the
auditor
IV. Responsibility of the auditor
a. All statements are false
b. Only 2 statements are true
 c. Only 3 statements are true
d. All statements are true

9. In auditee feedback sheet, the feedback results especially for audit teams receiving negative
feedback should be acted upon by:

a. Commission on Audit
b. Cluster Director/Regional Director
c. External Auditor
d. Audit Team Leader
10. COA Quality Control Review Documents are the following, except
a. Compliance Review Checklist
b. Director’s Evaluation Form
c. Financial Management Performance Rating
d. Auditee Feedback Sheet

11. This is a proactive process that aims to ensure that quality control is working effectively.

a. Quality Assurance
b. Quality Control
c. Quality Control Review
d. Control policies and procedures

12. Within the context of the SAI’s system of quality control, the audit teams are responsible for:

a. Implementing quality control procedures that are applicable to audit engagement.

b. Providing Information about the investigation of the internal control of the Client.
c. Providing the firm with relevant information to ensure that the quality controls relating to
fraud are functional.
d. Are entitled to rely on the firm’s systems unless information provided by the firm or other
parties suggest otherwise.

13. For audit firms, ______ mandates a quality control system designed and implemented to
ensure all audits adhere to PSA standards.

a. PSA 315
b. ISSAI 124
c. PSA 200
d. PSA 220

14. Provides reasonable assurance that the audit engagement is performed in compliance with
professional standards and applicable legal and regulatory requirements, and the audit report is
appropriate in the circumstances.

a. Quality Assurance
b. Quality Control
c. Quality Review
d. Quality Control Review

15. An SAI should establish policies and procedures designed to promote an internal culture
recognizing that quality is essential in performing all of its work. Such policies and procedures
should be set by

a. Chief Executive Officer

b. Head of the SAI
c. Engagement Partner
d. Managing Partner