Skip Ribbon Commands
Skip to main content

Skip Navigation LinksQuality-control-processes

CER branding swish

Quality control processes

On this page

A robust system of quality control must be in place for all auditors. For engagements undertaken in compliance with ASAE 3000, 3100 or 3410 , the audit team leader must ensure the quality control system complies with ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, and Other Assurance Engagements.​

Other quality control frameworks that may be of use include ISO 9001 and APES 3202.

While providing a robust framework, these systems may not have been designed with consideration of risks specific to audits conducted for schemes administered by the Clean Energy Regulator. Therefore, as part of the preparing procedures it is recommended that the audit team leader check that their quality control framework will be effective in managing the audit risk.

An effective framework for managing audit risk has the following characteristics:

  • promotes an internal culture within the audit team leader’s organisation that recognises the essential importance of quality in performing Part 6 audits
  • enables the auditor to identify and evaluate circumstances and relationships that create threats to independence and to take appropriate actions to eliminate or reduce those threats to an acceptable level (for example, detecting conflicts of interest and preventing audit team members who have a conflict of interest from participating in the assurance engagement)
  • enables the implementation of safeguards in the event that a conflict of interest is detected
  • requires the auditor’s personnel to comply with relevant ethical and professional standards requirements
  • requires all staff performing Part 6 audits to provide written confirmation of compliance with the organisation’s policies and procedures on independence
  • provides guidance to an audit team leader in determining the circumstances when a peer review is required
  • ensures the auditor’s personnel are sufficiently skilled, competent and capable to complete the assurance engagement in accordance with the NGER Audit Determination, and
  • provides the auditor with sufficient comfort that the policies and procedures of the quality control system are:
    • adequate and effective
    • complied with in practice
    • monitored regularly, and
    • evaluated on a periodic basis.

4.4.1 Maintaining a system of quality control—ASQC 1

ASQC 1 requires the audit team leader to belong to a firm that establishes and maintains a system of quality control. Key elements that audit team leaders should be aware of include:

  • leadership responsibilities for quality within the firm, including promoting an internal culture of quality
  • relevant ethical requirements, including those pertaining to independence when performing audits and reviews
  • acceptance and continuance of client relationships and specific engagements, including assurance that auditors will only undertake or continue relationships and engagements where the auditor:
    • is competent to perform the engagement and has the capabilities, including time and resources, to do so
    • can comply with relevant ethical requirements, and
    • has considered the integrity of the client, and does not have information that would lead it to conclude that the client lacks integrity
  • human resources, including assigning appropriate personnel with necessary competence and capabilities
  • engagement performance, including requiring an engagement quality control review for appropriate engagements. This review should provide an objective evaluation of the significant judgements made by the audit team and the conclusions reached in formulating the report
  • monitoring, including establishing a monitoring process to provide reasonable assurance that the policies and procedures relating to the system of quality control are relevant, adequate, and operating effectively. The process should:
    • include an ongoing consideration and evaluation of the firm’s system of quality control including, on a cyclical basis, inspection of at least one completed engagement for each audit team leader
    • require responsibility for the monitoring process to be assigned to persons with sufficient and appropriate experience and authority in the firm to assume that responsibility, and
    • require that those performing the engagement or the engagement quality control review are not involved in inspecting the engagements, and
  • timely assembly of audit files, including establishing policies and procedures for engagement teams to complete the assembly of final engagement files on a timely basis after the engagement reports have been finalised. ASAE 3000 states that an appropriate time limit within which to complete the assembly of the final engagement file is ordinarily not more than 60 days after the date of the assurance report.

4.4.2 Client and engagement considerations

Before preparing and agreeing engagement terms, the audit team leader must consider if the audit team are collectively appropriately skilled to perform the engagement, and if the engagement being proposed can be accepted. Client and engagement acceptance considerations must be documented and must include:

  • the audit team leader taking steps to ensure any conflict of interest situation is resolved (refer to section 4.3.2 below for additional guidance on conflicts of interest)
  • the audit team leader or professional member of the audit team ceasing to be part of the audit team, where a conflict of interest situation relating specifically to them is not resolved by 28 days after the audit team leader became aware of the existence of the conflict of interest situation, if no exemption under the NGER Regulations is sought or granted, and
  • the audit team leader having in place a quality control system reasonably capable of bringing conflict of interest situations to the audit team leader’s attention.
  • In addition to those requirements noted above, acceptance considerations should include:

  • the integrity and approach to risk management taken by those charged with governance of the audited body
  • whether the terms and conditions of the assurance engagement are reasonable (for example, is the audited body or the intended user of the assurance engagement report insisting on engagement terms which could place the audit team leader at risk of litigation?)
  • the capability and expertise of the audit team and if they are suitably qualified to perform the engagement, and
  • any potential or actual conflicts of interest.

Where issues arise, they should be discussed with the audited body and the audit team leader may choose not to accept the engagement. Such discussions and decisions must be documented by the auditor.


2 International Standards Organisation ISO 9001:2008 Quality Management Systems; Auditing and Assurance Standards Board ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, and Other Assurance Engagements; and Accounting Professional and Ethical Standards Board APES 320 Quality Control for Firms.

Documents on this pageDocuments on this page

Was this page useful?

preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only preload-image-only