ISA 220 (Revised) DEALS with the SPECIFIC responsibilities of the auditor regarding ‘Quality Management‘ for an Audit of Financial Statements.
What is ISA 220?
ISA 220 – Quality Management for an Audit of Financial Statements is an International Standard on Auditing issued by the International Auditing and Assurance Standards Board (IAASB). It sets out the engagement partner’s responsibilities for managing and achieving quality on an audit of financial statements.
The engagement partner shall take responsibility for the overall quality on each audit engagement to which that partner is assigned.
ISA 220 (Revised), Paragraph 8The revised ISA 220 was substantially reformed as part of the IAASB’s broader Quality Management project; a suite of three interconnected standards designed to modernise how audit quality is conceived, built, and maintained across the profession.
ISA 220 works in concert with ISQM 1 (firm-level quality management systems) and ISQM 2 (engagement quality reviews) to create a comprehensive, risk-based framework for quality in auditing.
Objective of ISA 220
The objective stated in ISA 220 is for the engagement partner to implement quality management procedures at the engagement level that provide the engagement partner with a basis to:
- Be satisfied that the engagement team has fulfilled its responsibilities related to quality on the audit engagement.
- Conclude that the audit complies with professional standards and applicable legal and regulatory requirements.
- Determine whether the auditor’s report issued is appropriate in the circumstances.
- Communicate appropriately with the firm about the quality of the audit engagement.
Central to this objective is the engagement partner’s personal accountability, ISA 220 makes clear that quality cannot be delegated away. The partner must actively lead a culture of quality on every engagement they oversee.
Scope & Application
ISA 220 applies to audits of financial statements, specifically historical financial information. When an auditor is engaged to perform an audit of other historical financial information (such as special purpose financial statements), the principles of ISA 220 are applied and adapted as appropriate.
The standard is not limited by entity size. Whether auditing a listed multinational or a small enterprise, the engagement partner must apply ISA 220, although the manner and extent of procedures may differ based on a scalable, proportionate approach.
Engagement-Level Focus
ISA 220 operates specifically at the individual engagement level, not the firm-wide level — that is ISQM 1’s domain.
Scalable Application
Requirements apply proportionately. Simpler engagements need less elaborate procedures; complex engagements require more robust quality measures.
Global Applicability
Adopted directly or adapted into national standards by many jurisdictions worldwide, making it the de facto global benchmark.
Integrated with ISQM 1 & 2
ISA 220 does not stand alone. It relies on the firm’s ISQM 1 system and references ISQM 2 for engagement quality reviews.
Key Responsibilities
The Engagement Partner
The engagement partner bears ultimate responsibility for quality. ISA 220 identifies a number of specific duties the engagement partner must fulfil:
- Overall quality leadership Setting the tone and demonstrating commitment to quality throughout the engagement.
- Direction & supervision Providing adequate direction to the engagement team and supervising their work so standards are met.
- Review responsibilities Reviewing significant judgments, conclusions, and the appropriateness of the auditor’s report.
- Consultation Determining that appropriate consultation has occurred on difficult or contentious matters, and that conclusions are properly documented.
- Communication with the firm Alerting the firm to quality issues and matters that may affect the firm’s system of quality management.
- Competence and capabilities Ensuring the engagement team collectively has the competencies, capabilities, and time needed to perform the engagement.
The Engagement Team
Every member of the engagement team, not just the partner has responsibilities under ISA 220. Team members must understand their individual obligations, raise concerns when they arise, and complete assigned work to a standard consistent with the firm’s quality management system and professional requirements.
Core Requirements at a Glance
The revised standard is structured around several principal requirements. The table below summarises these in accessible terms:
| Requirement Area | What ISA 220 Requires |
|---|---|
| Leadership & Culture | The engagement partner must demonstrate a commitment to quality and foster the same within the team throughout the engagement. |
| Relevant Ethical Requirements | The engagement team must comply with relevant ethical requirements (including independence). The engagement partner must remain alert to any threats and act appropriately. |
| Acceptance & Continuance | The engagement partner must be satisfied that appropriate acceptance or continuance procedures have been followed and that relevant conditions are met before or shortly after the engagement begins. |
| Engagement Team Resources | The partner must confirm the team, including experts and component auditors has the necessary competence, capabilities, and time to conduct the engagement properly. |
| Direction, Supervision & Review | The engagement partner takes responsibility for directing and supervising team members’ work, and for reviewing key areas of the audit. |
| Engagement-Level Information & Communication | Timely, appropriate communication within the team and with the firm is required. The partner must communicate relevant information so that the firm can manage quality at the network level. |
| Identification & Response to Quality Risks | A new element in the revised standard, the engagement partner must now specifically identify quality risks and design responses to address them. |
| Documentation | The engagement file must include sufficient documentation of quality management procedures performed and conclusions reached. |
Engagement Quality Review (EQR)
An Engagement Quality Review (EQR) is an objective evaluation of significant judgments made by the engagement team, and the conclusions reached thereon performed before the auditor’s report is issued. It is a critical quality safeguard for high-risk audits.
While the EQR process is detailed in ISQM 2, ISA 220 governs the engagement partner’s responsibilities in relation to it:
- The engagement partner must cooperate fully with the engagement quality reviewer.
- The auditor’s report must not be signed or issued until the EQR is complete and any concerns have been resolved.
- Where the reviewer raises concerns, these must be properly addressed and the engagement partner cannot simply override them.
Under ISQM 1, firms must define which engagements require an EQR. Audits of listed entities are always required to have one. Firms may extend the requirement to other high-risk or complex engagements based on their quality risk assessment.
ISA 220 vs ISQM 1 — What’s the Difference?
A common source of confusion is the relationship between ISA 220 and ISQM 1. They are closely linked but operate at different levels:
| Dimension | ISQM 1 | ISA 220 |
|---|---|---|
| Level of Operation | Firm-wide (systemic) | Engagement-specific |
| Who is Responsible? | The firm and its leadership | The engagement partner |
| Core Focus | Designing and operating a system of quality management | Applying and leveraging that system on each audit |
| Risk Assessment | Firm-level quality risk assessment across all engagements | Engagement-level quality risk identification |
| Monitoring | Firm performs ongoing monitoring and remediation | Partner alerts the firm to engagement-level quality matters |
| Standard Setter | IAASB (ISQM 1) | IAASB (ISA 220) |
In simple terms: ISQM 1 builds the house; ISA 220 ensures the engagement partner lives in it properly.
History & Development
Original ISA 220 Issued
The IAASB published the original ISA 220, titled “Quality Control for Audits of Historical Financial Information,” establishing foundational quality control requirements for audits.
First Major Revision
ISA 220 was revised and retitled “Quality Control for an Audit of Financial Statements,” strengthening requirements for engagement partners and introducing clearer responsibilities.
Quality Management Project
The IAASB launched a comprehensive project to modernise quality standards, driven by regulatory feedback, evolving business environments, and the need for a more risk-based approach.
New Standards Finalised
The IAASB approved the revised ISA 220 alongside ISQM 1 and ISQM 2 in November 2020, the most significant overhaul of audit quality standards in a generation.
Effective Date
The revised ISA 220 became effective for audits of financial statements for periods beginning on or after December 15, 2022, with firms required to implement ISQM 1 by the same date.
Frequently Asked Questions
What is the main difference between the original and revised ISA 220?
The original ISA 220 (2009) focused on quality control procedures. The revised standard introduces a more dynamic, risk-based approach centred on quality management requiring the engagement partner to actively identify quality risks and design specific responses to them. It also places greater emphasis on professional scepticism, the firm’s ISQM 1 system, and engagement-level communication.
Does ISA 220 apply to small and medium-sized audit firms?
Yes. ISA 220 applies to all audits of financial statements regardless of firm size. However, the standard is designed to be scalable. A small firm conducting a straightforward audit may apply the requirements in a simpler, less elaborate manner than a large firm auditing a complex listed entity, provided the spirit and intent of the standard are met.
Can the engagement partner delegate their ISA 220 responsibilities?
The engagement partner may assign specific tasks and procedures to other members of the engagement team. However, they cannot delegate ultimate responsibility for the overall quality of the engagement. The partner remains personally accountable for ensuring quality management requirements are met and for the appropriateness of the auditor’s report.
What is a “quality risk” in the context of ISA 220?
A quality risk is a risk that the engagement team fails to achieve the objectives of ISA 220, i.e. a risk that the audit may not be performed in compliance with professional standards, or that an inappropriate auditor’s report is issued. The revised standard requires the engagement partner to identify these risks (which vary by engagement) and respond to them through specific procedures and emphasis within the audit.
What documentation does ISA 220 require?
ISA 220 requires the engagement file to include documentation of quality management procedures performed at the engagement level and the conclusions reached. This includes: how the partner exercised professional judgement, significant matters raised and how they were resolved, communications with the firm relating to quality, and how the engagement team’s competence was assessed. The level of documentation should be sufficient to enable an experienced auditor with no prior connection to the engagement to understand the quality procedures performed.
When is an Engagement Quality Review mandatory under ISA 220?
ISA 220 requires the engagement partner to ensure an EQR is completed before the auditor’s report is issued when required by the firm’s system of quality management (governed by ISQM 1 and ISQM 2). Audits of listed entities always require an EQR. Firms may designate other engagements as requiring an EQR based on their quality risk assessments for example, high-risk, first-year, or complex engagements.
(Qualified) Chartered Accountant – ICAP
Master of Commerce – HEC, Pakistan
Bachelor of Accounting (Honours) – AeU, Malaysia