EY Corporate homepage

Quality management

Quality and risk management are key elements of Vision 2020. Our policy framework underpins this, starting with our Values:
  • People who demonstrate integrity, respect and teaming
  • People with energy, enthusiasm and the courage to lead
  • People who build relationships based on doing the right thing.
These values are the basis for our Global Code of Conduct, which provides a clear set of standards and behaviors that guide our actions as well as our interaction with society and our business conduct. In addition, we have various policies in place, including specific confidentiality, anti-bribery and insider trading policies.

The responsibility for delivering quality and managing quality control programs lies with the service lines. Our central Risk Management function oversees the application of policies and practices that are aimed at managing risk on the one hand, and safeguarding and improving quality as well as independence on the other hand.

Read the interview with Nout van Es.
Quality management
Striving to provide exceptional client service means the delivery of professional and globally-consistent high quality services, based on objectivity, integrity, professional skepticism and adherence to rules, regulations and policies, as well as to EY and professional standards.

Setting the right tone at the top in this respect is a key responsibility of our combined Regional Leadership Team. We tell our people that quality and professional responsibility start with them. Both aspects are the most important elements of their work on a daily basis.

Through various forms of communication, senior management regularly reiterates the importance of delivering quality work and complying with rules and regulations, as well as professional standards and policies. In line with this, quality of professional service is assessed as a key metric to evaluate and reward our professionals.

Our service lines are accountable for the delivery of quality in their engagements, including managing quality reviews and realtime quality assurance, which measures compliance with rules and regulations, professional standards and EY policies. The quality management system relevant to our audit practice is described in detail in the Transparency Report 2016 issued by Ernst & Young Accountants LLP. This description relates only to the Assurance service line, but similar quality and risk management systems are in operation within the other service lines.

The main quality management processes include quality control programs, client and engagement acceptance as well as continuance and independence.

Quality control programs
We have implemented quality control programs for all our service lines. Their primary goal is to determine whether our quality policies and procedures are appropriately designed and observed in the execution of engagements.

The control programs are executed annually by the service lines, with engagements being selected for according to their inherent risk profile.The aim is to review the engagements of approximately onethird of our partners each year.

The programs’ results are evaluated and communicated so that quality improvements can be made. 161 engagements were reviewed last year, with no engagements receiving a rating 3. The target remains to have no rating 3 engagements and to increase the percentage of rating 1 engagements.

Client and engagement acceptance and continuance
EY’s client and engagement acceptance and continuance policy sets out the principles used to determine whether we accept or continue with a client or engagement. The acceptance procedure involves a careful consideration of the risk characteristics of a prospective client or engagement and includes several due diligence procedures. In addition, our global conflicts policy defines categories of conflicts of interest, the process to identify such conflicts and provisions to manage them.

To coordinate client and engagement acceptance and continuance efficiently, we have developed the intranet-based Global Tool for Acceptance and Continuance (GTAC) to take users through the acceptance and continuance requirements step by step. In
FY 2015/2016 17,849 assessments were processed.

Independence
We consider and evaluate independence from several perspectives, including our financial relationships and those of our people, employment relationships, business relationships, the permissibility of the non-audit services we provide to audit clients, partner rotation, fee arrangements, audit committee preapproval, where applicable, and partner remuneration and compensation.

We have implemented EY’s global applications, augmented for our local Dutch requirements, tools and processes to support our compliance with independence policies:
  • The EY Global Independence Policy contains the independence requirements for member firms, professionals and other personnel. It is a robust policy predicated on the IESBA Code of Ethics, supplemented with more stringent requirements based on the ViO (Auditor Independence Regulations) and has incorporated the new requirements arising from the EU audit reform. The EY Global Independence Policy is readily accessible and easily searchable through EY’s intranet. The Dutch Independence Supplement explains the specific Dutch statutory requirements for all EY professionals (see also Transparency Report 2016).
  • The Global Independence System (GIS) is an intranet-based tool that helps our professionals identify the listed entities from which independence is required and the independence restrictions that apply. The tool includes family-tree data relating to affiliates of listed audit clients and is updated by client-serving engagement teams. We intensively reviewed both existing audit clients and other significant public entities as part of our readiness process for mandatory audit firm rotations. We currently track Dutch PIEs to assess the expected rotation date, and have developed internal screening and decision protocols to assess our independence well ahead of the expected request for proposal dates.
  • The Global Monitoring System (GMS) is another important global tool that helps identify proscribed securities and other impermissible financial interests. Professionals in managerial and higher positions are required to record in the GMS any securities they or their immediate family hold. When a person records a proscribed security or if a security they hold becomes proscribed, they receive a notice and are either required to dispose of the security or to confirm their independence from the issuer. Similarly, employees are immediately notified when they charge hours on client engagements where they also hold any securities. Identified exceptions are reported through the Global Independence Incident Reporting System (GIIRS) for regulatory matters. The GMS also facilitates annual and quarterly confirmation of compliance with independence policies as described below.
  • EY has established a number of procedures and programs to monitor the compliance of all member firms and their people with independence requirements. These include timely and accurate completion of annual and quarterly independence confirmations by all partners. All other EY professionals are required to confirm compliance with independence policies and procedures at least once a year. Also annually, EY in the Netherlands is included in an Areawide process to confirm compliance with the Global Independence Policy and requirements and to report identified exceptions. We assess and monitor our portfolio of services on an ongoing basis to confirm that they are permitted by law and professional standards, and to make sure that EY has the right methodologies, procedures and processes in place as new service offerings are developed. EY restricts the provision of services that could present undue independence or other risks.
  • The Service Offering Reference Tool (SORT) provides EY people with information about EY’s service offerings. It includes guidance about which services can be delivered to audit and non-audit clients, as well as about independence and other risk management issues. Compliance is the primary responsibility of our partners, and through a number of monitoring programs we check that violations of Global and Dutch rules do not go undetected.
  • The Business Relationship Evaluation Tool (BRET) helps support our business relationships’ compliance with independence requirements. Our people are required to use BRET in many circumstances to evaluate and obtain advance approval of potential business relationships with an audit client.
  • EY Global Internal Audit (GIA) conducts a number of tests and visits to assess member firms’ compliance with independence requirements. The most recent GIA review took place during visits in 2014. In addition, our processes are reviewed by external supervisory bodies such as the AFM and the PCAOB.
Each year, a program to test compliance with personal independence requirements is executed through our Personal Independence Compliance Testing (PICT) program. In the FY 2015/2016 testing cycle, 46 partners and directors were tested. The outcomes are shown in the independence review table.

The number of regulatory violations was limited to just one case in
FY 2015/2016. Nevertheless, our goal is to have no such exceptions. The number of administrative violations is deemed too high. Our goal is to achieve a significant reduction. Therefore, a dedicated remediation plan has been developed for upcoming years aimed at, among other things, more training and intensified compliance testing.

* Data covering other ranks can be found in the Transparency Report 2016.