Infrastructure supporting qualityQuality in our service lines
Vision 2020, which sets out EY’s purpose, ambition and strategy, calls for EY member firms to provide exceptional client service worldwide. This is supported by an unwavering commitment to quality and service that is professionally and globally consistent, and means service that is based on objectivity, professional skepticism and adherence to EY and professional standards.
EY service lines are accountable for delivering quality engagements, including managing quality reviews and real-time quality assurance of engagements, which measures compliance with professional standards and all EY policies.
Vision 2020 has reinforced the ownership of quality within the service lines, including audit. It has also resulted in increased clarity around the role of risk management in policies and practices that support and improve quality audit.
The Global Vice Chair of Assurance coordinates member firms’ compliance with and implementation of EY policies and procedures for assurance services.
The Global Vice Chair of Professional Practice, referred to as the Professional Practice Director (PPD), is overseen by the Global Vice Chair of Assurance and works directly with the Area PPDs to establish global audit quality control policies and procedures. Each of the Area PPDs is overseen by the Global PPD and the related Area Assurance Leader. This helps provide greater assurance as to the objectivity of audit quality and consultation processes.
The Global PPD and Area PPDs also lead and oversee the Professional Practice group. This is a Global and Area network of technical subject matter specialists in accounting and auditing standards who consult on accounting, auditing, and financial reporting matters and perform various practice monitoring and risk management activities.
The Global PPD oversees development of the EY Global Audit Methodology (EY GAM) and related technologies to be consistent with relevant professional standards and regulatory requirements. The Professional Practice group also oversees the development of the guidance, training and monitoring programs and processes used by member firm professionals to execute audits consistently and effectively. The PPDs, together with other professionals who work with them in each member firm, are knowledgeable about EY people, clients and processes, and are readily accessible for consultation with audit engagement teams.
Additional resources often augment the Professional Practice group, including networks of professionals focused on:
- Internal-control reporting and related aspects of our audit methodology
- Accounting, auditing and risk issues for specific industries and sectors
- Event-specific issues involving areas of civil and political unrest; or sovereign debt and related accounting, auditing, reporting and disclosure implications
- General engagement issues and how to work effectively with audit committees
Responsibility for the delivery of high quality service and ownership of the risks associated with quality is placed in the service lines. The Global Risk Management Leader oversees the management of these risks by the service lines, as he does in respect of other risks across the organization as part of the broader Enterprise Risk Management framework, and continues to work with the service lines on significant risks.
Member firm partners are appointed to lead risk management initiatives in the service lines and member firms, supported by other staff and professionals. The Global Risk Management Leader is responsible for establishing globally consistent risk management execution priorities and enterprise-wide risk management. These priorities cascade to member firms, and their execution is monitored through an Enterprise Risk Management program.
Dutch quality and risk infrastructure
Jeroen Kamphuis is the Belgium/Netherlands Assurance RM Leader and the Belgium/ Netherlands Professional Practice Director (Region PPD). He is a member of our firm’s Board.
In all, the Quality and Risk organization consists of about 84 professionals, compared to 60 professionals in fiscal year 2014/2015. The Quality and Risk organization comprises of our Professional Practice Group (PPG), the Quality Analysis and Regulatory Affairs department (QARA), Assurance Risk Management (RM) and the Compliance Office (CO). See appendix 4 for more information about these departments. These professionals dedicate all or a substantial part of their time to risk management, regulations, accounting support, assurance support, learning, enabling our practice, quality analysis and regulatory affairs, amounting to more than 94,000 hours in total during fiscal year 2015/2016 (80,000 hours in fiscal year 2014/2015). This significant increase of our investment in our Quality and Risk organization reflects our determination to further improve the quality of our work.
During fiscal year 2015/2016, we welcomed three new partners and two new executive directors into the PPG. Currently, the PPG includes 18 partners and executive directors.
Changes in the quality, risk and compliance structure
In FY 2015/2016 PPG and the Compliance Office were restructured. Several functions within the former PPG organization and Compliance Office have now been separated into individual departments reporting directly to the Belgium/Netherlands PPD or to the policymakers. These departments are Risk Management Assurance and Quality Analysis and Regulatory Affairs (QARA) and are described below.
EY has prioritized sustainable audit quality, which is also an absolute priority within the Netherlands. To align all quality initiatives and be able to make real-time decisions the Board of Ernst & Young Accountants LLP decided to establish the Audit Quality Board (Q board). The Q board exists of the Board of Directors of Ernst & Young Accountants LLP together with all responsible partners / ED’s for the quality and risk departments, Legal, Independence and Compliance. Separate Q board meetings facilitate the quality organization through in-depth discussion and quality conscious decision-making on board level.
Accounting and audit support
The Accounting and Audit Support department is headed by the Netherlands PPD. PPG accounting and audit support provide expert knowledge in support of our assurance practice. The main activities within accounting and audit support are the consultation and IFRS expert and capital market expert review responsibility. This is besides the maintenance and deployment of our quality control system, which includes amendments to our local policies resulting from changes in external regulations (when not hosted by EY Global).
The Learning department develops, organizes and monitors our learning. We have expanded our learning function and implemented more experience based learning. Our learning leader has launched the development of learning teams to improve the coaching culture and has established local learning teams to facilitate experienced-based learning within dedicated groups in the regional offices.
Methodology and enablement
The Enablement department has in-depth knowledge of our methodology and supports the practice by issuance of enablers guidance, etc. Furthermore they run several initiatives on the deployment of data analytics.
Quality Analysis and Regulatory Affairs (QARA), is a new department within the quality and risk function, which has taken over several tasks from the Compliance Office. QARA is responsible for internal and external inspections, follow up of signals and incidents and investigation and performing root cause analysis as part of being a learning organization. QARA also has a corporate support role for regulatory affairs. QARA reports to the Belgium/Netherlands PPD.
Assurance Risk Management
Apart from maintaining an overarching risk management function covering all EYG member firms in the Netherlands , we have invested further in a dedicated Assurance risk management function within EY’s risk management framework.
The Dutch Assurance Risk Management department reports directly to Jeroen Kamphuis and is responsible for:
- establishing a structured risk management process (risk identification, risk mitigation, risk monitoring and risk reporting);
- providing risk management advice and risk analyses in relation to the organisation’s risk profile, portfolio management, clients, material changes, etc.;
- promoting a culture characterized by risk awareness (training and awareness activities); and
- executing various risk management projects to implement improvements within the control environment.
Our Dutch firm has a Compliance Officer who heads a Compliance Office (CO). This year the nature of the CO procedures has changed. Formerly they performed the internal file inspections and supported the corresponding external regulatory inspections. These tasks have been transferred to QARA. The CO now supervises the quality control system regarding compliance risks and contributes to the learning organization.
The principal task of our Compliance Officer is to monitor that our firm, our partners and our employees maintain high standards of integrity and comply with the rules laid down by or pursuant to Sections 13 through 24 of the Dutch Audit Firms Supervision Act (Wet toezicht accountants-organisaties, Wta). The Compliance Officer reports to the policymakers and directly to the Chair of our Board and has direct access to the Supervisory Board.
Integrated Risk Analysis drives CO Investigations
Among other tasks and based on an integrated risk analysis, the CO supervises the design, implementation and results of our firm’s efforts in the area of quality management.
The CO investigates quality processes and controls in order to assess and monitor the design and operating effectiveness of the safeguards for high standards of integrity, independence and quality within our organization. During regular meetings, upcoming issues and associated risks are discussed with the policymaker responsible for quality (the Belgium/Netherlands PPD), the General Counsel, the QARA leader and the Netherlands PPG and acted upon when necessary.
The CO proactively seeks to either prevent compliance issues from arising or identify and report them at an early stage. Wherever feasible, the CO can involve EY auditors and/or specialists in projects to further instill the right values within our firm. In FY 2015-2016, the CO has a number of professionals including on rotation from our direct audit practice. Currently, the CO consists of four full-time staff, including the Compliance Officer, and two part-time staff, including the deputy Compliance Officer.
Focus on Learning
Internal observations from the Quality and Risk departments and CO serve as important lessons to be learned. Through the follow-up on identified issues, a continuous improvement cycle is established throughout our professional practice.
We duly noted reports by the AFM addressing the audit profession and our firm, and our responses, as well as the approach the PCAOB and the AFM applied during their most recent inspections in 2015 and 2016. This allows us to better understand the AFM’s requirements regarding audit firms. External inspections provide us with clarification regarding the interpretation of quality control requirements.
The CO attended meetings with the firm’s Supervisory Board, discussed the focus and scope of work and its valuable suggestions.
Global confidentiality policy
Protecting confidential information is engrained in the everyday activities of EYG member firms. Respect for intellectual capital, and all other sensitive and restricted information, is established within the Global Code of Conduct, which provides a clear set of behaviors expected of all EY people. In order to further enhance this approach to protecting information, and to reflect the ever-increasing use and distribution of restricted data, EYG launched a new Global Confidentiality Policy in 2015. This policy provides added clarity to EY people and forms the fundamental element of a wider approach that includes other key policies on conflicts of interest, personal data privacy and records retention. Other elements of the approach include:
- Social media guidance
- Information handling requirements
- Knowledge sharing protocols
In the following sections, we describe the principal components of our audit quality control program:
- Instilling professional values
- Internal quality control system
- Client acceptance and continuance
- Performing audits
- Review and consultation
- Audit partner rotation
- Audit quality reviews
- External quality-assurance reviews
- Compliance with legal requirements