Transparency Report 2018 - EY Malta
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Transparency Report 2018 EY Malta 31st October 2018
Contents
Message from the Country Managing Partner and the EY Malta Professional Practice Director ............................................. 3
Legal structure, ownership and governance ...................................................................................................................... 5
Network arrangements .................................................................................................................................................... 6
Commitment to quality........................................................................................................................................................ 8
Infrastructure supporting quality ...................................................................................................................................... 8
Instilled professional values ............................................................................................................................................. 9
Internal quality control system ....................................................................................................................................... 10
Client acceptance and continuance ................................................................................................................................. 12
Performance of audits ................................................................................................................................................... 12
Review and consultation ................................................................................................................................................ 14
Audit partner rotation ................................................................................................................................................... 15
Audit quality reviews ..................................................................................................................................................... 15
External quality assurance review .................................................................................................................................. 16
Compliance with legal requirements ............................................................................................................................... 16
Independence practices..................................................................................................................................................... 17
Continuing education of audit professionals ....................................................................................................................... 19
Revenue and remuneration ............................................................................................................................................... 20
Financial information ..................................................................................................................................................... 20
Partner remuneration .................................................................................................................................................... 21
Appendix 1 ....................................................................................................................................................................... 22
Appendix 2 ....................................................................................................................................................................... 23
More information about EY can be found at ey.com.
Transparency Report 2018: EY Malta 2
Message from the Country Managing Partner and the
EY Malta Professional Practice Director
Welcome to the 2018 Transparency Report of Ernst & Young Malta Limited (EY Malta). We believe that how we advance audit
quality, manage risk and maintain our independence as auditors should be transparent to our stakeholders. We value regular
dialogue, and this report is one of the ways in which we advise our stakeholders on what we are doing in each of these areas.
Executing high-quality audits continues to be our top priority and is at the heart of our commitment to serve the public interest.
It enables us to grow the global EY network successfully and responsibly, while achieving our purpose of building a better working
world. Auditors play a vital role in the functioning of capital markets by promoting transparency and supporting investor
confidence. Companies, regulators and other stakeholders count on us to deliver excellence in every engagement.
We are focused on investing in tools to improve what we do, creating the highest-performing teams, and building trust and
confidence in the audits we perform.
EY Malta’s reputation is based on and grounded in providing high-quality professional audit services objectively and ethically to
every company we audit.
We continue to embrace the transparency objectives of the European Union’s 8th Company Law Directive and Accountancy
Profession Regulations 2009 (subsidiary Legislation 281), which require Malta statutory auditors of public interest entities (PIEs)
to publish annual transparency reports.
The 2018 EY Malta Transparency Report complies with the Directive and Accountancy Profession Regulations 2009 (subsidiary
Legislation 281.01), and covers 18 months from January 2017 – June 2018. EY Malta has changed its Transparency reporting
period-end to 30 June in order to align itself with the EY Global Network.
In this report, you can learn more about our internal quality control system: how we instill professional values, how we perform
an audit, our review and consultation processes, our approach to audit quality reviews, and our independence practices.
EY Malta is focused on enhancing audit quality and upholding our independence, informed by several matters including external
and internal inspection results. Continuous improvement of audit quality requires us to challenge approaches to audit execution,
and we focus on this by evaluating all inspection findings and taking responsive actions.
We encourage all our stakeholders — including our clients and their investors, audit committee members and regulators — to
continue to engage with us on our strategy as well as any of the matters covered in this report.
Ronald Attard Anthony Doublet
Country Managing Partner Professional Practice Director
Ernst & Young Malta Limited Ernst & Young Malta Limited
Transparency Report 2018: EY Malta 3
EY’s purpose: building a better working world
EY is committed to doing its part in building a better working world.
The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world
over. We develop outstanding leaders who team to deliver on our promises to stakeholders. In so doing, we play a critical role
in building a better working world for our people, our clients and our communities.
Transparency Report 2018: EY Malta 4About us EY Malta is part of the EMEIA Area, which comprises EYG
member firms in 98 countries in Europe, the
Legal structure, ownership and Middle East, India and Africa. Within the EMEIA Area,
there were 11 Regions, and from 1 July 2018 the number
governance has reduced to 10. EY Malta is part of the CESA Region.
In Malta, Ernst & Young Malta Limited is a limited liability Ernst & Young (EMEIA) Limited (“EMEIA Limited”), an
company organized in Malta and is a member firm of Ernst English company limited by guarantee, is the principal
& Young Global Limited, a UK company limited by guarantee coordinating entity for the EYG member firms in the EMEIA
(EYG). In this report, we refer to ourselves as Area. EMEIA Limited facilitates the coordination of these
“EY Malta,” “we,” “us” or “our.” EY refers collectively to the firms and cooperation between them, but it does not
global organization of the member firms of EYG. control them. EMEIA Limited is a member firm of EYG, has
EY Malta also includes the other EYG member firms in no financial operations and does not provide any
Malta: professional services.
• Ernst & Young Limited Each Region elects a Regional Partner Forum (RPF), whose
• Ernst & Young Holdings Limited representatives advise and act as a sounding board to
Regional leadership. The partner elected as Presiding
• Ernst & Young Managed Services Limited
Partner of the RPF also serves as the Region’s
The EY Malta office is located in Msida and is made up of 8 representative on the Global Governance Council
partners, namely, Ronald Attard, Robert Attard, Grace (see page 7).
Camilleri, Geraint Davies, Anthony Doublet, Shawn Falzon,
Kevin Mallia and Christopher J. Naudi, and 6 associate
partners, namely, Christopher Balzan, Gilbert Guillaumier,
Chris Meilak, Karl Mercieca, Chris Portelli and Joette
Sciortino.
EYG member firms are grouped into four geographic Areas:
Americas; Asia-Pacific; Europe, Middle East, India and
Africa (EMEIA); and Japan. The Areas comprise a number of
Regions, which consist of member firms or sections of
those firms.
Transparency Report 2018: EY Malta 5In Europe, a holding entity, Ernst & Young Europe LLP (“EY
Europe”), was formed in conjunction with EMEIA Limited.
Network arrangements
EY Europe is an English limited liability partnership, owned EY is a global leader in assurance, tax, transaction and
by partners of the EYG member firms operating in Europe. advisory services. Worldwide, over 250,000 people in
It is an audit firm registered with the Institute of Chartered member firms in more than 150 countries share a
Accountants in England and Wales (ICAEW), but it does not commitment to building a better working world, united by
carry out audits or provide any professional services. To the shared values and an unwavering commitment to quality,
extent permitted by local legal and regulatory requirements, integrity and professional skepticism. In today’s global
EY Europe has acquired or will acquire voting control of the market, the integrated EY approach is particularly
EYG member firms operating in Europe. EY Europe is a important in the delivery of high-quality multinational
member firm of both EYG and EMEIA Limited. audits, which can span nearly every country in the world.
This integrated approach enables EY member firms to
EY Europe acquired voting control of EY Malta as of 19
develop and draw upon the range and depth of experience
December 2011.
required to perform such diverse and complex audits.
EY Europe’s principal governing bodies are:
EYG coordinates the member firms and promotes
Europe Operating Executive cooperation among them. EYG does not provide services,
but its objectives include the promotion of exceptional high-
The Europe Operating Executive (EOE) operates as the
quality client service by member firms worldwide.
board of EY Europe. It has authority and accountability for
strategy execution and management of EY Europe’s Each member firm is a legally distinct entity. Their
operations. The EOE comprises: the Europe Managing obligations and responsibilities as members of EYG are
Partner; the leaders for Accounts, Talent and Risk governed by the regulations of EYG and various other
Management; the service line leaders for Assurance, agreements.
Advisory, Transaction Advisory Services and Tax; and all
The structure and principal bodies of the global
European Regional Managing Partners.
organization during the period ended 30 June 2018 are
Europe Governance Sub-Committee described below. They reflect the principle that EY, as a
global organization, has a common shared strategy.
EY Europe has the Europe Governance Sub-Committee,
which includes one representative from each Region in The Executive includes the Global Executive (GE), its
Europe. It serves in an advisory role to the EOE on policies, committees and teams, and the leadership of the four
strategies and other matters, and its approval is required Areas. At the same time, the network operates on a
for a number of significant matters, such as the Regional level within the Areas. This operating model allows
appointment of the Europe Managing Partner, approval of for greater stakeholder focus in the 27 Regions, permitting
the financial reports of EY Europe and material member firms to build stronger relationships with clients
transactions. and others in each country, and be more responsive to local
needs.
Transparency Report 2018: EY Malta 6Global Governance Council • public policy
The Global Governance Council (GGC) is the main oversight • Policies and guidance relating to member firms’ service
body of EYG. It comprises one or more representatives from of international clients, business development, markets
and branding
each Region, other member firm partners as at-large
representatives and up to six independent non-executives • EY’s development funds and investment priorities
(INEs). The Regional representatives, who otherwise do not • EYG’s annual financial reports and budgets
hold senior management roles, are elected by their RPFs for • GGC recommendations
a three-year term, with provision for one successive The GE also has the power to mediate and adjudicate
reappointment. The GGC advises EYG on policies, strategies disputes between member firms.
and the public interest aspects of its decision—making. The
approval of the GGC is required for a number of significant
matters that could affect EY. GE committees
Established by the GE and bringing together representatives
Independent Non-Executives from the four Areas, the GE committees are responsible for
Up to six Independent Non-Executives (INEs) are appointed making recommendations to the GE. In addition to the
from outside EY. The INEs are senior leaders from both the Global Audit Committee, there are committees for Global
public and private sectors, and reflect diverse geographic Markets and Investments, Global Accounts, Emerging
and professional backgrounds. They bring to the global Markets, Talent, Risk Management, Assurance, Advisory,
organization, and the GGC, the significant benefit of their Tax, and Transaction Advisory Services.
varied perspectives and depth of knowledge. The INEs also
form a majority of the Public Interest Sub-Committee of the Global Practice Group
GGC, which addresses public interest matters, including This group brings together the members of the GE, GE
public interest aspects of decision-making, issues raised committees, Regional leaders and sector leaders. The
under whistleblowing policies and procedures, perspectives Global Practice Group seeks to promote a common
on stakeholder views and engagement in quality and risk understanding of EY’s strategic objectives and helps drive
management discussions. The INEs are nominated by a consistency of execution across the organization.
dedicated committee.
EYG member firms
Global Executive Under the regulations of EYG, member firms commit
The Global Executive (GE) brings together EY’s leadership themselves to pursue EY’s objectives, such as the provision
functions, services and geographies. It is chaired by the of high-quality service worldwide. To that end, the member
Chairman and CEO of EYG, and includes its Global Managing firms undertake the implementation of global strategies and
Partners of Client Service and Business Enablement; the plans, and work to maintain the prescribed scope of service
Area Managing Partners; the global functional leadership capability. They are required to comply with common
for Talent and Finance; the leaders of the global service standards, methodologies and policies, including those
lines — Assurance, Advisory, Tax and Transaction Advisory regarding audit methodology, quality and risk management,
Services; the Global Leader for Public Policy; and one EYG independence, knowledge sharing, human resources, and
member firm partner on rotation. technology.
The GE also includes the Chair of the Global Accounts Above all, EYG member firms commit to conducting their
Committee and the Chair of the Emerging Markets professional practices in accordance with applicable
Committee, as well as a representative from the Emerging professional and ethical standards, and all applicable
Markets practices. requirements of law. This commitment to integrity and
doing the right thing is underpinned by the EY Global Code
The GE and the GGC approve nominations for the Chairman
of Conduct and EY values (see page 10).
and CEO of EYG, and ratify appointments of the Global
Managing Partners. The GE also approves appointments of Besides adopting the regulations of EYG, member firms
Global Vice Chairs. The GGC ratifies the appointments of enter into several other agreements covering aspects of
any Global Vice Chair who serves as a member of the GE. their membership in the EY organization, such as the right
and obligation to use the EY name, and the sharing
The GE’s responsibilities include the promotion of global
of knowledge.
objectives and the development, approval, and, where
relevant, implementation of: Member firms are subject to reviews that evaluate their
adherence to EYG requirements and policies governing
• Global strategies and plans
issues such as independence, quality and risk management,
• Common standards, methodologies and policies to be
audit methodology, and human resources. Member firms
promoted within member firms
unable to meet the quality commitments and other EYG
• People initiatives, including criteria and processes for
membership requirements may be subject to separation
admission, evaluation, development, reward and
from the EY organization.
retirement of partners
• Quality improvement and protection programs
• Proposals regarding regulatory matters and
Transparency Report 2018: EY Malta 7Commitment to quality The Global PPD oversees development of the EY Global
Audit Methodology (EY GAM) and related technologies so
that they are consistent with relevant professional
Infrastructure supporting standards and regulatory requirements. The Global
Professional Practice group also oversees the development
quality of the guidance, training and monitoring programs and
processes used by member firm professionals to execute
Quality in our service lines audits consistently and effectively. The Global, Area and
Vision 2020+, which sets out EY’s purpose, ambition and Region PPDs, together with other professionals who work
strategy, calls for EYG member firms to provide exceptional with them in each member firm, are knowledgeable about
client service worldwide. This is supported by an EY people, clients and processes, and they are readily
unwavering commitment to quality and service that is accessible for consultation with audit engagement teams.
professionally and globally consistent, and means service Additional resources often augment the Global Professional
that is based on objectivity, professional skepticism, and Practice group, including networks of professionals
adherence to EY and professional standards. focused on:
EYG member firms and their service lines are accountable • Internal—control reporting and related aspects of the
for delivering quality engagements. EY service lines EY audit methodology
manage the overall process for quality reviews of completed • Accounting, auditing and risk issues for specific
engagements and input for the quality of in-process industries and sectors
engagements, which helps achieve compliance with • Event-specific issues involving areas of civil and
professional standards and EY policies. political unrest; or sovereign debt and related
accounting, auditing, reporting and disclosure
Vision 2020+ has reinforced the ownership of quality
implications
by the service lines, including audit. It has also
• General engagement issues and how to work effectively
resulted in increased clarity around the role of risk
with audit committees
management in policies and practices that support and
improve audit quality. Risk management
The Global Vice Chair of Assurance coordinates member Responsibility for high-quality service and ownership of the
firms’ compliance with EY policies and procedures for risks associated with quality is placed with the member
assurance services. firms and their service lines. Among other things, the
Global Risk Management Leader helps oversee the
Professional Practice management of these risks by the member firms, as well as
The Global Vice Chair of Professional Practice, referred to other risks across the organization as part of the broader
as the Global Professional Practice Director (PPD), is Enterprise Risk Management framework.
overseen by the Global Vice Chair of Assurance and works
Member firm partners are appointed to lead risk
to establish global audit quality control policies and
management initiatives in both the service lines and
procedures. Each of the Area PPDs is overseen by the
member firms, supported by other staff and professionals.
Global PPD and the related Area Assurance Leader. This
The Global Risk Management Leader is responsible for
helps provide greater assurance as to the objectivity of
establishing globally consistent risk management execution
audit quality and consultation processes.
priorities and enterprise—wide risk management.
The Global PPD also leads and oversees the Global These priorities cascade to member firms, and their
Professional Practice group. This is a global network of execution is monitored through an Enterprise Risk
technical subject matter specialists in accounting and Management program.
auditing standards, who consult on accounting, auditing
and financial reporting matters, and perform various
practice monitoring and risk management activities.
Transparency Report 2018: EY Malta 8Global confidentiality policy Components of the audit quality control program
Protecting confidential information is ingrained in the In the following sections, we describe the principal
everyday activities of EYG member firms. Respect for components of the audit quality control program, which EY
intellectual capital and all other sensitive and restricted Malta follows:
information is required by the EY Global Code of Conduct,
• Instilled professional values
which provides a clear set of principles to guide the
• Internal quality control system
behaviors expected of all EY people. The Global
Confidentiality Policy further details this approach to • Client acceptance and continuance
protecting information and reflects the ever—increasing use • Performance of audits
of restricted data. This policy provides added clarity for EY • Review and consultation
people and forms the fundamental element of broader • Audit partner rotation
guidance that includes key policies on conflicts of interest, • Audit quality reviews
personal data privacy and records retention. Other
• External quality—assurance reviews
guidance includes:
• Compliance with legal requirements
• Social media guidance
• Information—handling requirements
• Knowledge—sharing protocols
Instilled professional values
Cybersecurity Sustainable Audit Quality
Managing the risk of major and complex cybersecurity Quality is the foundation for exceptional client service. It is
attacks is a part of doing business for all organizations. what we pride ourselves on. It is integral to our work and
While no systems are immune from the threat of cyber— central to our responsibility to provide confidence to the
attacks, EY Malta is vigilant in the steps taken to secure the capital markets. Delivering quality is at the heart of all we
environment of EYG member firms and to protect their
do and supports our purpose of building a better working
clients’ data. The EY approach to cybersecurity is proactive
world for our people, our clients and our communities. This
and includes the implementation of technologies and
processes necessary to manage and minimize cybersecurity is reflected in the Sustainable Audit Quality (SAQ) program,
risks globally. EY information security and data privacy which is the highest priority for our Assurance practices.
programs, consistent with industry practices and applicable
Each member firm that makes up our global structure is
legal requirements, are designed to protect against
committed to providing high-quality audits. In 2015, we
unauthorized disclosure of data. There is a dedicated team
of internal and external cybersecurity specialists who launched the SAQ initiative throughout our Assurance
actively monitor and defend EY systems. practices. SAQ establishes a governance structure and is
focused on continuously improving our audit process.
Beyond technical and process controls, all EY people are
required to affirm in writing their understanding of the We use the word “sustainable” in SAQ to demonstrate that
principles contained in the EY Global Code of Conduct and this is not a one-off, short-term initiative, but an ongoing
their commitment to abide by them and to participate in an process of improvement. EY has had a common audit
annual security awareness learning activity. There are methodology for some time; now we have a common
various policies outlining the due care that must be taken
language and processes regarding audit quality.
with technology and data, including but not limited to the
Global Information Security Policy, and a global policy There are six components to SAQ: tone at the top,
around the Acceptable Use of Technology. EY strengthening people capabilities, simplification, audit
cybersecurity policies and processes recognize the technology and digital, enablement and quality support,
importance of timely communication. EY people receive
and accountability. SAQ is implemented by each member
regular and periodic communications reminding them of
firm, and is coordinated and overseen globally.
their responsibilities around these policies and general
security awareness practice. Audit quality and the key elements of SAQ are something
every senior manager, manager and team member must
understand and be committed to implementing locally. SAQ
is essential to all our goals and ambitions, and each of
the Regional and Area leaders is held accountable for
those goals.
Transparency Report 2018: EY Malta 9We have made significant progress through SAQ. EY’s Code of Conduct
internal and external inspection findings globally are We promote a culture of integrity among our professionals.
showing improvement, and we are producing greater The EY Global Code of Conduct provides a clear set of
consistency in execution. We have deployed world—class principles that guide our actions and our business conduct,
tools that enhance the quality and value of our audits. Our and are to be followed by all EY personnel. The EY Global
ability to deliver consistency is based in part on the use of Code of Conduct is divided into five categories:
EY Canvas, our online audit platform. It better supports
audit execution, streamlines communications and enables • Working with one another
us to provide a seamless audit. • Working with clients and others
• Acting with professional integrity
We recently launched the EY Canvas Client Portal, which
• Maintaining our objectivity and independence
adds to the leading—edge tools already offered to our
auditors. In addition, we have deployed the 2018 Audit • Respecting intellectual capital
Milestones Program globally, which establishes the use of Through our procedures to monitor compliance with
Milestones on selected PIE audits as one important step to the EY Global Code of Conduct, and through frequent
improving results and sustaining quality across communications, we strive to create an environment that
engagements. encourages all personnel to act responsibly, including
reporting misconduct without fear of retaliation.
There is also a network of Quality Enablement Leaders
(QELs) across the practice and an overall Global Audit The EY Ethics Hotline provides our people, clients and
Quality Committee. others outside of the organization with a means to
They help us in executing and reviewing root-cause analysis confidentially report activity that may involve unethical or
and understanding the impact our initiatives are having in improper behavior and that may be in violation of
driving quality outcomes, better behaviors and a continuous professional standards or otherwise inconsistent with the
improvement mindset. This infrastructure demonstrates
EY Global Code of Conduct. The hotline is operated by an
that audit quality is the single most important factor in our
decision—making and the key measure on which our external organization that provides confidential and, if
professional reputation stands. desired, anonymous hotline reporting services worldwide.
When a report comes into the EY Ethics Hotline, either by
Tone at the top
phone or internet, it receives prompt attention. Depending
EY Malta leadership is responsible for setting the right tone on the content of the report, appropriate individuals from
at the top and demonstrating EY’s commitment to building Risk Management, Talent, Legal or other functions are
a better working world through behavior and actions. While involved to address the report. The same procedures are
the tone at the top is vital, our people also understand that followed for matters that are reported outside of the EY
quality and professional responsibility start with them. Our Ethics Hotline.
shared values, which inspire our people and guide them to
do the right thing, and our commitment to quality are
embedded in who we are and in everything Our values: who we are
we do.
People who demonstrate integrity, respect and teaming
The EY approach to business ethics and integrity is
contained in the EY Global Code of Conduct and other
policies, and is embedded in the EY culture of consultation, People with energy, enthusiasm and the courage to lead
training programs and internal communications. Senior
management regularly reinforces the importance of People who build relationships based on doing the
right thing
performing quality work, complying with professional
standards, adhering to our policies, leading by example and
through various communications. Also, EY’s quality review
programs assess professional service as a key metric in Internal quality control system
evaluating and rewarding all professionals.
Structure
The EY culture strongly supports collaboration and places
EY Malta’s reputation for providing high-quality professional
special emphasis on the importance of consultation in
audit services independently, objectively and ethically is
dealing with complex or subjective accounting, auditing,
fundamental to our success as independent auditors. We
reporting, regulatory and independence matters. We believe
continue to invest in initiatives to promote enhanced
it is important to determine that engagement teams and
objectivity, independence and professional skepticism.
clients correctly follow consultation advice, and we
These are fundamental attributes of a
emphasize this when necessary.
high-quality audit.
The consistent stance of EY Malta has been that no
client is more important than our professional
reputation — the reputation of EY Malta and the
reputation of each of our professionals.
Transparency Report 2018: EY Malta 10At EY Malta, our role as auditors is to provide assurance on The recent results of such monitoring, together with the
the fair presentation of the financial statements of the recent feedback from independent external audit firm
companies we audit. We bring together qualified teams to regulators, provide EY Malta with a basis to conclude that
provide our services, drawing on our broad experience our internal control systems are designed appropriately and
across industry sectors and services. We continually strive are operating effectively.
to improve our quality and risk management processes so
that the quality of our service is at a consistently high level.
We recognize that in today’s environment — characterized
by continuing globalization and the rapid movement of
capital and the impact of technology changes — the quality
of our audit services has never been more important. As
part of EY Vision 2020+, we continue to invest heavily in
developing and maintaining our audit methodology, tools
and other resources needed to support quality service.
While the market and stakeholders continue to demand
high-quality audits, they also demand increasingly efficient
and effective delivery of audit services. In addition to the
investments mentioned, EY continues to seek ways to
improve the effectiveness and efficiency of its audit
methodology and processes, while improving audit quality.
We work to understand where our audit quality may not be
up to our own expectations and those of stakeholders,
including external audit firm regulators. We seek to learn
from external and internal inspection activities and to
identify root causes of adverse quality occurrences to
enable us continually to improve audit quality, and we
believe that taking effective and appropriate actions to
improve quality is important.
Effectiveness of the quality control system
EY has designed and implemented a comprehensive set of
global audit quality control policies and practices. These
policies and practices meet the requirements of the
International Standards on Quality Control issued by the
International Auditing and Assurance Standards Board
(IAASB). EY Malta has adopted these global policies and
procedures, and has supplemented them as necessary to
comply with local laws and professional guidelines, and to
address specific business needs.
We also execute the EY Audit Quality Review (AQR) program
to evaluate whether our system of audit quality control has
operated effectively so as to provide reasonable assurance
that EY Malta and our people comply with applicable
professional standards, internal policies and regulatory
requirements.
The results of the AQR program and external inspections
are evaluated and communicated within EY Malta to provide
the basis for continual improvement in audit quality,
consistent with the highest standards in the profession.
The GE is responsible for implementing quality
improvement. As such, it reviews the results of our internal
AQR program and external audit firm regulatory reviews,
as well as any key actions designed to address areas
for improvement.
Transparency Report 2018: EY Malta 11Client acceptance and As part of this process, we carefully consider the risk
characteristics of a prospective client or engagement and
continuance the results of several due diligence procedures. Before we
take on a new engagement or client, we determine whether
EY policy we can commit sufficient resources to deliver quality
The EY Global Client Acceptance and Continuance Policy service, especially in highly technical areas, and if the
sets out principles for member firms to determine whether services the client wants are appropriate for us to provide.
to accept a new client or a new engagement, or to continue The approval process is rigorous, and no new audit
with an existing client or engagement. These principles are engagement may be accepted without the approval of our
fundamental to maintaining quality, managing risk, PPD.
protecting our people and meeting regulatory In the EY annual client and engagement continuance
requirements. The objectives of the policy are to: process, we review our service and ability to continue to
• Establish a rigorous process for evaluating risk and provide quality service, and confirm that clients share EY
making decisions to accept or continue clients or Malta’s commitment to quality and transparency in financial
engagements reporting. The partner in charge of each audit, together
• Meet applicable independence requirements with our Assurance leadership, annually reviews our
• Identify and deal appropriately with any conflicts relationship with the audit client to determine whether
of interest continuance is appropriate.
• Identify and decline clients or engagements that pose As a result of this review, certain audit engagements are
excessive risk identified as requiring additional oversight procedures
• Require consultation with designated professionals to during the audit (close monitoring), and some audit clients
identify additional risk management procedures for are discontinued. As with the client acceptance process, our
specific high-risk factors Regional PPD is involved in the client continuance process
• Comply with legal, regulatory and professional and must agree with the continuance decisions.
requirements
Decisions about acceptance or continuance of clients and
In addition, the EY Global Conflicts of Interest Policy defines
engagements consider the engagement team’s assessment
global standards for addressing categories of potential
of whether the company’s management may pressure us to
conflicts of interest and a process for identifying them. It
accept inappropriate accounting, auditing and reporting
also includes provisions for managing potential conflicts of
conclusions to undermine quality. Considerations and
interest as quickly and efficiently as possible through the
conclusions on the integrity of management are essential
use of appropriate safeguards. Such safeguards range from
to acceptance and continuance decisions.
obtaining a client’s consent for EYG member firms to act for
two or more clients to declining an engagement to avoid an
identified conflict. Performance of audits
The EY Global Conflicts of Interest Policy and associated As part of EY Vision 2020+, EY has invested significantly in
guidance were updated in early 2015. The updates take into improving audit methodologies and tools, with the goal of
account the increasing complexity of engagements and performing the highest-quality audits in the profession. This
client relationships, and the need for speed and accuracy in investment reflects EY’s commitment to building trust and
responding to clients. They also align with the latest confidence in the capital markets and in economies the
International Ethics Standards Board for Accountants world over.
(IESBA) standards.
Audit methodology
Putting policy into practice EY GAM provides a global framework for delivering high-
We use the EY Process for Acceptance of Clients and quality audit services through the consistent application of
Engagements (PACE), an intranet—based system, for thought processes, judgments and procedures in all audit
efficiently coordinating client and engagement acceptance engagements, regardless of size. EY GAM also requires
and continuance activities in line with global, service line compliance with relevant ethical requirements, including
and member firm policies. PACE takes users through the independence from the entity we audit. Making risk
acceptance and continuance requirements, and identifies assessments, reconsidering and modifying them as
the policies and references to professional standards appropriate, and using these assessments to determine the
needed to assess both business opportunities and nature, timing and extent of audit procedures are
associated risks. fundamental to EY GAM. The methodology also emphasizes
applying appropriate professional skepticism in the
execution of audit procedures. EY GAM is based on
International Standards on Auditing (ISAs) and is
supplemented in Malta to comply with the local Malta
auditing standards and regulatory or
statutory requirements.
Transparency Report 2018: EY Malta 12Using an online tool, EY Atlas, an EY auditor is presented It also enables a linkage for our group audit teams to
with a version of EY GAM organized by topic and designed communicate inter-office risks and instructions so that the
to focus the audit strategy on the financial statement risks, primary audit team can direct execution and monitor
and the design and execution of the appropriate audit performance of the group audit.
response to those risks. EY GAM consists of two key
EY Canvas includes a Client Portal to assist teams in
components: requirements and guidance, and supporting
communicating with clients and streamlining their client
forms and examples. The requirements and guidance reflect
requests. Mobile applications are integrated with EY Canvas
both auditing standards and EY policies. The forms and
to help our people in their audit work; for example, in
examples include leading practice illustrations, and assist in
monitoring the status of the audit, capturing audit evidence
performing and documenting audit procedures.
securely and performing inventory observations.
EY GAM can be “profiled” or tailored to present the relevant
Audit engagement teams use other software applications,
requirements and guidance, depending on the nature of the
forms and templates during various phases of an audit to
entity being audited. For example, there are profiles for
assist in executing procedures, making and documenting
listed entities and for those considered non-complex
audit conclusions, and performing analysis.
entities. Enhancements to the audit methodology are made
regularly to address new standards, emerging auditing At EY, we are making data analysis integral to our audits.
issues and matters, implementation experiences, and Our use of data and analysis is not about additive
external and internal inspection results. In 2017, EY GAM procedures or visualizations. It is about taking large
was updated to address the requirements of new section populations of company data, and applying our globally
225 of the International Ethics Standards Board for consistent technology (EY Helix) and methodology (EY
Accountants Code of Ethics (IESBA Code), Responding to GAM) to audit that data.
Non-Compliance with Laws and Regulations and the
EY Helix is a library of data analyzers for use in audits.
resulting conforming changes to the ISAs. In addition,
These data analyzers are transforming the audit through
updated guidance was issued on performing joint audits and
the analysis of larger populations of audit-relevant data,
audits when the entity uses a service organization, along
identifying unseen patterns and trends in that data, and
with new policies relating to maintaining the audit
helping to direct our audit efforts. The use of data analytics
documentation in electronic form. EY GAM was also
also allows us to obtain better perspectives, richer insights
enhanced by adding guidance to address common questions
and a deeper understanding of transactions and areas of
from audit teams and issues arising from inspections.
risk.
In addition, we monitor current and emerging
EY is deploying data analyzers to analyze the business
developments, and issue timely audit planning and other
operating cycles of the companies that we audit, supported
reminders. These reminders emphasize areas noted during
by analytics-based audit programs to aid the application of
inspections as well as other key topics of interest to our
these data analyzers.
local audit regulator(s) and the International Forum of
Independent Audit Regulators (IFIAR). Using the EY Helix library of data analyzers, our
engagement teams can enhance their audit risk
Technology assessment, enabling the audit of higher-risk transactions,
Our audit engagement teams use technology to assist in and assisting our people in asking better questions about
executing and documenting the work performed in audit findings and evaluating the outcomes.
accordance with EY GAM.
EY Atlas is a global technology platform that enables our
EY Canvas, our global audit platform, lies at the heart of the auditors to access the latest accounting and auditing
audit and enables us to provide a high-quality audit. EY content, including external standards, EY interpretations
Canvas is built using HTML5, state-of-the-art technology for and thought leadership.
web applications. This allows us to provide data security and
to evolve our software to respond to changes in the Formation of audit engagement teams
accounting profession and regulatory environment. The EY Malta policies require an annual review of partner
predecessor audit support tool, GAMx, was decommissioned assignments by our Assurance leadership and Regional
in 2018. PPD to make sure that the professionals leading listed-
company audits possess the appropriate competencies (i.e.,
Through the use of profile questions, audit engagements in
the knowledge, skills and abilities) to fulfill their
EY Canvas are automatically configured with information
engagement responsibilities, and are in compliance with
relevant to an entity’s listing requirements and industry.
applicable auditor rotation regulations.
This helps to keep our audit plans customized and up-to-
date, and provides direct linkage to our audit guidance, The assignment of professionals to an audit engagement is
professional standards and documentation templates. EY also made under the direction of our Assurance leadership.
Canvas is built with a user interface that allows the team to Factors considered when assigning people to audit teams
visualize risks and their relationship to the planned include engagement size and complexity, specialized
response and work performed in key areas. industry knowledge and experience, timing of work,
continuity, and opportunities for on-the-job training.
Transparency Report 2018: EY Malta 13For more complex engagements, consideration is given to objectivity and professional skepticism, our policies require
whether specialized or additional expertise is needed to members of Professional Practice, Independence and
supplement or enhance the audit engagement team. certain others to withdraw from a consultation if they
currently serve, or have recently served, the client to which
In many situations, internal specialists are assigned as part
the consultation relates. In this circumstance, other
of the audit engagement team to assist in performing audit
appropriate individuals would be assigned.
procedures and obtaining appropriate audit evidence. These
professionals are used in situations requiring special skills EY policies also require that we document all consultations,
or knowledge, such as information systems, asset valuation including written concurrence from the person or persons
and actuarial analysis. consulted, in order to demonstrate their understanding of
the matter and its resolution.
Review and consultation Engagement quality reviews
Reviews of audit work Engagement quality reviews are performed by audit
partners in compliance with professional standards for
EY policies describe the requirements for timely and direct
audits of all listed companies and those considered close
senior professional participation, as well as the level of
monitoring. Engagement quality reviewers are experienced
review required for the work performed. Supervisory
professionals with significant subject matter knowledge.
members of an audit engagement team perform a detailed
They are independent of the engagement team and able
review of the audit documentation for accuracy and
to provide objective evaluation of significant accounting,
completeness. Senior audit executives and engagement
auditing and reporting matters. In no circumstances may
partners perform a second-level review to determine
the responsibility of the engagement quality reviewer be
adequacy of the audit work as a whole, and the related
delegated to another individual.
accounting and financial statement presentation. A tax
professional reviews the significant tax and other relevant The engagement quality review spans the entire
working papers. For listed and certain other companies, an engagement cycle, including planning, risk assessment,
engagement quality reviewer (described below) reviews audit strategy and execution. Policies and procedures for
important areas of accounting, financial reporting and audit the performance and documentation of engagement quality
execution, as well as the financial statements of the reviews provide specific guidelines on the nature, timing
company we audit and our auditor’s report. and extent of the procedures to be performed, and the
required documentation evidencing their completion. Our
The nature, timing and extent of the reviews of audit work
Regional PPD approves all engagement quality review
depend on many factors, including:
assignments.
• The risk, materiality, subjectivity and complexity of the
subject matter Audit engagement team resolution process for
• The ability and experience of the audit team members differences of professional opinion
preparing the audit documentation EY has a collaborative culture that encourages and expects
• The level of the reviewer’s direct participation in the people to speak up, without fear of reprisal, if a difference
audit work of professional opinion arises or if they are uncomfortable
• The extent of consultation employed about a matter relating to a client engagement. Policies
Our policies also describe the roles and responsibilities of and procedures are designed to empower members of an
each audit engagement team member for managing, audit engagement team to raise any disagreements relating
directing and supervising the audit, as well as the to significant accounting, auditing or reporting matters.
requirements for documenting their work and conclusions. These policies are made clear to people as they join EY, and
we continue to promote a culture that reinforces a person’s
Consultation requirements responsibility and authority to make their own views heard,
EY consultation policies are built upon a culture of and seek out the views of others.
collaboration, whereby audit professionals are encouraged
Differences of professional opinion that arise during an
to share perspectives on complex accounting, auditing and
audit are generally resolved at the audit engagement team
reporting issues. Consultation requirements and related
level. However, if any person involved in the discussion of an
policies are designed to involve the right resources so that
issue is not satisfied with the decision, they refer it to the
audit teams reach appropriate conclusions.
next level of authority until agreement is reached or a final
decision is made.
Consultation is built into the decision-making process;
it is not just a process to provide advice. Furthermore, if the engagement quality reviewer makes
recommendations that the engagement partner does not
For complex and sensitive matters, we have a formal accept or the matter is not resolved to the reviewer’s
process requiring consultation outside of the audit satisfaction, the auditor’s report is not issued until the
engagement team with other personnel who have more matter is resolved. EY policies require documentation of
experience or specialized knowledge, primarily Professional disagreements and their resolution.
Practice and Independence personnel. In the interests of
Transparency Report 2018: EY Malta 14Audit partner rotation Executed annually, the program is coordinated and
monitored by representatives of the Global PPD network,
EY supports mandatory audit partner rotation to help with oversight by Global Assurance leadership.
reinforce auditor independence. EY Malta complies with the
The engagements reviewed each year are selected on a risk-
audit partner rotation requirements of the code of the
based approach, emphasizing audit engagements that are
IESBA, Regulation (EU) 537/2014 of the European
large, complex or of significant public interest. The Global
Parliament and of the Counsel of 16 April 2014 (EU
AQR program includes detailed risk-focused file reviews
537/2014), as well as the U.S. Securities and Exchange
covering a large sample of listed and non-listed audit
Commission (SEC), where required. EY Malta supports audit
engagements to measure compliance with internal policies
partner rotation because it provides a fresh perspective and
and procedures, EY GAM requirements, and relevant local
promotes independence from company management, while
professional standards and regulatory requirements. It also
retaining expertise and knowledge of the business. Audit
includes reviews of a sample of non-audit engagements.
partner rotation, combined with independence
These measure compliance with the relevant professional
requirements, enhanced systems of internal quality controls
standards and internal policies and procedures that should
and independent audit oversight, helps strengthen
be applied in executing non-audit services. In addition,
independence and objectivity, and are important safeguards
practice-level reviews are performed to assess compliance
of audit quality.
with quality control policies and procedures in the
For PIEs where rotation of the audit partner is not functional areas set out in ISQC No. 1. The Global AQR
mandated by local independence regulation or is less program complements external practice monitoring and
restrictive than the IESBA or EU 537/2014 requirements, inspection activities, such as inspection programs executed
the EY Global Independence Policy requires the lead by audit regulators and external peer reviews.
engagement partner and the engagement quality reviewer
AQR reviewers and team leaders are selected for their skills
to be rotated after seven years. For a new PIE (including a
and professional competence in accounting and auditing, as
newly listed company) client, the lead engagement partner
well as their industry specialization; they often work in the
and the engagement quality reviewer may remain in place
Global AQR program for a number of years and are highly
for an additional two years before rotating off the team, if
skilled in the execution of the program. Team leaders and
they have served the client for six or more years prior to the
reviewers are assigned to inspections outside of their home
listing. Following rotation, the partner may not resume the
location and are independent of the audit teams reviewed.
lead or engagement quality review role until at least two
years The results of the Global AQR program, external practice
have elapsed. monitoring and inspection activities are evaluated and
communicated to improve quality. Any quality
We employ tools to track partner rotation that enable improvement plans describe the follow-up actions to be
effective monitoring of compliance with requirements. taken, the people responsible, the timetable and deadlines,
We have also implemented a process for partner rotation and sign-off on completed actions. Measures to resolve
planning and decision-making that involves consultation audit quality matters noted from the Global AQR program,
regulatory inspections and peer reviews are addressed by
with, and approvals by, our Professional Practice and
Assurance leadership and our PPD. The actions are
Independence professionals.
monitored by our PPD and Assurance leadership. These
programs provide important practice monitoring feedback
Audit quality reviews for our continuing quality improvement efforts.
The EY Global AQR program is the cornerstone of the EY
process to monitor audit quality. EY Malta executes the
Global AQR program, reports results and develops
responsive actions plans. The primary goal of the program
is to determine whether systems of quality controls,
including those of EY Malta, are appropriately designed and
followed in the execution of audit engagements to provide
reasonable assurance of compliance with policies and
procedures, professional standards, and regulatory
requirements. The Global AQR program complies with
guidelines in the International Standard on Quality Control
No. 1 (ISQC No. 1), as amended, and is supplemented
where necessary to comply with Malta professional
standards and regulatory requirements. It also aids EY
Malta’s continual efforts to identify areas where we
can improve our performance or enhance our policies
and procedures.
Transparency Report 2018: EY Malta 15External quality assurance Insider trading
The EY Global Insider Trading Policy reaffirms the obligation
review of our people not to trade in securities with insider
information, provides detail on what constitutes insider
EY Malta’s audit practices and our registered statutory
information and identifies with whom our people should
auditors are subject to annual inspection by the Quality
consult if they have questions regarding their
Assurance Oversight Committee (QAOC). As part of its
responsibilities.
inspections, the QAOC evaluates quality control systems
and reviews selected engagements. Trade sanctions
The last quality assurance inspection by QAOC took place in
2017. The final report on the inspection was issued on 12 It is important that we are aware of the ever—changing
March 2018. situation with respect to international trade sanctions. EY
monitors sanctions issued in multiple geographies and
We respect and benefit from the QAOC inspection process.
provides guidance to EY people on impacted activities.
We thoroughly evaluate points raised during the inspection
in order to identify areas where we can improve audit Data privacy
quality. Together with the AQR process, external
inspections aid us in making our audits and related control The EY Global Personal Data Privacy Policy sets out the
processes of the highest quality in the interests of our principles to be applied to the use and protection of
clients’ investors and other stakeholders. personal data, including that relating to current, past and
prospective personnel, clients, suppliers, and business
Information on the above-mentioned regulator can be found
associates. This policy is consistent with applicable laws and
on its website www.accountancyboard.gov.mt.
regulations concerning data protection and privacy for
maintaining and processing personal data. Furthermore, we
Compliance with legal have a policy to address our specific Malta data privacy
requirements requirements and business needs.
Document retention
The EY Global Code of Conduct provides a clear set of
standards that guide our actions and business conduct. EY Malta’s record retention policy applies to all
EY Malta complies with applicable laws and regulations, and engagements and personnel. This policy addresses
EY’s values underpin our commitment to doing the right document preservation whenever any person becomes
thing. This important commitment is supported by a aware of any actual or reasonably anticipated claim,
number of policies and procedures, explained in the litigation, investigation, subpoena or other government
paragraphs below. proceeding involving us or one of our clients that may relate
to our work. It also addresses Malta legal requirements
Anti-bribery
applicable to the creation and maintenance of working
The EY Global Anti-bribery Policy provides EY people with papers relevant to the work performed.
direction around certain unethical and illegal activities. It
emphasizes the obligation to comply with anti-bribery laws
and provides greater definition of what constitutes bribery.
It also identifies reporting responsibilities when bribery is
discovered. In recognition of the growing global impact of
bribery and corruption, efforts have been increased to
embed anti-bribery measures across EY.
Transparency Report 2018: EY Malta 16You can also read
