My Account
Basket (0)
Contact Us Email Newsletters

Getting it Right - Practice Assurance for Larger Firms

By Julia Penny

Practice Assurance standards apply to all ICAEW members with a practicing certificate, all ICAEW firms and any firm that has a Practice Assurance contract with ICAEW for the provision of anti-money laundering supervision. The standards are designed to ensure that a firm, or practicing member, acts appropriately in running their practice and offering their services to clients. Firms need to be able to demonstrate how they achieve the standards and the QAD (Quality Assurance Department) will visit periodically to assess your compliance.

ICAEW has issued guidance for new firms, smaller firms and larger firms on how to comply with the practice assurance standards. This article is looking at the guidance or larger firms.

The guidance is split into 4 documents, dealing with the four standards, as set out below. This article gives a brief overview of those key points and some additional thoughts from our practical experience:

1. Laws, regulations and professional standards
2. Client acceptance and engagement
3. Competence
4. Quality control

Standard 1: Laws, regulations and professional standards

Standard 1 deals with all the laws, regulations and other standards that a firm should comply with. Many of the requirements are the same for all sizes of firms, such as the money laundering regulations. Larger firms may find that their situation is more complex however and so they will need to ensure that someone in the firm has sufficient knowledge of the whole business to recognise what laws, regulations and standards apply. It will be particularly important to ensure that all entities are considered, as larger firms tend to have more than one legal entity or partnership offering services. 

The ICAEW guidance runs through lists of both essential actions and best practice suggestions. Key things to note are that it is often easier in a bigger firm to ensure that a central team or individual is responsible for a particular compliance issue. For instance, a larger firm will usually benefit from having a central team dealing with much of the administration and compliance aspects of anti-money laundering (AML) regulations and client money rules. 

Data protection will also be much more complex in a larger firm, so ensure that all aspect of GDPR have been considered and dealt with (or there is at least a plan to deal with any issues). For instance, emails are not especially secure as a form of communication, so consider the use of a portal if this is not already in place. 

In the area of tax, make sure that all staff and partners involved have had training on the requirements of the (relatively new) Professional Conduct in Relation to Taxation (you  may find this webinar helpful). Don’t forget to ensure that you have procedures in place to identify and deal with clients to whom FATCA (Foreign Account Tax Compliance Act) or the Common Reporting Standard applies. (Both of these are protocols for the sharing of information relating to tax across borders).

As well as the technical aspects of regulations firms must ensure that they can properly call themselves an ICAEW chartered accountancy firm and that their marketing is appropriate. The latter includes not making any claims about the firm that cannot be substantiated or exaggerating any aspect of the firm (for example saying there are offices across the world, when there are only one or two such offices). SWAT and Mercia are able to help with services including template letters, websites and tax cards, but of course you will need to work out what your marketing messages and campaigns will say and ensure they are truthful.

Standard 2: Client acceptance and engagement

The basic tenet of this standard is that a firm should only accept work where permitted by the regulations, standards and guidance of ICAEW. In general this means that appropriate steps are taken to ensure you are able to do the work properly and that you comply with take-on procedures such as the AML regulations.

Larger firms may find this a trickier standard to comply with as they will have more principals, offices and staff. This means they need to be particularly careful to ensure that procedures are both robust and fully complied with across the firm. Take-on procedures were part of a thematic review conducted in 2018 and you can find the guidance in Practice Assurance Principles 2018.

Systems that helped to ensure compliance with take-on procedures included those that prevented a client record being set up until the on-boarding (including AML checks) were complete. Extra systems also have to keep an eye on how people might circumvent such procedures, for example by reviewing suspense time codes, or marketing codes that might be used to post time where no client code is yet available. It is important that all relevant staff and partners understand the take-on procedures and how important it is to comply with them. Regular checks as to whether the procedures are done properly can help ensure that staff do understand and are implementing the procedures as intended. SWAT and Mercia can help with Money Laundering or Practice Assurance Compliance Reviews which you might find helpful.

Standard 3: Competence

We all know that we should not accept work that we are not competent to undertake, but as a firm gets larger it might be less easy to identify where this is the case and what training is needed to ensure competence. 

Larger firms usually have comprehensive training programmes in place, including CPD planning, monitoring and documenting plus requirements for induction training and regular appraisals. With a larger firm it is especially important to have systems in place to ensure that everyone has had appropriate training, including soft skills development. A single partner will not be able to know each member of staff and their abilities and training needs, so someone in the firm (perhaps HR or the technical or training department if there is one), will need to keep tabs on this. Even larger firms will often outsource the delivery of their training to external suppliers such as SWAT and Mercia but remember that the firm is still responsible for ensuring that staff have the necessary CPD and the expertise to do their jobs properly. 

Where staff are involved in audit, remember to consider the specific requirements in this area. For instance, Responsible Individuals (RIs) should be able to demonstrate that they have complied with the CPD requirements of IES 8 (see my earlier article). Although members of ICAEW are personally required to confirm their CPD on an annual basis and consider their needs using a RAID (reflect, act, impact, declare) approach, the firm has its own requirement to ensure that staff and principals are competent. 

Standard 4: Quality Control

Quality control is fundamental to the delivery of professional quality work and so all firms need to ensure that they have an appropriate quality control system. Of course many of you use SWAT and Mercia services for audit and compliance reviews, as this relieves a burden from internal staff who may have little time or relevant expertise or experience. Even where this happens, the firm retains the responsibility for ensuring that there is appropriate quality control. After all, if regular cold file reviews are done, but never acted upon, they will not contribute to quality at the firm. You will need to ensure that there are appropriate procedures to follow up on all quality control reviews, whoever carried them out and to implement improvements to tackle any issues found. 

Remember that quality control must also apply to running the practice, not just the normal supervision and review of client work. So systems for quality control will include considering WIP and deadline management; proper filing and retention of documents and deletion of information at appropriate times together with appropriate guidance on IT systems and procedures.

Sometimes, despite our best efforts, things go wrong and a client may complain. Not all complaints will have a proper foundation in work being done poorly, but they will represent an unhappy client. Complaints are stressful and time-consuming to handle and may lead to fines, regulatory action or costly civil actions. When they do occur, therefore, it is vital that such complaints are dealt with appropriately and that lessons are learned to help prevent similar problems in the future.

Things that can go wrong

From our experience of talking to firms over the years here is a short list of some of things that can get overlooked by firms in terms of practice assurance:

• Lack of communication of non-audit client work to the audit engagement partner prior to acceptance of the work (this often relies on IT systems to allow identification of audit clients, particularly if the firm is a member of the network);

• Lack of consideration of certain threats to ethical standards, especially on audit including
 - Who is a covered person (typically this includes all senior management regardless of their direct involvement in audit);
 - Who is a close family member for ethical purposes;
- Indirect financial interests, such as those held via trusts;
- The correct application of the lighter touch requirements of the Provisions Available for the Audit of Smaller Entities (Section 6 of the FRC’s Ethical Standard);

• Poor AML procedures;

• Problems in ensuring that all partners or staff have attended relevant training, or undertaken alternative learning (such as reading course notes and asking a colleague about any areas they didn’t understand;

• Registrations or procedures for certain entities being overlooked. Most regulations require individual entities, such as LLPs or companies, to be registered as regulated. As larger firms often have several entities sometimes certain requirements are accidentally omitted for certain entities;

• Members of staff having a title which makes them look like a principal (eg director, partner) which can result in “holding them out” as principals, in which case they will need to be covered by practicing certificates (you can find guidance here).

• Changes in requirements always present a risk, but with a larger firm with multiple offices, staff and entities there is a bigger risk that not all procedures are appropriately updated. It may help to keep a register of the various documents in which regulations are dealt with so it is easier to know what to update. For instance, complaints procedures may be covered in engagement letters; in staff handbooks and on the website. Any changes to requirements need updating in all of these places. 


Running a practice is a complicated business and as the practice gets larger more formal policies and procedures may well be required to ensure compliance with the various requirements. The ICAEW helpsheets guide you through some of the common areas of difficulty and remind you of your responsibilities. SWAT and Mercia do, of course, provide lots of services to help you comply, so do contact us if you would like to discuss these. 

Links included with kind permission of ICAEW © ICAEW 2018


October 2018 


This article is published with the understanding that SWAT UK Limited is not engaged in rendering legal or professional services. The material contained in this article neither purports, nor is intended to be, advice on any particular matter. This article is an aid and cannot be expected to replace professional judgment. SWAT UK accepts no responsibility or liability to any person in respect of anything done or omitted to be done by any such person in reliance, whether sole or partial, upon the whole or any part of the contents of this article.