Transparency Report 2021 - EY Iceland
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Transparency Report 2021 EY Iceland
Contents
Message from the leaders ........................................................................................................................... 3
About us .................................................................................................................................................... 5
Legal structure, ownership and governance ............................................................................................... 5
Network arrangements ............................................................................................................................ 7
Creating long-term value for society .......................................................................................................... 9
Commitment to Sustainable Audit Quality................................................................................................... 10
Infrastructure supporting quality ............................................................................................................ 10
Instilled professional values .................................................................................................................... 13
Internal quality control system................................................................................................................ 15
Client acceptance and continuance.......................................................................................................... 17
Performance of audits ........................................................................................................................... 18
Review and consultation ........................................................................................................................ 20
Rotation and long association ................................................................................................................. 22
Audit quality reviews ............................................................................................................................. 22
External quality assurance review ........................................................................................................... 23
Root cause analysis ............................................................................................................................... 23
Compliance with legal requirements ........................................................................................................ 24
Independence practices ............................................................................................................................ 25
Continuing education and investing in exceptional talent ............................................................................. 27
Development of EY people ..................................................................................................................... 27
Revenue and remuneration........................................................................................................................ 29
Financial information ............................................................................................................................. 29
Partner remuneration ............................................................................................................................ 29
Appendix 1: list of PIE audit clients ............................................................................................................ 31
EY Iceland PIE audit clients..................................................................................................................... 31
Appendix 2: approved EYG member firms ................................................................................................... 32
Confirmation and signatures ...................................................................................................................... 34
Transparency Report 2021 | 2Message from the leaders
Welcome to the Transparency Report 2021 of EY Iceland. We believe that how
we advance audit quality, manage risk and maintain our independence as
auditors should be transparent to stakeholders. This report is one of the ways
in which we provide an update on what we are doing in these areas.
Executing high-quality audits continues to be the top priority, and is at the
heart of our commitment to serve the public interest. Auditors play a vital role
Margrét Pétursdóttir in the functioning of capital markets by promoting transparency and
EY Iceland
supporting investor confidence. Companies, regulators and other stakeholders
Managing Partner
count on us to deliver excellence in every engagement.
We are focused on investing in tools to improve what we do, creating high-
performing, diverse and inclusive teams, and building trust and confidence
through the audits we perform.
EY Iceland’s reputation is based on and grounded in providing high-quality
professional audit services, objectively and ethically, to every company we
audit.
We embrace the transparency objectives of the European Union’s (EU’s)
Regulation 537/2014 and Act No. 94/2019, which require Iceland statutory
auditors of public interest entities (PIEs) to publish annual transparency
Geir Steindórsson reports.
EY Iceland
The EY Iceland Transparency Report 2021 complies with the Regulation and
Assurance Leader
Act No. 94/2019 and covers the fiscal year ending June 30 th 2021 as well as
any more recent relevant events. In this report, you can learn about how we
are creating long-term value for society; our commitment to Sustainable Audit
Quality (SAQ), including how we instill professional values, the performance of
audits and internal quality control; independence practices; and the impact of
the COVID-19 pandemic on operations.
The focus on delivering high-quality audits has remained paramount during the
global pandemic. A comprehensive set of actions has been developed to assess
and respond to risk, with a particular focus on fraud risks.
There has also been a continuing commitment to sustainability, as part of the
global organization’s NextWave strategy, to create long-term value for all
stakeholders. This includes an ambition to be carbon negative in 2021,
following the achievement of carbon neutrality in 2020, and to be net zero in
2025, which is an important step in the EY sustainability journey. EY Iceland is
doing its part in achieving these goals.
We remain focused on enhancing audit quality and upholding our
independence, informed by several factors, including external and internal
inspection results. Continuous improvement of audit quality requires us to
challenge approaches to audit execution, and we concentrate on this by
evaluating inspection findings and taking responsive actions.
Transparency Report 2021 | 3The need for trust and confidence in financial reporting in the capital markets
EY’s purpose: Building a has never been greater, and auditors play an important role in this regard.
better working world
EY is committed to doing its part in
building a better working world. We encourage all our stakeholders — including clients and their investors, audit
committee members and regulators — to continue to engage with us on our
The audits delivered by EY people
strategy as well as any of the matters covered in this report.
help build trust and confidence in
business and the capital markets.
EY auditors serve the public
interest by delivering high-quality,
analytics-driven audits with
independence, integrity,
objectivity and professional
skepticism. In so doing, the EY
organization helps protect and Margrét Pétursdóttir Geir Steindórsson
promote sustainable and long-term
value for stakeholders. Country Managing Partner Assurance Leader
Ernst & Young ehf. Ernst & Young ehf
Transparency Report 2021 | 4About us
Legal structure, ownership and
governance Current information on shareholders can be found at
our website, www.ey.is
In Iceland, Ernst & Young ehf. is a limited liability
company organized in Iceland and is a member firm
Ernst & Young ehf. has a board of directors with
of Ernst & Young Global Limited, a UK company
overall responsibility for the company according to
limited by guarantee (EYG). In this report, we refer to
Icelandic legislation.
ourselves as “EY Iceland,” “we,” “us” or “our.” EY
refers collectively to the global organization of the
member firms of EYG. The following individuals were elected as board
directors on October 7th, 2021 at the annual general
As of June 30th, 2021, the company was owned by
meeting:
16 shareholders, 10 of whom were registered state
authorized public accountants in Iceland. All the
shareholders were employees of EY Iceland. Jóhann Unnsteinsson, chairman
Símon Þór Jónsson
The following individuals were shareholders of Ernst Valgerður Kristjánsdóttir
& Young ehf. on June 30th, 2021:
Ágústa Berg, substitute
Geir Steindórsson, substitute
Anna Kristín Traustadóttir
Ágústa Berg
Árni S. Snæbjörnsson The registered Managing Director is Margrét
Pétursdóttir.
Ásbjörn Björnsson
Geir Steindórsson
EY Iceland’s operations management team is led by
Gunnar S. Magnússon Margrét Pétursdóttir who is the Country Managing
Partner. Other members of the management team at
Guðjón Norðfjörð
the issuance of this report are;
Ingunn Hauksdóttir
Jóhann Unnsteinsson
Jón Valdimarsson Country Assurance Leader: Geir Steindórsson
Margrét Pétursdóttir Country Consulting Leader: Guðjón Norðfjörð
Ragnar Oddur Rafnsson Country Strategy & Transactions Leader: Ragnar
Oddur Rafnsson
Rögnvaldur Dofri Pétursson
Country TAX and LAW Leader: Símon Þór Jónsson
Sigurður M. Jónsson
Country Finance leader: Hildur Pálsdóttir
Símon Þór Jónsson
Valgerður Kristjánsdóttir
Transparency Report 2021 | 5Country Risk management, Professional practice Each Region elects a Regional Partner Forum (RPF),
director and Country independence leader: whose representatives advise and act as a sounding
Valgerður Kristjánsdóttir board to Regional leadership. The partner elected as
Presiding Partner of the RPF also serves as the
Country General Counsel: Símon Þór Jónsson
Region’s representative on the Global Governance
Country Talent leader: Hafdís Björk Stefánsdóttir Council (see page 8).
Country Markets and Business developent leader:
Hafdís Björk Stefánsdóttir
EY Iceland offices are at Borgartún 30, 105
Reykjavík.
EY Iceland is a registered audit firm with registration
number EF-2011-004
EY Areas, Regions and Countries*
Asia-Pacific
6 Regions
23 Countries
Americas
8 Regions
34 Countries
EMEIA
8 Regions
96 Countries
*Figures are as of 1 July 2021’
EYG member firms are grouped into three geographic
Areas: Americas; Asia-Pacific; and Europe, Middle
East, India and Africa (EMEIA). The Areas comprise
multiple Regions. Regions are groupings of member
firms (and in the case of the US member firm within
that member firm) along geographical lines with the
exception of the Financial Services Organization
(FSO) Regions, which comprise the financial services
activities of the relevant member firms within an
Area.
EY Iceland is part of the EMEIA Area, which
comprises EYG member firms in 96 countries. Within
the EMEIA Area, there were previously 10 Regions,
and, from 1 July 2021, the number has reduced to 8.
EY Iceland is part of the Nordic Region. Ernst &
Young (EMEIA) Limited (EMEIA Limited), an English
company limited by guarantee, is the principal
coordinating entity for the EYG member firms in the
EMEIA Area. EMEIA Limited facilitates the
coordination of these firms and cooperation between
them, but it does not control them. EMEIA Limited is
a member firm of EYG, has no financial operations
and does not provide any professional services.
Transparency Report 2021 | 6Network arrangements
EY is a global leader in assurance, tax, strategy and
transactions, and consulting services. Worldwide,
over 312,000 people in member firms in more than
150 countries share a commitment to building a
better working world, united by shared values and an
unwavering commitment to quality, integrity and
professional skepticism. In today’s global market, the
integrated EY approach is particularly important in
the delivery of high-quality multinational audits,
which can span nearly every country in the world.
This integrated approach enables EY member firms
to develop and draw upon the range and depth of
experience required to perform such diverse and
complex audits.
EYG coordinates the member firms and promotes
cooperation among them. EYG does not provide
services, but its objectives include the promotion of
exceptional high-quality client service by member
firms worldwide. Each member firm is a separate
legal entity. Each member firm’s obligations and
responsibilities as a member of EYG are governed by
the regulations of EYG and various other
agreements.
The structure and principal bodies of the global
organization, described below, reflect the principle
that EY, as a global organization, has a common
shared strategy.
At the same time, the network operates on a
Regional level within the Areas. This operating model
allows for greater stakeholder focus in the Regions,
permitting member firms to build stronger
relationships with clients and others in each country,
and be more responsive to local needs.
Transparency Report 2021 | 7Global Governance Council The GE’s responsibilities include the promotion of
global objectives and the development, approval and,
The Global Governance Council (GGC) is a key where relevant, implementation of:
governance body of EYG. It comprises one or more
• Global strategies and plans
representatives from each Region, other member
firm partners as at-large representatives and • Common standards, methodologies and policies
to be promoted within member firms
independent non-executives (INEs). The Regional
representatives, who otherwise do not hold senior • People initiatives, including criteria and
processes for admission, evaluation,
management roles, are elected by their RPFs for a
development, and reward and retirement of
three-year term, with provision for one successive partners
reappointment. The GGC advises EYG on policies,
• Quality improvement and protection programs
strategies, and the public interest aspects of its
decision-making. The GGC approves, in some • Proposals regarding regulatory matters and
public policy
instances upon the recommendation of the Global
Executive (GE), certain matters that could affect EY. • Policies and guidance relating to member firms’
service of international clients, business
Independent Non-Executives development, and markets and branding
• EY’s development funds and investment
Up to six Independent Non-Executives (INEs) are
priorities
appointed from outside EY. The INEs are senior
• EYG’s annual financial reports and budgets
leaders from both the public and private sectors and
reflect diverse geographic and professional • GGC recommendations on certain matters
backgrounds. They bring to the global organization, The GE also has the power to mediate and adjudicate
and the GGC, the significant benefit of their varied disputes between member firms.
perspectives and depth of knowledge. The INEs also
form a majority of the Public Interest Sub-Committee
GE committees
(PIC) of the GGC. The role of the PIC includes public Established by the GE, and bringing together
interest aspects of decision-making and stakeholder representatives from across the organization, the GE
dialogue, issues raised under whistleblowing policies committees are responsible for making
and procedures, and engagement in quality and risk recommendations to the GE. In addition to the Global
management discussions. The INEs are nominated by Audit Committee, examples of other committees
a dedicated committee, approved by the GE and include Assurance, Consulting, Tax, Strategy and
ratified by the GGC. Transactions, Global Markets and Investments, Global
Accounts, Emerging Markets, Talent and Risk
Global Executive Management.
The GE brings together EY’s leadership functions,
services and geographies. As of 1 July 2021, it is
Global Practice Group
chaired by the Chairman and CEO of EYG, and The Global Practice Group brings together the
includes its Global Managing Partners of Client members of the GE, GE committees, Regional leaders
Service and Business Enablement; the Area Managing and sector leaders. It seeks to promote a common
Partners; the global functional leadership for Talent; understanding of EY’s strategic objectives and helps
the leaders of the global service lines — Assurance, drive consistency of execution across the
Consulting, Strategy and Transactions, and Tax; and organization.
one EYG member firm partner on rotation.
EYG member firms
The GE also includes the Global Vice Chair of
Markets, the Global Vice Chair of Transformation, the Under the regulations of EYG, member firms commit
Chief Client Technology Officer, the Chair of the themselves to pursue EY’s objectives, such as the
Global Accounts Committee, the Chair of the provision of high-quality service worldwide. To that
Emerging Markets Committee, as well as a end, the member firms undertake the
representative from the Emerging Markets practices. implementation of global strategies and plans, and
work to maintain the prescribed scope of service
The GE and the GGC approve nominations for the
capability. They are required to comply with common
Chairman and CEO of EYG and ratify appointments of
standards, methodologies and policies, including
the Global Managing Partners. The GE also approves
those regarding audit methodology, quality and risk
appointments of Global Vice Chairs. The GGC ratifies
management, independence, knowledge sharing,
the appointments of any Global Vice Chair who
talent and technology.
serves as a member of the GE.
Above all, EYG member firms commit to conducting
their professional practices in accordance with
Transparency Report 2021 | 8applicable professional and ethical standards, and all The EY social impact ambition
applicable requirements of law. This commitment to
integrity and doing the right thing is underpinned by The global corporate responsibility program,
the EY Global Code of Conduct and EY values (see EY Ripples, brings together the global EY network
page 14). with a goal of positively impacting one billion lives by
2030. To date, EY Ripples initiatives have
Besides adopting the regulations of EYG, member cumulatively benefited more than 45 million people,
firms enter into several other agreements covering aided by:
aspects of their membership in the EY organization,
• A rigorous focus on three areas (supporting the
such as the right and obligation to use the EY name,
next generation workforce, working with impact
and knowledge sharing. entrepreneurs, and accelerating environmental
Member firms are subject to reviews to evaluate sustainability) where the distinctive skills,
adherence to EYG requirements and policies knowledge and experience of EY people can
governing issues, such as independence, quality and make the biggest difference.
risk management, audit methodology and HR. • A collaboration with other like-minded
Member firms unable to meet quality commitments organizations to build ecosystems capable of
and other EYG membership requirements may be creating change at scale. For example, the
subject to termination from the EY organization. TRANSFORM initiative with Unilever and the UK
Foreign, Commonwealth and Development
Office, which aims to change the lives of 150
Creating long-term value for society million people across sub-Saharan Africa and
South Asia by 2030, by tackling inequality.
While capitalism has created enormous global
prosperity, it has also left too many people behind. The EY carbon ambition
Extreme poverty is already on the rise as a result of
EY aims to become carbon negative in 2021 and net
the COVID-19 pandemic, and climate change is
zero in 2025. EY endeavors to achieve this by
threatening to deepen inequality still further as significantly reducing absolute carbon emissions, and
vulnerable communities are hit first and worst by its then removing or offsetting more than the remaining
effects. EY believes an economic system that is fairer, amount every year. To reach net zero by FY25, EY
more trustworthy and capable of addressing member firms plan to reduce absolute emissions by
humanity’s most profound challenges is urgently 40% across Scopes 1, 2 and 3 (versus an FY19
needed. baseline), consistent with a 1.5°C science-based
From advising governments on how to build more target approved by the Science Based Targets
sustainable and inclusive economies, to encouraging initiative (SBTi). Specific actions include:
businesses to focus and report on their creation of • Reducing business travel emissions, with a target
long-term value for all stakeholders, EY services to achieve a 35% reduction by FY25 against the
already play a vital role in this. However, more can FY19 baseline
and must be done. • Reducing overall office electricity usage, and
procuring 100% renewable energy for remaining
As a proud participant in the United Nations Global needs, earning RE100 membership by FY25
Compact (UNGC) since 2009, EY is committed to
• Structuring electricity Power Purchase
integrating the UNGC Ten Principles and the UN
Agreements (PPAs) to introduce more renewable
Sustainable Development Goals (SDGs) into EY electricity than EY consumes into national grids
strategy, culture and operations.
• Using nature-based solutions and carbon-
Among other things, this commitment is reflected in: reduction technologies to remove from the
atmosphere or offset more carbon than emitted,
every year
Corporate responsibility governance • Providing EY teams with tools to calculate, then
structures work to reduce, the amount of carbon emitted in
carrying out client work
Corporate responsibility across EY is coordinated by
the EY Corporate Responsibility Governance Council • Requiring 75% of EY suppliers, by spend, to set
(CRGC). This body includes members of the EY Global science-based targets by no later than FY25
Executive and provides senior leadership • Investing in EY services and solutions that help
representation from across EY services lines, clients create value from decarbonizing their
businesses and provide solutions to other
functions and geographic areas.
sustainability challenges and opportunities
Transparency Report 2021 | 9Commitment to
Sustainable Audit
Quality
engagements and input for the quality of in-process
Infrastructure supporting quality engagements, which helps achieve compliance with
professional standards and EY policies.
Quality in the EY service lines
The Global Vice Chair of Assurance coordinates
NextWave is the EY global strategy and ambition to
member firms’ compliance with EY policies and
deliver long-term value to clients, people and society.
procedures for services provided by Assurance.
It has put EY in a strong position to adapt and
innovate, while the EY purpose of Building a better
working world continues to inspire EY people not only Global Audit Quality Committee
to serve clients, but also to use EY knowledge, skills The EY Global Audit Quality Committee (GAQC) is an
and experiences to support the communities in which important element of the culture of continuous
we live and work. The insights and quality services we improvement. It comprises senior leaders from across
deliver help build trust and confidence in the capital the EY organization with extensive, diverse and
markets and in economies around the world. highly relevant experience. The GAQC advises EY
Assurance leadership on the many aspects of the
In response to disruptions in the environment, EY
organization’s business, operations, culture, talent
member firms adapted to maintain the delivery of
strategy, governance and risk management that
high-quality audits. EY provided its audit
affect audit quality.
professionals with additional training and enablement
to help detect fraud. In addition, through a data-first The committee develops innovative ideas and
approach enabled by analytics and digital tools, approaches to delivering high-quality audits and is a
teams were able to deliver high-quality audits with forum for sharing best practices of EY member firms.
independence, integrity, objectivity and professional The committee also helps develop audit quality
skepticism. indicators (AQIs) and other forms of quality
monitoring that feed into the continuous
EY member firms continue to develop the audit of the
improvement cycle.
future, including ever more sophisticated data
analytics, efficiently delivering greater insight and Quality Enablement Leaders
assurance in support of the high-quality audits that
are valued by the companies that EY audits and the The EY Quality Enablement Leaders (QEL) network is
capital markets. a group of senior Assurance leaders around the world
who drive improvements in audit quality by providing
Our people are our greatest asset in delivering support to engagement teams.
quality and value and building trust. We are elevating
their experiences, using data and technology, so they Their responsibilities include: coaching teams;
can spend more time addressing risks and exercising supporting internal and external inspections; advising
professional judgment. By applying cutting-edge teams on remediating the root causes of significant
technologies and sophisticated data analytics, all audit deficiencies; driving practice and project
while serving the public interest, our people are able management; supporting portfolio risk analyses; and
to connect and contribute to the overall EY purpose implementing processes related to the EY system of
of Building a better working world. quality management, including global AQIs.
EYG member firms and their service lines are Using EY Canvas and Milestones (see page 19), as
accountable for delivering high-quality engagements. well as ever more sophisticated artificial intelligence
EY member firms’ service lines manage the overall (AI) tools, the QELs are able to build a picture of audit
process for quality reviews of completed quality performance in real time. This, in turn, gives
Transparency Report 2021 | 10greater clarity over where resources should be training and monitoring programs, and processes
deployed to support audit teams and the companies used by member firm professionals to execute audits
they audit. consistently and effectively. The Global, Area,
Regional and Country PPDs, together with other
Professional Practice professionals who work with them in each member
firm, are knowledgeable about EY people, clients and
The Global Vice Chair of Professional Practice,
processes, and they are readily accessible for
referred to as the Global Professional Practice
consultation with audit engagement teams.
Director (PPD), is overseen by the Global Vice Chair
of Assurance and works to establish global audit Additional resources often augment the Global
quality control policies and procedures. Each of the Professional Practice group, including networks of
Area PPDs as well as the Global Delivery Service professionals focused on:
center PPD is overseen by the Global PPD and the
• Internal-control reporting and related aspects of
related Area Assurance Leader. This helps provide the EY audit methodology
greater assurance as to the objectivity of audit
• Accounting, auditing and risk issues for specific
quality and consultation processes.
topics, industries and sectors
The Global PPD also leads and oversees the Global • Event-specific issues involving areas of civil and
Professional Practice group. This is a global network political unrest; pandemics; or sovereign debt
of technical subject-matter specialists in accounting and related accounting, auditing, reporting and
and auditing standards who consult on accounting, disclosure implications
auditing and financial reporting matters; and perform • General engagement matters and how to work
various practice monitoring and risk management effectively with audit committees
activities.
Assurance Governance*
* Illustrative to show global alignment; actual reporting lines may vary based on legal, regulatory and structural considerations
The Global PPD oversees the development of the EY
Global Audit Methodology (EY GAM) and related audit
policies and technologies so that they are consistent
with relevant professional standards and regulatory
requirements. The Global Professional Practice group
also oversees the development of the guidance,
Transparency Report 2021 | 11Risk Management adjust the handling of travel and events, enable a
fully remote workforce and plan for recovery.
Risk Management (RM) coordinates organization-
With a robust GCMP in place, we were able to act
wide activities designed to help EY people meet
quickly to keep EY people safe — the top priority
global and local compliance responsibilities and
throughout the entire process. Throughout the
support client-facing teams in delivering quality and
pandemic, the GCMP team:
exceptional client service. Responsibility for high-
quality service and ownership of the risks associated • Created guidance for various stages of the
with quality is placed with the member firms and pandemic and developed a resource library on
their service lines. the Global Security SharePoint portal to serve as
a centralized repository
Among other things, the Global RM Leader helps • Maintained a daily list of high-risk locations and
monitor the identification and mitigation of these provided a consolidated daily report for each
risks, as well as other risks across the organization as Area
part of the broader enterprise risk management • Produced a daily report for leadership on the
(ERM) framework. The ERM priorities are Global, Area, Region and local impacts
communicated to member firms. The GCMP also had a role in managing confirmed
The Global RM Leader is responsible for establishing cases by:
globally consistent risk management execution • Developing pandemic checklists for local crisis
priorities and co-ordinating risk management across management teams to manage confirmed cases
EY. in the workforce
• Conducting training on how to respond to
Member firm partners are appointed to lead risk confirmed cases
management initiatives (supported by other staff and
• Assisting Talent with contact tracking for
professionals), including coordinating with the confirmed cases
service lines on such matters.
• Providing input and advice on travel, meetings
There have been additional complexities as the world and events, resulting in several global directives
continued to deal with the COVID-19 pandemic. This • Identifying international travelers to help them
has required a coordinated response across EY via return to their home countries safely
activation of the local crisis management plans Now that the focus has shifted to a safe return to the
(CMPs) that reside in nearly all EY member firm office, the GCMP team has developed a recovery plan
offices. CMPs detail specific actions to be taken to that includes:
both protect the EY workforce and respond in the
• Leading the effort to develop return-to-work
event of a COVID-19 infection within an EY
protocols and track the easing of government
workspace. However, while individual offices had to restrictions
deal with issues around contact tracing and safe
• Creating a timeline for reopening offices
workspace practices, there was a need to provide a
set of uniform guidance across all EY Areas. Even • Determining worksite leader responsibilities and
procedures for building management, office
before the World Health Organization (WHO) declared
setup, workspaces and meetings
the existence of a pandemic, the EY Global Crisis
• Establishing personal responsibilities including
Management Program (GCMP) was activated. The
office entry, workspaces, breaks and meetings
GCMP allowed for the creation of a Steering
Committee led by the Global RM Leader who • Developing a post-vaccine recovery plan
convened key Global and Area leadership daily for six Global Confidentiality Policy
months (and thereafter regularly but less frequently)
to address issues relevant to all geographies and Protecting confidential information is ingrained in the
service lines. everyday activities of EYG member firms. Respect for
intellectual capital and all other sensitive and
The Steering Committee issued regular guidance on restricted information is required by the EY Global
EY’s COVID-19 response protocols and addressed Code of Conduct, which provides a clear set of
issues related to travel, meetings and events as well principles to guide the behaviors expected of all
as adoption and promotion of best practices, and those who work with EY. The Global Confidentiality
relayed specific safe working practices guidance from Policy further details this approach to protect
the WHO. Guidance is still being issued and risk information and reflect ever-changing restrictions on
factors are being monitored during the second year the use of data. This policy provides added clarity for
of the global pandemic. those who work with EY member firms and forms the
In implementing the GCMP, the goal was to keep fundamental broader guidance that includes key
people safe and informed, manage confirmed cases, policies on conflicts of interest, personal data privacy
and records retention. Other guidance includes:
Transparency Report 2021 | 12• Social media guidance Components of our audit quality
• Information-handling requirements control program
In addition, the global policy on reporting fraud, In the following sections, we describe the principal
illegal acts and other noncompliance with laws and components of the audit quality control program,
regulations, and EY’s Global Code of Conduct which EY Iceland follows:
requires EY professionals to speak up on observing • Instilled professional values
behavior that is believed to be a violation of a law or
• Internal quality control system
regulation, the applicable standard or EY’s Global
Code of Conduct. This includes the unauthorized or • Client acceptance and continuance
improper disclosure of confidential information. • Performance of audits
• Review and consultation
Global Personal Data Protection Policy • Rotation and long association
The global policy on personal data protection • Audit quality reviews
supports and builds upon provisions within the EY • External quality assurance reviews
Global Code of Conduct, regarding respecting and • Root cause analysis
protecting personal information, in accordance with • Compliance with legal requirements
applicable law, regulatory frameworks and
professional standards. This has been updated to be Instilled professional values
consistent with the EU General Data Protection
Regulation (GDPR) and other local regulations across Sustainable Audit Quality
the globe.
Quality is the foundation of our work and central to
Cybersecurity EY member firms’ responsibility to provide
confidence to the capital markets. This is reflected in
Managing the risk of major and complex cyberattacks the Sustainable Audit Quality (SAQ) program, which
is a part of conducting business for all organizations. continues to be the highest priority for EY member
While no systems are immune from the threat of firms’ Assurance practices.
cyberattacks, EY Iceland is vigilant in the steps it
takes to secure and protect client data. SAQ establishes a strong governance structure that
enables each member firm to provide high-quality
The EY approach to cybersecurity is proactive and audits. It is implemented locally, and coordinated and
includes the implementation of technologies and overseen globally. The word “sustainable” in SAQ is
processes necessary to manage and minimize used to demonstrate that this is not a one-off, short-
cybersecurity risks globally. EY information security term initiative, but an ongoing process of
and data privacy programs, consistent with industry improvement.
practices and applicable legal requirements, are
designed to protect against unauthorized access to There are six SAQ pillars: tone at the top; exceptional
systems and data. There is a dedicated team of talent; simplification and innovation; audit
cybersecurity specialists, who constantly monitor and technology and digital; enablement and quality
defend EY systems. support; and accountability. These pillars are
supported by a foundation of serving the public
Beyond technical and process controls, all EY people interest.
are required to annually affirm in writing their
understanding of the principles contained in the EY Significant progress has been made through SAQ. EY
Global Code of Conduct and their commitment to member firms’ internal and external inspection
abide by them. There are also required security findings globally are improving, and there is greater
awareness learning activities. Various policies outline consistency in execution. The trend in results also
the due care that must be taken with technology and reflects the involvement of the QEL network and a
data, including, but not limited to, the Global focus on culture and behaviors.
Information Security Policy, and a global policy on EY has deployed leading technological tools that
the acceptable use of technology. EY cybersecurity enhance the quality and value of EY audits, including
policies and processes recognize the importance of the EY Canvas online audit platform, EY Helix
timely communication. analytics platform and EY Atlas research platform.
EY people receive regular and periodic EY Canvas facilitates the use of the “Milestones”
communications reminding them of their project management functionality, which helps audit
responsibilities outlined in these policies and of teams stay on pace with their audit execution and
general security awareness practice. drive executive involvement. The EY Canvas Client
Portal, which is a component of EY Canvas, magnifies
its importance in having a secure and user-friendly
Transparency Report 2021 | 13platform in transmitting data between engagement reinforce the importance of performing quality work,
teams and the companies audited while effectively complying with professional standards, adhering to
monitoring the pacing of the audit. This suite of tools EY policies and leading by example. In addition, EY
played a key role in helping EY navigate this past member firms assess the quality of professional
year: having the right technology and tools in place services provided as a key metric in evaluating and
for EY audit teams to work together effectively in a rewarding EY professionals.
remote environment continues to be a key success The EY culture strongly supports collaboration and
factor and differentiator. places special emphasis on the importance of
Additionally, EY Helix and the entire suite of data consultation in dealing with complex or subjective
analytic tools represent key ways to address the risk accounting, auditing, reporting, regulatory and
of fraud in audit execution. Increasing the required independence matters. We believe it is important to
use of these tools provides a more robust response to determine that engagement teams and clients
audit risks associated with companies facing correctly follow consultation advice, and we
economic challenges, especially in light of the emphasize this when necessary.
pandemic. Broader adoption of these data analytic
tools is occurring this year. The consistent stance of EY Iceland has been that
EY Atlas is a cloud-based platform for accessing and no client is more important than our professional
searching accounting and auditing content, including reputation — the reputation of EY Iceland and the
external standards, EY interpretations and thought reputation of each of our professionals.
leadership.
Current SAQ initiatives are focused on supporting EY
teams in understanding the business of the Global Code of Conduct
companies audited. By leveraging data and
technology and executing enhanced engagement risk We promote a culture of integrity among our
assessment, EY is continuing to drive quality audit professionals. The EY Global Code of Conduct
execution. Additionally, a network of coaches is provides a clear set of principles that guide our
actively supporting engagement teams in staying on actions and our business conduct and are to be
track with respect to the pace of their audits, driving followed by all EY personnel. The EY Global Code of
timely executive involvement and providing positive Conduct is divided into five categories:
direction and enablement when necessary. • Working with one another
Audit quality is something that every team member • Working with clients and others
must understand and be committed to implementing • Acting with professional integrity
locally. SAQ is essential to all our goals and • Maintaining our objectivity and independence
ambitions, and each Regional and Area leader has a
• Protecting data, information and intellectual
role in achieving these goals. capital
The SAQ infrastructure demonstrates that audit Through our procedures to monitor compliance with
quality is the single most important factor in our the EY Global Code of Conduct and through frequent
decision-making and the key measure on which our communications, we strive to create an environment
professional reputation stands. that encourages all personnel to act responsibly,
including reporting misconduct without fear of
Tone at the top
retaliation.
EY Iceland’s leadership is responsible for setting the
right tone at the top and demonstrating EY’s Whistleblowing
commitment to building a better working world The EY Ethics Hotline provides EY people, clients and
through behavior and actions. While the tone at the others outside of the organization with a means to
top is vital, EY people also understand that quality confidentially report activity that may involve
and professional responsibility start with them and unethical or improper behavior, and that may be in
that within their teams and communities, they are violation of professional standards or otherwise
leaders too. EY shared values, which inspire EY inconsistent with the EY shared values or Global Code
people and guide them to do the right thing, and the of Conduct. Globally, the hotline is operated by an
EY commitment to quality are embedded in who we external organization that provides confidential and,
are and in everything we do. if desired, anonymous hotline reporting.
The EY approach to business ethics and integrity is
When a report comes into the EY Ethics Hotline,
contained in the EY Global Code of Conduct and other
either by phone or internet, it receives prompt
policies and is embedded in the EY culture of
attention. Depending on the content of the report,
consultation, training programs and internal
appropriate individuals from Risk Management,
communications. Senior leadership regularly
Transparency Report 2021 | 14Talent, Legal or other functions are involved in perspectives, spanning geographies, service lines and
addressing the report. The same procedures are functions.
followed for matters that are reported outside of the
EY Ethics Hotline. Our values: who we are
Diversity and inclusiveness
People who People with People who
EY has a long-standing commitment to diversity and demonstrate energy, build
inclusiveness (D&I). This commitment to building integrity, enthusiasm relationships
high-performing, diverse and inclusive teams is respect, and the based on
teaming and courage doing the
especially important in audit, where diverse inclusiveness to lead right thing
perspectives drive professional skepticism and critical
thinking. Greater diversity and inclusive
1 2 3
environments drive better decision-making, stimulate
innovation and increase organizational agility. Internal quality control system
EY has been on a D&I journey for decades, and while
substantial progress has been made, under the global
Structure
NextWave strategy and ambition EY has committed to EY Iceland’s reputation for providing high-quality
increasing D&I progress throughout the organization. professional audit services independently, objectively
The Global Executive has made a visible commitment and ethically is fundamental to our success as
to EY people and to the market to accelerate D&I at independent auditors. We continue to invest in
EY through signing the Global Executive Diversity & initiatives to promote enhanced objectivity,
Inclusion Statement. Not only does this reinforce that independence and professional skepticism. These are
D&I is a key business lever, it ensures that EY fundamental attributes of a high-quality audit.
member firms hold themselves accountable for
progress, starting with the tone at the top. At EY Iceland, our role as auditors is to provide
assurance on the fair presentation of the financial
There has been a particular focus on promoting
statements of the companies audited. We bring
gender diversity over recent years. In 2021, 36.8% of
together qualified teams to provide audit services,
new audit partners, globally, were women. A strong
drawing on our broad experience across industry
pipeline of female leadership has been built,
sectors and services. We continually strive to improve
supported by 52.4% of all audit hires across the globe
quality and risk management processes so that the
in 2020 being female.
quality of our service is at a consistently high level.
Inclusive organizations maximize the power of all
differences. Employees need to feel they are working In today’s environment, characterized by continuing
for an organization that not only values them as globalization, rapid movement of capital and the
individuals, but also sees differences as strengths impact of technological changes, the quality of our
and values their contributions. Fostering this sense of audit services has never been more important. As
belonging is critical to helping the EY organization part of NextWave, there is a continued and strong
attract the most talented individuals, and helping our investment in the development and maintenance of
professionals stay motivated and engaged. the EY audit methodology, tools and other resources
needed to support high-quality audits.
In the November 2020 employee listening survey,
82% of auditors said the EY organization prepares While the market and stakeholders continue to
them to work effectively with clients and colleagues demand high-quality audits, they also demand an
from different countries and cultures, and 86% increasingly effective and efficient delivery of audit
agreed that the people they work with make them services. In addition to the investments mentioned,
feel that they belong to a team. EY continues to seek ways to improve the
Leaders across EY make D&I a priority and it is a key effectiveness and efficiency of its audit methodology
metric across all the organization’s talent and processes, while improving audit quality.
management programs. To enable greater EY works to understand where member firms’ audit
accountability across the EY organization, the Global quality may not be up to their own expectations and
D&I Tracker helps track progress with consistent those of stakeholders, including independent audit
diversity and inclusiveness metrics and reporting regulators. This includes seeking to learn from
across the organization globally. EY also created the external and internal inspection activities and to
Global Social Equity Task Force (GSET) to develop identify the root causes of adverse quality
cohesive action plans specifically addressing inequity occurrences to enable a continual improvement of
and discrimination, including racism. It includes EY audit quality.
leaders with a wide range of backgrounds and
Transparency Report 2021 | 15Effectiveness of the quality control system Quality Management 1 (ISQM 1) will replace the
current International Standard on Quality Control 1
EY has designed and implemented a comprehensive (ISQC 1) and requires a more proactive and risk-
set of global audit quality control policies and based approach to managing quality at the firm level.
practices. These policies and practices meet the ISQM 1 requires firms to design, implement, monitor
requirements of the International Standards on and evaluate the overall system of quality
Quality Control issued by the International Auditing management (SQM) that provides reasonable
and Assurance Standards Board (IAASB). EY Iceland assurance a firm will meet prescribed quality
has adopted these global policies and procedures and objectives.
has supplemented them as necessary to comply with
The standard includes more robust requirements for
local laws and professional guidelines, and to address
the governance, leadership and culture of
specific business needs.
professional accountancy firms, and introduces a risk
We also execute the EY Audit Quality Review (AQR) assessment process for firms to assess risks to
program to evaluate whether our system of audit achieving quality objectives and design responses
quality control has operated effectively to provide that address those risks. It also requires more
reasonable assurance that EY Iceland and our people extensive monitoring of the SQM to identify
comply with applicable professional standards, deficiencies that require corrective actions and to
internal policies and regulatory requirements. provide the basis for evaluating the overall
effectiveness of the SQM.
The results of the AQR program and external
inspections are evaluated and communicated within The EY approach is to design an SQM that is
EY Iceland to provide the basis for continual consistently applied across the entire network of
improvement in audit quality, consistent with the member firms to promote consistent engagement
highest standards in the profession. quality and operating effectiveness. This is especially
important in a global economy where many audits are
The Global Executive has responsibility for the transnational and involve the use of other EY
coordination of quality improvement implementation. member firms.
As such, it reviews the results of the internal AQR
program and external audit firm regulatory reviews, The standard requires firms to design and implement
as well as any key actions designed to address areas a system of quality management by December 2022.
for improvement. EY Iceland has commenced work to implement the
new standard alongside the EY System of Quality
The recent results of such monitoring, together with Management transformation program. Our initial
feedback from independent audit regulators, provide steps have included:
EY Iceland with a basis to conclude that our internal
control systems are designed appropriately and are • Identifying the functions and service lines that
operating effectively. provide support for, or perform engagements
within the scope of ISQM 1
Audit quality indicators • Establishing a program governance structure to
manage design and implementation of a system
Audit quality is not defined in professional standards, of quality management that complies with ISQM
and stakeholders may have different views on how it 1 with representatives from various functions
should be measured. While no single reportable and service lines
metric or set of metrics can be viewed as a sole • Identifying and assessing quality risks, and
indicator of audit quality, a set of metrics can be used documenting responses in accordance with the
to give an indication of audit quality. network-developed approach
Assurance leadership monitors the execution of the • Identifying and understanding network resources
EY strategy and vision by local geographies through a and their implementation or use by the country
in its SQM
combination of metrics or audit quality indicators
(AQIs). These include: external and internal • Challenging and identifying enhancements to the
existing quality control system to achieve
inspection results; Milestones performance; people
compliance with the new standard
surveys; and retention rates.
We believe that implementing the requirements
within ISQM 1 will be useful to improving quality at
the firm and engagement level, because an effective
Update to the control framework – ISQM 1
system of quality management is foundational to
In September 2020, the IAASB approved a quality achieving consistent engagement quality.
management standard that includes significant
changes to the way professional accountancy firms
manage quality. The International Standard on
Transparency Report 2021 | 16Client acceptance and continuance assess both business opportunities and associated
risks.
Global policy on client and engagement
acceptance As part of this process, we carefully consider the risk
characteristics of a prospective client or engagement
The EY global policy on client and engagement
and the results of due diligence procedures. Before
acceptance sets out principles for member firms to
taking on a new engagement or client, we determine
determine whether to accept a new client or a new
whether we can commit sufficient resources to
engagement, or to continue with an existing client or
deliver quality service, especially in highly technical
engagement. These principles are fundamental to
areas, and if the services the client wants are
maintaining quality, managing risk, protecting EY
appropriate for us to provide. The approval process is
people and meeting regulatory requirements. The
rigorous, and no new audit engagement may be
objectives of the policy are to:
accepted without the approval of Regional or
• Establish a rigorous process for evaluating risk local PPD.
and making decisions to accept or continue
clients or engagements In the EY annual client and engagement continuance
• Meet applicable independence requirements process, we review our service and ability to continue
to provide a quality service, and confirm that clients
• Identify and deal appropriately with any conflicts
of interest share EY Iceland’s commitment to quality and
transparency in financial reporting. The lead audit
• Identify and decline clients or engagements that
engagement partner of each audit, together with our
pose excessive risk
Assurance leadership, annually reviews our
• Require consultation with designated
relationship with the audit client to determine
professionals to identify additional risk
management procedures for specific high-risk whether continuance is appropriate.
factors As a result of this review, certain audit engagements
• Comply with legal, regulatory and professional are identified as requiring additional oversight
requirements procedures during the audit (close monitoring), and
In addition, the EY global policy on conflicts of some audit clients are discontinued. As with the
interest defines global standards for addressing client acceptance process, our local PPD is involved in
categories of potential conflicts of interest and a the client continuance process and must agree with
process for identifying them. It also includes the continuance decisions.
provisions for managing potential conflicts of interest Decisions about acceptance or continuance of clients
as quickly and efficiently as possible, using and engagements consider the engagement team’s
appropriate safeguards. Such safeguards may include assessment of several risk factors across a broad
obtaining client consent to act for another party range of categories including management’s attitude,
where a conflict of interest may exist, establishing internal controls and related parties.
separate engagement teams to act for two or more
parties, implementing appropriate separations
between engagement teams or declining an
engagement to avoid an identified conflict.
The EY global policy on conflicts of interest and
associated guidance consider the increasing
complexity of engagements and client relationships,
and the need for speed and accuracy in responding to
clients. They also align with the latest International
Ethics Standards Board for Accountants (IESBA)
standards.
Putting policy into practice
We use the EY Process for Acceptance of Clients and
Engagements (PACE), an intranet-based system, for
efficiently coordinating client and engagement
acceptance and continuance activities in line with
global, service line and member firm policies. PACE
takes users through the acceptance and continuance
requirements, and identifies the policies and
references to professional standards needed to
Transparency Report 2021 | 17You can also read
