IAASA may review compliance with a Firm’s own policies and procedures. Where a firm has a policy which is stricter than standards/legislation, does IAASA raise findings where Firm policy is not complied with but the requirements of the standards/legislation have been?

IAASA may raise a finding where a Firm policy has been breached, even if the requirements of standards and legislation have not been breached. As set out in Article 26 of EU Regulation 537, an inspection assesses both the design of the internal control system and testing compliance with that control system. In instances where the Firm policy has been breached and the matter remains compliant with standards/legislation, this will be noted in the report and will be considered in the rating process.