International Standard on Quality Management 1 (ISQM1) is a standard primarily focused on Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements. This Standard deals with a firm’s responsibilities to design, implement and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements. It is effective as of December 15, 2022.
Why this new standard?
The standard is a response to the growing apathy against better than desirable audit quality outcomes. For example, for the year ending 30th September 2022, the UK’s Financial Reporting Council (FRC) fined auditors a record £33.3m. This record marks a 77% increase on the £18.7m fines handed out in the previous year. In June 2022, the US Securities and Exchanges Commission fined Ernst & Young a record $100m over claims its auditors cheated on ethics exams. The US Public Company Accounting Oversight Board (PCAOB) fined KPMG $2m over claims the firm’s UK business failed to detect or prevent the widespread sharing of answers from 2018 to 2021. The SEC fined KPMG $4m over claims its Colombian business altered audit documents ahead of two separate PCAOB inspections. The compound effect of these and many other earlier cases have led to a need for a more agile standard on audit firms’ quality management processes engrained into the firm’s culture.
This ISQM applies to all firms performing audits or reviews of financial statements; if the firm performs any of these engagements, this ISQM applies and the system of quality management that is established in accordance with the requirements of this ISQM enables the consistent performance by the firm of all such engagements
A system of quality management operates in a continual and iterative manner and is responsive to changes in the nature and circumstances of the firm and its engagements. It does not operate in a linear manner. Non-linear thinkers make connections and draw conclusions from unrelated concepts or ideas: they have less-restrictive thoughts which expand in multiple directions which allows for multiple points of logic rather than just one answer.
ISQM 1 requires the firm to apply a risk-based approach in designing, implementing and operating the components of the system of quality management in an interconnected and coordinated manner such that the firm proactively manages the quality of engagements performed by the firm.
ISQM1 requires the firm to maintain an information system that identifies, captures, processes and maintains relevant and reliable information that supports the system of quality management, whether from internal or external sources.
The firm must demonstrate a commitment to quality through a culture that exists throughout the firm, which recognizes and reinforces:
- The firm’s role in serving the public interest by consistently performing quality engagements;
- The importance of professional ethics, values and attitudes;
- The responsibility of all personnel for quality relating to the performance of engagements or activities within the system of quality management, and their expected behaviour; and
- The importance of quality in the firm’s strategic decisions and actions, including the firm’s financial and operational priorities.
Key differences between ISQM1 and ISQC1
Scope: ISQM1 applies to a firm’s overall quality management system, while ISQC1 applies specifically to the quality control system for audit and review engagements.
- Focus: ISQM1 focuses on the firm’s management of quality, including its policies and procedures, while ISQC1 focuses on the firm’s quality control policies and procedures for audit and review engagements.
- Requirements: ISQM1 establishes requirements for a quality management system, including the need for the firm to establish a policy for quality and to implement and maintain procedures for managing quality. ISQC1 establishes specific requirements for a quality control system for audit and review engagements, including requirements for the firm to have policies and procedures in place to ensure the consistent application of professional standards.
- Compliance: Firms that wish to demonstrate compliance with ISQM1 and ISQC1 must undergo a formal assessment by a recognized external quality assessment body. This assessment involves reviewing the firm’s quality management and control systems to determine whether they meet the requirements of the relevant standards. If the firm is found to be in compliance, it may be awarded a certificate of compliance with the standards. This certificate can be used to demonstrate to clients, regulators, and other stakeholders that the firm has implemented robust systems for quality management and control
Key challenges that firms may face when implementing ISQM1
Implementing ISQM1 requires a significant investment of time and resources, and it can be a challenging process for firms. However, the benefits of having a robust quality management system, including improved efficiency, better client service, and increased credibility, can make the effort worthwhile.
- Developing a quality policy: Firms must develop a written quality policy that sets out their commitment to quality and their approach to managing quality. This can be a challenging process, as it requires the firm to consider its values, goals, and expectations for quality.
- Establishing procedures: Firms must establish written procedures for managing quality, including processes for training staff, reviewing and monitoring quality, and addressing quality issues. This can be a time-consuming process, as it requires the firm to carefully consider its needs and the best ways to meet them.
- Implementing and maintaining the quality management system: Once the quality management system is in place, the firm must implement and maintain it to ensure that it is effective and efficient. This can be challenging, as it requires ongoing effort and resources to keep the system up to date and to address any issues that may arise.
- Demonstrating compliance: Firms that wish to demonstrate compliance with ISQM1 must undergo a formal assessment by a recognized external quality assessment body. This can be a complex process, as it requires the firm to provide evidence of its quality management system and to demonstrate that it meets the requirements of the standard.
Overcoming challenges to ISQM1
To update their quality management system, firms may consider using software to manage audit quality. This type of software can help firms to automate and streamline various aspects of the audit process, including:
- Document management: Audit quality management software can help firms to manage and track the various documents and materials needed for an audit, including working papers, engagement letters, and client financial statements.
- Task management: The software can help firms to assign tasks to staff and track the progress of these tasks, ensuring that all necessary steps are completed in a timely manner.
- Quality control review: The software can help firms to conduct quality control reviews of audit engagements, identifying any issues or areas for improvement.
- Risk assessment: The software can assist firms in identifying and assessing risks associated with audit engagements, helping them to develop strategies to mitigate these risks.
- Training and development: The software can provide staff with access to training materials and resources, helping them to develop the skills and knowledge needed to conduct high-quality audits.
Firms should conduct regular review and update of their quality systems to ensure that it is effective and efficient, and to address any issues that may arise.
By using audit quality management software such as Auditproo, firms can improve the efficiency and effectiveness of their quality management system, helping them to consistently deliver high-quality audit services.