At a glance
- The International Auditing and Assurance Standards Board requires firms and practitioners offering audit and assurance services to have a system of quality management (QM) in place by December 2022.
- The key to an effective QM system is robust risk management, which is as much for the audit firm and engagement partner’s protection as it is for the benefit of audited entities in ensuring high-quality audits.
- The suite of QM standards is designed to be scalable, enabling practitioners to adopt different approaches to QM.
Questions about the quality of external audits have been an ongoing theme in the media globally for some time. These questions have arisen largely due to suboptimal auditor inspection findings reported by the International Forum of Independent Audit Regulators (IFIAR) in its annual survey of regulators and incidents of corporate failures in the absence of the auditor raising appropriate red flags.
Quality Management (QM) is being introduced to replace quality control for audit firms “to improve the robustness of their monitoring and remediation, embed quality into their corporate culture and the “tone at the top”, and improve the robustness of engagement quality reviews”, advised the International Auditing and Assurance Standards Board (IAASB) when issuing the new QM standards.
|The IAASB Quality Management Suite of Standards comprises|
|ISQM 1 For firms conducting audit or assurance engagements|
|ISQM 2 For audit and assurance engagement quality reviews|
|ISA 220 For audit engagements|
The IAASB requires firms and practitioners offering audit or assurance services to have a system of QM in place at both the firm and engagement level by mid-December 2022. However, firms cannot wait to take action until mid-December, as the QM system needs to be designed and implemented so that it is operating effectively by then.
For audit firms and engagement partners that have not yet started the implementation process, there is much work to be done in designing a QM system.
QM comprises eight components (six of which align to the existing six Quality Control elements):
- Risk assessment process*
- Governance and leadership
- Relevant ethical requirements
- Acceptance and continuance of client relationships and specific engagements
- Engagement performance
- Information and communication
- Monitoring and remediation process*
* Two new components that are additional to the elements in the existing Quality Control standards.
Risk-based management of audit quality
The key to an effective QM system is robust risk assessment. This will inevitably be unique for each audit practice, explains Len Jui FCPA, deputy chair of the IAASB and chair of CPA Australia’s External Reporting Centre of Excellence. “The standard encourages firms to design a system of quality management that is tailored to the nature and circumstances of the firm and engagements it performs.”
The risk assessment component of QM involves setting quality objectives for each of the other seven components of QM, identifying and assessing related quality risks and addressing those risks in the system of QM.
The thinking that is needed by each firm’s leadership and by each audit engagement partner to implement this tailored approach is expected to have a direct and positive impact on audit quality.
Audit and assurance is typically just one service among a number of services offered by a firm or sole practitioner. However, the impact of QM is likely to be more pervasive rather than just limited to the audit and assurance team. This is because the firm’s strategy, decisions, goals, and resource management all need to be aligned with a commitment to quality required by the QM standards.
Firms will need to draw on financial, human and technological resources to ensure compliance with the standards. In addition, in order to meet the independence requirements, other business units will need to align their engagement acceptance with restrictions on non-assurance services provided to audit clients and staff financial interests in those clients.
The IAASB highlights that “ISQM 1 promotes integrating QM into the culture of the firm, the firm’s strategy, operational activities and business processes”, as opposed to be a discrete compliance exercise.
Allocating individual responsibilities
The importance of getting this initiative right is reflected in the requirement for ultimate responsibility and accountability for implementation of QM to sit with the highest level of leadership within each firm.
Accountability is required to be clearly allocated. Individuals are required to be assigned operational responsibility and accountability for the overall design, implementation, and operation of the QM system, independence, monitoring and remediation of the system and appointment of engagement quality reviewers.
In addition, the engagement partner has ultimate responsibility for the QM for each audit or assurance engagement they undertake.
Scalable approach to quality management
The suite of QM standards is designed to be scalable, enabling practitioners to adopt different approaches to QM.
For example, many sole practitioners are likely to focus more on risks and responses at the engagement level. However, doing so requires professional judgement in designing, implementing and operating the system of QM.
Plan your approach
Firms needs to determine the approach to implementation that works for them. Approaches could include:
A phased approach – addressing each of the eight components sequentially
A big bang approach – implement the entire system at one time
A pilot approach – test the system out on one team, office or location before rolling out to the entire firm
Whichever is chosen monitoring of the effectiveness of the system will need to be undertaken following implementation.
Checklist of actions to implement QM
- Allocate responsibilities
- Determine quality objectives to address each component of QM
- Assess risks to achieving the quality objectives
- Design responses
- Implement and monitor effectiveness
Reaping the benefits
More effective risk management is as much for the audit firm and engagement partner’s protection as it is for the benefit of audited entities in ensuring high quality audits.
“Audit firms have a huge opportunity when implementing QM to rethink their approach to audit engagements in order to make a step change in quality,” Jui reflects on the outcome of the IAASB’s work on developing QM.
Better identification and mitigation of risks that the firm faces with respect to quality will result in less unwelcome surprises. Such surprises may arise from circumstances such as unidentified conflicts of interest, acceptance of engagements for which the team has insufficient industry knowledge or corner cutting due to unreasonable deadlines, all of which are preventable.