Quality control in our audits is currently regulated by ISQC 1, International Standard on Quality Control. Effective from 15 December 2022, such standard will be replaced with ISQM1, International Standard on Quality Management. The new standard requires firms to design a system of quality management, a system designed to manage the quality of all engagements carried out by the firm, in line with the nature and circumstances of the firm and its engagements. It is therefore regulating quality at a firm level, contrary to ISA 220 (Revised) which regulates quality at an engagement level.
The objective of ISQM 2 is to enhance requirements and application material in relation to engagement quality reviews of a company.
ISQM 1 is applicable to all firms performing audits or reviews of financial statements, or other assurance or related services engagements. Thus, any of these services would be regulated by ISQM 1 with respect to the management of quality.
The below table summarises and highlights the main differences emanating from ISQM 1 when compared to the previous quality standard of ISQC 1.
| ISQC1 | ISQM1 | Main Changes from ISQC 1 to ISQM 1 |
| N/A | The firm’s risk assessment process | The introduction of a risk-based approach within ISQM 1. The main idea within ISQM 1 to have firms perform their own risk assessment procedures to ensure that their quality management system is designed specifically to address those risks. |
| Leadership | Governance and Leadership | The firm shall identify responsible persons to be held accountable for their roles. Such individuals should carry the appropriate knowledge, experience, time, and authority. Ultimate responsibility should be carried by a firms’ CEO, managing partner or board of directors. The role includes having relevant knowledge of ISQM 1, while ultimately achieving the objectives of such standard. |
| Relevant ethical requirements | Relevant ethical requirements | Minor changes, which include the increased focus on ethical requirements and independence within ISQM 1. |
| Acceptance and continuance of client relationships and specific engagements | Acceptance and continuance of client relationship and specific engagements | Minor changes within ISQM 1 which includes the requirement for quality objectives in relation to acceptance and continuance of client relationships and engagements. |
| Engagement Performance | Engagement Performance | Minor changes with ISQM 1 which includes the requirement for firms to establish quality objectives in relation to the perfomance of its engagements. |
| Human Resources | Resources (human, technological and intellectual resources) | ISQM 1 includes the involvement of technological and intellectual resources, including external service providers. The appropriate resources should be obtained/developed, with relevant personnel held accountable for respective duties. The commitment of a firm’s personnel is to be reinforced through compensation, promotions or other incentives. |
| N/A | Information and communication | Information and communication within ISQM 1 enables the design and implementation of the quality management system. Two-way communication is encouraged, both internally, externally and with those charged with governance. Meanwhile, the firm’s information system needs to be quality-oriented. |
| Monitoring | Monitoring and remediation process | While monitoring plays an important role in the firm’s quality control process, the firm needs to ensure that investigations are carried out with respect to the root cause of deficiencies identified. |
As can be seen from the above table, ISQM 1 is made up of eight components which are highly integrated and operate together in a continuous manner. The main components arising from the introduction of ISQM 1 include the requirement for:
- A risk assessment process to be in place
- More focus on governance in addition to leadership
- Relevant ethical requirements
- Acceptance and continuance procedures for client relationships and specific engagements
- Engagement performance
- Increased resources
- The improvement of information and communication
- Proactive monitoring of the system as a whole, including timely and effective remediation
Should you require further information or assistance in relation to the implementation of ISQM 1, please get in touch with John Debattista on jd@zampadebattista.com or Janis Hyzler on jh@zampadebattista.com.
Our assistance goes beyond an advisory role, and could also include the fully-fledged drafting of policies and procedures in line with the requirements of ISQM 1.
Book our free webinar being held on 26th April 2022 through the following link. Limited seats are available.
Please note that this article is being published for information purposes only. As such, it does not constitute or should not be interpreted or construed as legal advice or guidance. Zampa Debattista does not accept responsibility or liability for any damages arising as a result of using this information as legal advice or guidance.
John Debattista
Partner
