To ensure audits are effective and standardized across the board, they must meet certain international audit standards. These legal and professional requirements guide accounting firms and their personnel on best working practices to guarantee the quality and compliance of audit reports.
Since December 2022, the relevant standards that audit firms must comply with are the International Standard on Quality Management 1 (ISQM 1).
Issued by the International Auditing and Assurance Standards Board (IAASB), the ISQM 1 audit standard replaced the previous ISQC 1 standards following multiple quality issues. Now, firms must get used to the complexities of ISQM 1 alongside ISQM 2 and the revised ISA 220 standards.
Of all the regulatory changes, ISQM 1 has the most significant impact on working practices at a firm level. Professionals performing audits or financial statement reviews must ensure they are well-versed in this transformative shift in audit quality management.
Let’s dive into all you need to know about ISQM 1 as an accounting professional. We will cover why it’s important, what it includes and the simplest ways to ensure compliance.
Why audit quality matters
In the current business landscape, audit quality is of paramount importance. An audit is not simply a compliance exercise. It creates trust and transparency with stakeholders by confirming that financial statements accurately represent a company’s financial health. It is crucial to a company’s economic stability and allows for investor confidence.
High-quality audits help prevent financial scandals, protect investors and bolster the credibility of financial markets. When audit quality is compromised, as seen in various cases, the consequences can be far-reaching. It can erode trust in companies, auditors and the financial system as a whole.
Therefore, ensuring and upholding audit quality is not just a professional obligation but a safeguard for the integrity of the global economy.
The history of ISQC 1
In 2005, the IAASB introduced the International Standard on Quality Control 1 (ISQC 1). It aimed to provide a framework for audit firms to establish and maintain quality control procedures. However, as the business and accounting industries have evolved, there has been a fundamental shift in the approach to audit quality management.
It became evident that ISQC 1’s traditional, reactive approach no longer aligned with modern-day businesses in several ways. These range from the ISQC 1’s lack of focus on mitigating risks to its antiquated “tick-box” compliance approach. ISQM 1 aims to empower audit teams and individuals to adopt a more proactive and independent mindset when approaching audits.
The eight elements of ISQM 1
The following eight components make up ISQM 1. Firms must design a system of quality management that takes into consideration the following:
1. Firm’s risk assessment process
Firms must establish an ongoing risk assessment process that considers their unique circumstances, including:
- Technologies they use
- External service providers
This enables firms to set tailored quality objectives and focus on identifying and mitigating risks. Systems such as training for audit personnel or processes for identifying threats will help ensure that firms always issue the right engagement.
Importantly, this component acknowledges that risks vary among firms. It combats the idea that one risk assessment process can be universally applied across all audit firms, regardless of size or client base.
2. Governance and leadership
Firms need to establish a culture that embraces quality, along with a duty to serve the public interest. This responsibility extends throughout the entire organization, with the chief executive or managing partner assuming accountability for the System of Quality Management (SoQM). The idea behind this is to encourage commitment to quality and ethical conduct from the top down.
Furthermore, the firm should set up systems and policies to reward dedication to quality over client retention and profitability. This approach allows audit engagement partners to objectively challenge client judgments without worrying about losing the client. Removing commercial pressures and self-interest supports employees in fulfilling regulatory obligations while making sound decisions.
3. Relevant ethical requirements
The SoQM should have specific policies to meet ethical requirements. These may vary depending on the size of the firm and the jurisdiction in which a firm operates. They may well extend beyond the International Code of Ethics for Professional Accountants.
Firms can educate and monitor staff compliance with ethical standards through things like training and ethical declarations. Component auditors in a group must also adhere to relevant ethical regulations. Any additional policies to mitigate other kinds of threats should be included in the SoQM. For instance, some firms or jurisdictions prohibit accepting gifts.
ISQM 1 aims to be scalable, allowing firms to tailor their approaches to address risks specific to their circumstances. Larger firms with bigger clients, for example, may require more extensive processes around identifying conflicts of interest.
4. Acceptance and continuance of client relationships
Accepting and continuing business relationships is an important factor in ISQM 1. Firms can decide this by evaluating a client’s integrity, ethical values and the firm’s capacity to meet legal and professional requirements for the engagement.
The allure of high compensation should not compromise sound decision-making when deciding to take on or retain a client. ISQM 1 ensures firms concentrate first and foremost on their ability to deliver a high-quality engagement.
It is also important to reevaluate existing business relationships each year, which might include new identity checks, revisiting employee independence declarations and re-assessing conflicts of interest.
5. Engagement performance
A solid engagement team is key to carrying out a quality audit. ISQM 1 empowers teams to use their independent judgment and criteria. ISQM 1 also requires the monitoring and supervising of less-experienced team members to avoid the risk of jeopardizing the audit quality. An audit engagement partner should also have continuous involvement throughout the engagement, as a lack of time can also impact results. SoQMs should facilitate team consultations, address internal differences of opinion and resolve issues highlighted by an engagement quality reviewer.
Firms must make sure they assign the appropriate resources to any given engagement. This could include:
- Assigning senior employees to complex tasks
- Offering necessary training to professionals
- Allowing ample time for testing and analytics
- Providing specialized technical tools
If a firm is not able to deliver in-house or on time, they should consider hiring external independent experts.
7. Information and communication
Information and communication are essential for the smooth functioning of a firm’s System of Quality Management. This could involve acquiring information to use in engagements, as well as sharing information within the firm.
Internal communication may look like sharing policies with staff or communication between auditors. ISQM 1 also considers external communications, including those with service providers.
The scope of these exchanges is extensive, ranging from ethical and professional requirements to client acceptance and engagement performance. These communications should adhere to the firm’s culture and occur in a timely manner.
8. Monitoring and remediation process
Finally, firms must set up a system to monitor the SoQM and make sure it remains effective. If there are any issues, firms should log these and implement improvements on a continual basis.
Challenges for audit firms in adjusting to a new standard
Adjusting to a new standard like ISQM 1 can present several challenges for audit firms:
- Compliance complexity and resource allocation: Navigating the intricacies of all requirements while ensuring full compliance can be challenging. Smaller firms, in particular, may feel the strain when allocating resources.
- Cultural shift and training investments: Firms may need to change their mindset and practices to prioritize risk management and quality control over purely procedural compliance.
- Documentation requirements: Audit firms must maintain extensive records to demonstrate compliance, which can be labor-intensive and may require new systems.
- Effective monitoring: Setting up monitoring and review systems can be time-consuming, especially in larger firms with multiple engagements.
- Integration with existing systems: The transition period to fully implement ISQM 1 can be demanding. Firms may need to adapt existing systems to integrate company-wide.
- Navigating industry-specific requirements and global variations: Different regions or countries may have specific regulations, and some industries or sectors may have unique audit challenges and requirements.
Tips for complying with ISQM 1
To adjust to the ISQM 1 auditing standard with ease, make sure to consider the following:
Don’t skip the planning
Before transitioning, conduct a thorough assessment of your firm’s existing quality management systems and practices. Identify areas that need improvement and align them with ISQM 1 requirements. Develop a detailed implementation plan with specific tasks, responsibilities and timelines.
ISQM 1’s demands for accuracy, transparency, resource allocation and risk mitigation can be tricky to navigate. Smaller firms may not have the staff and funds to implement all changes right away. Technologies like Caseware’s audit software can ensure compliance, reduce time-consuming tasks, save money and boost engagement quality from day one.
Continuously test and improve
Establish a robust system to consistently monitor and improve your quality management process. Implement regular reviews, assessments and audits of your engagements to identify areas for enhancement and compliance with ISQM 1.
Ensure quality audits with Caseware Audit and Assurance software
Guaranteeing the quality of audits can be time-consuming, costly and challenging for any firm. It can be especially difficult to implement company-wide systems that are consistent, no matter the engagement or team in question. Caseware Audit and Assurance software is one of the quickest, most effective and affordable ways to streamline your systems and boost audit quality. With this cloud-based technology, you can facilitate easier communication, reduce errors and automate tasks to better allocate resources.
See why Caseware is your best choice to enter the modern age of audit and accounting.