Back in my day (gosh, that makes me sound old), audit quality wasn’t really a “thing.” Sure, we did what we thought were good audits, and occasionally they might get reviewed, either internally or by an external firm, but these peer reviews were always rather “friendly” because the reviewers knew “what comes around goes around!” However, market events changed the landscape for good and now audit quality is all the rage. The International Auditing and Assurance Board (IAASB) and the Accounting Standards Board (ASB) have both recently released new quality management standards that are intended to improve audit quality. The purpose of this blog is to provide an overview of these standards and why they were issued. In subsequent blogs we will dig deeper into the standards dealing with a firm’s system of quality management (ISQM 1 / SQMS 1) and the standards dealing with engagement quality reviews (ISQM 2 / SQMS 2), as well as their impact to firms and expected changes to their policies and procedures, including their audit and accounting training.
How did we get here?
About the time I left public accounting in 2001, the audit profession was changing. The dotcom bubble had burst, and accounting fraud was rampant at companies like Enron and WorldCom, just to name a few. This led to the creation of the PCAOB in July 2002, the same year President George W. Bush signed the Sarbanes-Oxley Act of 2002 (SOX), and the rise of audit inspections!
The PCAOB began inspecting firms in 2004 and they started benign enough, with combined deficiency rates of the annually inspected firms in the low teens. However, these combined deficiency rates started to creep up, hitting a high of 42% in both 2012 and 2013. In fact, in those and subsequent years, certain annually inspected firms found that 60-70% of their audits were deficient! Quite frankly, that was unacceptable.
The International Forum of Independent Audit Regulators (IFIAR), of which the PCAOB is a member annually publishes a survey of inspection findings arising from its member regulators’ individual inspections of audit firms affiliated with the six largest global audit firm networks (GPPC networks). IFIAR’s Global Audit Quality (GAQ) Working Group uses the results of the annual inspection findings surveys to monitor the networks of GPPC networks to improve audit quality over time. In 2019, the GAQ Working Group renewed an initiative challenging these networks to reduce the number of audit deficiencies. The goal of this initiative is a reduction of at least 25% in the percentage of inspected audits with findings. The collective baseline for 2019 was 32%, and GPPC member firms are aiming for a collective percentage of inspected audits with findings of 24% or less by 2023, the end of the measurement period.
What is audit quality?
Unfortunately, there is no universal definition of audit quality. According to the Center for Audit Quality (CAQ), the two cornerstones of audit quality are:
- Auditor expertise; and
Many factors lead to a quality audit, but it is the combination of these two cornerstones that bolsters the level of trust and confidence in company financial statements and forms the basis of audit quality.
The IAASB says “audit quality encompasses the key elements that create an environment which maximizes the likelihood that quality audits are performed on a consistent basis. According to the IAASB, a quality audit is likely to have been achieved by an engagement team that:
- Exhibited appropriate values, ethics, and attitudes,
- Was sufficiently knowledgeable, skilled, and experienced, and had sufficient time allocated to perform the audit work,
- Applied a rigorous audit process and quality control procedures that complied with law, regulation, and applicable standards,
- Provided useful and timely reports, and
- Interacted appropriately with relevant stakeholders.
Audit quality standards
According to IFIAR, a strong system of quality control is a critical element in improved and sustained audit quality; accordingly, quality control systems are a primary focus of many inspection programs. Of particular concern is the variability of quality control inspection findings noted over time by inspectors. This led the IAASB to issue two new standards in December 2020 to strengthen and modernize a firm’s approach to quality management. These standards direct audit firms to improve the robustness of their monitoring and remediation, embed quality into their corporate culture and the “tone at the top,” and improve the robustness of engagement quality reviews. The Auditing Standards Board (ASB) issued similar standards in June 2022.
Below is a high-level overview of these standards.
Firm’s system of quality management (ISQM 1 and SQMS 1)
International Standard on Quality Management 1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements (ISQM 1) strengthens firms’ systems of quality management through a robust, proactive, and effective approach to quality management. The standard encourages firms to design a system of quality management that is tailored to the nature and circumstances of the firm and engagements it performs. ISQM 1 replaces ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements.
The objective of the firm is to design, implement, and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements performed by the firm, that provides the firm with reasonable assurance that:
- The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and
- Engagement reports issued by the firm or engagement partners are appropriate in the circumstances.
A system of quality management operates in a continual and iterative manner and is responsive to changes in the nature and circumstances of the firm and its engagements. It also does not operate in a linear manner. However, for purposes of ISQM 1, a system of quality management addresses the following eight components:
- The firm’s risk assessment process
- Governance and leadership
- Relevant ethical requirements
- Acceptance and continuance of client relationships and specific engagements
- Engagement performance
- Information and communication
- The monitoring and remediation process
ISQM 1 presents an opportunity for audit firms to revisit their quality control systems with the goal of identifying the applicable risks that affect audit quality and designing and implementing controls that best address those risks. ISQM 1 applies to all firms that perform engagements under the IAASB’s international standards. Firms are required to have systems of quality management designed and implemented in accordance with ISQM 1 by December 15, 2022.
Statement on Quality Management Standards No. 1, A Firm’s System of Quality Management (SQMS 1) is the companion standard to ISQM 1 in the United States. In fact, the IAASB and the ASB worked in tandem on this project, so the standards are very similar. SQMS 1 introduces a new risk assessment process aimed at achieving quality objectives. The firm is required to establish prescribed quality objectives, assess quality risks, and design and implement responses. SQMS 1 also requires the firm leadership to annually evaluate and conclude whether the system of quality management is meeting its objectives.
SQMS 1 is effective as follows:
- Systems of quality management in compliance with SQMS 1 are required to be designed and implemented by December 15, 2025.
- Evaluation of the system of quality management required by SQMS 1 is required to be performed within one year following December 15, 2025.
We’ll dig a bit deeper into these standards and their impact on audit firms in a subsequent post.
Engagement quality reviews (ISQM 2 and SQMS 2)
International Standard on Quality Management 2 Engagement Quality Reviews (ISQM 2) addresses the scope of engagements subject to an engagement quality (EQ) review. The standard deals with the appointment and eligibility of the EQ reviewer, and the EQ reviewer’s responsibilities relating to the performance and documentation of an EQ review. The objective of the firm, through appointing an eligible EQ reviewer, is to perform an objective evaluation of the significant judgments made by the engagement team and the conclusions reached thereon.
ISQM 2 applies to all engagements for which an EQ review is required to be performed in accordance with ISQM 1. ISQM 2 is effective for audits and reviews of financial statements for periods on or after December 15, 2022, and other assurance and related services engagements beginning on or after December 15, 2022.
Like SQMS 1, the Statement on Quality Management Standards No. 2, Engagement Quality Reviews (SQMS 2) is the companion standard to ISQM 2 in the United States and addresses:
- The appointment and eligibility of the EQ reviewer; and
- Performance of engagement quality reviews.
SQMS 2 is effective for audits or reviews of financial statements, and other engagements, beginning on or after December 15, 2024.
We’ll cover these standards in more depth in a subsequent post.
If your firm audits companies in the United States, you have a bit of time – SQMS 1 and SQMS 2 aren’t effective until 2025. However, if you audit companies outside the United States in accordance with International Standards of Auditing (ISAs), ISQM 1 and ISQM 2 are effective this year! As we’ll discuss in a subsequent post, part of a firm’s system of quality management is its training programs. We are already helping firms with complying with ISQM 1 as it relates to their audit and accounting training, and we can help you too!