System of Quality Management (SOQM): Requirements of ISQM 1 and SQMS 1
SOQM GAAP Dynamics

System of Quality Management (SOQM): Requirements of ISQM 1 and SQMS 1

In last week’s post we introduced you to the new quality management standards (ISQM 1 / SQMS 1 and ISQM 2 / SQMS 2) issued by the International Auditing and Assurance Board (IAASB) and the Auditing Standards Board (ASB) which were developed largely due to concerns about audit quality, as highlighted by inspection findings by regulators. These standards apply to all firms performing audits or reviews of financial statements, or other assurance or related services engagements in accordance with the standards published by the IAASB and ASB. In this post we’ll take a deeper dive into ISQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements (ISQM 1) and SQMS 1 A Firm's System of Quality Management (SQMS 1) dealing with a firm’s responsibility for having a system of quality management (SOQM).

It should be noted that the ASB has a strategic objective to converge with the standards of IAASB and, as a result, the SQMSs were developed using the ISQMs as the base starting point. As such, there are only minor differences between the two sets of standards.

 

What is a system of quality management (SOQM)?

According to ISQM 1, a SOQM is a system designed, implemented, and operated by a firm to provide the firm with reasonable assurance that:

  1. The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and
  2. Engagement reports issued by the firm or engagement partners are appropriate in the circumstances.


According to their implementation guide for ISQM 1 (available for download, along with the standard, here), the IAASB states the SOQM is the mechanism that creates an environment that enables and supports engagement teams in performing quality engagements. It helps the firm in achieving consistent engagement quality because it is focused on how the firm manages the quality of engagements performed. The SOQM should operate in a continual and iterative
manner, much like the risk assessment process in an audit, and is responsive in the nature and circumstances of the firm and its engagements.

 

Components of the SOQM

A SOQM addresses the following eight components:

The firm’s risk assessment process

ISQM 1 requires the firm to apply a risk-based approach in designing, implementing, and operating the components of the SOQM in an interconnected and coordinated manner such that the firm proactively manages the quality of engagements performed by the firm. As such, the firm’s risk assessment process consists of:

  • establishing quality objectives
  • identifying and assessing quality risks to the achievement of the quality objectives; and
  • designing and implementing responses to address the assessed quality risk.

The minimum quality objectives are set out in ISQM 1, specifically within components 2-7, but the firm can establish additional quality objectives (or sub-objectives) it considers necessary to achieve the objectives of the SOQM.

Identifying and assessing quality risks puts attention on what could go wrong (WCGW) in achieving the quality objectives. ISQM 1 aims to focus the firm on risks that have the greatest impact on achieving the quality objectives, so that those risks are appropriately addressed by the firm. A risk qualifies as a quality risk when it meets both of the following criteria:

  1. The risk has a reasonable possibility of occurring; and
  2. The risk has a reasonable possibility of individually, or in combination with other risks,
    adversely affecting the achievement of one or more quality objectives.

Responses that are properly designed and implemented to address the quality risks mitigate the possibility that the quality risk occurs, thereby helping the firm achieve the quality objectives. Paragraph 34 of ISQM 1 includes some specified responses that the firm is required to design and implement, but it is expected that the firm design and implement responses in addition to those specified in the standard to fully comply with the requirements.

Governance and leadership

This sets out quality objectives relating to the firm’s culture, leadership responsibility, and accountability, the firm’s organizational structure, assignments of roles and responsibilities, and resource planning and allocation.

Relevant ethical requirements

This component addresses quality objectives related to fulfilling relevant ethical requirements by the firm and its personnel. It also deals with relevant ethical requirements to the extent that they apply to others external to the firm such as networks, network firms, individuals in the network or network firms, or service providers.

Acceptance and continuance of client relationships and specific engagements

This component details quality objectives addressing the firm’s judgments about whether to accept or continue a client relationship or specific engagement.

Engagement performance

This component deals with quality objectives related to the firm’s actions to promote and support the consistent performance of quality engagements, including through direction, supervision and review, consultation, and differences of opinion. It includes how the firm supports engagement teams in exercising professional judgment and, when applicable to the nature and circumstances of the engagement, exercising professional skepticism.

Resources

This component addresses quality objectives related to obtaining, developing, using, maintaining, allocating, and assigning resources in a timely manner to enable the design, implementation, and operation of the SOQM. It includes technological, intellectual, and human resources, and addresses service providers.

Information and communication

This component deals with quality objectives related to obtaining, generating, or using information regarding the SOQM, and communicating information within the firm and to external parties on a timely basis to enable the design, implementation, and operation of the SOQM.

The monitoring and remediation process

The firm shall establish a monitoring and remediation process to:

  • Provide relevant, reliable, and timely information about the design, implementation, and operation of the SOQM.
  • Take appropriate actions to respond to identified deficiencies such that deficiencies are remediated on a timely basis.

 

Annual evaluation

The standards require that, at least annually, the individual(s) assigned ultimate responsibility and accountability for the SOQM, on behalf of the firm, evaluates the SOQM and concludes whether the SOQM provides the firm with reasonable assurance that the objectives of the system are being achieved.

This evaluation yields one of three possible conclusions (which are like the various audit opinions):

  1. The SOQM provides the firm with reasonable assurance that the objectives of the SOQM are being achieved (unqualified opinion).
  2. Except for matters related to identified deficiencies that have a severe but not pervasive effect on the design, implementation, and operation of the SOQM, the SOQM provides the firm with reasonable assurance that the objectives of the SOQM are being achieved (qualified opinion).
  3. The SOQM does not provide the firm with reasonable assurance that the objectives of the SOQM are being achieved (adverse opinion).

 

Documentation

The firm shall prepare documentation of its SOQM that is sufficient to:

  1. Support a consistent understanding of the SOQM by personnel, including an understanding of their roles and responsibilities with respect to the SOQM and the performance of engagements;
  2. Support the consistent implementation and operation of the responses; and
  3. Provide evidence of the design, implementation, and operation of the responses, to support the evaluation of the SOQM by the individual(s) assigned ultimate responsibility and accountability for the SOQM.

This would include documentation of:

  • Individual(s) assigned ultimate responsibility and accountability for the SOQM and the operational responsibility for the SOQM
  • Firm’s quality objectives and quality risks
  • Description of the responses and how the firm’s responses address the quality risk
  • Information regarding the monitoring and remediation process

 

Effective dates

ISQM 1

The firm is required to have the SOQM designed and implemented in compliance with ISQM 1 by December 15, 2022. The evaluation of the SOQM is required to be performed within one year following December 15, 2022.

This means that by December 15, 2022, the firm is expected to:

  1. Establish the quality objectives, identify and assess the quality risks, and design and
    implement the responses; and
  2. Design and implement the monitoring activities.

The operation of the responses and monitoring activities is only required to commence from December 15, 2022 onwards.

SQMS 1

SQMS 1 is effective as follows:

  • SOQM in compliance with SQMS 1 is required to be designed and implemented by December 15, 2025.
  • Evaluation of the SOQM is required to be performed within one year following December 15, 2025.

 

Check out this page on the IAASB website for the standard, as well as a fact sheet and first-time implementation guide.

If you need help getting your audit and accounting training in compliance with ISQM 1 (or SQMS 1), let’s talk. We’re currently helping several accounting firms with their compliance and we’d be happy to help you too!

About GAAP Dynamics  

We’re a DIFFERENT type of accounting training firm. We don’t think of training as a “tick the box” exercise, but rather an opportunity to empower your people to help them make the right decisions at the right time. Whether it’s U.S. GAAP training, IFRS training, or audit training, we’ve helped thousands of professionals since 2001. Our clients include some of the largest accounting firms and companies in the world. As lifelong learners, we believe training is important. As CPAs, we believe great training is vital to doing your job well and maintaining the public trust. We want to help you understand complex accounting matters and we believe you deserve the best training in the world, regardless of whether you work for a large, multinational company or a small, regional accounting firm. We passionately create high-quality training that we would want to take. This means it is accurate, relevant, engaging, visually appealing, and fun. That’s our brand promise. Want to learn more about how GAAP Dynamics can help you? Let’s talk!

Disclaimer  

This post is published to spread the love of GAAP and provided for informational purposes only. Although we are CPAs and have made every effort to ensure the factual accuracy of the post as of the date it was published, we are not responsible for your ultimate compliance with accounting or auditing standards and you agree not to hold us responsible for such. In addition, we take no responsibility for updating old posts, but may do so from time to time.

New Call-to-action
 
New Call-to-action

Comments (0)


Add a Comment




Allowed tags: <b><i><br>Add a new comment:


Ready To Make a Change?

Cookies on the GAAP Dynamics website

To give you the best possible experience, this website uses cookies. By continuing to browse this website you are agreeing to our use of cookies. For more details about cookies and how to manage them, please see our privacy policy.