March 11, 2021
By: Andrew Brathwaite, Christopher Arnold
In the waning days of 2020, the International Auditing and Assurance Standards Board (IAASB) hit one more major milestone—for the year and for the global audit profession—in releasing its new quality management standards, which raise the bar for quality management across the profession. The three interrelated standards strengthen and modernize how firms approach quality management.
Through these standards, the IAASB is addressing an evolving and increasingly complex environment, including growing stakeholder expectations and a need for quality management systems that are proactive and adaptable. The new paradigm, now centered on quality management, will enable a proactive risk-based approach and higher quality engagements.
Firms are required to have their system of quality management designed and implemented by December 15, 2022—and ready to start operating from that date. For audit engagements, and the engagement quality reviews (EQRs) for those engagements, the engagements and EQRs (if any) will need to be performed under the new standards for periods commencing on or after December 15, 2022.
IAASB Chair Tom Seidenstein: “These standards will drive the audit profession to an enhanced approach to quality ‘management rather than ‘control’, which better enables the consistent performance of quality engagements, including audits. The standards place greater responsibility on firms leadership form continuously improving the quality of their engagements and remediating when deficiencies are found. When effectively implemented, the standards should help ensure that a commitment to quality is at the heart of firm strategy and operations.”
ISQM 1 deals with the firm’s responsibility for quality through having a system of quality management. It replaces ISQC 1, the IAASB’s current International Standard on Quality Control, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Services Engagements. Under ISQM 1, firms are required to design a system of quality management to manage the quality of engagements performed by the firm. This shift in focus from quality control to quality management is achieved by incorporating a risk-based approach, i.e., managing risks to quality.
ISQM 1 applies to all firms performing engagements under the IAASB’s standards. This includes audits or reviews of financial statements, other assurance engagements, compilations or agreed-upon procedures engagements.
ISQM 1 consists of eight components that operate in an iterative and integrated manner.
a) The firm’s risk assessment process.
b) Governance and leadership.
c) Relevant ethical requirements.
d) Acceptance and continuance of client relationships and specific engagements.
e) Engagement performance.
g) Information and communication.
h) The monitoring and remediation process.
One of the specified responses in ISQM 1 is a requirement for the firm to establish policies or procedures for engagements requiring an engagement quality review (EQR). The requirements have been enhanced from extant ISQC 1 by increasing the focus on selecting engagements based on quality risks. The application material provides guidance on the types of engagements, or qualities of engagements, that may give rise to quality risks where an EQR is an appropriate response to address that risk. For example, the firm can determine that an EQR is an appropriate response to quality risks associated with engagements where there is a high level of complexity or judgment or where issues have been encountered, or entities with public interest or public accountability characteristics.
ISQM 2 deals with the eligibility of the engagement quality reviewer, and the performance and documentation of the EQR. ISQM 2 is a new standard, although many of its elements were enhanced and relocated from extant ISQC 1 and ISA 220. Key enhancements include a 2-year cooling-off period before an engagement partner can assume the role of engagement quality reviewer, performance of the EQR at appropriate points in time during the engagement and a “stand-back” requirement to determine whether the performance requirements in ISQM 2 have been fulfilled.
It is, of course, possible that the firm may determine that there are no engagements for which an EQR is an appropriate response to address quality risks, in which case ISQM 2 would not apply.
ISA 220 (Revised)
ISA 220 (Revised) applies to audits of financial statements and addresses how quality is managed at the audit engagement level by the engagement partner. It makes clear that the engagement partner is responsible for managing and achieving quality at the engagement level, for determining that there are sufficient and appropriate resources assigned or made available on a timely basis and for determining the nature, timing and extent of direction, supervision and review. It also contains a “stand-back” provision that requires the engagement partner to determine they have done enough to take overall responsibility for managing and achieving quality on the audit and whether their involvement has been sufficient and appropriate.
These standards are a substantial development and change for the global accountancy profession and stakeholders around the world since they include significant shifts in how firms manage quality.
Read all the document in: