July 8, 2021
Published: Journal of Accountancy
The evolving, risk-based approach to audit firm quality management is consistent with a trend that has become well established in the accounting profession.
Over the past 15 years or so, leaders of the profession have increasingly understood and embraced the effectiveness of using a risk-based approach in their work.
Auditing standards require engagements to be conducted according to risks that are identified in the early stages of an audit and refined throughout the engagement. Increasingly sophisticated enterprise risk management systems help companies of all sizes integrate consideration of risks and mitigation into their strategy. And anti-fraud controls of all types are developed based on specific risks that bad actors are posing.
“Almost every organization that’s put out something new has really taken a risk-based, top-down approach,” said Jon Heath, CPA. “We thought it was time to do the same for our quality management standards.”
Heath chairs one of two joint task forces working to develop proposed quality management standards presented in an exposure draft by the AICPA Auditing Standards Board (ASB) in February. The proposal would move audit firms away from rules-based, checklist-geared quality control standards that firms have used for many years.
The new quality management standards would require firms to take inventory of their own risks and create a system tailored to their specific needs. Some leaders at smaller firms have told the ASB that the existing quality control standards are too prescriptive and sometimes require processes and controls that aren’t relevant to them.
“The new [proposed] standards are really focused on the question of, what does your firm need to do?” said Sara Lord, CPA, who chairs the other ASB task force that is developing the standards. “What’s relevant to you? What are the quality risks that you’re trying to solve for? And designing a system of quality management that responds to those questions.”