When it comes to Quality Management, the old standard acted as a list of procedures that indicated what you needed to do. In many industries including, for example in the airline industry, as discussed in our Black Box Audit case study, their approach has been focused on quality management.
They have looked at what might go wrong, their risks goals and objectives, and worked out the best way of achieving those objectives, which for an airline is flight safety from beginning of the journey to the end. For an audit firm the objective would be to have a complete audit report.
To implement a system of quality management you should consider the risks and put in place things to mitigate those risks, to bring it down to an acceptable level which, the standard helps you to do.
The standards set out a series of quality objectives, the things that you must achieve. And then you need to consider from your own firm's point of view, what the risks are and how it could go wrong. This is where issues can arise as it's a whole new approach. Auditors must think about how their firm's risks might impact achieving those quality objectives. Whereas before you didn't have to think about any of that at all, it was just, you need the systems in place full stop.
This is where you need to establish what is a reasonable response to those risks and then:
Rather than focusing on the checklist, we need to start with the main objectives and work from there to be able to plan out and design an overall system that permutates across the business, including things like firm culture, for example, which would never sit on a checklist. This gives us something that's far more holistic, but also far more proactive, as the risks that impact a firm change over time.
Firms who audit public interest entities for example will get quite different results compared to if you're auditing a small business, there are also different risks. A system of quality management can be designed to make it work for the risks that you're experiencing, which is a far better outcome.
The standards have been designed to be scalable and risk based and therefore, if you have different risks, smaller risks, fewer risks, you will end up with a different system. This may result in smaller firms having similar systems, however, they will each face their own individual risk, for example, if a firm hires a new partner compared to a firm who has a partner who is about to retire, the risk will be different.
To get the best out of your system it must be dynamic, it’s not something that can be bought straight off the shelf. To be effective it should be tailored to your firm. This will account for the little nuances that exist individually to each firm. A check box system is no longer acceptable. However smaller firms do not need to start by building a completely bespoke system of quality management because there is that level of comparability. Firms need to be able to strike the right balance, 90% of the system could be pre-populated with the nuance in the tailoring of the remaining 10% which may include partner dynamics.
Smaller firms can efficiently get the first 90% of the way there by leveraging the standards, leveraging what everybody else is doing in this area and benefiting on some level of consistency across the profession.
As Julia comments in the webinar, an area for firms to consider is, “how do I get as far as I can with this data in a more scalable way, and then really focus my time and my effort on the tailoring element that's required to make the system my own. Also including refinements, and just be able to capture that as well, in terms of the process of the time I've spent tailoring the system.”
Taken from a Conversation with Julia Penny, JS Penny Consulting. To hear more of the conversation, watch the on-demand recording or download the free guide.