The new quality management standards – or ISQM (International Standard of Quality Management) – are set to succeed the ISQC (International Standard of Quality Control) in December 2022. As with any new batch of regulations, auditors may be wondering what’s included in the new standards and whether there’s much carried over from previous standards. Here we’ll take a summary of the key findings once the new quality management standards are broken down.
Quality management standards establish a framework for how a business manages its key activities. They identify an agreed way of doing something, either making a product, managing a process or delivering a service. The new ISQM standards are split into three distinct sections. Put together, the three parts can clearly demonstrate the level of quality that the audit firm shows within its procedures and policies, and also the steps it takes to manage risk and thus maintain a level of quality. ISQM 1 is the first section. This is largely concerned with risk management and how a firm puts steps in place to avoid risk. The new quality management standards also include ISQM 2. This addresses engagement quality reviews and the role of the engagement quality reviewer. The third and related standard comes in the form of a revised ISA 220. These places focus on the engagement level and quality responsibilities of the engagement team
ISQM covers eight parts of a system of quality management, six of which formed a part of the soon-to-be-outdated ISQC. Most parts will affect the majority of audit firms, but some firms will be able to tailor what is addressed, depending on their size and internal make-up.
ISQM 1 focuses a risk-based approach to quality management, and how this level of quality is maintained.
This second part has a strong emphasis on company culture, which is ultimately set by firm leaders. It may include an assessment of a company’s role in public and a quality-based evaluation of a firm’s usefulness within the wider world.
‘Relevant ethical requirements’ cover a firm’s external relationships, such as service providers that are essential to a company’s working methods.
Part four looks at reasons that inform a firm’s decision to enter into, continue, or cease a client relationship or other engagement. Such decisions should be made with quality management in mind and not be wholly based on financial factors.
Engagement performance seeks to monitor the quality shown during any engagement the firm enters into.
Part six looks at quality objectives related to choosing, using and assigning resources. These include everything from external IT teams to internal processes.
With regards to the flow of information, this section looks at steps taken to ensure clear communication methods are used and that all staff are aware of the firm’s preferred information-sharing methods.
New to ISQM 1, monitoring methods may be unique to a specific firm but in general should detail methods in which quality management has been analyzed and how the need for improvements is dealt with.
If ISQM 1 can be summarized as primarily concerning a firm’s engagement quality, then ISQM 2 focuses on the eligibility of the engagement quality reviewer. Some of the points found in ISQM 2 can be seen in the former regulation of ISQC 1. Under ISQM 2, engagement partners must wait two years prior to being appointed as engagement quality reviewers. ISQM 2 appointment and eligibility requirements for engagement quality reviewers are more selective (whether internal to the firm or external) than those in extant ISQC 1.
ISA 220 is a revision from the ‘old’ ISA 220 regulation. It addresses levels of quality management from engagement partners at the audit engagement level. Are you asking yourself, why do we need new quality management standards? read our latest post to find out exactly why. No matter what stage your business is at when it comes to complying with the ISQM, Inflo software can save you time, money and audit-era headaches. Utilizing digital technology, Inflo can provide your company with clearly mapped-out insights, quality objectives, risk assessment documentation and real-time monitoring.