What are the steps involved in ISQM?

September 16, 2022
August 25, 2022

The date of December 15th, 2022 is undoubtedly etched into the minds of external auditors. That, of course, is the date when the IAASB (International Auditing and Assurance Standards Board) introduces the new ISQM standards. With the deadline for preparation looming, let's answer, 'what are the steps involved in ISQM?' And let's take a glance at what firms can expect from the new requirements.


  • What are the steps involved in ISQM?
  • Quality objectives: ISQM 1
  • How many quality risks could your firm face?

What are the steps involved in ISQM?

The new International Standards of Quality Management, as listed by the IAASB, can be broken down into three steps:


This first step is the biggest shift in approach when comparing the new ISQM to the former ISQC (International Standards of Quality Control). ISQM 1 concerns quality objectives or desired outcomes. This translates to the way that your business operates in terms of offering a quality service, be it to employees, customers, or clients - we'll take a further look at these in the next section.


The second step deals with engagement quality reviews, which used to be called engagement quality control reviews. ISQM 2 has been split out from the old ISQC 1.

ISA 220

The third step is the one you apply when you are doing the audit, and how you make sure that within an individual audit, you have a quality audit. Taken as a whole, the three steps come together to support a new process of continuous improvement.

Quality objectives: ISQM 1

Given the changes introduced by the first step of the new requirements (ISQM 1), let's take a closer look at how quality objectives are defined. There are eight main components to consider in total:

  1. Governance and leadership
  2. Risk assessment process
  3. Relevant ethical requirements
  4. Acceptance and continuance
  5. Engagement performance
  6. Resources
  7. Information and communication
  8. Monitoring and remediation

All eight components are intended for all firms, regardless of size. However, it's important to note that companies should not attempt to meet the quality objectives that are non-applicable to their own processes. While ISQM 1 is organized according to the eight components, firms are not required to arrange their systems according to them, provided that the firm adheres to the standard's overall objective.

For example, the penultimate component relates to processes of information and communication within a network. Companies that don't belong to a network of firms can disregard this area. Likewise, many areas that fall within the first component – governance and leadership – are irrelevant to firms that have a team of one.

Specialized or particularly-large firms may be able to add additional quality objectives to those listed above. The most important thing is to ensure every avenue of operations is covered. For further information, see our post on who is affected by the new IAASB standards in the UK.

How many quality risks could your firm face?

For those looking for a set figure to keep in mind, there simply isn't one as, sadly, the number of quality risks your business could face is firm-dependent.

The new ISQM 1 objectives are not intended to be a 'one-size-fits-all' approach but a guideline of appropriation for firms needing to become ISQM compliant. Organizations are free to cultivate their own quality objectives or desired outcomes, depending on what's relevant to their day-to-day, size, and industry.

Such a new approach may at first appear like a gargantuan task to take on board, but once a company has established its own system, it'll improve timescales, accuracy, and transparency for all parties in the long run.

Find out more: Will New Guidance be Released for ISQM Requirements?

Inflo software can help all firms manage their audits more effectively. Using AI through digital technology, Inflo can be your work buddy, looking after the routine manual processes that take up most of your time. The software can map out insights, risk assessments, and quality objectives.

Find out today what we can do for you!