ISQM 1 provides a focus on audit quality and a process of risk

management with respect to quality that aims to ensure all firms have
quality as a priority when performing audits and other assurance
engagements. The standard is principles driven with a focus on
scalability, flexibility and continuous improvement.

For audits to be effective and maintain public trust, they must be performed in a way
that ensures firms and their personnel fulfil their responsibilities in accordance with
applicable legal and professional standards. It is imperative that audit firms adopt a
culture of best practice in accordance with these standards, enabling audit partners in
issuing appropriate auditor’s reports. The threats of self interest caused by increasing
financial pressure on audit partners will compromise auditor reports, as will the issues of
poor planning, inadequate risk assessment and lack of resources and audit evidence.
The International Auditing and Assurance Standards Board (IAASB) issues quality
standards to support firms in achieving this aim.

The current standards in this area are International Standard on Quality

Management (ISQM) 1, Quality Management for Firms that Perform Audits or
Reviews of Financial Statements and ISQM 2, Engagement Quality
Reviews, alongside ISA 220 (Revised), Quality Management for an Audit of
Financial Statements.

These standards are examinable in Advanced Audit and Assurance (AAA) and
candidates are expected to be able to demonstrate an understanding and
application of the key principles. Quality management is pervasive to the
performance of audits and so it is also pervasive to the AAA exam with aspects
potentially arising multiple times within a single exam.

This article focuses on ISQM 1; a second article will look at ISQM 2 and ISA 220
(Revised). There are examples provided demonstrating how certain aspects of quality
management may be examined. These are intended to indicate potential ways
candidates may encounter questions on quality, however, these are illustrative
examples only and should not be considered comprehensive; alternative examples and
aspects are also examinable.

Key principles underlying the quality standards

The quality standards are focused on public interest, with the hope of addressing some
of the circumstances where audit failure has occurred. The need for audit partners and
audit teams to exhibit professional scepticism, with an independent and challenging
mindset, is emphasised. This is especially important when assessing client judgements
and estimations. Audit teams need to have the competence and support to do this
without fearing negative implications. The quality standards adopt a proactive attitude to
quality in firms rather than a compliance (‘tick box’) approach and one which is scalable
from small firms to large multinational networks.

There is a need to ensure audit quality evolves; there must be scope within quality
guidance for a firm’s processes to change as technology and business practices
change.

There is also focus on improving both internal and external monitoring of firms and their
networks and on improving communication, both internally and to external parties such
as those charged with governance (TCWG) and regulators.

ISQM 1, Quality Management for Firms that Perform Audits or Reviews of

Financial Statements, or Other Assurance or Related Services Engagements

ISQM 1 embeds this approach through a principle driven requirement for firms to create
a system of quality management (SoQM) which is tailored to the firm and its client base.
This scalability enables firms to design a system which addresses their specific
circumstances and risks.

The SoQM must address eight components

1. Firm’s risk assessment process

Firms must design and implement a risk assessment process that sets quality
objectives and identifies risks. The firm’s specific situation and environment is
considered and will include the technologies employed by the firm, their networks, and
any external service providers. This is an ongoing monitoring process rather than one-
off, enabling the SoQM to adapt with any changes.

This approach will allow the firm to tailor to address the specific risks within their firm,
and it will vary according to the size of the audit firm and their client portfolio.

By maintaining this tailored focus on risks and their mitigation, the firm should be able to
focus on ensuring the right engagement or audit report is issued for each assignment.
This may be due to more competent and well-trained individuals performing complex or
risky audits, audit partners feeling more empowered to issue modified audit reports, by
ensuring acceptance procedures fully identify threats to independence and ensure
safeguards are enacted and many other factors. The most crucial point is that this
approach is tailored to address the specific risks arising in specific firms and not
expected to be the same for every audit firm regardless of size or client portfolio.

Exam focus
In the AAA exam, candidates may be required to explain and/or evaluate a
firm’s risk assessment process and make recommendations for improvement.

2. Governance and leadership

Firms should create an environment which demonstrates a commitment to quality
through its culture and recognises its role in serving the public interest. This
responsibility is firm wide rather than at the individual audit level, with the chief
executive or managing partner assigned the responsibility and accountability for the
SoQM. This should ensure the ‘tone at the top’ enforces a commitment to quality and
ethics across the whole firm.

Systems and policies should be in place to reward commitment to quality rather than
focusing on client retention and engagement profit. This should allow audit engagement
partners to challenge client judgements without fear of the negative consequences of
losing the revenue arising from the loss of the client. In this way, all employees of the
firm are supported to fulfil their legal and regulatory requirements without undue
commercial pressures or self-interest resulting in inappropriate decision making.

Exam focus
Candidates may be required to explain the importance of governance and
leadership in maintaining the SoQM or may be required to evaluate a
scenario’s weaknesses in this area, alongside recommendations for
improvement.

3. Relevant ethical requirements

The SoQM should include objectives and policies for ensuring the fulfilment of ethical
requirements. These processes will again differ depending on firm size and client
portfolio; the scalability of the standard requires firms to have in place mitigations for
ethical risks arising which are appropriate to the firm rather than a fixed response to a
given risk.

Not only must a firm ensure its own personnel understanding of and compliance with
relevant ethical requirements, for example, through training and ethical declarations
such as independence forms, firms must also ensure that any component auditors in a
group understand and apply the ethical regulations applicable to the group auditor.

Relevant ethical requirements for a firm depend on the jurisdiction it operates in; these
may go beyond those set out in the IESBA International Code of Ethics for Professional
Accountants (the Code). It is also the case that many firms will have in place policies to
mitigate ethical threats which go beyond the minimum required by the Code and
regulatory requirements of the jurisdiction in which the firm operates: ISQM 1 requires
firms to ensure these requirements are also captured by the SoQM. For example, many
firms or jurisdictions prohibit the acceptance of gifts, even of trivial value. Failure to
adhere to the firm’s policies would be seen as a failure of its SoQM despite not giving
rise to a breach of the Code.

Scalability of the standard enables firms to mitigate for ethical risks arising which are
appropriate to the firm, for example, a firm which is part of a large network will require
more detailed processes to identify possible conflicts of interest between clients than
those in a smaller firm.

Exam focus
Candidates may be asked to appraise ethical threats arising in the
scenario, whilst also considering whether the firm is compliant with the
firm’s SoQM. The issues of quality management and ethical issues are
inherently interlinked and as such, they may need to consider the significance
of such threats and the availability of suitable safeguards within the context of
the engagement, the firm and the SoQM as well as other available
information. This enables candidates to obtain professional skills marks in
addition to the technical marks as they are recognising the inherent ethical
requirements regarding quality management on a firm wide basis.

Candidates may be asked to identify breaches of the SoQM which may not
breach the Code but are relevant to the given scenario addressing any
resulting implications for the engagement, the firm or making
recommendations to prevent future breaches.

4. Acceptance and continuance of client relationships

ISQM 1 places additional emphasis on the procedures addressing client acceptance
and continuance of existing business relationships. Firms must assess the integrity and
ethical values of the client and its management, as well as the firm’s ability to perform
the engagement within legal and professional requirements. The SoQM should ensure
that the firm’s financial and operational priorities do not lead to inappropriate
judgements when deciding whether to accept or continue with a client engagement. The
decision to continue with or accept a new client should focus on the firm’s ability to
provide a quality engagement.

Existing business relationships should be reassessed at the start of each new year prior
to reappointment as auditor. This may mean performing fresh identity checks,
reperformance of independence declarations of employees, and re-evaluating conflicts
of interest and/or competence to perform the audit. It will also involve assessing
whether new information, had it been known at point of acceptance, would have
prevented the firm from accepting the client. For example, a client involved in breaches
of regulations may not be a client with values compatible with the audit firm.

Exam focus
Candidates may have to discuss the importance of acceptance and
continuation assessments or to apply the requirements of ISQM 1 in this
regard when evaluating whether to accept a new client, undertake additional
work for existing clients or accept reappointment for the audit of a continuing
client. The ISQM 1 framework provides a starting point for evaluating the
scenario and this may be extended into other professional and commercial
considerations. Candidates should consider legal, regulatory, and ethical
considerations as well as professional and availability of resources when
considering a new client engagement.

Candidates should be aware that the ability to perform the engagement within
legal and professional requirements will incorporate legal, regulatory, and
ethical considerations, including the availability of resources when
considering a new client engagement. and requirements covering acceptance
may be extended into other professional and commercial considerations.

The cyclical nature of continuation considerations means that this aspect of

quality management may impact questions at all stages of the audit process
and the considerations regarding client acceptance are likely to apply to audit
and non-audit assignments.

5. Engagement performance
Engagement teams must understand their responsibilities for ensuring a quality audit.
Less experienced engagement team members should be appropriately supervised and
reviewed. ISQM 1 specifically references the need for the audit engagement partner to
be sufficiently and appropriately involved throughout the engagement.

Audit teams should ensure professional scepticism and judgement are exercised.
Processes should ensure professional scepticism and judgement are exercised by
engagement teams. If an audit team has insufficient time to perform necessary
procedures, or team members are not experienced enough to challenge management
or identify misstatements, then detection risk increases and audit quality will be
compromised. For audits to be effective, and to maintain public trust, they must be
performed in such a way as to ensure the audit reports issued are appropriate in the
circumstances and that firms and their personnel fulfil their responsibilities in
accordance with applicable legal and professional standards.

The SoQM should ensure that teams can consult on contentious matters; differences of
opinion within the engagement team are addressed and any issues raised by the
engagement quality reviewer are brought to the attention of the firm and resolved.

Further detail on these aspects will be addressed in the second article where ISA 220
(Revised) will be examined, including examples of how these may be examined.

6. Resources
A firm must ensure that appropriate resources are available in a timely manner. This
includes employees with the required competence, training, and capabilities to perform
the engagements to which they are assigned. Firms should ensure more experienced
individuals to work on areas of a complex nature requiring additional judgement and
ensuring sufficient review by senior team members or allowing adequate time to do
sufficient testing and analysis of the issues.

Consideration should be made to use independent experts where the firm does not
have appropriate personnel, or if the firm requires additional specialist technological
resources.

Exam focus
Candidates may have to evaluate scenarios where inappropriate resources
have been employed within an audit and make recommendations for
improvements to the firm’s SoQM.

7. Information and communication

Information and communication are required to enable other components of the SoQM
to operate. This includes obtaining, generating and using information and
communicating the information within the firm, for example, communicating policies to
personnel, communication of information obtained during an audit with an engagement
quality reviewer, or communication between group and component auditors. It also
includes external communications such as to TCWG or a regulator.
ISQM 1 considers information and communication to be pervasive to all components of
the SoQM as without it, the system cannot operate. The full range of information and
communications within the SoQM is extensive; the boxed text below considers just a
few examples in some of the elements of ISQM 1 for context.

Ethical and professional requirements

 The firm’s policies on ethics

 Training material
 Registers of training undertaken
 Completed independence declarations

Client acceptance and continuation

 Risk assessments documented

 Client identity documents obtained and stored
 Engagement letters issued

Engagement performance

 Audit programmes devised/produced

 Role assignments delegated and recorded
 Client information obtained and input into automated audit tools
 Conclusions documented in audit file
 Reports to management and TCWG

Communications should be made in a timely manner supporting the firm’s culture to

exchange information where appropriate, for example where an ethical threat precludes
the assignment of a team member to a specific client, the team member would be
expected to inform the firm.

ISQM 1 also makes specific reference to external communications required to maintain

audit quality. This includes communication within the firm’s network and with service
providers, communications required by law or professional standards, such as when
there is a specific requirement to report a client’s non-compliance with certain laws and
regulations to TCWG.

Exam focus
 Candidates may have to evaluate scenarios with respect to these issues and
make recommendations for improvements to the firm’s SoQM in this area.
Candidates should remember that I&C is embedded within all aspects of a
SoQM and may not be isolated as a topic.

8. Monitoring and remediation process

Firms must put in place a process for monitoring the SoQM’s effectiveness and ensure
deficiencies are identified in a timely manner, allowing corrective actions to be
implemented. This process is a continuous cycle which firms are specifically required to
undertake.

Exam focus
Candidates may have to explain how this contributes to continuous
improvement of a firm’s SoQM. Candidates may also take the role of a
reviewer performing this element of the process: identifying deficiencies and
making recommendations to remediate them.

Conclusion

ISQM 1 provides a focus on audit quality and a process of risk management with
respect to quality that aims to ensure all firms have quality as a priority when performing
audits and other assurance engagements. The standard is principles driven with a focus
on scalability, flexibility and continuous improvement.

Quality management is core to audit, and a detailed understanding of the importance of

both audit quality and quality management underlies the performance of an audit.
Quality is a key part of ensuring that audits are fit for purpose and retain the public trust.
As such, it is key to every audit and every stage of the audit process and candidates
should expect to see aspects of quality management examined at all stages of an audit
in exam questions and in either section of the exam.

Candidates can find more explanation of the requirements of ISQM 1 in the appendix to
the standard, available on the IAASB website.

Further reading
 Introduction to ISQM 1, Quality Management for Firms that Perform Audits or
Reviews of Financial Statements, or Other Assurance or Related Services
Engagements (Dec 2000), www.iaasb.org
This is a useful summary of the key points of ISQM 1 prior to reading the Final
Pronouncement (Dec 2020)