ISQM 1 – introduction of New Quality Management Standard
Just as we were all finalizing how we were following ISQC 1 revised (November 2019), the IAASB has now approved a new standard on 24 September, ISQM 1 to replace ISQC 1. As you might have garnered from the title ISQM stands for International Standard on Quality Management and the new title references the move to a system of quality management, rather than one of quality control. The implementation date for the new standard is 15 December 2022, however early adoption is permitted. At this point you might be wondering as to what the difference is between these two concepts; the answer is essentially that a quality management approach is a risk-based one, rather than simply setting quality control procedures that all firms must follow, the latter being the methodology previously followed under ISQC1. ISQM 1 requires the firm to design, implement and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements. In circumstances when the firm performs other types of engagements (e.g., tax or consulting services), ISQM 1 does not require that the system of quality management extend to such engagements. However, these other types of engagements, or personnel performing such engagements, may be affected by matters relating to the firm’s system of quality management. So even though the standard is trying to be a risk-driven regime, it has still taken the route of assigning areas where it feels there are clear quality objectives and clearly required responses. On the plus side this should make it easier for firms to understand what they need to consider in terms of risks and the relevant responses instead of purchasing a standard set of documentation. The danger is that this might limit the ability of the firm to be truly responsive to its own circumstances and it creates a list of prescribed items which firms must ensure are addressed. As well as the quality objectives set out by the ISQM 1 firms must include additional quality objectives where their risk assessment identifies that a risk has a reasonable possibility of occurring and would have a significant effect on the achievement of the quality objective.