We heard from many firms about the concern they have in in ISQM Implementation. To some, it feels like an extra compliance requirement which will only take additional hours of their existing resources. While to some partners, this whole concept of Implementation of ISQM feels like a new project.
But is it really true?
The concept of ISQM is not new, nor it is a new implementation altogether. In managing an Audit firm, we might already be doing a lot of activities which ensures the quality factor in the firm. The partner reviewing the team’s work, using Audit checklists for all assignments, conducting training, open discussions, performing client due diligence, not accepting the client as they are risky, all these actions or activities are in a way the quality control measures which firms does seamlessly. If they are not doing, the firm are ought to do these anyway.
The newly updated ISQM 1 makes us put these procedures in a systematic approach, ensuring that these are followed consistently. Also, to cover all the quality aspects, it requires firms to identify the quality objectives i.e. what we want to achieve as quality for key areas, the risks in achieving those objectives and put procedures in place to minimize those risks to achieve quality objective.
The best part being that these key areas include components which extend beyond just Assurance engagements, like Human resource management, technology advancements, etc.
New ISQM introduces a great approach as this will help us evaluate ‘WHY’ we are doing, what we are doing. It will also highlight what we should be doing more as a part of quality management. While identifying and assessing the risk, we might come across many areas where we have quality risk and may not have appropriate measures. With ISQM 1, we would be able to find these gaps and take necessary actions.
In fact it is a great opportunity for the firm to rethink and revamp their Audit practice. If you were already following ISQC, you don’t really need to restart. ISQM makes us think a bit harder on the risk side and to design and implement appropriate responses against them.
Since it is a risk-based framework, it will help you focus and prioritize major risks and make it efficient.
This is similar to what we do as an Auditor for the clients. We follow risk-based approach for Audit where we identify and assess risks and map controls against those risks. Then we assess the design and Implementation of those measures. Wherever we find gaps, we have to improvise either the design or implementation part to close the identified gaps.
To Implement ISQM, we have to think like an Auditor for our own firm, where we have to specially focus on the Quality risks.
Quality Objectives - What you want to achieve in Quality?
Quality Risks - What could go wrong with Quality?
Responses - How do I prevent that?
Remediation and Monitoring - How do I ensure to consistently prevent that?
The key areas we have to look for quality are:
- Governance and Leadership
- Compliance with Ethical Requirements
- Acceptance and Continuance of relationships and Engagements
- Engagement Performance
- Information and Communication
The best part is the comprehensiveness of the components. As a practice manager, if you follow ISQM, you are taking care of all the major aspects of practice management, as it covers HR Policies, resource quality and retention, technology adoption, etc.