Changes ahead on quality management for audits

The Financial Reporting Council (FRC) is currently consulting on two new standards, ISQM (UK) 1 and 2, which together with proposed changes to ISA (UK) 220 are set to dramatically alter the approach auditors will be required to take to ensure audit quality.

These changes are based upon standards that have already been introduced internationally by the IAASB, with only minimal amendments proposed for use in the UK. With the FRC strongly supporting the approach that was taken when developing the international standards it is expected that there will be little change to the draft proposals when they are finalised for use in the UK later this year.

What are ISQMs?

ISQM stands for ‘International Standard on Quality Management’ and when the two new standards come into force in the UK they will replace the existing standard ISQC(UK) 1 that currently sets out the approach to audit quality that firms have to follow.

This is more than just a change of name though. Although the quality objectives are similar between the old and new standards, namely that the firm and its personnel fulfill their professional and legal responsibilities and that the audit reports issued by the firm are appropriate, the adoption of the ISQMs represents a shift towards a risk-based approach to quality management, rather than one based solely on setting policies that need to be followed.

What is a risk-based approach?

Proposed ISQM (UK) 1 sets out a range of quality objectives, each of which is based on outcomes. In other words assessing whether the firm’s approach yields the required results, rather than just setting policies that may be irrelevant or ineffective.

These quality objectives that the firm’s risk assessment process is required to consider are grouped as follows:

• Governance and leadership;
• Relevant ethical requirements;
• Acceptance and continuance of client relationships and specific engagements;
• Engagement performance;
• Resources; and
• Information and communication.

For each of these areas ISQM (UK) 1 sets out a series of quality objectives, many of which will be familiar to those with an appreciation of the existing standard ISQC (UK) 1’s requirements. It also sets out some specific responses to identified risks which firms will be obliged to comply with, such as the need for the firm’s leadership to be responsible and accountable for quality, and to demonstrate their commitment to quality through their actions and behaviour.

For each quality objective identified the firm will need to identify and assess the risks that could hinder their achievement, and design and implement responses that address those quality risks. So it’s not a case that firm’s will need to throw out their existing procedures and start again from scratch, but they will need to consider whether those procedures are fit for purpose, reflect the quality risks that have been identified and help to achieve the overall aim of promoting audit quality.

This risk assessment process will be a considerable undertaking for any firm, but it is expected that the approach will be scalable to reflect the unique circumstances of each firm and its client base. Smaller firms may determine that certain areas do not present significant risks and therefore do not require a risk-based response, for example a sole practitioner may not have any staff to direct and supervise, so would not require policies and procedures in this respect, whilst a larger firm will need extensive procedures around training, appraisals, remuneration and internal communication to counter the many and varied risks that arise from having a larger workforce.

Monitoring and remediation process

Having put in place its procedures designed to ensure quality, firms will need to monitor the operation of those procedures in order to identify any deficiencies that may exist. As before this will include conducting a number of cold file reviews of specific engagements as well as considering compliance with the procedures and policies in place.

Where deficiencies are identified, firms will need to investigate their root cause as well as evaluating their effect, individually and in aggregate, on the firm’s system of quality management. Remedial action will need to be designed and implemented in response to those deficiencies.

What about ISQM (UK) 2?

The second proposed standard is more specific in nature and addresses the performance of Engagement Quality Reviews. Such reviews play an important part of the quality framework, by providing an objective evaluation of the subjective judgements made by the engagement team and the conclusions they have reached.

The standard covers the appointment and eligibility of the reviewer, and their responsibilities relating to the performance and documentation of their review

When do these changes come into force?

It is proposed that these new standards will come into force such that firms will need to have designed and implemented a system of quality management in compliance with ISQM(UK) 1 by 15 December 2022, with early adoption strongly encouraged. The first evaluation of the system will need to be undertaken within one year of that date.

This timetable is one of areas where the FRC are seeking opinions as part of the current consultation process, and is subject to change.

How Mercia can help

Under the proposed new standards firms will continue to be able to utilise external service providers such as Mercia to help them to evaluate their system of quality management. Our ability to provide an independent and objective assessment of engagement performance for a wide range of client types can form an integral part of your firm’s monitoring process. We are also able to help you evaluate your policies and procedures and assist in considering any deficiencies that have been identified.

Users of our Audit Manual Package will already be aware that it addresses the issue of audit quality within the Audit Procedures Manual. We are currently in the process of assessing how our methodology needs to change in response to the proposed new standards so that it continues to provide you with the guidance and support that you require. If you would like to be involved in the development of these areas within our product base please contact Jenny Faulkner (Head of Publications - Assurance and Financial Reporting).