AICPA Proposes New Quality Management Standards for Firms

The American Institute of Certified Public Accountants has proposed three new standards on quality management for CPA Firms at the Firm and engagement levels. The proposed standards bring essential changes to the way firms oversee the quality of the attest practice. The three proposed standards are as follows.

Proposed Statement on Quality Management Standards, A Firm’s System of Quality Management (SQMS No. 1)
Proposed Statement on Quality Management Standards, Engagement Quality Reviews (SQMS No. 2)
Proposed Statement on Auditing Standards Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards (QM SAS)

According to the AICPA, the proposed standards update the existing standards for advances in technology and replace the existing “one-size-fits-all” model with a more scalable approach to firms of all sizes. These proposed standards are the most significant changes since 2006 on quality management issued by AICPA. Audit quality is the number one concern and priority for most audit professionals, and these proposed standards are intended to improve audit quality.

The Auditing Standards Board (ASB) has been following the IAASB’s project on audit quality management by providing input throughout the process. As a result of this project, IAASB issued its quality management standards back in December 2020, similar to the AICPA’s proposed standards. It is ASB’s strategy to converge its proposed standards with those of the IAASB because the issues that led IAASB to revise its standards are equally important in the United States. The following article is summarized based on the explanatory memorandum published by the AICPA and used for educational use only.

A New Approach to the Firm’s System of Quality Management – SQMS No. 1

The system of quality management at a CPA firm is designed to achieve two primary objectives a) The firm and its professionals fulfill their responsibilities under professional standards and applicable legal and regulatory requirements, and conduct engagements with such standards and requirements b) Engagement reports issued by the firm are appropriate in the circumstances. An effective quality management system should achieve these two objectives.

The proposed standards emphasize a risk-based approach with revised quality management components, enhanced monitoring process, and more robust leadership and governance requirements.

What is New Under the Proposed Standards

The new or revised components of quality management under the proposed standards include the following:

Risk Assessment Process

Firms are required to follow the process proposed under the new standards in setting up a risk-based approach to quality management. Risk assessment is a three-step process:

Establish quality objectives for each of the components of quality management prescribed by ASB except monitoring and remediation
Identify and assess risks to the achievement of the quality objectives
Design and implement responses to address the quality risks

The risk assessment process is essential to ensure the eight components of quality management are established and working appropriately to achieve the overall quality management objectives. It is a continuous process and unique to each firm for improving and maintaining quality management within the firm.

Governance and Leadership: The proposed standards provide targeted enhancements to the existing standard on governance and leadership, precisely the “tone at the top” and the importance of quality in the firm’s strategic decisions and actions. The firm is required to assign ultimate responsibility and accountability for the system of quality to the firm’s CEO, managing partner, or equivalent. In addition, the firm is required to assign the following to designated individuals a) operational responsibility for the system of quality management b) operational responsibility for the specific aspects of the system of quality management, including compliance with independence requirements and the monitoring and remediation process.

Resources: Current standard only addresses human resources; the proposed standard expands to all resources that the firm needs, such as:

Technology
Intellectual resources (example: firms’ methodology, templates, tools, etc.)
Human resources (including component auditors external to the firm)

The proposed standard focuses on what resources are needed, how they are used and maintained, and whether they are appropriate.

Information and Communication

This is a new component under the proposed standards to address the lack of guidance currently on this matter. The proposed standard underscores the importance of a continuous flow of information and communication by linking the exchange of information to the firm’s culture to be driven by top leadership throughout the firm. The standard requires that the firm establish an information system to identify, capture, process, and maintain information.

Both internal and external communication is dealt with in the standard. From an internal perspective, it reinforces the need for robust two-way communication throughout the firm. From an external perspective, the standard reinforces a critical public interest issue, which encourages firms to be transparent to external parties about their quality management systems in a relevant, innovative, and proactive manner. The standard requires firms to establish policies and procedures that address when communications with external parties are appropriate.

Monitoring and Remediation

The proposed standard shifts the focus from engagement level monitoring to monitoring the entire system of quality management. The standard requires firms to inspect completed engagements and for engagement partners to be inspected on a cyclical basis. The firm identifies its inspection criteria, including how often to select completed engagements, which completed engagements to select, which engagement partners to select, and how frequently to select based on its risk management criteria.

The proposed standard also includes requirements for evaluating findings and identifying deficiencies, and evaluating the severity and persuasiveness of the deficiencies. This includes a new requirement to investigate the root cause of the identified deficiencies.

Engagement Quality Reviews – SQMS No. 2

The proposed standards include separate guidelines on policies and procedures addressing the appointment and eligibility of engagement quality reviews. The proposed standards also contain the engagement partner’s responsibilities relating to the engagement quality review, focusing on how the engagement partner and the engagement team interact with the engagement quality reviewer. Having a separate standard place, the importance of engagement quality review and provides a mechanism to differentiate the responsibilities of the firm and the engagement quality reviewer more clearly. The engagement quality reviewer is acting on behalf of the firm, and the objective of the engagement quality reviewer is the firm’s objective as a whole.

The proposed standard discusses the appointment and eligibility of engagement quality reviews, including the individuals within the firm who should appoint appropriate quality reviewers for engagements, the qualifications of the reviewer, sufficient time for an appropriate review, etc. The engagement partner is precluded from dating the engagement report before receiving notification from the engagement quality reviewer. The standards also discuss the documentation and timing of the review.

Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards – QM SAS

The proposed standards address public interest considerations through proactive management of quality at the engagement level, emphasizes the importance of professional skepticism, enhanced audit documentation, and the need for more robust communications. QM SAS addresses how the engagement partner leverages the firms’ systems and manages quality at the engagement level.

The proposed SAS clarifies that the engagement partner has the overall responsibility for managing and achieving quality. This makes the engagement partner responsible and accountable for compliance with the requirements and adherence to the quality standards set by the firm. One way the engagement partner fulfills the responsibilities is through involvement in the audit throughout the engagement, as it is fundamental to the engagement leadership to achieve higher quality.

Other Matters – Networks

The proposed standard focuses on reinforcing the firm’s responsibility for its system of quality management even though it may be part of a network. Each firm has its own responsibility to design and implement quality management that is unique to the firm.

Effective Dates:

SQMS No 1 would be required to be designed and implemented by December 15, 2023
SQMS No 2 would be effective for audits or reviews of financial statements for periods beginning on or after December 15, 2023
QM SAS would be effective for engagements conducted in accordance with GAAS for periods beginning on or after December 15, 2023.

What can firms do now?

Become familiar with the proposed standards

Develop an implementation plan

Prepare a comment letter on the exposure draft and submit to AICPA before the due date.

Design and implement the system of quality management so that its fully operational on December 15, 2023

Perform engagement quality reviews in accordance with SQMS No. 2

Plan to apply QM SAS for engagements starting in 2024

Develop a process of an annual evaluation of the system of quality management

=========

About the author: Sibi Thomas, CPA, CFE, CGMA, is an audit partner at Marks Paneth LLP. Sibi plans, coordinates, and conducts audits of nonprofit organizations. Sibi can be reached at sthomas@markspaneth.com.