Understanding the ASB ED: Proposed Quality Management Standards
The AICPA is making sweeping changes to the standards governing Firm Quality Control/Management practices, and as part of that process, has issued the exposure draft Proposed Quality Management Standards.
The changes proposed are significant and pervasive, apply to all firms with an accounting and auditing practice, and are, in part, responses to peer review findings.
The Auditing Standards Board has designed the new standards to be scalable to different sized firms; however, as currently proposed, the new standards will necessitate changes to your firm's system of quality control to incorporate a new system of quality management.
While some of the required changes could be minor, many required changes will be significant. Understanding the effects of these changes on your firm will help make a smoother transition when the proposed standards are implemented.
To learn more about the proposed new standards (full text of the exposure draft can be found here; a summary of the proposed changes can be found below), register for the Quality Control/Management Standards – Proposed Changes session during Audit Talk LIVE on June 01-02.
In this session – part of the Accounting & Reporting Insights track – you'll hear from industry experts as they discussed the risk-based approach to Quality Control/Management and hear feedback from firms that are working to early-implement the proposed standards.
Understanding what's coming will help your firm make a smoother transition into the future - check out the entire schedule and register today.
Introduction to Exposure Draft for Proposed Quality Management Standards
Editor's note: this content was provided by the AICPA and has not been reviewed for accuracy or completeness.
The proposal includes three interrelated standards that address the way CPA firms manage quality for their accounting and auditing practices. The standards offer a new proactive, risk-based approach to effective quality management systems within CPA firms, which will improve the scalability of the standards and promote a system tailored to the firm and its engagements.
"As the environment in which practitioners offer services becomes more diverse, it's more important than ever for CPA firms to tailor their quality management processes to their circumstances and maintain and enhance audit quality," said Tracy Harding, CPA, AICPA Auditing Standards Board Chair. "Our proposed revisions to the quality management standards offer CPA firms a framework for developing a quality management system that addresses each firm's practice."
The proposed standards include changes such as using the terms quality management and engagement quality review instead of quality control and engagement quality control review, respectively, used in the current standards. The new risk-based approach requires firms to establish prescribed quality objectives, identify and assess risks to the achievement of those objectives, and design and implement responses.
The proposed standards would:
- Supersede Statement on Quality Control Standards (SQCS) No. 8, A Firm's System of Quality Control (QC section 10)
- Create a new QM section in AICPA Professional Standards,
- Supersede SAS No. 122, as amended, section 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards (AU-C section 220),
- Substantially converge with the International Audit & Assurance Board's (IAASB) quality management standards.
Proposed Statement on Quality Management Standards (SQMS) A Firm's System of Quality Management (Proposed SQMS 1)
Proposed SQMS 1 requires a firm to design, implement, and operate a system of quality management that is customized for the nature and circumstances of its accounting and auditing practice.
The proposed standard consists of:
- Eight components that operate in an iterative and integrated manner
- Other requirements that address the roles and responsibilities for the system, leadership's overall evaluation of the system, network requirements or network services, and documentation
Proposed SQMS 1 includes new requirements or expectations in the following areas:
- Governance and leadership
- Risk-based approach focused on achieving quality objectives
- Resources, including human, intellectual, and technological
- Information and communication
- Monitoring and remediation
- Annual evaluations of the system of quality management
- Use of networks
Risk Assessment Process
Proposed SQMS No. 1 includes a new approach that focuses firms' attention on risks that may have an impact on engagement quality. The firm's risk assessment process is a new component that comprises the process the firm is required to follow in implementing the risk-based approach to quality management.
The risk assessment is a three-step process:
- Establish quality objectives. The proposed standard requires the firm to establish specific quality objectives for each component except monitoring and remediation.
- Identify and assess risks to the achievement of the quality objectives (referred to in the proposed standard as quality risks). Identifying and assessing quality risks involves
- understanding the factors (that is, the conditions, events, circumstances, actions, or inactions) that may adversely affect the achievement of the quality objectives, and
- identifying and assessing the quality risks by taking into account how and the degree to which the factors may adversely affect the achievement of the quality objectives. (The assessment of identified quality risks does not require formal ratings or scores.)
A risk arises from how, and the degree to which, a condition, event, circumstance, action, or inaction may adversely affect the achievement of a quality objective. Not all risks meet the definition of a quality risk. Firms are expected to use professional judgment in determining whether a risk is a quality risk, which is based on the firm's consideration of whether there is a reasonable possibility of the risk occurring, and, individually or in combination with other risks, adversely affecting the achievement of one or more quality objectives. The firm takes into consideration how frequently the quality risk is expected to occur and how much time it would take for the quality risk to have an effect and whether in that time the firm would have an opportunity to respond to mitigate the effect of the quality risk.
- Design and implement responses to address the quality risks. The nature, timing, and extent of the firm's responses to address the quality risks are based on, and responsive to, the reasons for the assessments given to the quality risks. Certain responses are specified in the standard; however, the specific responses required by the standard will not be sufficient for the firm to address all its quality risks.
Another significant change is the prohibition for self-inspection. Under QC section 10, a partner, or other member of the team, may perform an inspection of their own work during a firm's monitoring functions. In order to improve audit quality, proposed SQMS 1 prevents this type of self-inspection, consistent with the IAASB quality management standards.
Other Items of Interest
Proposed SQMS 1 is intended to support flexibility and scalability, thus allowing firms to tailor their system of quality management to their specific facts and circumstances (i.e. practice). The ASB believes that the proposed standard is not overly prescriptive but recognizes moving from a rules-based approach to a more principle-based approach could be challenging.
In particular, the ASB is concerned that this shift might be challenging for smaller firms to implement; therefore, they have:
- Extended outreach to various groups
- Posed questions specifically targeting scalability, accompanying the Exposure Drafts
Proposed SQMS, Engagement Quality Reviews (Proposed SQMS 2)
Proposed SQMS 2 aims to respond to issues and challenges with the requirements for engagement quality (EQ) reviews in extant QC sec. 10 and AU-C section 220, by making changes that clarify and strengthen aspects of those requirements for a more robust EQ review.
An EQ review is a specified response designed and implemented by the firm to address quality risks. Proposed SQMS 1 requires that the firm determine when an EQ review is an appropriate response to quality risks.
Besides highlighting the importance of EQ reviews as a response to quality risks by separating it into its own standard, other significant changes include:
- Enhanced eligibility criteria for EQ reviewers,
- More robust performance and documentation requirements,
- A two (2) year cooling-off period for engagement partners to serve as an EQ reviewer (EQR), and
- A preclusion for the engagement partner to date the engagement report until notification from the EQR that the EQ review is complete.
Other Items of Interest
If an EQ review is required as a response to quality risk, then proposed SQMS 2 requires a cooling-off period of 2 years before an engagement partner can return to serve as an EQR.
Consistent with the IAASB quality management standards, the ASB has proposed shifting the dating of the report until after the EQR completes its review. The ASB's current rules require the EQR to be performed prior to the release date, not the report date.
The ASB is interested in scalability, in general, but particularly related to the 2-year cooling-off period and new dating requirements.
Proposed Statement on Auditing Standards (SAS) Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards (Proposed QM SAS)
The proposed QM SAS clarifies and strengthens the specific responsibilities of the auditor regarding quality management at the engagement level for an audit of financial statements, and the related responsibilities of the engagement partner.
The proposed QM SAS impacts audits by introducing changes in:
- Engagement-level quality
- Partner responsibilities
- Interaction of a firm's system of quality management and engagement-level quality
- Professional skepticism
- Relevant ethical requirements
Other Items of Interest
The ASB is interested in feedback regarding engagement partner direct responsibilities versus those that can be delegated, the interaction between the firm's (or potentially the network's) system of quality management, and the engagement team's role in quality management and scalability.