International Standard on Quality Management (ISQM) 1: What you need to know

In September 2020, the International Standards on Quality Management approved the ISQM 1, ISQM 2 and the International Standard on Auditing (ISA 220 Revised).

The three Quality Management Standards are the culmination of the response of the International Auditing and Assurance Standards Board (IAASB) to a series of high-profile audit failures. The new standards are a response to the changing environment, the challenges of the effectiveness of our pre-existing quality control standards, and growing market participant needs. It will result in a set of standards that are aimed at a more robust System of Quality Management for firms.

Why do we require new quality management standards?

The  International Auditing and Assurance Standards Board (IAASB) Quality Management Standards address the management of quality by a firm and the management of quality on a firm’s specific engagements.

Since 2013 IAASB have determined a need to revise the quality management standards as they have identified issues with the current standards, primarily:

  1. The need to improve firm governance including culture and tone at the top
  2. The need to address the emergence of new trends for example how firms communicate with stakeholders
  3. Dealing with concerns about firms placing undue reliance on what they get from their networks
  4. Challenges experienced by smaller firms in applying the standards
  5. Strengthening the engagement partners responsibilities and improving the robustness of a number of aspects of engagement quality control reviews

The new standards have been modernised by responding to the changing environment, improving the robustness and effectiveness of the quality management standards and addressing growing market participation needs.

What is included in the new quality management standards?

The IAASB has introduced 3 new standards which will come into effect from December 2022. 

ISQM 1

What? This is the standard that deals with quality management at a firm level. It replaces the ISQC1 which was focused on quality control.

Why? A quality management system is necessary to create an environment that enables and supports engagement teams in performing quality engagements.

Who? ALl firms w

ISQM 2

What? This standard deals with the appointment and eligibility of the engagement quality reviews and the responsibility of the reviewer in relation to the performance and documentation of the review. This is a brand new standard, but many elements have been relocated from other standards such as ISQC1 and ISA 220.

Why? To enhance the requirements and application material in relation to the firm’s engagement quality reviews, including establishing clear objectives and clarifying the nature, timing and extent of the reviews. 

ISA 220 (Revised):

What? This standard deals with the engagement partner and engagement team’s responsibilities for quality management for an audit of financial statements. It is based on the current ISA 220 standard.

Why? The revised standard modernises the approach to quality management and requires the engagement partner and engagement team to be proactive in managing and achieving quality.

Who do the new International Standard on Quality Management (ISQM) 1 apply to?

The new standards have been designed for use by firms of all sizes. ISQM 1 applies to those firms who perform engagements under the IAASP standards including those who perform audits or reviews of financial statements and firms who have other assurance engagements, compilations or agreed-upon procedures. ISQM 2 applies to all engagements for which an engagement quality review is required to be performed in accordance with ISQM 1. The ISA 220 (Revised) is premised on the basis that the firm is subject to the ISQMs or to national requirements that are at least as demanding.

What is the ISQM 1 implementation timeline?

Sept 2020 – IAASB approved the 3 quality standards.

Dec 2020 – Standards officially released.

Dec 2022 – Standards will need to be in place for audit engagements and quality reviews by 15 December 2022.

Will additional guidance materials be released?

Yes, the IAASB has released a non-authoritative First-time Implementation Guide to help stakeholders understand the requirements of the International Standard on Quality Management (ISQM) 1, it is expected that more guidance documents will be released as we get closer to the implementation date.

Do you have any questions on ISQM 1? Contact us using the form below and we’ll respond as soon as possible.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.