The report, titled “A Framework for Good Practice”, shares the most common issues identified during these reviews, many of which are recurring themes from previous years. We therefore recommend that firms read this report carefully to avoid making similar mistakes. Key reflections are summarised, hints and tips are outlined and useful resources are signposted throughout the document.
Upcoming webinar and CPD opportunity
To support firms in understanding the results of the report and what they reflect, Dean Neaves, Senior Manager, ICAEW Quality Assurance Department, is heading a webinar on 5 June to expand on the key findings from the quality assurance monitoring reviews conducted in 2025. He is joined by ICAEW Quality Assurance Reviewers, Dan Bevington and Hilary Barrett. Attending the webinar could provide up to 1 hour towards verifiable CPD.
2025 monitoring results
- More than 2,000 firms were reviewed
- In 2025, the key area of focus centred on cyber security
- At 88% of firms, we either raised no matters requiring action or the firm addressed the matters we raised with no need for follow up.
Some areas where improvements were needed.
- 34 firms had significant weaknesses in complying with the Money Laundering Regulations, and in some cases, they also failed to fully comply with Clients’ Money Regulations.
- 19 firms had significant breaches of Clients’ Money Regulations.
- 28 firms were using the description ‘Chartered Accountants’ when they were not eligible to do so.
We hope all the findings we have shared in this report help your firm reflect on its policies and procedures, identify areas for improvement and take inspiration from what other firms are doing well.
Area of focus in 2025: cyber security
Each year, we hold detailed discussions with larger firms to explore selected areas of focus in more depth. These conversations include a review of the policies and procedures firms have in place to manage risks in relation to these topics. In 2025, 121 larger firms were asked about cyber security.
Awareness and impact
- 99% of firms felt they had a good level of awareness of cyber security threats and had robust procedures and controls in place to prevent and/or respond to attacks. A similar proportion felt that the threat of cyber security breaches/attacks is leading to fundamental operational changes to the way they work.
- 54% had completed the Cyber Essentials Scheme’s basic self-assessment questionnaire to assess and demonstrate how their key security controls meet the scheme’s requirements.
- 67% had performed risk assessments covering cyber security risks within the previous 12 months
- 71% of firms consider they know the security arrangements of their suppliers and routinely engage to ensure they are continuing to manage risks effectively.
Firms should ensure that they have the right governance in place to direct, resource and oversee their cyber security activities.
Analysis of findings
The report includes a table where instances of reviews with firms that have at least one finding that relates to non-compliance with regulations are listed. The list is similar to last year and we therefore recommend firms review it carefully, alongside the relevant regulations and the resources identified to ensure they are not making similar mistakes.
Top areas identified include:
- Money Laundering Regulations and Clients’ Money Regulations;
- basis of fees and complaints, and engagement letters;
- ICAEW records and annual returns;
- referrals and commissions;
- professional indemnity insurance (PII), eligibility and more.
