The new and revised standards comprise:

• International Standard on Quality Management 1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements (ISQM 1) (which replaces ISQC 1);
• ISQM 2 Engagement Quality Reviews; and
• a revised ISA 220 Quality Management for an Audit of Financial Statements.

Key changes

• increasing firm leadership responsibilities and accountability, and improvements to firm governance;
• a risk-based approach focused on achieving quality objectives;
• the standards have been modernised to address technology, networks and use of external service providers;
• increasing focus on the continual flow of information and appropriate communication internally and externally;
• proactive monitoring of quality Management systems and timely, effective remediation of deficiencies;
• enhancing the engagement partner’s responsibility for audit engagement leadership and audit quality; and
• clarifying and strengthening requirements for a more robust engagement quality review.

When are they effective?

The standards are effective for audits of financial statements for periods beginning on or after 15 December 2022. By this date, audit firms are also required to have designed and implemented a system of quality management. In the UK, the FRC is ‘strongly encouraging’ early adoption. 

Overview of standards

ISQM 1

ISQM 1 replaces ISQC 1. The requirements of the new standard are extensive and represent a very significant change from ISQC 1. 

ISQM 1 introduces a new risk-based approach to quality management at the firm level. This requires the firm to establish quality objectives, identify and assess quality risks, specifically with regard to the nature and circumstances of the individual firm and its engagements, and design and implement responses to address those risks. This is a much more forward-looking, proactive approach than that currently required under ISQC 1, which focuses more on policies and procedures. It is also expected to be an iterative approach that will require revisiting and continuous improvement.

The key requirements of ISQM 1 include:

• the introduction of a risk assessment process;
• a new emphasis on quality management;
• references to audit automation, including audit software and data analytics;
• specific references to service providers, such as the training groups and publishers that design and supply audit methodologies;
• changes to monitoring and remediation, including a specific requirement to use root cause analysis; and
• documentation requirements.

Visit ICAEW’s quality management hub for further information on ISQM 1.

ISQM 2

ISQM 2 Engagement Quality Reviews is a new standard setting out the appointment and eligibility of the engagement quality reviewer and the engagement quality reviewer’s responsibilities relating to the performance and documentation of an engagement quality review (EQR). This EQR is not something entirely new: it was previously the engagement quality control review (EQCR) in ISQC 1 and in ISA 220 (before the latest revisions).

The requirements have, however, been enhanced and the scope for such reviews expanded. ISQM 2 extends the requirements in relation to EQRs. These requirements would apply to audits of listed entities, Public Interest Entities (PIEs), when required by law or regulation, public reporting under UK Standards for Investment Reporting (SIRS), reporting to the UK Financial Conduct Authority on compliance with CASS (or the ‘Client Assets Sourcebook’), and when otherwise determined by the firm as being necessary to address quality risk.

• Access further information on ISQM 2

ISA 220 (Revised)

Significant revisions have been made to ISA 220 Quality Management for an Audit of Financial Statements, which clarify and strengthen the key elements of quality management at the engagement level. These include changes to the definition of the engagement team and a new stand-back requirement for the engagement partner to determine that they have taken overall responsibility for managing and achieving quality on the audit engagement.