Audit compliance partners and others responsible for designing and implementing the SoQM at smaller audit firms should have some appreciation of the changes from articles and webcasts. If you have not done so already, we strongly recommend making time in the coming weeks to read ISQM 1 First-Time Implementation Guide. This preparation will help when further guidance and support are released by UK audit methodology providers later in 2022.
ISQM 1 and the SoQM represent a significant change from ISQC 1, but once new requirements are fully understood they should be seen as a positive development by firms. In a few cases, ISQC 1 procedures have become an out-of-date boiler-plate document inhabiting the depths of a shared server. Many of your existing quality control policies and procedures will remain relevant, but ISQM 1 requires proactive monitoring, review and evolution of these procedures, to reflect changes in your firm, audit clients and the external environment.
Get the ball rolling
Tailored risk assessment is key to the SoQM. Quality risks will differ substantially between a sole practitioner with few staff and a firm with four or five partners and 20-30 audit staff. Equally, an assessment of the quality risks from a stable audit portfolio of small and medium-sized corporates will quickly change if a firm takes on its first group audit, a large corporate audit, or specialist audits such as charities, academies and pension schemes.
If it’s not yet under way, start your risk assessment process as soon as possible. Our reviewers will discuss this with firms at our visits during 2022. For smaller firms, this risk assessment may be a single document and the standard includes comprehensive quality objectives that need to be established. Additional objectives may need to be developed, although this is unlikely to be common for most firms.
Room for improvement
With your initial risk assessment complete, you can then review the effectiveness of existing quality control policies and procedures against the audit quality objectives. If you have recently had positive feedback from external monitoring or cold file reviews, then you may find that few changes are necessary at present. More challenging or critical reviews of your audit work may indicate policies and procedures that were not fit for purpose (and should possibly already have been improved). One area that will require work for many, if not all, firms will be evaluation of service providers – including methodology, CPD and external file reviewers.
Most firms will need to enhance their process of monitoring and remediation. All will be familiar with the need for cold file reviews on an annual basis, and some will have started to consider root cause analysis of their findings. For smaller firms, monitoring and remediation need not be over-engineered, but the process will need to include regular reviews of risk assessment, audit quality objectives and responses.
As an audit regulator, we want to see our firms on track and compliant with ISQM 1 by December 2022 – including the important new area of risk assessment – and the enhancement of monitoring and remediation. Even with the assistance of methodology providers, implementation of ISQM 1 will require the investment of time and effort by senior individuals at all audit firms over the course of 2022.
This is not simply a race ending at the implementation date and we don’t expect the initial SoQM will be flawless at all firms. Quality management will be an integral part of your audit practice by December 2022 and the system can then evolve and strengthen over time.
About the author
Nick Reynolds, Senior Manager, ICAEW Quality Assurance