One of the main differences is that ISQC was ‘passive’ (it could sit on the shelf for years without really affecting how the audit work was performed) while the ISQM 1 is much more ‘proactive’ requiring more thought and tailoring in its preparation leading to corrective action like root cause analysis (RCA). More on this in a later blog.
The other key differences are that the ISQM 1:
- Requires the firm to take a risk-based approach to designing, implementing and operating the individual components of the system of quality management (called the SoQM). In this risk based approach firms must:
- establish quality objectives;
- identify and assess the risks (the quality risks) that the quality objectives referred to above might not be achieved;
- design and implement responses to address the quality risks; and
- test and adjust the SoQM on a regular basis (probably annually) to ensure it is always fit for purpose;
- The new ISQM 1 has eight components of a quality management system compared to six in the previous ISQC. The two new elements are
- the firm’s risk assessment process, and
- information and communication;
- The standard includes enhanced requirements related to the firm’s commitment to quality through its culture;
- Greater emphasis is placed on accountability for the system of quality management much more than was the case with the old ISQC;
- There is a much more focused approach to the relevant ethical requirements rather than just independence which was emphasised in ISQC;
- Resources are given more attention, so each audit firm must consider resources such as :
- Human;
- Technological;
- Intellectual; and
- Service providers.
- Communication and information is one of the new components of the quality management system which places more emphasis on communications with external parties;
- There is a new approach to the monitoring process requiring a specific technique called root cause analysis;
- Requirements about engagement quality control reviews (EQCR) or hot file reviews are set out in a new standard, called ISQM 2. The old ISQC dealt with these in the past; and
- There is new requirement to understand quality in relation to:
- resources,
- services and
- monitoring provided by a firm’s network, where relevant.
It’s impossible to cover everything in this brief blog. For more assistance please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie
Publications and AML webinar
- The ISQM TOOLKIT 2022 is available to purchase here.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.