The AICPA’s Auditing Standards Board is proposing a massive overhaul of the Quality Control Standards.
Who will this affect? All CPA firms who provide any audit, review, compilation, preparation, or attestation engagements. In other words, anyone with any accounting & auditing work.
As a mere starting point, the new standards will be relabelled as Quality Management Standards. Instead of QC system, we will now have a QM system.
As a reminder, QC or QM standards apply regardless of whether you go through a system review or engagement review during your tri-annual peer review. The QC/QM system is tested in a system review but you still must have a formal QC/QM system even if you only do comps and reviews.
This post will provide a quick mention of what I see as the three biggest changes followed by a lengthy summary.
A massive change that will impact small firms is that the annual inspection (which is currently required and will continue to be required) may not be performed by anyone who worked on the engagement.
For one person firms, this will require us to get someone outside the firm to perform the annual inspection. Two or three partner firms where the partners do essentially all of the work will also have to get someone from outside to do the inspection.
Two of the other changes of note: new risk assessment process and annual evaluation of quality management system.
The risk assessment process will require establishing quality objectives, identifying risks to achieving those quality objectives, and implement responses to address the quality risks.
After a one year delay to allow running the new QM system for a while the new requirement of an annual assessment of the QM system will kick in.
Proposed effective dates
The first Statements on Quality Management Standards, referred to as SQMS #1, is proposed to require the new quality management system be designed and implemented by December 15, 2023. The first annual evaluation of the system of quality management is proposed to be required within one year following December 15, 2023.
Rephrasing the effective date, the new QM system has to be in place before the end of 2023 (by 12/15/23 to be exact). That is about 2½ years from now. The first annual evaluation will be required one year after that, by the end of 2024 (specific deadline 12/15/24).
Summary of exposure drafts
To communicate changes in the A&A world, the AICPA publishes a newsletter called PR Prompts. The newsletter is ‘unbranded.’ The AICPA gives peer reviewers explicit permission to reprint the material in their own name and send it to clients.
I will do so.
The following material is from PR PROMPTS, May 2021 Special Edition. For ease of reading, I will not put the entire text in quotation marks.
New Approach to Quality Management Standards
ALL FIRMS with an accounting and auditing practice SHOULD READ what follows.
The American Institute of CPAs’ (AICPA) Auditing Standards Board (ASB) has issued the exposure draft (ED) Proposed Quality Management Standards. The changes proposed are, in part, responses to peer review findings. The changes are SIGNIFICANT and apply to ALL FIRMS with an accounting and auditing practice.
Though the Auditing Standards Board (ASB) has designed the new standards to be scalable to different sized firms, as proposed your firm WILL NEED TO CHANGE its system of quality control to incorporate a new system of quality management. In addition, while many of the required changes could be minor, some changes required may likely be significant. For example, current standards allow engagements to be inspected by a member of the engagement team (self-inspection). Under the proposed standard this would be prohibited; thus, many smaller firms will be required to engage individuals outside the firm to perform annual inspections.
The ASB is interested in feedback. And as a result of feedback, changes to the proposal will be considered. It is vitally important for firms to respond to the proposal for the ASB to accomplish its objective and to allow the ASB to effectively evaluate the impact of the proposed standards on firms of all sizes. The comment deadline is AUGUST 31 which seems far away but will be here before you know it!
ALL FIRMS are highly encouraged to submit their feedback to the ASB at CommentLetters@aicpa-cima.com. The deadline for providing comments is AUGUST 31, 2021.
This article includes several sections:
The proposal includes three interrelated standards that address the way CPA firms manage quality for their accounting and auditing practices. The standards offer a new proactive, risk-based approach to effective quality management systems within CPA firms, which will improve the scalability of the standards and promote a system tailored to the firm and its engagements.
“As the environment in which practitioners offer services becomes more diverse, it’s more important than ever for CPA firms to tailor their quality management processes to their circumstances and maintain and enhance audit quality,” said Tracy Harding, CPA, AICPA Auditing Standards Board Chair. “Our proposed revisions to the quality management standards offer CPA firms a framework for developing a quality management system that addresses each firm’s practice.”
The proposed standards include changes such as using the terms quality management and engagement quality review instead of quality control and engagement quality control review, respectively, used in the current standards. The new risk-based approach requires firms to establish prescribed quality objectives, identify and assess risks to the achievement of those objectives, and design and implement responses.
The proposed standards would:
- supersede Statement on Quality Control Standards (SQCS) No. 8, A Firm’s System of Quality Control (QC section 10)
- create a new QM section in AICPA Professional Standards,
- supersede SAS No. 122, as amended, section 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards (AU-C section 220),
- substantially converge with the International Audit & Assurance Board’s (IAASB) quality management standards.
Proposed SQMS 1 requires a firm to design, implement, and operate a system of quality management that is customized for the nature and circumstances of its accounting and auditing practice.
The proposed standard consists of:
- Eight components that operate in an iterative and integrated manner
- Other requirements that address the roles and responsibilities for the system, leadership’s overall evaluation of the system, network requirements or network services, and documentation.
Proposed SQMS 1 includes new requirements or expectations in the following areas:
- Governance and leadership
- Risk-based approach focused on achieving quality objectives
- Resources, including human, intellectual, and technological
- Information and communication
- Monitoring and remediation
- Annual evaluations of the system of quality management
- Use of networks
Risk Assessment Process
Proposed SQMS No. 1 includes a new approach that focuses firms’ attention on risks that may have an impact on engagement quality. The firm’s risk assessment process is a new component that comprises the process the firm is required to follow in implementing the risk-based approach to quality management.
The risk assessment is a three-step process:
- a) understanding the factors (that is, the conditions, events, circumstances, actions, or inactions) that may adversely affect the achievement of the quality objectives, and
- b) identifying and assessing the quality risks by taking into account how and the degree to which the factors may adversely affect the achievement of the quality objectives. (The assessment of identified quality risks does not require formal ratings or scores.)
A risk arises from how, and the degree to which, a condition, event, circumstance, action, or inaction may adversely affect the achievement of a quality objective. Not all risks meet the definition of a quality risk. Firms are expected to use professional judgment in determining whether a risk is a quality risk, which is based on the firm’s consideration of whether there is a reasonable possibility of the risk occurring, and, individually or in combination with other risks, adversely affecting the achievement of one or more quality objectives. The firm takes into consideration how frequently the quality risk is expected to occur and how much time it would take for the quality risk to have an effect and whether in that time the firm would have an opportunity to respond to mitigate the effect of the quality risk.
3. Design and implement responses to address the quality risks. The nature, timing, and extent of the firm’s responses to address the quality risks are based on, and responsive to, the reasons for the assessments given to the quality risks. Certain responses are specified in the standard; however, the specific responses required by the standard will not be sufficient for the firm to address all its quality risks.
Another significant change is the prohibition for self-inspection. Under QC section 10, a partner, or other member of the team, may perform an inspection of their own work during a firm’s monitoring functions. In order to improve audit quality, proposed SQMS 1 prevents this type of self-inspection, consistent with the IAASB quality management standards.
Other Items of Interest
Proposed SQMS 1 is intended to support flexibility and scalability, thus allowing firms to tailor their system of quality management to their specific facts and circumstances (i.e. practice). The ASB believes that the proposed standard is not overly prescriptive but recognizes moving from a rules-based approach to a more principle-based approach could be challenging.
In particular, the ASB is concerned that this shift might be challenging for smaller firms to implement; therefore, they have:
- Extended outreach to various groups
- Posed questions specifically targeting scalability, accompanying the Exposure Drafts
Proposed SQMS, Engagement Quality Reviews (Proposed SQMS 2)
Proposed SQMS 2 aims to respond to issues and challenges with the requirements for engagement quality (EQ) reviews in extant QC sec. 10 and AU-C section 220, by making changes that clarify and strengthen aspects of those requirements for a more robust EQ review.
An EQ review is a specified response designed and implemented by the firm to address quality risks. Proposed SQMS 1 requires that the firm determine when an EQ review is an appropriate response to quality risks.
Besides highlighting the importance of EQ reviews as a response to quality risks by separating it into its own standard, other significant changes include:
- Enhanced eligibility criteria for EQ reviewers,
- More robust performance and documentation requirements,
- A two (2) year cooling off period for engagement partners to serve as an EQ reviewer (EQR), and
- A preclusion for the engagement partner to date the engagement report until notification from the EQR that the EQ review is complete.
Other Items of Interest
If an EQ review is required as a response to quality risk, then proposed SQMS 2 requires a cooling off-period of 2 years before an engagement partner can return to serve as an EQR.
Consistent with the IAASB quality management standards, the ASB has proposed shifting the dating of the report until after the EQR completes their review. The ASB’s current rules require the EQR to be performed prior to release date, not report date.
The ASB is interested in scalability, in general, but particularly related to the 2-year cooling off period and new dating requirements.
Proposed Statement on Auditing Standards (SAS) Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards (Proposed QM SAS)
The proposed QM SAS clarifies and strengthens the specific responsibilities of the auditor regarding quality management at the engagement level for an audit of financial statements, and the related responsibilities of the engagement partner.
The proposed QM SAS impacts audits by introducing changes in:
- Engagement-level quality
- Partner responsibilities
- Interaction of a firm’s system of quality management and engagement-level quality
- Professional skepticism
- Relevant ethical requirements
Other Items of Interest
The ASB is interested in feedback regarding engagement partner direct responsibilities versus those that can be delegated, the interaction between the firm’s (or potentially the network’s) system of quality management and the engagement team’s role in quality management and scalability.