Skip to main content

Looking for expert tax and accounting services? Click here to find your perfect match today!

Quality Management System Exposure Draft: From the View of Small and Medium-Sized Firms

July 13, 2021

 

“As the environment in which practitioners offer services becomes more diverse, it’s more important than ever for CPA Firms to tailor their quality management processes to their circumstances and maintain and enhance audit quality,” said Tracy Harding, CPA, AICPA Auditing Standards Board Chair.

“Our proposed revisions to the quality management standards offer CPA Firms a framework for developing a quality management system that addresses each Firm’s practice.  The framework is converged with international standards so that Firms performing engagements under those standards and generally accepted auditing standards (GAAS) use a consistent approach to quality management.”

The Exposure Draft (“ED”) aligns with the International Auditing and Assurance Standards Board’s (IAASB) quality management standards.  The proposed standards include changes such as using the terms quality management and engagement quality review instead of quality control and engagement quality control review, respectively, used in the current standards.

The three proposed standards are:

  • Proposed Statement on Quality Management Standards (SQMS) A Firm’s System of Quality Management
  • Proposed SQMS Engagement Quality Reviews
  • Proposed Statement on Auditing Standards (SAS) Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards

The proposed standards would supersede Statement on Quality Control Standards No. 8, create a new QM section in AICPA Professional Standards and supersede SAS No. 122, as amended, section 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards.

The ED will affect compilations, reviews and audits plus any other attest service.  It appears that a Firm that performs only preparation financial statement services will not be required to adhere to the standard.

SQMS 1 - A Firm’s System of Quality Management

This part of the ED details a new approach that emphasizes a Firm’s leadership for proactively managing quality.

The proposal sets out eight components that will be required of a Firm in designing their quality management system.

The eight components are:

  1. The firm’s risk assessment process
  2. Governance and leadership
  3. Relevant ethical requirements
  4. Acceptance and continuance of client relationship and specific engagements
  5. Engagement performance
  6. Resources
  7. Information and communication
  8. The monitoring and remediation process

The risk assessment and the information and communications components are new. The other components are emphasizing and strengthening processes that firms should be following already and will not be covered here in detail.

The ED under the risk assessment procedures requires the firm to:

  1. Establish quality objectives for each of the components listed above except for the monitoring and remediation component
  2. Identify and assess the risks to achieve the quality objectives determined in step 1
  3.  Design and implement responses to address the risks identified in step 2

The design and implementation of the quality management system is to be established, documented and in place and operational on or before the effective date of the standard.

As part of the process an individual will need to be designated as having the ultimate responsibility for the quality management system.  For small and medium sized firms this should not be an issue or anything that is not already required under Peer Review.

The risk assessment procedures are to be based on each firm’s practice.  Because it is based on risk the firm should be tailoring the procedures to address the risk.  For example, firms that perform complex audits such as Employee Benefit Plans and Government Audits will need to put in place a more complex and formalized system. Page 49 paragraph 35 of the ED addresses specific responses in designing and implementing the risk assessment process.

Firms that do less complex audits may be able to reduce the amount of procedures required to insure engagements conform to professional standards.

The information and communication component is just requiring a firm to have proper information on hand such as 3rd party reference materials and that proper leadership communication of that information be given to members of the firm.

The monitoring and remediation process component requires the firm, on an ongoing and at least annually, to review and evaluate the quality objectives including the risk assessment process detailed above and make adjustments as required.

The purpose of the monitoring is to identify deficiencies in the achieving each component’s quality objectives as established under the 3 steps above.  The remediation process is to address the deficiencies.

The individual responsible for the quality management system would be required to take a critical “stand back” look at the system.

The monitoring process will require a review of engagements similar to the present annual inspection requirements under Peer Review.  The selection of the engagements to be reviewed is to be based on risk.

The ED requires the monitoring and remediation processes to be documented.

Page 51 paragraph 40 requires the firm to establish policies and procedures that:

  • Require the individual performing the monitoring to have the competence and capabilities, including sufficient time, to perform the monitoring.
  •  Require the objectivity of the individuals performing the monitoring.  Such policies and procedures should prohibit any engagement members or the engagement quality reviewer from performing any inspection of that engagement.

This section seems to refer only to the inspection of engagements and not the overall evaluation of the quality management system.

However there is a further reference in the explanatory material that this same prohibition could be applied to someone who is performing another type of monitoring activity who participated in designing, executing or operating the response being monitored.  This could mean that the person who designed the system cannot participate in the inspection and maybe not even the overall evaluation of the system.

This prohibition is problematic for small and medium sized firms.  The firms with several members that have expertise that are not involved in the engagement or the design of the system can overcome this prohibition.  The small and medium sized firm without several members that have expertise could be required to hire an outside individual to perform the review.

A possible safeguard to overcome this prohibition is to allow the firm to inspect its own engagements and system during the two years following its triannual outside Peer Review if its Peer Review results in a “clean review”.  The definition of a “clean Peer Review” would need to be determined.

The safeguard of a possible “clean Peer Review” exception could result in firms accelerating their peer reviews to cover the 1st year after the effective date of the ED if adopted to avoid the prohibition.

Another possible safeguard for small and medium sized firms would be to require specific educational requirements in addition to current CPE requirements to demonstrate the competence of the individual performing the inspection.

Finally, a safeguard may be to exclude firms of certain sizes from this prohibition.  The mechanics and policing of this could be difficult to establish and administer.

A possible example of this exclusion would be if a firm is only subject to an engagement review under Peer Review it would be exempt from the prohibition of self-inspection of its engagements and its system.  This would require a change in engagement Peer Review standards to insure the annual inspections for all years have actually been performed and documented.

For this prohibition standard the ASB is looking to receive input from small and medium sized firm as to the merits of this standard.  Further the ASB does ask for any methods of overcoming this prohibition.

SQMS 2 - Engagement Quality Reviews

This part of the ED defines the process and procedures of an engagement quality review.

First as noted above, this part of the ED changes the term “engagement quality control review” to “engagement quality review.”

The present engagement quality control review is a process designed to provide an objective evaluation, before the report is released, of the significant judgments the engagement team made and the conclusions it reached in formulating the accountant’s/auditor’s report.  The engagement quality control review process is only for those engagements, if any, for which the firm has determined that an engagement quality control review is required, in accordance with its policies and procedures.

The engagement quality control reviewer should perform an objective evaluation of the significant judgments made by the engagement team and the conclusions reached in formulating the accountant’s/auditor’s report.  This evaluation should involve:

  • Discussion of significant findings or issues with the engagement partner/member
  • Reading the financial statements and the proposed report
  • Review of selected documentation relating to the significant judgments the engagement team made and the related conclusions it reached
  • Evaluation of the conclusions reached in formulating the report and consideration of whether the proposed accountant’s/auditor’s report is appropriate.

The ED addresses the appointment and eligibility of the engagement quality reviewer and the reviewer’s responsibilities relating to perform and document the review.  The ED’s objective is similar to the present requirements of the engagement quality control review engagements as detailed above.

The review requirements are to be defined by the quality control objectives set forth under SQMS 1 above.

The review is to be performed at the engagement level.  Pages 113 or 114 paragraph 25 detail the procedures a reviewer should perform.

The ED requires that the accountant’s/auditor’s report not be dated until the review is completed.  The ED also requires the review to be documented.  Both of these requirements should not be an issue for small and medium sized firms.

The ED requires a competent and capable individual be appointed as the reviewer.  The ED requires the reviewer not to be a member of the engagement team.  The ED also requires that there be a 2 year “cooling off” period before a previous engagement partner can serve as a reviewer.

The prohibition of an engagement team member being the reviewer is the same as under existing Peer Review Standards.  The firms with several members that have expertise that are not involved in the engagement can overcome this prohibition.  The small and medium sized firm could be required to hire an outside individual to perform the review.

However, the engagement quality review would be based upon a risk assessment.  Small and medium sized forms could assess that only complex engagements such as Employee Benefit Plans and Government audits would be subject to an engagement quality review.  All other engagements could only be required to undergo a technical review.

The 2 year cooling-off period may be a limited issue for a small and medium sized firm.

It is possible a retiring partner may be effected by the “cooling-off“ period standard.  A possible exception may be added to the standard to address this specific situation.

The 2 year “cooling-off” period may not be applicable to a firm if the engagement partner remains the same for the duration of the client services.  The nonmember of the engagement team being the engagement quality reviewer will be more of any issue for small and medium sized firms.

The nonmember of the engagement team being the engagement quality reviewer and the 2 year “cooling-off” period are standards the ASB is looking to receive input from small and medium sized firm as to the merits of this standard.  Further the ASB does ask for any methods of overcoming this prohibition.

 

QM SAS - Quality Management for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards

This part of the ED addresses the specific responsibilities at the engagement level.

The standard will apply only to engagements performed under Generally Accepted Auditing Standards.

The ED details the requirement for leadership for managing and achieving the quality on audits, relevant ethics, acceptance and continuance of clients, providing proper engagement resources and engagement performance.

The ED details the responsibilities of the engagement partner to provide a good “tone at the top” attitude plus to supervise and be responsible for the engagements that person oversees.

The proposal builds on the 2 previous parts of this proposal in that it requires the engagement partner and engagement team to follow the quality management system objectives set forth above.

 

Proposed Effective date

For SQMS 1 the system is required to be in place on the effective date of December 15, 2023.  The 1st evaluation of the system of quality management will be required and documented by December 15, 2024.

For SQMS 2 – will be effective for Audits and Reviews of financial statements for periods beginning after December 15, 2023 and for all other engagements in the Firm’s accounting and auditing practice beginning on or after December 15, 2023.  An engagement in the firm’s accounting and auditing practice begins when the engagement letter or any other agreement to perform attest services is signed, or when the firm begins to perform the engagement, whichever is earlier.

QM SAS - will be effective for engagements conducted in accordance with Generally Accepted Auditing Standards for periods beginning after December 15, 2023.