FIRMS THAT OFFER AUDIT AND ACCOUNTING SERVICES STILL have time to successfully implement the new quality management standards, but they must start now to be ready when the standards take effect Dec. 15, 2025. Keep in mind that firms whose peer review year ends after this date (many reviews are to be performed starting in 2026) will have their systems reviewed under the new quality management standards—firms that fail to comply may not pass their peer review! You may be feeling overwhelmed and unsure of where to begin and how to bridge the gaps from the current policy-based quality control standards to the new risk-based quality management standards. (See “Overview of the New Standards” section.) There is a lot to do and limited time to do it—now is the time to start if your firm hasn’t already. So, how do you make this significant task achievable? This article provides advice on how to do that in several key areas. DEVELOPING AN APPROACH TO IMPLEMENTATION There is no one correct answer in developing an approach to implementation. Some practical approaches include: Component-by-component — Start with a component that your firm feels is already well established and develop the quality objectives, quality risks, and responses for that component before moving on to another component. Step-by-step — Develop all quality objectives first, assessing all quality risks, and then design and implement responses to quality risks. Caution: One response could address multiple quality risks across various components, and one quality risk could require more than one response. Implementation of the quality management standards will be iterative and may require reevaluating the risk assessment, gap analysis, and responses. DETERMINING A DOCUMENTATION APPROACH The form, content, and extent of documentation may be influenced by the complexity of the firm and the nature and circumstances of its practice areas and organization. Documentation of the firm’s system of quality management should: Support a consistent understanding of the system of quality management by personnel, including their roles and responsibilities when performing engagements. Support consistent implementation and operation of the responses. Provide evidence of the response’s design, implementation, and operation to support the system of quality management by the responsible individual(s). The AICPA developed an Example Risk Assessment template that firms may use to facilitate the documentation of quality objectives, quality risks, and responses during the implementation of the quality management standards as part of the practice aid, Establishing and Maintaining a System of Quality Management for a CPA Firm’s Accounting and Auditing Practice. The Risk Assessment Process The risk assessment process is a new component that firms will design and implement as part of their system of quality management. It consists of establishing quality objectives, identifying and assessing quality risks that could adversely affect achieving quality objectives, and designing and implementing responses to address the assessed quality risks. Establishing Quality Objectives Statement on Quality Management Standards (SQMS) No. 1, A Firm’s System of Quality Management, specifies quality objectives that the firm should establish. To access the statement, scan the QR code. Quality objectives are the desired outcomes in relation to the components of the system of quality management to be achieved by the firm. Firms should establish specified quality objectives for: Governance and leadership. Relevant ethical requirements. Acceptance and continuance of client relationships and specific engagements. Engagement performance. Resources. Information and communication. The quality objectives required to be established by the firm are considered sufficiently comprehensive such that it is unlikely that the firm would need to establish additional quality objectives. A firm may establish sub-objectives to enhance the firm’s identification and assessment of risks and responses. What Is a Quality Risk? A quality risk is a risk that has a reasonable possibility of: Occurring, and Individually, or in combination with other risks, adversely affecting the achievement of one or more quality objectives. Quality risks should be specific to your firm; therefore, obtaining an understanding of the conditions, events, circumstances, actions, or inactions that may adversely affect the achievement of the quality objectives is imperative. Consider a firm brainstorming session to kick-start the documentation of identified risks. Write down what your firm does and what could go wrong in the absence of controls. If your firm is a small practice with less complex clients, don’t assume you don’t have any risks. Think about the procedures you perform during client acceptance and continuance to mitigate client risk, how you stay up to date with professional standards, how you shield yourself from self-review threats, and how you exercise professional skepticism. https://www.aicpa-cima.com/ resources/download/aicpa-statementon-quality-management-standards-no-1 CONTINUED ON PAGE 18 17 nescpa.org
RkJQdWJsaXNoZXIy MTg3NDExNQ==