Should there be two separate roles in the quality management function—one for the creation of the policies and procedures and the other for monitoring the compliance of those policies and procedures? How is your firm determining the existence and completeness of firm relationships (e.g., with vendors)? Acceptance & Continuance of Clients & Specific Engagements Some firms have said they don’t have any risks because their client base is not risky. Let’s turn this comment into a question: Why do you think your clients are not risky? Some potential answers to this question could be that your firm only accepts clients in an industry it has the competence to specialize in, your clients’ organizational structures or business models are not complex, or your clients have good business reputations and ethical values. These are all examples of acceptance and continuance criteria to include in your firm’s policies and procedures. Some other questions to consider include: Is your firm’s approval over acceptance and continuance aligned with risk assessment and tone at the top? What could have changed with the client from previous acceptance or continuance decisions to next year’s decisions (which could be harder to know during economic turbulence)? What if information becomes known after your firm’s acceptance decision has been made that could’ve impacted that decision if it had been known at the time? What kind of information would that be? Engagement Performance This may be a good component to start with since your firm likely has a good understanding of the engagement performance component’s objectives. Take stock of your current engagement performance policies and procedures and evaluate what is or is not working for your firm. Several new or enhanced requirements can help tailor your policies and procedures. For example, there’s a new requirement that engagement teams understand and fulfill their professional responsibilities, including an engagement partner’s overall responsibility for managing and achieving quality and being sufficiently and appropriately involved throughout an engagement. Increasing partner involvement throughout the engagement has proven to enhance audit quality. Consider how your firm can improve its current supervision and review policies to be clear, concise, and actionable. Resources The resources component in a firm’s system of quality management now includes requirements related to technological and intellectual resources, in addition to enhanced human resources requirements. Technological resources are essentially IT applications the firm uses to support the system of quality management and engagement performance. Depending on the complexity of the firm, the processes could be relatively simple and focus on authorizing access and processing updates to the IT application. In more complex firms, the processes could cover multiple IT resources and programming considerations. Intellectual resources include a firm’s methodologies, accounting guides, and written policies or procedures. Here are some questions to assess whether the firm meets the resources objectives: How does your firm evaluate personnel performance? Does it include recognition for positive actions or behaviors? Does your firm require the use of certain software applications in performing engagements? How does your firm archive engagement files? How does your firm train personnel in the use of intellectual or technological resources? Does your firm have policies and procedures for organizing engagement files (e.g., a numbering convention)? Does your firm use a service provider to support the applications? Information & Communication The information and communication component is new under the quality management standards, but your firm likely has communication procedures in place. You may also find you have policies and procedures in other components that could be responsive to risks in this component. For example, as part of relevant ethical requirements, your firm should have a policy or procedure describing how your firm’s system of quality management is documented and communicated throughout the firm. To develop quality risks and responses related to information and communication, consider the following questions: How is information shared within the firm? If your firm has a website, who is responsible for the information conveyed and how frequently is it updated? How does your firm communicate information to engagement teams, so they understand and perform the engagement in compliance with applicable professional standards? How does your firm track required external communications? If you use resources from service providers, how do you communicate each other’s responsibilities? For example, how often does your firm receive updated quality control materials? THE MONITORING & REMEDIATION PROCESS The operation of the responses and monitoring activities is required to be implemented by Dec. 15, 2025. Firms then have another year to perform the evaluation of the system of quality management. There is expanded and enhanced guidance throughout this component. Key changes include a focus on monitoring the entire system of quality management, a new framework for evaluating findings, identifying deficiencies and evaluating identified deficiencies, and more robust remediation. Monitoring activities for the monitoring and remediation process may differ in firms of different complexity. For example, a sole practitioner’s monitoring activities may be simpler because the CONTINUED ON PAGE 20 19 nescpa.org
RkJQdWJsaXNoZXIy MTg3NDExNQ==