Preparing for the new quality management standards: CSQM 1 system evaluation and monitoring
Part four of a four-part series from Kirsten S. Albo of ASK KSA Consulting Inc.
The time to start planning for the new quality management standards is now, writes Kirsten S. Albo, FCPA, FCA, president of ASK KSA Consulting Inc. The effective date of December 15, 2022 will soon be upon us.
IN THIS, the last of a four-part series on the new quality management standards, we cover the evaluation of the system of quality management. We began the series with an overview of the new standards and the challenges they present to Canadian accountants in public practice, regardless of the services they provide and their size. The second article addressed establishing quality objectives and identifying and assessing risks. The third article covered the design and implementation of risk responses.
The standard requires the evaluation of the system of quality management to be undertaken at least annually at a point in time. The objective of the system of quality management is to provide an accounting firm with reasonable assurance that the firm and its personnel fulfil their responsibilities and conduct engagements in accordance with standards and requirements and issue engagement reports that are appropriate in the circumstances. In the context of CSQM 1, reasonable assurance is a high, but not absolute, level of assurance.
It is the evaluation of the system that provides the firm with the conclusion that the objectives have been met. Accordingly, the standard requires an accounting firm to establish a monitoring and remediation process to provide relevant, reliable and timely information about the design, implementation and operation of the system of quality management as well as to take actions to respond to identified deficiencies.
Designing and Performing Monitoring Activities
In order to evaluate the system of quality management, the firm must perform monitoring activities which will vary from firm to firm and therefore is tailored to the firm’s nature and circumstances. For example, when determining the extent of monitoring activities, take into account the assessments given to the quality risks, the design of risk responses and any changes that may have occurred in the system of quality management. The firm should also consider other relevant information including any complaints and allegations, previous monitoring results and information from external inspections. However, similar to the extant standard, external inspections are not a substitute for the monitoring process.
The nature, timing and extent of monitoring activities may also be affected by other matters including the size, structure and organization of the firm and the resources that the firm intends to use to enable monitoring activities, such as the use of IT applications. In a less complex firm, the monitoring activities may be simple, since information about the monitoring and remediation process may be readily available in the form of leadership’s knowledge and interaction with the system of quality management. In a more complex firm the monitoring activities. That is, a partner in a small firm has their pulse on the activities of their firm more so than in a larger, more complex firm.
One monitoring activity that is mandatory is the inspection of completed engagements. Judgment will be required as to which engagements and which engagement partners should be selected. The requirement is to select at least one complete engagement for each engagement partner on a cyclical basis but there may be reasons to select a file on a more frequent basis. For example, with a new partner, a partner that has taken on a new type of engagement or there have been problems encountered in past inspections.
The standard also introduces the concept of in-process engagements. That is, engagements where the report has not yet been issued. These inspections are similar to completed file inspections but their objective is intended to be a response to an identified quality risk versus a complete file inspection that is a monitoring activity.
Evaluating Findings and Identifying Deficiencies
It is fully expected findings will result from monitoring but not all findings will result in a deficiency. Findings must be evaluated to determine if they are a deficiency. A deficiency is the result of:
- A quality objective not established.
- A quality risk is not identified or properly assessed.
- A response to reduce the likelihood of a quality risk occurring to an acceptably low level has not been designed or implemented.
- The response is not operating effectively.
Let’s walk through an example for each of the above. Imagine a mid-sized firm with four partners and 20 staff. Based on the monitoring activities, a deficiency may arise if:
- A quality objective related to review and supervision of staff is missing. Quality objectives are specified in the standard and quite frankly, if you have a robust risk assessment process, none should be missing.
- Based on the nature and circumstances of this firm and the fact that they have a large staff, it would be expected a quality risk exists. If not, a deficiency would most likely be reported.
- A deficiency may also arise if the firm concluded this is a quality risk but no response has designed or implemented a response to this risk. For example, they have no policy or procedure that all work of a junior is to be reviewed by someone more senior.
- Finally, a deficiency may exist because they have designed a response, but based on the results of monitoring and completed file inspections, is it clear the review is not taking place. That is, the response is not operating effectively.
When a deficiency has been identified, its severity and pervasiveness must be also be evaluated. Is the deficiency a unique circumstance or is it pervasive across the firm. The answer to this question drives different remedial actions. If unique to an engagement or an engagement team, then perhaps further training is required however if pervasive across the firm, perhaps a change in firm templates is required along with training. In determining the remedial action, it is helpful, and required, to understand the root cause of the deficiency.
Conclusion and Next Steps
Monitoring and remediation is the final component of the system of quality management. It will be important to design and perform monitoring activities relevant to your firm. In doing so, you will want to consider the nature and circumstances of your firm.
The time to start is now. The effective date of December 15, 2022 will soon be upon us. Read the standard. Think about the nature and circumstances of your firm and the types of engagements you perform. Appoint a leader. Determine your approach to the risk assessment process. Establish a monitoring and remediation process. And, seek further guidance if needed.
Read all four articles in this four-part series:
Part One: Preparing for the new quality management standards: An overview for Canadian practitioners
Part Two: Preparing for the new quality management standards: CSQM 1 quality objectives and quality risks
Part Three: Preparing for the new quality management standards: CSQM 1 risk responses
Part Four: Preparing for the new quality management standards: CSQM 1 system evaluation and monitoring
Want more information on the new standards? Sign up for Overview of the New Canadian Quality Management Standards, a free professional development session from Kirsten through ASK KSA PD. Click here to view all professional development courses for Canadian accounting firms from ASK KSA PD.
Quality Management Standards
1. Specifically, the suite of Quality Management Standards is comprised of Canadian Standard on Quality Management (CSQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, Other Assurance or Related Services Engagements; CSQM 2, Engagement Quality Reviews; and CAS 220, Quality Management for an Audit of Financial Statements. These standards replace Canadian Standard of Quality Control (CSQC) 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance Engagements.
Kirsten S. Albo, FCPA, FCA is the president of ASK KSA Consulting Inc., which helps SMPs save time and achieve peace of mind through consulting and advisory services related to conducting effective and efficient engagements and meeting the requirements of being in public practice. Top image: RawPixel.com.