Practice National Standards

Ready for the CSQM changes? Part three: monitoring and remediation

Part three of a three-part series on preparing your accounting firm for new SQM

Author: Kirsten S. Albo, Justin Reid and David Stevens
Albo, Reid, Stevens
Kirsten S. Albo, FCPA, FCA, ICD.D is the founder of ASK KSA Consulting Inc., which helps SMPs save time and achieve peace of mind through consulting and advisory services related to conducting effective and efficient engagements and meeting the requirements of being in public practice. Contact Kirsten directly by email for more information on implementing CSQM at your Canadian accounting firm: https://ksaconsultinginc.com/contact.
Justin Reid, FCA specialises in providing audit training, consulting, and technical advice to SMPs across Australia and New Zealand. Justin also works closely with many of the Auditors General across both countries in the pursuit of audit quality.
David Stevens, CA consults to small, medium and large auditing firms in Australia on audit quality related matters and activities. He is also CaseWare Australia and New Zealand’s audit content subject matter expert.

OUR first article focused establishing quality objectives and the importance of identifying and assessing risks. Our second article covered an approach to developing risk responses. In this, the last of our three-part series on meeting the requirements of CSQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (“CSQM 1”) we address the monitoring and remediation process and why it should be thought about earlier rather than left until much later. It is the monitoring and remediation activities that provide the information to evaluate your system of quality management (“SQM”).

Overview

The standard requires the evaluation of the SQM to be undertaken at least annually at a point in time. The first evaluation must be completed by December 15, 2023.

The objective of a SQM is to provide the firm with reasonable assurance that the firm and its personnel fulfil their responsibilities and conduct engagements in accordance with standards and requirements and issue engagement reports that are appropriate in the circumstances. That is, staff do the right thing, and the right reports are issued.

It is the monitoring and remediation process that provides relevant, reliable and timely information about the design, implementation and operation of the SQM. This in turn provides the necessary information to evaluate the system and conclude if its objectives have been met.   

Monitoring Activities

Monitoring activities should be driven by the nature and circumstances of the firm and the risk of not achieving a quality objective. Once again, we see the importance of identifying and assessing quality risks.

We believe an efficient process to designing monitoring activities is to leverage the policies or procedures the firm has adopted as risk responses. That is, determine the monitoring activity that is required to assess whether the policy or procedure has been implemented as designed and therefore addressing the risk identified. When determining the extent of monitoring activities, consider the assessments given to the quality risks. For example, certain monitoring activities might be required only once during an annual monitoring cycle, whereas others might need to be more frequent, if required as part of an agreed remediation action for instance.

The nature, timing and extent of monitoring activities may also be affected by other matters including the size, structure, and organization of the firm and the resources that the firm intends to use to enable monitoring activities. The monitoring activities will vary from firm to firm and therefore need to be tailored to the firm’s nature and circumstances.

For example, a less complex firm, the monitoring activities may be simple, since information about the monitoring and remediation process may be readily available in the form of leadership’s knowledge and interaction with the SQM. A partner in a small firm likely has their pulse on the activities of their firm more so than in a larger firm. In a more complex firm, the monitoring activities would likely be more robust, involve many individuals, and include detailed policies and procedures.

File Inspections

A mandatory monitoring activity is the inspection of completed engagement files. Judgment will be required as to which engagements and which engagement partners should be selected. The requirement is to select at least one complete engagement for each engagement partner on a cyclical basis, but there may be reasons to inspect files on a more frequent basis. One reason may well be when an engagement partner has had significant file deficiencies identified on a past inspection and more frequent inspections are agreed as part of a remedial action plan.

Separate and distinct from the completed file inspections conducted as a part of monitoring, the standard also introduces the concept of in-process inspections of engagements. That is, engagements where the report has not yet been issued. While these inspections may appear to similar to completed file inspections, their objective is different in that their focus is on preventing a quality risk from occurring rather than detecting it after the fact.

Evaluating Findings and Identifying Deficiencies

It is fully expected that findings will result from monitoring activities, but not all findings will result in a deficiency. Let’s take an example, assume a file inspection review concluded that the nature, timing and extent of direction and supervision of the engagement was inappropriate. The following are examples of findings and why they might be considered a deficiency:

  1. A missing quality objective. Perhaps a quality objective addressing the appropriateness of nature, timing and extent of direction and supervision had not been established in the first place.
  2. Inappropriate risk identification or assessment. A relevant risk to achieving an established quality objective was not identified taking into consideration the experience of the engagement team.
  3. Design of the risk response. Policies or procedures addressing the nature, timing and extent of direction and supervision on the engagement were inadequate.
  4. Other reasons. There may be other reasons that the deficiency arose such as the firm may have designed a policy for senior staff to perform reviews however they are not taking place. This example shows the importance of a root cause analysis when deficiencies are noted.

When a deficiency has been identified, its severity and pervasiveness must be also be evaluated. Is the deficiency a unique circumstance or is it pervasive across the firm?  In answering this question, it is important, and required, for firms to consider the root cause of the deficiency. The answer to this question then drives different remedial actions. If unique to an engagement or an engagement team, then perhaps further training is required; however, if pervasive across the firm, perhaps a change in firm templates is required along with training.

Conclusion and Next Steps

Monitoring and remediation is the final component of the SQM. It will be important to design and perform monitoring activities relevant to your firm. In doing so, you will want to consider the nature and circumstances of your firm. And, as with all the other phases of the standard, how you will document the performance of these activities and their results.

The results of your monitoring activities will help inform the overall evaluation as to whether the SQM provides the firm with reasonable assurance that the objectives of the SQM are being achieved, or not, and the implications of that.

To bring it all together, if you have not started implementing your SQM, start now. Determine what resources and toolkit you will use to help you through the process. Start with identifying and assessing quality risks and link those risks to the quality objectives. Develop your risk responses and determine steps to implementation by December 15, 2022. Don’t forget about next year. Monitoring, remediation and evaluation are all a part of the process. And, if in doubt, or have a question, reach out. We are here to help.

Click on the following links to read the rest of this three-part series: 
Ready for the CSQM changes? Part one: quality objectives and quality risks
Ready for the CSQM changes? Part two: Designing your risk responses
Ready for the CSQM changes? Part three: monitoring and remediation

Kirsten S. Albo, FCPA, FCA, ICD.D is the founder of ASK KSA Consulting Inc., which helps SMPs save time and achieve peace of mind through consulting and advisory services related to conducting effective and efficient engagements and meeting the requirements of being in public practice. Contact Kirsten directly by email for more information on implementing CSQM at your Canadian accounting firm: https://ksaconsultinginc.com/contact.

Justin Reid, FCA specialises in providing audit training, consulting, and technical advice to SMPs across Australia and New Zealand. Justin also works closely with many of the Auditors General across both countries in the pursuit of audit quality.

David Stevens, CA consults to small, medium and large auditing firms in Australia on audit quality related matters and activities. He is also CaseWare Australia and New Zealand’s audit content subject matter expert.

Canadian Accountant logo

(0) Comments