Introducing a Robust and Proactive Approach to Quality Management

By Jacqui Kuypers, CPA, CA

88C34296

Jacqui Kuypers, CPA, CA, is a Principal, Auditing and Assurance Standards, with the Canadian Auditing and Assurance Standards Board (AASB), the independent setter of auditing, assurance and related services standards. She is leading the AASB’s project on Quality Management.

With the Auditing and Assurance Standards Board (AASB)’s approval of the new suite of quality management standards in January 2021, a new major milestone has been achieved for the audit and assurance profession. The new standards introduce a robust, proactive approach to managing quality, at the firm and engagement level, that is scalable to firms of all sizes and engagement. In an ever increasingly complex business environment, these new standards propose an approach to managing quality that is central to serving the public interest, laying the foundation for high-quality assurance and related services engagements across the profession. 

The risk-based approach is a significant change in direction from the previous standard. That, combined with the AASB’s expansion of the scope to include related services standards, may represent a challenge for many practitioners. This article summarizes some key aspects of the standards that you should know to help you start preparing.

The new suite of quality management standards includes:

  • Canadian Standard on Quality Management (CSQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statement, or Other Assurance or Related Services Engagements,
  • CSQM 2, Engagement Quality Review,
  • Canadian Auditing Standard (CAS) 220, Quality Management for an Audit of Financial Statements.

What Services Are Covered by The Standards?

CSQM 1 applies to all firms that perform audits or reviews of financial statements, or other assurance or related services engagements. Therefore, if a firm performs any of these engagements, CSQM 1 applies to managing quality on those engagements. It does not apply to other services a firm may offer, for which there are no standards in the CPA Canada Handbook – Assurance (the Handbook), such as tax or consulting.

The scope of CSQM 1, which includes related services engagements, represents a significant change in Canada, given the previous standard on quality control did not extend to related services engagements. Firms that perform only related services engagements, such as compilation engagements, will need to design a system of quality management for the first time. This will be challenging and may require a good deal of time.

What Do Each of the Three Standards Cover?

CSQM 1 requires firms to design a system of quality management that is tailored to a firm’s nature and circumstances and the engagements it performs. It requires firms to undertake a risk assessment process that involves:

  • establishing quality objectives;
  • identifying and assessing risks to achieving these objectives; and
  • designing and implementing responses in the form of policies or procedures to address those risks. 

The risk assessment process is applied to the components of quality management, which include governance and leadership, relevant ethical requirements, acceptance and continuance, engagement performance, resources and information and communication. 

CSQM 1 also sets out a monitoring and remediation process that a firm is required to establish that involves: 

  • performing monitoring activities; 
  • evaluating findings and identifying deficiencies; and 
  • designing and implementing responses. 

CAS 220 deals with the engagement partner and engagement team’s responsibilities for managing quality for an audit of financial statement. It emphasizes that the engagement partner is responsible for taking overall responsibility for the quality of the engagement, while recognizing that certain tasks can be assigned to other members of the engagement assisting the engagement partner. There are a number of significant changes, all of which focus on the engagement partner’s involvement throughout the engagement. These include requirements for the engagement partner to be responsible for determining the nature, timing and extent of direction, supervision and review, and ensuring that the engagement partner’s involvement was sufficient and appropriate throughout the engagement. The definition of engagement team was modernized to recognize different and evolving engagement team structures. 

CSQM 2 deals with the appointment and eligibility of engagement quality reviewers. It requires a cooling-off period to ensure the objectivity of an engagement quality reviewer. There will need to be a minimum period of time between when an individual who was the engagement partner can become the engagement quality reviewer. CSQM 2 also sets out the engagement quality reviewer’s responsibilities relating to the performance and documentation of an engagement quality review. CSQM 2 applies to all engagements for which an engagement quality review has to be performed. This includes audits of financial statements of listed entities, where required by law or regulation and where an engagement quality review is determined to be an appropriate response to an assessed quality risk.

When Are the Standards Effective?

Firms are required to have their system of quality management in place for audits or reviews of financial statements, or other assurance engagements designed and implemented, by December 15, 2022. Recognizing the additional effort that may be required by firms designing and implementing a system of quality management for the first time, the AASB deferred the effective date for related services engagements by one year to December 15, 2023.

CSQM 2 is effective for audits and reviews of financial statements for periods beginning on or after December 15, 2022; for other assurance engagements beginning on or after December 15, 2022; and for related services engagements beginning on or after December 15, 2023.

CAS 220 is effective for audits of financial statements for periods beginning on or after December 15, 2022.

How Are the Standards Scalable?

The standards are meant to be scalable to firms of different sizes and natures and with different types of engagements. The quality objectives are outcome based and quality risks are tailored to the firm. To identify and assess quality risks, a firm understands conditions, events, circumstances, actions or inactions that relate to the firm and its engagements. The firm decides how to achieve the quality objectives. Firms may develop different responses to address quality risks and achieve quality objectives. The monitoring and remediation process is also tailored to the firm’s circumstances. 

CSQM 1 includes examples in application material to demonstrate how certain requirements may be applied to less complex or more complex firms.

CSQM 2 is scalable as the nature, timing and extent of the engagement quality reviewer’s procedures vary depending on the nature and circumstances of the engagement or the entity. Also, if an engagement quality review is not required, the firm may not have to follow CSQM 2.

The AASB tested the scalability of the standards before they were finalized, through developing a case study and working through the key elements of the standard with practitioners from small and medium-sized practices and sole practitioners. This was the first time the Board took this approach to obtaining input, and it was well received by participants. Participants raised some concerns on certain aspects of the standard, including the inspection of completed engagements and engagement quality review. The Board is working with the developers of the guidance to ensure that tools are available for practitioners. 

In addition, practitioners noted that CSQM 1 would be effective shortly after the new compilation engagement and asked the Board to defer the effective date. Practitioners noted potential challenges of achieving an effective implementation of CSQM 1. The Board considered the public interest implications if CSQM 1 were deferred. It acknowledged the training needs of practitioners who do not currently have a system of quality control and are implementing a system of quality management for the first time, as well as the need for an effective implementation of both the quality management and compilation engagement standards. The Board concluded that additional time is needed to develop implementation guidance for those establishing a system of quality management for the first time and establishing resources for firms that require external monitoring. On balance, the Board decided that it would be in the public interest to defer the effective date of CSQM 1 for related services engagements by one year.

What Can You Do to Prepare?

The standards will be released in the CPA Canada Handbook – Assurance in May 2021. The effective date of the standard may seem a long way off, but there is quite a bit of work involved in designing a system of quality management, especially for the first time. Implementing a risk assessment process to identify quality risks and designing policies or procedures to respond to the risks will take time. I encourage you to read the standards and watch for guidance and tools to assist you.