By Ross H. Roye, CPA
CPAs not plugged into the Peer Review world may not know about the new Quality Management Standards, and they may not care...yet.
As chair of the OSCPA's Peer Review Committee, I want to make sure all Oklahoma CPAs know that the new standards affect every firm with an audit or accounting practice, not just firms that have a peer review.
In June 2022, the AICPA Auditing Standards Board (ASB) issued three interrelated Standards on Quality Management (collectively, the QM standards). Additionally, in June 2022, the AICPA Accounting and Review Services Committee (ARSC) issued Quality Management for an Engagement Conducted in Accordance With Statements on Standards for Accounting and Review Services (SSARS 26).
These standards evolve the quality management of our firms substantiality.
What does this mean for you? Why should you care?
Firms performing engagements in accordance with the SASs, SSARSs and SSAEs must follow these new standards. If your firm performs audits, attestation engagements, examinations, agreed-upon procedures, compilations or financial statement reviews you need to be ready for the implementation of these standards.
In Oklahoma, firms can perform compilations and not be subject to peer review. The QM Standards will apply to your firm, even if you do not have a peer review because of SSARS 26.
If you have determined you do not have a firm performing any of the services falling under these standards, please be sure to share this article with a CPA who may have a firm where these standards will apply.
Figure I Demonstrates the components of the system of quality and how they work together to achieve the goal of quality management. This demonstrates the iterative and integrated process necessary for quality management. You'll notice the components are not siloed, but rather interconnected.
A shift in mindset.
As mentioned previously, the new QM standards represent a significant change in how CPA firms will approach audit and attestation quality in the future; moving from a policy-based approach to a risk-based approach. To fully understand the QM Standards, a shift in language moving from “Quality Control” to “Quality Management” is important.
Our firms are not individual machines that can be controlled; they operate more like production lines. As an example, you can think of it this way: You can control a tractor — you get in the seat, turn it on, you control if the tractor goes forward or backward, stops or starts moving, turns left, right or turns over.
Production lines have multiple levels of management and planning that occur both before production begins and continue throughout the process of producing goods. A well-designed production line system has a process for hiring and training and for managing the people who run the line. From time-to-time parts of the production line may have to be maintained, repaired or even replaced to ensure a quality product is produced.
With this shift in mindset, let’s continue on the path to discovering what makes up the new Standards on Quality Management.
The New Standards on Quality Management are:
- Statement on Quality Management Standards (SQMS) No. 1, A Firm’s System of Quality Management, which replaces Statements of Quality Control Standards (SQCS) No. 8.
- SQMS No. 2, Engagement Quality Reviews
- SAS No. 146, Quality Management for Engagements Performed in Accordance with Generally Accepted Auditing Standards
- Related conforming amendments, including SSARS No. 26
Per the AICPA, the five key changes below help clarify and improve the quality management process:
- A risk-based approach focused on quality management tailored to the firm's circumstances
- Revised components of the system of quality management, including information and communication
- More robust leadership and governance requirements
- Enhanced monitoring and remediation process
- New! Requirements for networks and service providers
When thinking about the QM standards, it’s important to take a mindset that focuses on quality management through a risk-based approach. This is an evolved process and should not be thought of as linear. This is meant to be a proactive approach with a continual flow of remediation and improvement.
The goal is to help make the process scalable to the circumstances of your firm. The QM system of a firm that performs engagements for governmental entities should not look like the QM system of a firm that only performs compilations that omit disclosures.
When do the changes take place?
The QM Standards must be in place and operating by December 15, 2025, and SSARS 26 is effective for engagements performed in accordance with SSARSs for periods beginning on or after December 15, 2025.
Figure 2 Provides an implementation timeline and you may notice that starting today may mean you are already behind.
You may be thinking, “these dates are three years in the future, so why should you worry about them today?” The answer is, this is a big change and it may take that long to implement the standards.
What should we be doing right now to get started?
It’s imperative to gain an understanding of the standard. The AICPA has executive summaries of the standards, and comparisons of the new and old standards. Additionally, there are AICPA webcasts, practice aides and CPE courses to help.
For more information and to stay up-to-date on the QM standards visit the following link: https://www.aicpa.org/topic/audit-assurance/quality-management
ROSS H. ROYE, CPA, is a shareholder of Gray, Blodgett & Company, PLLC, and has been with the firm since 2006. He currently serves as the chair of the OSCPA Peer Review Committee, has previously served on the OSCPA board of directors as an at-large director, and on the New CPA, Financial Literacy and the Accounting Careers Committees. He is a Past President of the Norman Chapter of the Oklahoma Society of CPAs. He is a 2012 OSCPA Trailblazer and was selected as the Distinguished CPA for the Norman Chapter of the OSCPA in 2014.