International Standard on Quality Management (ISQM 1)
The global standard for delivering consistently high-quality and compliant audits.
What is the International Standard on Quality Management (ISQM 1)?
ISQM 1 is a framework to ensure that audit firms maintain and manage high levels of quality in their engagements. It requires audit firms to design, implement and maintain a robust system of quality management tailored to the nature and circumstances of their practice. Central to ISQM 1 is the identification and assessment of quality risks, followed by the development of responses to address these risks.
- Takes a risk-based approach to quality
- Ensures consitently high-quality outcomes
- Instills trust in audit services
A risk-based approach to audit quality and improvement
Firms that adhere to ISQM 1 can uphold professional standards and drive continuous improvement. There are also regional frameworks that work alongside ISQM. For example, QC 1000 in the US is a practical framework for embedding ISQM 1 into everyday workflows. Firms can document their compliance by using a quality management system.
Meeting the requirements of ISQM 1
Achieving compliance with ISQM 1 necessitates a thorough understanding of its principles and a systematic approach to implementing an effective quality management system.
ISQM 1 requirements |
Ideagen solutions |
|---|---|
| Governance and leadership: Demonstrate a commitment to quality, led by top-level management. | Show a commitment to good governance with a robust, purpose-built system of quality management. |
| Risk assessment process: Identify and assess quality risks based on the nature, size and complexity of your operations. | Create, assure and asses any of the risks that could affect audit quality in one system. |
| Quality objectives: Define quality objectives addressing the various aspects of their operations. | Objectives are maintained in a global library. Firm-level libraries can also be established. |
| Procedures and controls: Implement robust responses to address identified quality risks. | Components, objectives, risks and responses are connected in one system, with a robust approach to assuring and assessing their effectiveness. |
| Monitoring and remediation: Continuous evaluation of the quality management system is essential. | Drive a continuous cycle of improvement so that remediations are relevant and timely. |
| Documentation: Maintaining thorough documentation is vital to demonstrate ISQM 1 compliance. | Create shared content libraries at global and firm level that document every aspect of ISQM 1 compliance. Audit trails are captured throughout the system. |
ISQM 1 FAQs
Who does ISQM 1 apply to?
ISQM 1 applies to all firms that perform audits or reviews of financial statements, or other assurance and related services engagements. These standards are designed to ensure that firms, regardless of size or geographic location, maintain a consistent and robust approach to managing quality in their engagements.
What happens if audit firms fail to follow ISQM 1?
Failure to adhere to ISQM 1 can have serious consequences for audit firms, their clients and the broader financial ecosystem. Regulatory authorities may impose sanctions, fines or even revoke the firm's license to practice.
Non-compliance leads to reputational damage and loss of clients and also increases the risk of serious errors including financial misstatements or undetected fraud. On a broader scale, such lapses can disrupt market stability.
What is the Relationship Between ISQM 1 and QC 1000?
QC 1000 applies to all firms that are registered with the PCAOB in the USA (other countries have their own equivalent). ISQM 1 and QC1000 are aligned in their shared goal of ensuring high standards of quality management. Together, they form a complementary relationship where ISQM 1 outlines the "what" and "why," and QC 1000 provides insights into
the "how." While ISQM 1 provides a robust and principles-based framework for establishing and maintaining a system of quality management, QC 1000 serves as a practical guide for implementing those principles effectively at an operational level with the right tools and templates.
Is ISQM 1 mandatory?
Yes. ISQM 1 is mandatory for firms that conduct audits, reviews of financial statements, or provide other assurance and related services engagements. Regulatory bodies and professional organizations mandate adherence to ISQM 1 to protect the public interest and maintain trust in the auditing and assurance professions.
Does ISQM 1 require a System of Quality Management?
Yes, the ISQM 1 explicitly requires firms to establish and maintain a system of quality management (SoQM). This system must be comprehensive and tailored to the specific nature and circumstances of the firm, addressing all relevant quality risks associated with their engagements.
The system must involve proactive identification, assessment and management of risks and include clearly defined processes for monitoring, evaluation and continuous improvement.
BBVA achieves standardization and accountability with improved collaborative working through Ideagen
Read more
Duke University Medical Center: Digitizing clinical trials to boost efficiency and compliance
Read more
From CISO to Boardroom: Navigating the risks and responsibilities in cybersecurity oversight
Read more
Rising audit fees “…a reality but not an inevitability”. Technology needs to help ease the burden of responsibility
Read more
