Row of transparent light bulbs, all off except one with glowing filament leaning to the right.

New standards introduce a robust and proactive approach to quality management

New quality management standards prioritize proactive management or mitigation of risks at the firm and engagement levels. Learn how these new standards promote a consistent, high-quality performance by practitioners.

Opportunity and benefits for firms of all sizes

With the Auditing and Assurance Standards Board (AASB)’s approval of the suite of quality management standards in January 2021, a major milestone has been achieved for the audit and assurance profession. The new standards introduce a robust and proactive approach to managing quality at the firm and engagement levels that is scalable to firms of all sizes and all engagements. In an ever-increasingly complex business environment, these standards propose an approach to managing quality that is central to serving the public interest, laying the foundation for high-quality assurance and related services engagements across the profession.

The risk-based approach is a significant change in direction from the previous standard. This, combined with the AASB’s expansion of the scope to include related services engagements, may represent a challenge for many practitioners. The new approach is intended to generate multiple benefits for firms, as the systems of quality management will drive the consistent performance of quality engagements. The standards emphasize proactive responses to changing circumstances and proactive management or mitigation of risks to promote continuous improvement and responsiveness.

The standards also allow for a firm to tailor the system of quality management to the nature and circumstances of the firm and the engagements it performs. This represents a significant change from the extant standards, which set out policies and procedures that all firms were required to establish, regardless of the firm’s size and the type of engagements performed.

This blog explains the standards themselves and what you can do to start preparing.

Some key features

There are three standards in the suite of quality management standards:

  1. Canadian Standard on Quality Management (CSQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements
  2. CSQM 2, Engagement Quality Reviews
  3. Canadian Auditing Standard (CAS) 220, Quality Management for an Audit of Financial Statements

Services covered by the standards

CSQM 1 applies to all firms that perform audits or reviews of financial statements or other assurance or related services engagements. If a firm performs any of these engagements, CSQM 1 applies to managing quality on those engagements. It does not apply to other services that a firm may offer outside the standards in the CPA Canada Handbook – Assurance, such as tax or consulting.

Including related services engagements in the scope of CSQM 1 represents a significant change in Canada, given the previous standard on quality control did not extend to related services engagements. Firms that perform only related services engagements, such as compilation engagements, will need to design and implement a system of quality management for the first time. While this may seem challenging for some firms, the system of quality control will build on the firm’s existing quality processes already in place.

Quality management at the firm level

A key feature of CSQM 1 is the risk-based approach. Firms must design a system of quality management that uses a risk assessment process tailored to a firm’s nature, circumstances, and the engagements it performs. This risk assessment process involves:

  • establishing quality objectives
  • identifying and assessing risks to achieving these objectives
  • designing and implementing responses in the form of policies or procedures to address those risks

The risk assessment process is applied to the components of quality management, which include governance and leadership, relevant ethical requirements, acceptance and continuance, engagement performance, resources, information, and communication.

CSQM 1 also sets out a monitoring and remediation process that a firm is required to establish that involves:

  • performing monitoring activities
  • evaluating findings and identifying deficiencies
  • designing and implementing responses

The monitoring process requires the inspection of a completed engagement for each engagement partner, occurring on a cyclical basis determined by the firm. The selection of the engagement is risk-based. The standard indicates that the firm might establish a three-year cycle for each engagement partner performing audits of financial statements, and a five-year cycle for all other engagement partners.

Engagement quality reviews

CSQM 2 deals with the appointment and eligibility of engagement quality reviewers. It requires a cooling-off period of at least two years between when an individual who was the engagement partner can become the engagement quality reviewer. This cooling-off period provides distance to reduce familiarity threats and enhance the objectivity of an engagement quality reviewer.

CSQM 2 also sets out the engagement quality reviewer’s responsibilities relating to performing and documenting an engagement quality review. CSQM 2 applies to all engagements for which an engagement quality review is needed. Engagement quality reviews are performed for audits of financial statements of listed entities and where required by law or regulation. Engagement quality reviews are also performed where an engagement quality review is determined to be an appropriate response to an assessed quality risk. In some cases, a firm may not identify any engagements where an engagement quality review would be required.

Quality management at the engagement level

CAS 220 deals with the engagement partner and engagement team’s responsibilities for managing quality for an audit of financial statements. It emphasizes that the engagement partner is responsible for taking overall responsibility for the quality of the engagement, while recognizing that certain tasks may be assigned to other members of the engagement assisting the engagement partner.

There are several significant changes, all of which focus on the engagement partner’s involvement throughout the engagement. These changes include requirements for the engagement partner to be responsible for determining the nature, timing and extent of direction, supervision and review, and performing a stand-back review to assess whether the engagement partner’s involvement was sufficient and appropriate throughout the engagement. The definition of an engagement team has been modernized to recognize different and evolving engagement team structures.

Getting ready for implementation

How are the standards scalable?

The standards are meant to be scalable to firms of different sizes and nature, and with different types of engagements. The quality objectives are outcome-based, and quality risks are tailored to the firm. To identify and assess quality risks, a firm understands conditions, events, circumstances, and actions or inactions that relate to the firm and its engagements. The firm decides how to achieve the quality objectives. Firms may develop different responses to address quality risks and achieve quality objectives. The monitoring and remediation process is also tailored to the firm’s circumstances.

The AASB tested the scalability of the standards before they were finalized, by developing a case study and working through the key elements of the standard with practitioners from small and medium-sized practices and sole practitioners. Participants confirmed the scalability of the standards, but also raised some concerns about certain aspects of the standards, including the inspection of completed engagements and engagement quality review. Hearing these concerns, the AASB is working with CPA Canada to make implementation guidance and tools available to practitioners beginning in 2021. View CPA Canada's resources.

In addition, practitioners noted that CSQM 1 would be effective shortly after the new compilation engagements standard and, citing potential challenges of achieving an effective implementation of CSQM 1, asked the AASB to defer the effective date. The AASB considered the public interest implications if the effective date of CSQM 1 were deferred. It acknowledged the training needs of practitioners who do not currently have a system of quality control and are implementing a system of quality management for the first time, as well as the need for an effective implementation of both the quality management and compilation engagement standards. The AASB concluded that additional time is needed to develop implementation guidance for those establishing a system of quality management for the first time and establish resources for firms that require external monitoring support. On balance, the AASB decided that it would be in the public interest to defer the effective date of CSQM 1 for related services engagements by one year.

When are the standards effective?

CSQM 1 requires firms to have their system of quality management in place for audits or reviews of financial statements, or other assurance engagements designed and implemented, by December 15, 2022. Recognizing the additional effort that may be required by firms designing and implementing a system of quality management for the first time, the AASB deferred the effective date for related services engagements by one year to December 15, 2023.

CSQM 2 is effective for audits and reviews of financial statements for periods beginning on or after December 15, 2022; for other assurance engagements beginning on or after December 15, 2022; and for related services engagements beginning on or after December 15, 2023.

CAS 220 is effective for audits of financial statements for periods beginning on or after December 15, 2022.

What can you do to prepare?

The standards were released in the CPA Canada Handbook – Assurance in May 2021. The effective dates of the standards may seem a long way off, but there is quite a bit of work involved in designing a system of quality management, especially for the first time. Implementing a risk assessment process to identify quality risks and designing policies or procedures to respond to the risks will take time. To avoid being overwhelmed later, read the standards and look out for guidance and tools to assist you.

Where can you go for help?

CPA Canada is developing resources to support implementation of the new standards. On our quality management resources page, you'll find implementation resources, including a practitioner's alert, an audit and assurance alert, and webinar.

The International Auditing and Assurance Standards Board (IAASB) is also producing guidance material on its website, which you may find useful.

Keep the conversation going

Do you have specific questions about the new quality management standards? As you start acquainting yourself with these standards and thinking about how to develop your system of quality management, you may have questions about applying the standards. We are interested in questions you may have as we develop implementation resources. Post a comment below or email me directly.

Don’t miss out! Get in-depth analysis and insight on current audit and assurance issues delivered straight to your inbox. Sign up for our Audit Quality blog by checking Audit Quality Blog under My Subscriptions in your profile. SUBSCRIBE NOW

Conversations about Audit Quality is designed to create an exchange of ideas on global audit quality developments and issues, and their impact in Canada.


The views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.