The AICPA Auditing Standards Board (ASB) voted in May to approve new quality management standards. In this episode, Sara Lord, CPA, the chair of the ASB, explains more about what those standards will mean for firms going forward and what changes they will need to consider.
What you'll learn from this episode:
- An overview of the standard that focuses on a firm's system of quality management.
- What EQR stands for and why it's the focus of a new standard.
- The implementation calendar for the standards and why Lord believes it's important to get started now.
- Lord's thoughts on how auditors can work with peer reviewers in discussing the standards.
- A preview of Lord's session at AICPA & CIMA ENGAGE 2022 about the new standards.
Play the episode below or read the edited transcript:
— To comment on this episode or to suggest an idea for another episode, contact Neil Amato at Neil.Amato@aicpa-cima.com.
Neil Amato: The AICPA Auditing Standards Board voted May 12th to approve new quality management standards, which are designed to improve a firm's risk assessment and audit quality. The focus of this episode of the Journal of Accountancy podcast is learning more about those standards and what they mean for firms going forward. This is Neil Amato with the JofA. The guest for this episode is CPA Sara Lord, chief auditor and member of the board of directors at the firm RSM. Sara is also the chair of the Auditing Standards Board, as well as a member of the PCAOB Standards and Emerging Issues Advisory Group. You'll hear the conversation after this brief sponsor message.
Amato: Joined again on the podcast by Sara Lord. Sara is a CPA, and she's been on before to talk about quality management standards. Now we're having her back to provide some updates on where things stand with those standards. First to review, let's talk a little more about what the quality management standards are and why you think they are important.
Sara Lord: Sure, Neil. Thank you. The quality management standards, when we talk about those, it really refers to three standards, two focused on quality management and one that updates to AU-C 220 and really the system of quality within an audit engagement. Quality Management Standard No. 1 focuses on a firm's system of quality management. Everything a firm needs to do to ensure all of their audit and assurance engagements are high-quality. It covers audits, reviews, compilations, attestation work and really helps ensure that you're thinking through all of the different aspects of quality.
What's the firm's tone at the top? How do governance and leadership approach audit quality? How do you get into client acceptance considerations? Actually performing the engagements, thinking about information and communication. What do you need to tell people about your system of quality? Then how do you monitor at the end to make sure that the system you have set up is actually delivering quality engagement. That's covered by Quality Management Standard No. 1. Standard 2 focuses on EQR, engagement quality reviewers. When you have the situation that you have that as a response to quality risks, it helps to say what does an EQR need to do.
It's important that this standard is not actually part of the audit standards. It's an overarching standard, so you could have an engagement quality reviewer on an audit, on a review, on a compilation, on an attestation engagement, and they follow the same guidelines irrespective of the level of service you're doing. Then the last set of changes, as I mentioned before, was to AU-C 220 really focused on, as an engagement leader, engagement partner on an audit, what's my responsibility for quality? What do I need to make sure is happening within this engagement to ensure audit quality is being delivered. Then what can I delegate? How do I utilize my engagement team effectively? What are my responsibilities for supervision and review of areas that I delegate? When you talk about the quality management standard, it's really all three components there.
Amato: I'm actually going to go back in time and say when we had you on previously, I think you were still seeking comments. To make sure we have the news clearly stated, these standards are now live, so to speak, correct?
Lord: Yes. The May meeting of the Auditing Standards Board, we voted the standards to be final. I actually as of today, I don't know if they've hit the street just yet. The final editorial review and everything happens, and then they're published officially. But the standards are finalized and effective. Firms need to have them implemented by December of 2025. Now that seems like a really far away, but actually it's not. For a lot of the feedback we got to the comment letter process was we really want to do this right. Give us the time to absorb the standards, reconcile what we do today because these were issued to enhance audit quality and assurance quality, but not saying that what firms are doing today is bad. But just saying, how do we risk-assess it? How do we do it better? How do we make sure we're focused on the right risks in our system of quality management?
We've got a lot of feedback that firms wanted time to be able to implement this well, and to do it right in that first implementation and really think through, how do I get my documentation correct? Give me time to think through my risk assessment. Make sure that I'm really looking at what's riskiest for my practice, and which won't be the same for every firm across the country. 2025 will be the effective date for having really a system designed and implemented. Then by 2026 you have to have done your first year of monitoring to say, are we doing this effectively? Is everything working as we expected?
Amato: Getting back to that topic of are they truly released? Yes. We're recording on Wednesday, June 1st. I believe that June 2nd is the official publication date. By the time this episode airs, they should be, as far as we know, actually up and posted. Obviously, this question could be its own article or a podcast, but could you talk about just what this means for firms, what this means for their process and the changes that are in store for them as a result of the standards?
Lord: Yes, absolutely. Really what this means for firms is they're going to need to put some time and energy into understanding the new standards and going to the risk assessment process and thinking how does this impact my firm and then implementing some changes potentially to what they're doing today as it relates to their assurance services. If you break that down even into little more simple, that's the tactical. Theoretically, that's what you're going to do.
Tactically, you'll need someone in your firm that's going to be the leader for taking a look at this and reading the standard, reading the implementation guidance that is coming out to say, we need to do a risk assessment of what could go wrong when we're issuing certain services. Do we need to enhance anything in our client acceptance process to ensure that we're accepting clients that fit our competency areas, that fit our demands from a business perspective? How are we from a resource perspective? Do we have the right human resources to be able to do the type of work that we want to do? How would our technology resources fit in? What are the types of intellectual resources are we using that we need to ensure audit quality? Really have someone walk through the different components and marry that up to what you're doing today.
It will be a road map. Part of what the AICPA is working on for guidance is to say, you have your QC standards today. You have a system of quality control. As you migrate that to this system of quality management, a lot of things transition over. There's a lot of things you're doing today that you're going to say, yep, I'm doing this because a risk exists, that risk still exists, this control is a good control. I'm going to keep doing that. But there might be other areas that you identify to say, I hadn't really thought about this in the way that I maybe need to. Maybe there's more time I need to spend on things like technology risks. Are there risks of client data being breached that I need to think about a little bit more carefully? Are there different risks related to governance and leadership?
In the standard, it's very explicit now that your CEO, managing partner, or whatever the title is, of the leader of your firm, they have ultimate responsibility for the system of audit quality or assurance quality. Is that how your firm is currently structured? Does that person need maybe a little more education to understand what their responsibilities are as you figure out your system of quality management? Firms will need to have someone that's really someone or a group of people that are designated to understanding this standard and implementing it, and then working through any necessary documentation. We've also worked closely with the Peer Review Board and peer reviewers on this. It's a great opportunity to talk to your peer reviewer as well. Say, what do you understand about this standard? Now here's where we're going from an implementation perspective. Here's the documentation we think we'll have for you. Any questions, any suggestions? Really, it's at this stage, it is standards implementation for us to think about.
Amato: Again, we're recording Wednesday, June 1st. Sara, you are presenting on this topic at ENGAGE a week from today, Wednesday, June 8th. If you could maybe hit the highlights of what that session is about.
Lord: Yeah, I'm excited. I'll be presenting with Ahava Goldman, who is the AICPA staff liaison for the Auditing Standards Board. She's been actually involved in quality management a year longer than I have, dating back to 2014. She has been involved in this a very long time. But we're going to really walk through the highlights of the three standards, help people understanding of what has changed, what to expect, as well as some of the implementation guidance that's coming and just implementation thoughts. It's intended and we're hoping an interactive session.
As we go through and walk people through, these are the components of what you need in your system of quality management. Here's how it's changed. Anything that is new from the old, the extant standards, the things that haven't changed. There were some items in exposure draft that were proposed to be changed and ended up not changing. And really just clarify for people, what are the standards? What do they mean to you? Then have opportunities for people to ask questions as they're thinking about it or if they've already had an opportunity maybe to take a look at the highlights of the standards and say, "I'm thinking about this in my context, how does this actually work?" So we'll be able to answer some questions from the audience on that as well.
Amato: That sounds great, Sara. Thank you. I hate I'm going to miss ENGAGE, but it will carry on without me, and we look forward to hearing more on this topic in the future. Thanks for being on.
Lord: Yeah, thanks for having me. I'm happy to talk about it.