![CDATA[ [if IE 9] ]]>
A robust system of quality management must be in place for all auditors. For engagements undertaken in compliance with ASAE 3000, ASAE 3100 or ASAE 3410, the audit team leader must ensure the quality management system complies with ASQM 1
Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1).
Peer reviews conducted for engagements undertaken in compliance with ASAE 3000, ASAE 3100 or ASAE 3410 must comply with ASQM 2
Engagement Quality Reviews (ASQM 2)2.
ASQM 1 reflects a focus on quality management – as distinct from previous practices, embodied in ASQC 1, that focused on quality control. This reflects the intention to transition firms from policies and procedures that address standalone elements as required by ASQC 1, to an integrated and more proactive quality management approach that reflects the system as a whole.
ASQM 1 requires firms to tailor the design, implementation and operation of its system of quality management, based on the nature and circumstances of the firm, and the types of engagements it performs.
It adopts a risk-based approach where the quality objectives that are detailed in ASQM 1, are used to identify the quality risks that are specific to the firm, as well as designing and implementing responses in the form of policies and procedures that are appropriate and relevant to the needs to the firm.
There are enhanced requirements for monitoring and remediation to promote a more proactive monitoring of the system of quality management as a whole, including the effective and timely remediation of deficiencies.
The standard requires a firm to evaluate and make an overall conclusion on the system of quality management at least annually.
ASQM 1 is structured around 2 processes and 6 components that are designed to operate in an iterative and integrated manner.
The 2 processes are:
The 6 components are:
This is a process that a firm establishes as part of its system of quality management. The firm is required to follow this process in implementing its risk-based approach to quality management. It consists of establishing quality objectives, identifying and assessing quality risks to the achievement of the quality objectives and designing and implementing responses to address the assessed quality risks.
This risk-based approach was introduced to facilitate proactive quality management, as well as to enable the system to be tailored to the nature and circumstances of the firm and the engagements it performs.
The process encompasses 3 essential steps:
establishing quality objectives
What does the firm need to achieve in order to manage the quality of its engagements? The standard prescribes the quality objectives for each of the 6 components in order to drive consistency in the firm's quality management systems. The firm is also required to consider if there are any additional objectives that are needed. But there is no expectation that a firm will identify additional objectives.
identifying and assessing the quality risks
What could go wrong in achieving the quality objectives? Identifying and assessing quality risks is about identifying what the standard describes as the conditions, events, circumstances, actions or inactions that are considered to have a reasonable possibility of occurring and affecting the achievement of a quality objective. The standard includes examples of possible conditions, events, circumstances etc. to aid the firm in identifying quality risks.
designing and implementing responses
These are the policies and procedures the firm needs to put in place to address the quality risks. The firm is expected to develop its own specific policies and processes in response to the quality risks and this is where much of the tailoring to the needs of the firm can be achieved. The standard includes certain responses that are required to be incorporated into the firm's system of quality management, such as independence confirmations from individuals.
The standard also recognises that a firm's circumstances may change, and revisions may be needed to add or change quality risks and/or responses at any point. This is a feature of the proactive management of quality that is an objective of the standard.
This is another process that a firm establishes as part of its system of quality management. It provides the firm with relevant, reliable and timely information about the design, implementation and operations of the system of quality management.
The process also addresses taking appropriate actions to respond to deficiencies to ensure that these are remediated on a timely basis.
ASQC 1 covered monitoring and remediation, but ASQM 1 more robustly addresses monitoring activities. It has shifted the focus from engagement level monitoring to monitoring the system of quality management as a whole, and aims to encourage a more proactive and effective monitoring, with ongoing consideration of things like the extent of changes to the system, results of prior inspections, deficiencies identified etc. There is still the requirement for engagement level monitoring and the testing of completed engagements and for engagement leaders to be inspected on a cyclical basis.
The standard has a greater focus on establishing a more robust and timely remediation process and has a framework for evaluating findings and identifying and evaluating the severity and pervasiveness of deficiencies. There is a clear focus on the communication of deficiencies to the firm's personnel.
The framework is intended to help in considering deficiencies and deciding if remedial action is needed. Part of the framework is a requirement to investigate the cause of a deficiency using root cause analysis. This requirement is flexible, and firms can scale the root cause process as appropriate to the nature of the firm and the circumstances of the deficiency.
A firm's leadership is also required to determine the effectiveness of remedial actions as well as considering deficiencies in their evaluation of the system as a whole.
ASQM 1 includes a requirement for the person assigned ultimate responsibility and accountability for the system of quality management to evaluate the system. Based on this evaluation, which is internal to the firm, they are required to conclude on whether the objectives of the system of quality management are being achieved. The evaluation is required to be performed at least annually.
The evaluation is at a point in time and the conclusion is focused on whether the system of quality management provides reasonable assurance that:
Whilst the evaluation is at a point in time, information about the firm's monitoring and remediation over the period since the previous evaluation, as well as the conclusion from the previous evaluation itself, is generally what would be used as the basis for the evaluation. There is professional judgement needed in considering the identified deficiencies and their severity and pervasiveness, the remedial actions that have been put in place, and whether the deficiencies have been corrected.
The evaluation leads to one of 3 overall conclusions being formed as to the effectiveness of the system:
These conclusions are essentially equivalent to a clean opinion, a qualified, except for, opinion or an adverse opinion.
This establishes the environment in which the system of quality management operates. It deals with matters such as the firm's culture, leadership responsibility and accountability. It also addresses the firm's organisational structure, assignment of roles and responsibilities and resource planning and allocation.
ASQM 1 specifies certain roles and responsibilities to be appointed as part of the system of quality management. These are:
There are enhanced requirements addressing the qualifications of the individuals assigned to these roles, as well as their experience, knowledge, influence and authority. ASQM 1 also addresses whether people have sufficient time to perform their roles.
This component was not included in ASQC 1. It deals with obtaining, developing, using, maintaining, allocating and assigning resources in a timely manner. This enables the design, implementation and operations of the other components of the system of quality management.
The resources component includes technological, intellectual and human resources. For example, this would cover the use of audit software tools, audit manuals, documentation templates etc. It also addresses service providers.
Resources may create conditions, events, circumstances, actions or inactions that may give rise to quality risks. For example, teams may place undue reliance on IT applications, they may rely on an audit manual that is not compliant with auditing standards. When using a service provider for an outsourced IT database storage, there may be risk of inappropriate use and access to confidential client data.
This component was also not part of ASQC 1. It enables the design, implementation and operation of the system of quality management. It deals with obtaining, generating or using information concerning the system.
It addresses the culture of the firm in the context of information and communication, exchanging information between the firm and engagement teams, communicating information with a firm's network or service provider as well as other communications externally on a timely basis.
These are fundamental for the proper performance of audit engagements. Relevant ethical requirements for both the firm and its personnel must be addressed. These requirements are defined in the auditing standard ASA 102 Compliance with Ethical Requirements when Performing Audits, Review and Other Assurance Engagements.
This component also deals with ethical requirements to the extent that they apply to others who are external to the firm.
This component is another that is fundamental to engagement performance. It deals with the firm's judgements about whether to accept or continue a client relationship or specific engagement.
This deals with the firm's actions to promote and support the consistent performance of quality engagements. This includes providing direction, supervision and review, consultation and dealing with differences of opinion.
The component includes how the firm supports engagement teams in their exercising of professional judgement and, when applicable to the nature and circumstances of particular engagements, exercising professional scepticism.
In addition to the 2 processes and 6 components, ASQM 1 also focuses on documentation. It requires the firm to prepare documentation to achieve 3 principles:
The form and extent of this documentation can be tailored to the size and complexity of the firm. A less complex firm may not need to have granular documentation, such as a matrix, that indicates the quality objective, the related quality risk(s), and the related responses to address those quality risks. This is because it may be obvious how the quality risks relate to the quality objectives, or how the responses address the quality risks. In these circumstances, the firm's documentation may include lists of the quality objectives and quality risks, and a memorandum that explains the responses and how they address the quality risks.
Before preparing and agreeing engagement terms, the audit team leader must consider if the audit team are collectively appropriately skilled to perform the engagement, and if the engagement being proposed can be accepted. Client and engagement acceptance considerations must be documented and must include:
In addition to those requirements noted above, acceptance considerations should include:
Where issues arise, they should be discussed with the audited body and the audit team leader may choose not to accept the engagement. Such discussions and decisions must be documented by the auditor.
Engagement Quality Reviews is a new standard that has been developed to provide an increased focus on the rigour of the conduct of engagement quality reviews. There is new content in the standard, but also some material has been relocated from ASQC 1 and ASA 220.
One of the specific or required responses ASQM 1 requires to address quality risks is the conduct of engagement quality reviews — peer reviews in audits conducted under schemes the CER administers. It includes criteria for when an engagement quality review is required. One of the requirements is when the appointment of an engagement quality review is required by legislation. All Part 6 audits require the appointment of a peer reviewer.
If an engagement quality review is required, then ASQM 2 comes into play and this standard addresses the selection of the individual to perform the review, how it is performed and what should be documented.
ASQM 2 places an increased focus on the objectivity of the peer reviewer, as having the right mindset is essential to effectively evaluating the judgements and conclusions of the engagement team.
It includes 2 key elements:
2 International Standards Organisation ISO 9001:2008
Quality Management Systems; Auditing and Assurance Standards Board ASQM 1
Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information or ASQM 2
Engagement Quality Reviews, and Other Assurance Engagements; and Accounting Professional and Ethical Standards Board APES 320 Quality Control for Firms.
About The Clean Energy Regulator
Carbon Farming Initiative
Carbon Pricing Mechanism
National Greenhouse And Energy Reporting
Renewable Energy Target
Emissions Reduction Fund
Our Systems And Their Resources
Clean Energy Markets
Data and information
Emissions Reduction Assurance Committee
Subscribe to email updates
Information Publication Scheme
Freedom of Information
The Clean Energy Regulator is a Government body responsible for accelerating carbon abatement for Australia.