October 10, 2024

Time’s running out on preparing for the new Quality Management Standards!

The American Institute of Certified Public Accountants’ (AICPA) new Quality Management Standards have been out for some time, and you can’t wait to read it.

 

That’s not a prediction. It’s a warning.

 

The new standards have to be in place and in use by December 15, 2025, and getting into compliance is not something that can wait until the last minute.

 

Yes, that’s more than a year away, but according to the AICPA, you should have started working on it two years ago.

 

You probably know the new Statements on Quality Management Standards (SQMS) is out there, but not just how much effort coming into compliance will take. That applies to sole practitioners as much as it does to medium-sized and large public accounting firms.

 

The new SQMS is what we call “thinking standards” — you have to really think it through and customize it for your attest practice, based on things like the type of clients you have and the services you provide.

 

It’s not just new requirements and changes in the way you do things. The new SQMS takes an entirely new, risk-based approach to quality, with two completely new components: Risk Control, and Information and Communication.

 

Risk and Information


Under the new risk assessment process, firms must establish specific quality objectives. They must “identify and assess quality risks, and then they must design and implement responses to those risks that are tailored to the firm’s unique circumstances.”

 

Information and communication is the second entirely new component of the new SQMS. It requires the establishment of processes that support the SQMS, including the use of reliable internal and external sources of information, and the creation of a culture that supports and reinforces the responsibility for sharing information with colleagues and the firm.

 

This information must be communicated in an understandable and actionable manner to internal personnel, service providers, and external sources as required.

 

Specific quality objectives must be created for each of the eight SQMS components:

●     Risk control

●     Governance and leadership

●     Relevant ethical requirements

●     Acceptance and continuance of client relationships and specific engagements

●     Engagement performance

●     Resources (formerly human resources)

●     Information and communications

●     Monitoring

 

The other six components have also changed under the new SQMS, several dramatically.

 

Changes Throughout


The leadership responsibilities for quality within the firm component, for example, is now Governance and leadership. It includes a new and more robust focus on the role these two elements play in establishing and supporting an environment, and establishing a culture, that supports the SQMS. Leaders are now not only responsible and accountable for quality, but are expected to demonstrate a commitment to quality through their actions.

 

Relevant ethical requirements are less prescribed under the new standards, but have a new focus on responsibility and on ensuring that others involved in the SQMS or in performing engagements understand and meet those requirements.

 

The acceptance and continuance of client relationships and specific engagements has a new emphasis on professional standards and the integrity and ethical values of the client. It also highlights the need to ensure that financial and operational priorities don’t influence acceptance and continuance judgements.

 

Engagement performance has a new focus on an engagement partner’s oversight and involvement. There is also a new emphasis on the exercise of professional judgment and skepticism.

 

Resources is no longer prefaced by “human” and now has new requirements revolving around technological and intellectual resources in the SQMS. Other requirements relate to the competence and commitment to quality of personnel, and bringing in outsiders to fill any personnel gaps.

 

Finally, the Monitoring component has a new focus on the firm’s remediation process, and offers expanded and enhanced guidance throughout. One aspect is a new requirement that firms establish policies and procedures that address the objectivity of the monitors. Monitoring now also includes a new term, findings, that focuses on any deficiencies that exist. The firm must “evaluate the severity and pervasiveness of identified deficiencies using a root cause analysis,” and design appropriate remedial actions.

 

Get Going


The end of that three-year time frame suggested by the AICPA for creating and building out the new Quality Management Standards is now just a year and a quarter away, and firms have three responsibilities between now and December 15, 2025.

 

The first, of course, is to continue using the extant standard (Statement of Quality Control Standard (SQCS) No. 8, (Redrafted) until your firm is ready to implement the new requirements.

 

The second is to perform the risk assessment and gap analysis, and then design and implement the new standards.

 

Finally, firms need to consult with their peer reviewer before final implementation.

 

If you haven’t started yet, that’s a lot of work for the next 15 months!

 

Then there’s one more year, until Dec. 15, 2026, to carry out the first annual evaluation of your new quality management system!

 

Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.


By Jennifer Ruf March 24, 2025
As audit season is in high gear, it’s important for auditors to step back and plan how they are going to audit a client’s books and records. What are the red flags you’re looking for when it comes time to throw open the books and look through a huge swath of journal entries to pluck out the ones that are questionable, and need to be questioned? First off, it’s important to understand how journal entries are created at the company being audited. For an auditor, that means looking at the internal control environment to understand how a journal entry is created: Who’s authorized to create one and who can create one. You have to understand the process. How does it start and how is the entry eventually recorded onto the financial reporting system? Once you know that, you can determine whether someone can come in and override the system, or if someone can pretend to be someone else and start recording journal entries onto the system. That will help you figure out what to look for to decide what entries to pull out and ask management to get back up information to support and validate those entries. Finding the needle The key here is not to just go through the mechanics, but to really go through the exercise so you can determine if management is playing games in the recording of those transactions. You have to be able to get comfortable with that, and that means you need to be able to document what you’re looking for. Because what the auditor is really doing is looking for a “needle in the haystack”, to identify the transactions that don’t look right, that don’t make sense in the ordinary course of business. For example, if the business is not open on weekends, are transactions being posted on a Saturday or Sunday, or even on holidays? If you see rounded numbers or accounts that are seldom used, those can be red flags as well. Sometimes it can be as simple as asking managers and others like accounting, data entry and IT personnel if they’ve observed any unusual accounting entries. Depending on the size of the company and scope of the work, you might need to use computerized audit software program — some of them with AI built in — that can scan the entries to identify anomalies. Red flags When an auditor is looking for evidence of management override of controls, they can look for some of these 12 red flags indicators: ● Top-side entries ● Entries made to unrelated, unusual or seldom-used accounts ● Entries made by individuals who typically don't make entries. ● Entries recorded at the end of the period ● Post-closing entries with no explanations ● Entries made before or during the preparation of financial statements with no account numbers ● Entries that contain rounded numbers or a consistent ending number ● Entries processed outside the normal course of business ● Accounts that contain transactions that are complex or unusual in nature ● Accounts that contain significant estimates and period-end adjustments ● Accounts that have been prone to errors in the past ● Accounts that contain intercompany transactions When testing non-standard journal entries and other adjustments, you should look for documentary evidence indicating that they were properly supported and approved by management. Finally, remember that while most fraudulent entries are made at the end of a reporting period, you shouldn't ignore the rest of the year  Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
December 20, 2024
Are you prepared?
A woman's hands holding a microphone
December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.
December 4, 2024
Boost your business by becoming adept at active listening.
More Posts
Share by: