Are you up to date with ISQM 1? And prepared for ISQM 2?

Are you up to date with ISQM 1? And prepared for ISQM 2?
The free article below from Croner-I gives guidance and this document will show you all of the resources available via Croner-I to get you up to speed and keep you compliant. These articles are free on Croner-I Lite with your membership with SPA. To get access to this free service (worth £300) and to look at the wider tools available on ISQM, please click here.

Have you got your sights set on ISQM (UK) 2?

Aron Kleiman, Head of Audit and Accounts at Wilson Wright LLP, explains why the requirements of ISQM (UK) 2 apply to all firms, not just the largest ones.

Further guidance on ISQM (UK) 1 and ISQM (UK) 2 is available in the Audit Quality and Compliance section of Navigate Audit.

Turning back: ISQM (UK) 1 and the system of quality management

15 December 2022 was a key date for audit practices worldwide as the quality management system required under ISQM (UK) 1 needed to be fully designed and implemented by this point. In my last article for Croner-i, I reflected on the impact of ISQM (UK) 1 Quality management for firms that perform audits or reviews of financial statements, or other assurance or related services engagements on midtier practices here in the UK. I concluded that, whilst several actions were required, many smaller firms were likely to already have processes in place that mitigated critical quality risks. The crucial action was explicit identification of the measures in place to then present these together as a coherent system of quality management.

Facing forwards: Where does ISQM (UK) 2 fit in?

I return here to offer some views in relation to ISQM (UK) 2 Engagement quality reviews. This standard, issued by the IAASB in December 2020 and released by the FRC in July 2021 for the UK, is applicable to audits and reviews of financial statements for periods beginning on or after 15 December 2022 (as well as other assurance and related services engagements beginning on or after 15 December). The focus of ISQM (UK) 2 is specifically on engagement quality review requirements and the standard gives detail on when and where EQR should be deployed, considerations when selecting and allocating reviewers (including certain restrictions on individuals being involved with the process on specific engagements), where on the file the EQR reviewer needs to focus their attention and what of this process needs to be documented as well as covering several other EQR related areas.

This area of audit procedure was previously best known as EQCR “Engagement Quality Control Review” with the “C” falling off as it has also done from the nowreplaced ISQC standards. Those yet to review it in full will be pleased to hear that its 21-page length is much shorter than ISQM (UK) 1’s 78 pages of detail.

Scoping out some of the detail: When is an EQR required?

EQR is not a requirement on all audits (I use the term “audits” to mean all engagements in the scope of the standard). As we implied earlier, ISQM (UK) 2 follows on from ISQM (UK) 1 and it is within ISQM (UK) 1 that the scenarios where EQR is absolutely required are clearly spelled out. ISQM (UK) 1 (paragraph 34(f)) states the EQR process is only absolutely required for audits for listed entities most of which would be categorised as public interest entities (PIEs) or where required by other law or regulation.

PIEs are entities whose transferable securities are admitted to trading on a UK regulated market, credit institutions or certain insurance undertakings. As an aside, there are some potential changes to PIE criteria on the horizon that may bring more engagements into the need for EQR and will therefore give ISQM (UK) 2 greater reach.

EQR as required by law or regulation is likely only applicable to certain public sector or charity entities or to bodies that operate in certain industries such as banking, insurance and pension funds where the PIE or other EQR-qualifying criteria may differ to companies and where there may be different statutory requirements as audits here are governed by legislation other than (or in addition to) the Companies Act. See ISQM (UK) 1:A133 and ISQM (UK) 1:34(f) (iv) – (vi) for further detail on entity types that require EQR under the standards.

As a general rule, though, one can say non-PIE companies often do not absolutely require EQR. Therefore, as PIE audits are concentrated at the top of the market, it is unlikely that there are many UK firms outside of the top 20 with substantial numbers of engagements categorically needing to have an EQR process applied. Consequently, there is a risk that audit quality managers operating outside the larger firms may perceive ISQM (UK) 2 as not at all relevant to their context and think that it is applicable only at those larger firms.

Looking within: Does this truly apply to my firm where we have no PIE audits?

However, this does not mean smaller audit firms should ignore the guidance completely. ISQM (UK) 2 is clearly intended as a counterpart to ISQM (UK) 1 and, under the industry wide applicability of ISQM (UK) 1, deployment of EQR should be forming part of each and every audit firm’s repertoire of quality management measures even when there are no engagements where the EQR process is absolutely required.

The standards expect all audit practices to consider and deploy EQR requirements as part of their system of quality management as a response to their own identified quality risks. ISQM (UK) 1 is clear in this regard stating that a firm should establish ‘policies or procedures that address EQRs in accordance with ISQM (UK) 2 for … (iii) [audits] for which the firm determines that EQR is an appropriate response to address one or more quality risks.’

In other words, EQR should be deployed at all audit-performing firms on the riskier engagements as measured against a relative scale of risk determined by each practice.

It is safer to view ISQM (UK) 2 as a required addendum to ISQM (UK) 1 (just with a year’s delay before its full implementation date) and to therefore apply the same level of rigour when updating each firm’s EQR policy as each firm did last year more widely for ISQM (UK) 1. This, of course, must include an appraisal of the requirements of the ISQM (UK) 2 standard by all audit quality managers ensuring that its details are met by the firm’s procedures and that these are captured within the ISQM (UK) 1 documentation.

Seeing ahead

In future articles, I will be summarising some of the detail in relation to the impacts of ISQM (UK) 2 on mid-tier firms in the build up to the full requirements becoming effective for audits of periods commencing on or after 15 December 2022 (essentially 31 December 2023 year-ends) as we continue through the adoption process of ISQM (UK) 2 here at Wilson Wright, a London-based mid-tier practice. Document downloaded on 19-10-2023 from Croner-i Navigate, the UK’s leading online research service for tax, audit and accounting professionals. Find out more at or call 0800 231 5199. This article was correct at the date of publication. It is intended as an aid and cannot be expected to replace specific professional advice and judgment. No liability for errors or omissions will be accepted. It is the responsibility of those using the information to ensure it complies with the law at the time of use and that it is used in line with relevant rules and regulations governing the subject matter in question. Except where otherwise indicated, all content is copyright of Croner-i Ltd.

© Croner-i Ltd, 2023

All rights reserved. No part of this publication may be reproduced without prior permission.

Related Posts