System of Quality Management Resources

Advisory Services for Public Company Auditors

New QC Standards Readiness and Implementation

The International Auditing and Assurance Standards Board (IAASB) has adopted the new International Standard on Quality Management 1 (ISQM 1). In addition, the PCAOB has indicated its intention to issue new quality control (QC) standards in the near future. As a result, firms that are required to follow IAASB or PCAOB standards need to reconsider their internal quality controls and begin to implement new processes to comply with these new requirements. 

Preparation and Assessment Process

Risk Assessment

  • The firm’s process of implementing the risk-based approach to quality management.
  • Consists of establishing quality objectives, identifying and assessing quality risks and designing and implementing responses to quality risks. 

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

  • Design and implement a risk assessment process (Ref: Para. A39–A41)
  • Establish the quality objectives specified by this ISQM and any additional quality objectives considered necessary (Ref: Para. A42–A44)
  • Identify and assess quality risks to provide a basis for the design and implementation of responses. In doing so, the firm shall:
  • Obtain an understanding of the conditions, events, circumstances, actions or inactions that may adversely affect the achievement of the quality objectives. (Ref: Para. A45–A47)
  • Consider how, and the degree to which, the conditions, events, circumstances, actions or inactions in paragraph 25(a) may adversely affect the achievement of the quality objectives. (Ref: Para. A48)
  • Design and implement responses to address the quality risks (Ref: Para. A49–A51)
  • Establish policies or procedures that are designed to identify information that indicates additional quality objectives. (Ref: Para. A52–A53) 


Governance & Leadership

Deals with matters such as the:

  1. Firm’s culture
  2. Leadership responsibility and accountability
  3. The firm’s organizational structure
  4. Assignment of roles and responsibilities, and
  5. Resource planning and allocation.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address the firm’s governance and leadership:

  • Demonstrates a commitment to quality through a culture that exists throughout the firm, which recognizes and reinforces: (Ref: Para. A55–A56) 
  • Serving the public interest by consistently performing quality engagements;
  • Importance of professional ethics, values and attitudes;
  • Responsibility of all personnel for quality relating to the performance of engagements; and
  • Importance of quality in the firm’s strategic decisions/actions including financial and operational priorities.
  • Leadership is responsible and accountable for quality. (Ref: Para. A57)
  • Leadership demonstrates a commitment to quality through their actions and behaviors. (Ref: Para. A58)
  • Organizational structure & assignment of roles, responsibilities, and authority is appropriate to enable the design, implementation, & operation of firm system of quality management. (Ref: Para. A32, A33, A35, A59) 
  • Resource needs, including financial resources, are planned for and resources are obtained, allocated or assigned in a manner that is consistent with the firm’s commitment to quality. (Ref: Para. A60–A61) 


Ethical Requirements

  • Deals with fulfilling relevant ethical requirements by the firm, its personnel, and ethical requirements that apply to others external to the firm.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address the fulfillment of responsibilities in accordance with relevant ethical requirements, including those related to independence: (Ref: Para. A62–A64, A66) 

  • The firm and its personnel: 
  • Understand the relevant ethical requirements to which the firm and the firm’s engagements are subject; and (Ref: Para. A22, A24) 
  • Fulfill their responsibilities in relation to the relevant ethical requirements to which the firm and the firm’s engagements are subject. 
  • Others, including the network, network firms, individuals in the network or network firms, or service providers, who are subject to the relevant ethical requirements to which the firm and the firm’s engagements are subject: 
  • Understand the relevant ethical requirements that apply to them; and (Ref: Para. A22, A24, A65) 
  • Fulfill their responsibilities in relation to the relevant ethical requirements that apply to them. 


Acceptance & Continuance

Deals with the firm’s judgments about whether to accept or continue a client relationship or specific engagement.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address the acceptance and continuance of client relationships and specific engagements: 

  • Judgments by the firm about whether to accept or continue a client relationship or specific engagement are appropriate based on: 
  • Information obtained about the nature and circumstances of the engagement and the integrity and ethical values of the client (including management, and, when appropriate, those charged with governance) that is sufficient to support such judgments; and (Ref: Para. A67–A71) 
  • The firm’s ability to perform the engagement in accordance with professional standards and applicable legal and regulatory requirements. (Ref: Para. A72) 
  • The financial and operational priorities of the firm do not lead to inappropriate judgments about whether to accept or continue a client relationship or specific engagement. (Ref: Para. A73–A74) 

Engagement Performance

  • Deals with the firm’s actions that support consistent quality engagements through direction, supervision and review, consultation, and differences of opinion.
  • Includes how the firm supports engagement teams in exercising professional judgment and professional skepticism.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address the performance of quality engagements: 

  • Engagement teams understand and fulfill their responsibilities in connection with the engagements, including, as applicable, the overall responsibility of engagement partners for managing and achieving quality on the engagement and being sufficiently and appropriately involved throughout the engagement. (Ref: Para. A75) 
  • The nature, timing and extent of direction and supervision of engagement teams and review of the work performed is appropriate based on the nature and circumstances of the engagements. (Ref: Para. A76–A77) 
  • Engagement teams exercise appropriate professional judgment and professional skepticism. (Ref: Para. A78) 
  • Consultation on difficult matters is undertaken and conclusions are implemented. (Ref: Para. A79–A81) 
  • Differences of opinion within the engagement are communicated and resolved. (Ref: Para. A82) 
  • Documentation is assembled timely after the date of the engagement report. (Ref: Para. A83–A85) 

Resources

  • Deals with obtaining, developing, using, maintaining, allocating and assigning resources in a timely manner to enable the design, implementation and operation of the SQM.
  • Includes 1) technological, 2) intellectual, 3) human resources, and 4) service providers.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address appropriately obtaining, developing, using, maintaining, allocating and assigning resources in a timely manner: (Ref: Para. A86–A87, A95–A97)

Human Resources 

  • Personnel are hired, developed and retained and have the competence and capabilities to achieve quality objectives (Ref: Para. A88–A90); demonstrate a commitment to quality and are held accountable (Ref: Para. A91–A93); and individuals are obtained from external sources when needed to achieve quality objectives. (Ref: Para. A94) 

Technological Resources

  • Appropriate technological resources are obtained or developed, implemented, maintained, and used, to enable the operation of the firm’s system of quality management and the performance of engagements. (Ref: Para. A98–A101, A104)

Intellectual Resources

  • Appropriate intellectual resources are obtained or developed, implemented, maintained, and used, to enable the operation of the firm’s system of quality management. (Ref: Para. A102–A104)

Service Providers 

  • Human, technological or intellectual resources from service providers are appropriate for use in the firm’s system of quality management and in the performance of engagements. (Ref: Para. A105–A108)

Information & Communication

  • Deals with obtaining, generating or using information regarding the SQM, and communicating information within the firm and to external parties on a timely basis to enable the design, implementation, and operation of the SQM.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish the following quality objectives that address obtaining, generating or using information regarding the system of quality management: (Ref: Para. A109) 

  • The information system identifies, captures, processes and maintains relevant and reliable information that supports the system of quality management, whether from internal or external sources. (Ref: Para. A110–A111) 
  • The culture of the firm recognizes and reinforces the responsibility of personnel to exchange information with the firm and with one another. (Ref: Para. A112) 
  • Relevant and reliable information is exchanged throughout the firm, including: (Ref: Para. A112) 
  • Information sufficient to fulfil responsibilities relating to the system of quality management; and 
  • Information when performing activities within the system of quality management or engagements. 
  • Relevant and reliable information is communicated to external parties, including: 
  • Information from the firm to or within the firm’s network or to service providers, and (Ref: Para. A113) 
  • Externally when required by law, regulation or professional standards. (Ref: Para. A114–A115) 

Monitoring & Remediation

  • Provides the firm with information about the design and operation of the SQM; and
  • Addresses the remediation of deficiencies on a timely basis.

Requirements of the ISQM 1 Standard (and Proposed SQMS 1)

Establish a monitoring and remediation process to: (Ref: Para. A138) 

  • Provide relevant, reliable and timely information about the system of quality management. 
  • Take appropriate actions to respond to identified deficiencies and remediate them on a timely basis. 
  • Design and perform monitoring activities to provide a basis for the identification of deficiencies.
  • Include the inspection of completed engagements in its monitoring activities. (Ref: Para. A141, A151–A154)
  • Assess the competency and objectivity of individuals performing monitoring. (Ref: Para. A155–A156) 
  • Evaluate findings to determine whether deficiencies exist. (Ref: Para. A157–A162)
  • Evaluate the severity and pervasiveness of identified deficiencies. (Ref: Para. A161, A163–A164)
  • Design and implement remedial actions to address identified deficiencies. (Ref: Para. A170–A172)
  • Communicate on a timely basis monitoring and remediation process. (Ref: Para. A174) 

Audit Documentation: From Low-Hanging Fruit to Load-Bearing Standard

By Stephanie Mickens March 30, 2026
In a previous article, Back to Basics: Audit Documentation Failures Have Become Dangerous Low Hanging Fruit , we highlighted how audit documentation had quietly re-emerged as a source of regulatory risk after years of relative deprioritization. While PCAOB Auditing Standard 1215, Audit Documentation (AS 1215), has historically been cited less frequently than other standards, our direct experience from recent inspection activity, enforcement actions, and internal inspection results, demonstrate that documentation failures are increasingly treated as indicators of deeper execution, supervision, and quality management breakdowns. In today’s environment, audit documentation is no longer merely a record of work performed. It is the primary evidence inspectors rely on to evaluate whether an engagement was properly planned, executed, and supported at the time the auditor’s report was issued. What has been low-hanging fruit now requires firms to close these gaps and transform them into a load-bearing foundation for audit quality. From Rare Enforcement to Systemic Inspection Risk AS 1215 establishes clear requirements regarding what must be documented, when documentation must be completed, and how engagement files must be assembled and retained. As discussed in our prior article, failures to comply with these requirements were historically viewed as technical or secondary issues, often resulting in inspection comments rather than enforcement action. That distinction is no longer meaningful. Recent enforcement actions involving backdating, improper (both intentionally, and inadvertent) modification of workpapers, and failure to timely assemble a complete audit file reflect an evolving regulatory view. Documentation failures do not simply violate procedural requirements; they call into question the credibility of the audit opinion itself. More importantly, beyond enforcement, documentation deficiencies are increasingly cited as core inspection findings. Inspectors are challenging situations where engagement teams assert that work was performed but cannot demonstrate that work within the archived file. In these cases, the absence of timely, complete, and clear documentation is no longer treated as a formality. It is treated as evidence that the engagement may not have been properly executed, supervised, or supported in accordance with PCAOB standards. This represents a fundamental shirt. Documentation is no longer “low-hanging fruit.” It is a systemic inspection risk that cuts across execution, supervision, and firm-level quality management. From Misconduct to Execution Failures Pervasive documentation failures that do not involve intentional misconduct but still result in non-compliance are increasingly observed. For example, reviewer signoffs occurring near the documentation completion date, rather than contemporaneously with the performance of audit procedures, raise questions about whether effective supervision occurred during the audit or was deferred to meeting archiving deadlines. Similarly, engagement teams may assert that key judgments can be explained verbally, even when those judgments are not clearly documented in the audit file. In today’s environment, the distinction between “we can explain it” and “it is clearly documented” is critical. If procedures, judgments, and conclusions are not evident in the documentation itself, inspectors increasingly conclude that the work was not performed in accordance with PCAOB standards. The issue is not whether the engagement team can explain what they did after the fact. The issue is whether the archived documentation allows an experienced auditor, with no prior connection to the engagement, to understand the procedures performed, evidence obtained, and conclusions reached at the time of the auditor’s report. When documentation fails to reach that standard, inspectors are increasingly concluding that the audit itself was not properly executed, regardless of intent. This reflects an important shift. Documentation failures are no longer viewed primarily as misconduct. They are viewed as symptoms of execution breakdowns, including delayed supervision, compressed review cycles, and audit workflows that defer documentation until the end of the engagement. As a result, AS 1215 has become a direct proxy for how audits are actually performed in practice. How the 14-Day Documentation Completion Requirement Changes the Risk Profile The execution risks are further amplified by the PCAOB’s shortened documentation completion timeline. Recent amendments to AS 1215 reduce the timeframe to assemble a complete and final audit file from 45 days to 14 days after the report release date. While this change may appear procedural, its implications are operational. Under this accelerated timeline, engagement teams no longer have a meaningful post-issuance window to resolve review notes, complete documentation, or finalize supervisory evidence. What were once viewed as “clean-up” activities are now more likely to result in timing violations and non-compliance. This shift places increased emphasis on: Contemporaneous documentation Real-time supervision Realistic workload and staffing models Audit Documentation as a Cornerstone of Audit Quality Audit documentation has long been described as low-hanging fruit in the inspection process. That characterization no longer reflects its role in today’s regulatory environment. Documentation now serves as the primary lens through which regulators assess whether an engagement was properly executed, supervised, and supported. With shortened timelines, expanded quality management expectations, and increased regulatory scrutiny, firms can no longer treat documentation as a downstream activity. It must be embedded into how engagements are planned, staffed, reviewed, and completed. In an environment where inspection conclusions are driven by what is, and what is not, in the audit file, strong documentation is not merely defensive. It is foundational to audit quality. At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. For more information, please contact your JGA audit quality expert .

Quality Management in 2026: Considerations to Successfully Adapt to a Transforming Environment

January 20, 2026
Introduction The accounting firm industry experienced a ground-breaking transaction in August of 2021 when TowerBrook acquired EisnerAmper, which marked the first private equity (“PE”) transaction of a large-scale accounting firm. This transaction was structured using an alternative practice structure (“APS”). Historically, licensing and independence rules have barred non-CPAs from owning accounting firms. Through an APS, a PE firm may invest in the non-attest entity with service lines such as tax advisory and consulting. The CPA partners retain control over the attest functions, which preserves regulatory compliance. While the APS model has been in existence since the 1990s, this August 2021 transaction brought new attention to this structure. What has followed is an extraordinary volume of deal activity. Per the CPA Trendlines (“CPAT”) Cornerstone report posted on November 18, 2025, CPAT has tracked over 115 PE-related transactions from 2020 to 2025, with over 80 transactions in 2025. While PE in the accounting firm space is no longer news, the pace and volume of transactions is certainly news-worthy. Impact of PE Investment The impact of PE investment on the accounting firm space is unprecedented. The APS has enabled PE to fuel billions of capital investment. PE-backed firms provide immediate payouts to partners at appealing valuations while providing access to capital to these firms for merger and acquisition growth, technology investments, and other priorities. Well-capitalized firms now have an improved ability to invest in technological capabilities, attract experienced talent to be more competitive for college graduates, and improve their market position. With new technologies, routine tasks are being automated such as data entry, tie-outs and controls testing, resulting in less time needed to perform certain audit procedures. What the regulators are saying At the AICPA December 2025 conference on Current SEC and PCAOB Developments, common topics were the presence of private equity in the accounting firm space and the opportunities and challenges that come with this investment. PCAOB Acting PCAOB Chair George Botic described that both transformative technologies (e.g., artificial intelligence or “AI”) and the continuing expansion of private equity investments in accounting firms are two developments that bring opportunities and challenges. Mr. Botic noted that while AI has enhanced risk assessment, reduced manual processes and made it possible to efficiently analyze entire populations of data (which can reduce the risk of missing irregularities or unusual patterns), that overreliance on AI may ultimately threaten auditors’ exercise of professional skepticism and judgment. As it relates to private equity, Mr. Botic noted that while these investments have the potential to enhance audit quality by increasing firm capacity and modernizing audit tools with advanced technologies, the presence of private equity presents a risk that firms shift incentives to prioritize profitability over audit quality. Mr. Botic stated, “Both AI and private equity investments in accounting firms carry the potential to truly reshape the profession. Yet these opportunities come with clear challenges to ensure that overreliance on AI and the pressures of private equity do not jeopardize audit quality.” SEC SEC Chair Atkins discussed in his remarks that he would like the PCAOB to modify its inspections process to place more reliance on the system of quality management and that inspection of certain engagements would inform the PCAOB if the firm’s system of quality management is effective. He also expressed a view that accountability for audit quality should move upward to firm leadership. How is a firm’s system of quality management (“SQM”) impacted? Today’s transforming environment has far-reaching impacts on a firm’s SQM. This publication will focus on risk assessment, governance and leadership, ethics and independence, resources, engagement performance, and monitoring and remediation. 

From Planning to Practice: 10 Steps to Build Your Firm’s Quality Management System

By Jackson Johnson September 30, 2025
With the effective date for SQMS 1 and QC 1000 fast approaching, firms of all sizes—especially small and sole practitioners—must take action to implement a system of quality management (SQM) that meets the new standards. The good news? You don’t have to start from scratch. Despite QC 1000’s implementation date deferral, the AICPA’s date hasn’t changed, and the international standards are already effective. It’s important to maintain momentum on the efforts toward implementation of all applicable standards for your firm. This article outlines 10 practical steps to help firms build their SQM. Each step includes actionable guidance and considerations for firms with limited resources, and ties into JGA’s broader thought leadership on quality management, risk assessment, and system evaluation. The 10 Steps to Build Your SQM Step 1: Establish a Project Team Form a team with the right mix of quality expertise and operational insight. For small firms, this may mean involving a manager who can grow into a leadership role or setting aside dedicated time as a sole practitioner. Recommended actions to consider: Identify internal champions with interest or experience in quality. Schedule recurring project meetings to maintain momentum. Join a peer group for support and shared learning. Step 2: Understanding and Awareness Document your firm’s business strategy, service offerings, and operational conditions. This step helps identify factors that may impact quality—such as remote work, new industries, or staff turnover. Recommended actions to consider: Conduct a strategy review with firm leadership. List recent changes in firm structure or engagement types. Use these insights to inform your risk assessment. Step 3: Assign Responsibilities Define who is accountable for the SQM. The new standards require clear delineation of ultimate and operational responsibility, including oversight of independence and monitoring. Recommended actions to consider: Assign roles based on existing responsibilities. Clarify delegation boundaries for managing partners. Document responsibilities in your quality manual. Step 4: Establish a Risk Assessment Function Design a process to identify and assess quality risks. This includes understanding conditions or events that could impact quality objectives. Recommended actions to consider: Create a risk assessment policy tailored to your firm. Use relatable examples to demystify risk factors. Leverage AICPA practice aids for structure and templates. Step 5: Perform the Initial Risk Assessment Conduct brainstorming sessions by component and document risks using the AICPA Risk Assessment Template. Include both formal and informal responses. Recommended actions to consider: Use the AICPA risk library to identify common risks. Tailor risks to your firm’s size and services. Include existing responses—even if informal—for evaluation. Step 6: Finalize the Gap Analysis Evaluate where your current responses fall short. This may include undocumented policies or areas where responses don’t fully address the risk. Recommended actions to consider: Identify gaps in governance, ethics, and technology. Determine which informal practices need formalization. Prioritize gaps based on risk severity and regulatory impact. Step 7: Implement Responses to Address the Gaps Develop policies and procedures to close gaps. Responses must be documented and operational. Recommended actions to consider: Draft policies that reflect your firm’s values and risks. Link procedures to specific quality objectives. Use existing documentation as a starting point. Step 8: Update Your Monitoring Process Move beyond peer review prep—monitoring should be continuous and system-wide. Recommended actions to consider: Assign monitoring responsibilities across the team. Incorporate testing of responses into internal inspections. Use dashboards or checklists to track progress. Step 9: Formalize Root Cause and Remediation Procedures Investigate deficiencies and document why they occurred. This step is essential for both system and engagement-level reviews. Recommended actions to consider: Conduct interviews to understand root causes. Use findings to improve policies and training. Apply remediation even if your firm only undergoes engagement reviews. Step 10: Initial Test of Design and Implementation Review documentation and walk through processes to ensure your system is operational and testable. Recommended actions to consider: Validate that each component is supported by evidence. Simulate a peer review to test your system. Confirm that objectives, risks, and responses align. Conclusion Implementing a system of quality management is not just a compliance exercise—it’s an opportunity to strengthen your firm’s foundation for audit quality, risk management, and long-term success. Whether you’re a sole practitioner or a small firm with a few partners, these 10 steps offer a scalable roadmap to meet the new standards. Ready to get started or need help refining your approach? Contact your JGA audit expert today to schedule a consultation and ensure your implementation is tailored to your firm’s needs. At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®.
Show More