Introduction As explored in previous JGA Advisor articles, the implementation of quality management standards such as ISQM 1, SQMS 1, and QC 1000 has reshaped how audit firms approach compliance, risk, and continuous improvement. These standards demand a proactive, risk-based, and firm-wide system of quality management (SoQM) that is both scalable and adaptable to local jurisdictions. We have seen through our work with firms that a tech solution is just part of the equation. Of course, having the right human capital with the capacity, drive, skills, and leadership to influence implementation across so many functions of the firm is critical. Also, understanding a baseline of risks and controls – beyond the minimum explained in the standards – will go a long way for smoother implementation. We recommend taking a look at the AICPA Practice Aid and many other AICPA resources for firms embarking on their implementation journey. While the standards themselves are rigorous, the complexity of implementation—especially across multiple jurisdictions—has led many firms to look to ways to document their system with reliable workflows in a database or other system. What we have seen is that – at a minimum – an excel solution, especially coupled with other tools like smart sheets, is the easiest entry point for a tech solution for implementation. Other more advanced tools not only streamline compliance but also enhance documentation, accountability, and real-time monitoring. In this article, we explore how three platforms—Inflo, Caseware, and QMCore—are helping firms meet these challenges and elevate their quality management systems. Why Software Matters for Quality Management Successfully implementing a SoQM under ISQM 1, SQMS 1, QC 1000, or other jurisdictional standards requires more than policies and procedures—it requires leadership, training, communication, and a culture of quality. But most importantly, it requires technology. Software platforms like QMCore, Inflo, and Caseware offer firms the ability to: Assign and track ownership of quality tasks across the firm, ensuring accountability, and transparency. Streamline risk assessment, monitoring, and remediation, which are core to all modern quality management standards. Provide real-time reporting and dashboards that allow leadership to monitor compliance and identify deficiencies early. Adapt to evolving regulatory requirements across jurisdictions, including CSQM 1 (Canada), SSQM 1 (Singapore), ASQM 1 (Australia), and PES 3 (South Africa). Educate and enable staff through embedded guidance, links to standards, and intuitive workflows. For firms evaluating whether to adopt software, the key considerations should include: scalability, jurisdictional adaptability, ease of implementation, audit trail integrity, and the ability to evolve with regulatory changes. We strongly suggest taking a look at our previous guidance on adoption of software audit tools as well. There are other applications being developed for the market as well. Inflo: A Centralized Platform for Quality Management Oversight Inflo’s Quality Management solution is designed to help firms implement and maintain a System of Quality Management (SoQM) that aligns with ISQM 1 and other global standards. Unlike traditional tools that focus solely on audit execution, Inflo’s platform provides a centralized environment for managing the entire quality lifecycle—from risk assessment to monitoring and remediation. Key Features of Inflo’s Quality Management Platform: Centralized Oversight: Inflo consolidates all quality management activities into a single platform, giving firm leadership real-time visibility into the status of quality objectives, risks, and responses. Customizable Risk Assessment: Firms can tailor their risk identification and assessment processes to reflect their unique service lines, geographies, and regulatory environments. Automated Monitoring & Remediation: Inflo streamlines the tracking of deficiencies and corrective actions, ensuring that issues are addressed promptly and transparently. Evidence of Compliance: The platform maintains a complete audit trail of all quality management activities, supporting both internal reviews and external inspections. Scalable Across Jurisdictions: Inflo’s solution is adaptable to various regulatory frameworks, making it suitable for firms operating in multiple countries or under different standard-setting bodies. By integrating quality management into a digital workflow, Inflo helps firms move beyond static documentation and toward a dynamic, data-driven approach to compliance and continuous improvement. Caseware: Integrated Methodology and Real-Time Collaboration Caseware’s cloud-based platform, particularly through its Dynamic Audit Solution (DAS), offers a comprehensive approach to quality management. Built in collaboration with CPA.com and the AICPA, Caseware provides: End-to-End Audit Workflow: Integrating methodology, workpapers, and execution tools in a single environment. Real-Time Collaboration: Enabling teams to work simultaneously on engagements, improving efficiency and reducing version control issues. Data-Driven Risk Assessment: Supporting a risk-focused audit approach aligned with ISQM 1 and SQMS 1. Caseware is especially effective for firms embedding quality management into daily audit operations while maintaining compliance with evolving standards. QMCore (FinReg): Purpose-Built for Global Quality Management Standards QMCore, developed by FinReg, is a purpose-built platform designed to help firms implement and maintain a System of Quality Management (SoQM) in compliance with ISQM 1, SQMS 1, QC 1000, and their global counterparts. It is powered by the FinReg GRC platform and has received technology accreditation from the ICAEW. Key Benefits of QMCore: Comprehensive Coverage: Seamlessly integrates all eight components of ISQM 1 and SQMS 1, including governance, risk assessment, monitoring, and remediation Task Ownership and Accountability: Allows firms to assign responsibilities clearly and track progress with ease Monitoring & Remediation: Embedded tools provide high visibility into deficiencies and corrective actions, with real-time dashboards and drill-down analytics Jurisdictional Flexibility: Adaptable to regional standards such as CSQM 1, SSQM 1, ASQM 1, and PES 3 Audit Trail Integrity: Tracks all inputs and changes, ensuring transparency and defensibility; and User Enablement: Educates staff on the standards, enables them to act, and evidences compliance through structured workflows and embedded guidance. QMCore is securely hosted on AWS and accessed via the internet, making it easy to implement and scale across firms of varying sizes and geographies. Conclusion The shift to modern quality management standards is not just a compliance exercise—it’s an opportunity to enhance audit quality, improve operational efficiency, and build a culture of continuous improvement. Software platforms like Inflo, Caseware, and QMCore are proving essential in helping firms navigate this transformation. Other players may be entering the market, and we encourage a discussion to understand the latest and compare benefits and what’s best for your firm. At Johnson Global Advisory, we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. For more information, please contact your JGA audit quality expert .

This is an exert of the AI Accounting Playbook . Building Trust in AI Accounting As accounting firms adopt AI tools in audits, they face new questions about reliability, transparency, and compliance. Regulators like the PCAOB have made clear that if AI outputs can’t be explained or reproduced, they could violate existing standards. Yet formal guidance on AI use in audits remains limited, leaving firms unsure about how to move forward. Some firms have responded by limiting AI to non-public clients, but this caution also presents a chance to lead. Firms that build strong AI governance practices now can stay ahead of future regulation and establish trust in their use of AI. This chapter covers key compliance barriers, governance best practices, and steps to create a trusted control environment. Key Compliance Barriers Accountants face several key compliance barriers when using AI, particularly as regulators such as the PCAOB, AICPA, and SEC increase their scrutiny. Explainability One major challenge is explainability. Many AI models, especially machine learning and generative AI, don’t clearly show how they reach conclusions. This is a problem for auditors who need to support their findings. This lack of clarity makes it harder to meet audit evidence requirements, which must be sufficient, appropriate, and easy to understand, as outlined in PCAOB standard AS 1105. Poor Documentation Poor documentation is another major issue. This includes inadequate records of data inputs and outputs, training data, model logic, and controls over changes. Such deficiencies may violate documentation and risk assessment requirements, as seen when audit teams use AI for journal entry testing without documenting the rationale for flagged entries or threshold settings. Data Privacy Data privacy becomes a concern as firms use AI to handle large amounts of sensitive financial and personal information. This can lead to violations of laws like GDPR and CCPA, especially when client data is processed in cloud or third-party systems. Firms often struggle to maintain consistent policies for data classification, encryption, and access. Auditor independence may also be at risk if AI tools are built by a firm’s advisory armor are deeply integrated with a client’s systems. For instance, if both the firm and client use the same predictive AI tool for forecasting, it could lead to a self-review threat. AI Skills Gap A skills gap and overreliance on AI further complicate compliance. Many auditors lack the training needed to critically evaluate AI outputs or to recognize when human judgment should override algorithmic conclusions. This can lead to audit failures, such as misinterpreting a false negative from an AI-driven risk assessment as a clean result. Validation and Testing Testing and validating AI tools is another challenge, especially for tools that keep learning over time. Firms need to test tools when they’re first used and then on a regular basis, just like they do when relying on third-party service providers. But this is hard to do if the AI vendor doesn’t offer enough detail about how the tool works or the controls in place. Change Management Managing updates and changes to AI models is a concern. If a tool is updated or retrained without documentation, it can lead to inconsistent results. For example, a model may flag different transactions in different quarters without any clear reason why. Many firms also lack a formal AI governance plan tied to their quality management systems, which causes inconsistent control practices and unclear responsibilities. Lack of Guidance Regulators have been slow to issue formal guidance on how AI should be integrated into the audit process, leaving many firms in a state of uncertainty. The good news is that momentum is building. PCAOB Board Member Christina Ho has publicly emphasized the transformative potential of AI in auditing, particularly in automating routine tasks such as cross-referencing data, extracting key contract terms, and documenting interviews. She has advocated for the PCAOB to evolve its standards to promote responsible AI use, calling for transparency, bias mitigation, and auditability in AI tools. Similarly, the International Auditing and Assurance Standards Board (IAASB) has demonstrated its commitment to supporting firms by releasing its Technology Position, which is a strategic framework that outlines how the board will adapt auditing standards to align with emerging technologies, including AI. Until these guardrails are firmly in place, firms should proactively develop internal AI frameworks modeled on established control standards. COBIT can support firms in assessing and governing AI systems, including data and system integrity. COSO can be applied to evaluate AI governance, model risk, and internal control implications, particularly when AI impacts financial reporting or ICFR. NIST provides guidance to help firms build trustworthy AI systems and establish appropriate cyber security and governance protocols. Best Practices for Governance To use AI confidently and compliantly in accounting, especially in regulated environments like audit and assurance, firms should implement strong governance practices that align with both regulatory expectations and ethical standards. 1. Test AI Internally Before Use In Engagements Before you bring AI into your audits, you’ll need to put it through its paces. The starting point is an internal review and certification process, ideally led by your firm’s risk or national office. They should evaluate the AI tool’s design, logic, and controls, and may require your vendor to share documentation, control reports, and allow independent testing. A great way to do this is by running the AI on historical data from past audits with known results. That helps confirm whether the AI delivers the same conclusions auditors already reached. Scenario analysis is another smart move. Challenge the AI with tricky edge cases like known fraud or anomalies. This can expose blind spots or bias in the model. Be sure to maintain a complete audit trail of how the tool was tested and what controls were in place. If any issues pop up during testing, document and resolve them. And before you roll it out firm-wide, get an independent review of the tool. Think of it like a second set of eyes, similar to a concurring partner review. Only once your firm is fully confident in the tool should it be used in your accounting processes. 2. Develop AI Governance Policies Strong policies lay the foundation for responsible AI use. These should outline your standards for data inputs, risk reviews, decision-making responsibilities, and transparency. Deloitte recommends a universal governance policy that applies to all AI technologies across the firm. This policy should define acceptable (and prohibited) use cases, require approval for new AI tools, and establish review intervals. Ethical usage also needs to be a priority. That means clear guidelines around privacy, bias, and legal compliance — with transparency as a core value. Internally and externally, stakeholders should understand when and how AI is being used in order to build trust in AI usage. To oversee this, consider forming a dedicated AI GRC (Governance, Risk, Compliance) team. Roles might include a Chief AI Risk Officer, Data Protection Manager, AI Project Manager, and an AI Governance Committee. Need help building your framework? Look to proven models like NIST AI RMF and ISO 42001. COSO’s recent guide Realize the Full Potential of AI shows how to extend COSO’s ERM framework to AI, and it’s a great place to start. 3. Implement Data Quality Controls AI tools are only as reliable as the data they process. The old adage “garbage in, garbage out” underscores the importance of data quality in AI-driven accounting. To minimize the risk of inaccurate or biased AI outputs, firms should implement data validation, cleansing, and standardization processes. High-quality data improves AI performance and supports more reliable audit conclusions. Protecting sensitive data is also crucial. Firms should limit access to confidential information using role-based access controls (RBAC) and multi-factor authentication (MFA). Audit logs tracking data access provide an added layer of oversight, helping firms monitor and secure critical information. Data lifecycle management is equally important. Retention and deletion policies should be in place to ensure outdated data does not become a liability. While GDPR is an EU regulation, it sets a high standard for data management and serves as a strong benchmark for firms looking to enhance their data governance practices