ISQM: Why audit firms need a robust quality management system
As the question of 'who audits the auditors?' continues to gather interest, it's more important than ever to strengthen and document the approach to delivering high-quality engagements for every client.
Crucially, firms must be able to demonstrate their ability to do so in a consistent manner, across all engagements, service lines and regions. This is especially true for global audits, where the complexity of operating in multiple jurisdictions poses unique challenges.
Here we take a closer look at the International Standard on Quality Management (ISQM 1), and how this global standard is used alongside the QC 1000 framework that applies in the US.
What is the ISQM 1 framework?
The ISQM 1 (International Standard on Quality Management) framework is a globally recognized standard issued by the International Auditing and Assurance Standards Board (IAASB).
It establishes a comprehensive approach for managing audit quality within firms that perform audits or reviews of financial statements, or other assurance and related services engagements.
ISQM focuses on risk-based quality management, requiring firms to proactively identify and respond to potential quality risks in their engagements.
Under ISQM, firms must design and implement a system of quality management that is both robust and tailored to their specific circumstances.
What is QC1000?
The QC1000 standard is a best-practice framework that has been developed to complement the ISQM. It does this by providing additional guidance specifically focused on audit engagement quality.
While ISQM 1 encompasses a broader system of quality management at the firm level, QC1000 homes in on the processes and procedures that directly impact the execution of individual audit engagements.
For audit firms, QC1000 serves as a critical tool for embedding quality into every stage of the audit lifecycle, from planning to completion, by requiring rigorous documentation, regular review, and accountability at all levels of the engagement team.
What is a system of quality management (SoQM), and what does a good one look like?
The ISQM and QC1000 frameworks require firms to evidence their approach to audit quality. This is typically done using a System of Quality Management (SoQM).
An SoQM is a structured framework, designed to ensure that audit firms consistently deliver high-quality work across all engagements. It includes a comprehensive set of policies and procedures to manage the risks associated with the quality of audit activities.
An effective SoQM is risk-based. It identifies, assesses and responds to potential quality risks that could impact the firm's ability to meet professional standards and regulatory requirements.
It also incorporates ongoing monitoring and remediation processes to address any deficiencies promptly.
Ultimately, the goal of a well-designed SoQM is to build confidence among stakeholders by demonstrating the firm's commitment to upholding the integrity and reliability of its audits.
What are the challenges of designing a SoQM?
Designing a SoQM presents several challenges that audit firms must address to ensure its effectiveness.
- Identifying and assessing quality risks in a changing environment. Firms must anticipate both current and emerging risks, which requires robust data analysis and industry expertise.
- Tailoring the system to the firm’s size, structure and complexity, ensuring that the framework is neither overly burdensome nor insufficiently detailed.
- Implementing effective monitoring and remediation processes can be resource-intensive, demanding ongoing training, technology investments and dedicated personnel.
- Firms also face the challenge of maintaining a culture of quality throughout the organization, which involves consistent communication and reinforcement of the system’s importance.
Ultimately, overcoming these challenges is essential for creating a risk-based, scalable and sustainable SoQM framework that meets both professional standards and regulatory expectations.
What steps can audit firms take to support a robust SoQM?
Audit firms need to conceive, design, stress test and deploy a standardized set of methodologies. These must accommodate the complex requirements and multi-level engagement style of large member firms - but they should equally accommodate the sleeker requirements of smaller, less multi-threaded member firms.
That sounds difficult enough, but the job doesn’t stop there. Firms must also consider how to achieve the right level of user experience for each of these firms. This seems obvious, but for global firms, meeting the full spectrum of member firm requirements whilst getting the user experience balance right for everyone isn’t a straightforward task.
This is massively important because, as anyone who has ever attempted to roll out a large-scale project will know, traction is everything and early success is dependent on the critical mass feeling some degree of ownership.
Few, if any, large scale change management programs are 100% friction free, however the more people who feel like the new system was designed with them in mind, the easier the program becomes. The best tools appear intuitive, simple, built for the job and fit the hand of everyone who uses them like a glove.
Is there SoQM software on the market that can solve the ISQM and QC1000 compliance challenges?
Yes. Many large global firms have recognized the difficulty and resource-intensity of building their own SoQM platforms in-house. Ideagen has taken the lead in offering a ready-made solution that can be customized to the methodologies and processes of different firms.
With over 30 years of experience in protecting the world’s most highly regulated and data-sensitive organizations, we have developed a full SaaS, cloud-native SoQM that enables firms to:
- Deploy global, standardized templates for methodologies, frameworks and libraries
- Adapt to specific local firm environments, risks and responses
- Accommodate multiple evaluation cycles
- Manage multiple standards, including all components of ISQM1and QC100
- Support Cycle Module, Annual Assessments, RCA and global reporting
- Establish dynamic relationships between standards, objectives, risks and responses, while maintaining full data integrity and separation
- Provide local and global leadership with tailored reporting and analysis
By leveraging our technology, firms can ensure a consistent and high-quality audit process, no matter where they operate.

Find out how Ideagen can support you
Explore the features and benefits of our market-leading system of quality management and how our expertise can help you roll it out across your firms easily.
Find out moreTags: