ISQM 1 Audit Risk Assessment

The foundation of ISQM 1, and a key change from extant ISQC 1, is that the firm needs to follow a risk-based approach to quality management, which focuses the firm on :

The firm’s risk assessment process is new to ISQM 1.

• The risks that may arise, given the nature and circumstances of the firm and the engagements it performs; and

• Implementing responses to appropriately address those risks.

A risk-based approach helps the firm tailor the SOQM to the firm’s circumstances, as well as the circumstances of the engagements performed by the firm. It also helps the firm effectively manage quality through concentrating on what matters most given the nature and circumstances of the firm and the engagements it performs.

ISQM 1 requires the firm to have a risk assessment process, the purpose of which is to establish quality objectives, identify and assess quality risks and design and implement responses to address the quality risks.

3 main steps

In designing the quality management system, there are three main steps :

(i) Establish quality objectives to achieve the objective of the system of quality management;

(ii) Identify and assess quality risks to provide a basis for the design and implementation of responses;

(iii) Design and implement responses to achieve those quality objectives.

Quality objectives

The quality objectives are outcome-based to manage quality through the identification of risks. These objectives are established to address possible quality risks that may result in non-quality engagements. For example, insufficient work performed for planning may result in inappropriate identification of audit risks and other significant audit issues.

ISQM 1 specifies quality objectives that firms need to establish, and these objectives are mandatory to be adopted by firms, where applicable. For example, the quality objective of assigning roles and responsibilities for the system of quality management within the firm may not be relevant for a sole practitioner.

In addition to those prescribed by ISQM 1, firms will also need to consider if additional quality objectives are required to be established based on the firms’ risk assessment processes, where applicable.

Quality Risk

One of the new requirements of ISQM 1 is the identification of quality risks with respect to the nature and circumstances of the firms and their engagements. For example, the complexity and operating characteristics of the firm, management style of leadership, client portfolio and complexity of the engagements performed by the firm will impact the risk assessment process and result in different quality management systems for individual firms.

There are no prescribed quality risks in the standards. Firms are required to obtain an understanding of the conditions, events, circumstances, actions or inactions that may adversely affect the achievement of the quality objectives with respect to the nature and circumstances of the firms and their engagements prescribed in paragraph 25(a) of ISQM 1, with the caveat that the list is non-exhaustive.

Firms are expected to identify their own quality risks, assess if a risk has a reasonable possibility of occurring, and how the risk may adversely affect the achievement of one or more quality objectives when it occurs, either individually or in combination with other risks.

Responses

Once the quality objectives and their quality risks have been established (other than some responses specified in the standard that firms are required to design and implement), firms are expected to develop their own responses to address the identified quality risks.

It is also important to take note of the interconnectivity of different components, such as, ethics-related requirements are being dealt with in the information and communication component, as well as the relevant ethical requirements component.

The responses to common quality risks identified by different firms may differ as each firm is faced with varying conditions, events, circumstances, actions or inactions.

Hence, firms will need to customise the design, implementation and operation of their quality management systems to ensure that they are responsive to changes in the nature and circumstances of the firms and their engagements.

The next few sections will illustrate the key principles of the remaining components with an example of quality risk and the proposed corresponding response.

Visit Us

• Wisma KTP, 53 Jalan Molek 1/8, Taman Molek, 81100 Johor Bahru

• Wisma THK, 41, Jalan Molek 1/8, Taman Molek, 81100 Johor Bahru

KTP (Audit, Tax, Advisory)

An approved audit firm and licensed tax firm operating under the KTP group based in Johor Bahru providing audit, tax planning, advisory and compliance services to clients

• Website www.ktp.com.my

• Instagram https://bit.ly/3jZuZuI

• Linkedin https://bit.ly/3sapf4l

• Telegram http://bit.ly/3ptmlpn

THK (Secretarial, Account, Payroll, Advisory)

A licensed secretarial firm in Johor Bahru providing fast reliable incorporation, secretarial services, corporate compliance services, outsource booking, accounting and payroll services to clients

• Website www.thks.com.my

• Facebook https://bit.ly/3nQ98rs

KTP Lifestyle

An internal community for our colleagues on work and leisure.

• Tiktok http://bit.ly/3u9LR6Q

• Youtube http://bit.ly/3ppmjyE

• Facebook http://bit.ly/3ateoMz

• Instagram https://bit.ly/3jZpKLo

KTP Career

An external job community on vacancy in Johor Bahru for interns, graduates & experienced candidates.

• Instagram https://bit.ly/3u2PxHg

• Facebook http://bit.ly/3rPxz9o

#Ktp #Thks