Every firm with an audit and assurance practice required to comply with the Statement on Quality Control Standard No. 8 (SQCS No. 8) must have a written Quality Control Document. AICPA peer review guidance requires peer reviewers to review the Quality Control Document prior to beginning a firm’s peer review. Peer Review findings indicate firms are using third-party quality control document templates rather than tailoring templates or designing their own system of quality control document.
Firms should develop relevant System of Quality Control Documentation
Change is inevitable and occurring at a faster pace. Today’s changes bring higher risks to the practitioner. Consider the increased risks of adopting the new complex revenue recognition and leasing standards. There is the potential for error in application, error in disclosure or lack of disclosure and in certain situations, the risk of independence impairment when assisting the client to adopt the literature. Cybersecurity is a multifaceted risk, encompassing aspects of not only information technology but also human resources and even marketing policies. Risks identified and yet to be identified result from firms positioning themselves in anticipation of disruption, and staying on the recruiting and retention forefront by proactively seeking to be more diversified and inclusive. How about GDPR, AI and benchmarking software? Measuring and responding to data confidentiality risks is a staggering process. As accounting literature, technology and people become more complex, the practitioner needs to design and monitor a dynamic framework to identify, respond to, and minimize risks specific to their practice.
The level of documentation necessary to comply with SQCS No. 8 depends on the size and characteristics of a firm. While larger firms may need to enhance or build flexibility into their quality control system documentation and monitoring activities, smaller firms may need to scale back to avoid creating documentation that is not applicable to their practice.
Elements of a System of Quality Control
SQCS No. 8 identifies the elements of an accounting and assurance practice system of quality control. The six elements are as follows.
- Leadership responsibilities for quality within the firm (the tone at the top)
- Relevant ethical requirements
- Acceptance and continuance of client relationships and specific engagements
- Human resources
- Engagement performance
Rather than tailoring a template to meet a peer review requirement, firm leadership should objectively risk assess their accounting and assurance practice and categorize the risks within the elements of quality control. The Quality Control Document should provide firm policies and documentation guidelines to respond to the identified risks. In addition, SQCS No. 8 includes requirements within each element that, if applicable, are required to be addressed within the quality control document.
The monitoring plan is key to minimizing practice risks. It should be documented, by element. Including monitoring responsibilities, procedures, and frequency. Results of monitoring should result in action plans addressing matters that have been identified. Monitoring is a continuous process that changes with the practice.
A relevant Quality Control Document with a documented continuous monitoring process can assist Partners and all firm employees to work to a common goal and proactively identify and respond to potential risk. The resulting effect will be a firm that is positioned for change while maintaining high quality and conforming to the standards.
Contact me for assistance in developing Quality Control System Documentation for your firm.