Chapter 1.

1:
OVERVIEW OF THE QUALITY MANAGEMENT STANDARDS

1.1 Introduction
Quality management standards set out requirements for the design, implementation, operation and
evaluation of a system of quality management (SOQM). The primary objective is to promote quality
throughout the firm and support engagement teams in performing quality audit, review, other assurance and
related services engagements.

The changes to the quality standards are a result of the post-implementation review of the quality control
standards (first issued in 2009), practice inspection findings and other feedback received. As a result,
significant changes have been made to improve the quality of work performed by practitioners. The new and
revised standards were adopted into the CPA Canada Handbook — Assurance in May 2021 and will be
effective in either December 2022 or December 2023 depending on the types of services performed.

TIMELINE AND SEQUENCE OF EVENTS

 Chapter 1.1: Overview of the Quality Management Standards 2

The new or revised Canadian Standards on Quality Management are as follows:

1. Canadian Standard on Quality Management (CSQM) 1

This new standard replaces the Canadian Standard on Quality Control (CSQC) 1. It requires the firm to
design, implement and operate an SOQM to manage the quality of engagements performed by the firm.
2. Canadian Standard on Engagement Quality Reviews (CSQM) 2
This new standard includes guidance that was previously included in CSQC 1. It builds on CSQM 1 and
reflects the value and importance placed on the role of the engagement quality review (EQR).

3. Canadian Auditing Standard (CAS) 220

This standard has been revised to clarify and strengthen the key elements of quality management at the
engagement level and the role and responsibilities of the engagement partner. This standard only
applies to those who perform audits of financial statements.

4. Conforming Amendments to Other Canadian Standards

Conforming amendments to clarify and strengthen the key elements of quality management at the
engagement level and to align the requirements with CSQM 1 relating to the following standards:
a. Canadian Standard on Assurance Engagements (CSAE) 3000, Attestation Engagements Other
than Audits or Reviews of Historical Financial Information
b. CSAE 3001, Direct Engagements
c. CSAE 3410, Assurance Engagements on Greenhouse Gas Statements
d. Canadian Standard on Review Engagements (CSRE) 2400, Engagements to Review Historical
Financial Statements
e. Canadian Standard on Association (CSOA) 5000, Use of the Practitioner’s Communication or
Name
f. Section 5925, An Audit of Internal Control over Financial Reporting that Is Integrated with an Audit
of Financial Statements
g. Section 7060, Auditor Review of Interim Financial Statements
h. CSAE 3416, Reporting on Controls at a Service Organization Relevant to User Entities’ Internal
Control over Financial Reporting
i. CSAE 3530, Attestation Engagements to Report on Compliance
j. CSAE 3531, Direct Engagements to Report on Compliance
k. Canadian Standard on Related Services (CSRS) 4460, Reports on Supplementary Matters Arising
from an Audit or a Review Engagement
l. Section 7200, Auditor Assistance to Underwriters and Others
m. Section 7600, Reports on the Application of Accounting Principles
n. Assurance and Related Services Guideline (AuG) 6, Examination of a Financial Forecast or
Projection Included in a Prospectus or Other Public Offering Document
o. AuG-50, Conducting a Performance Audit in the Public Sector in Accordance with CSAE 3001
 Chapter 1.1: Overview of the Quality Management Standards 3

p. Section 7150, Auditor’s Consent to the Use of a Report of the Auditor Included in an Offering
Document
q. Section 7170, Auditor’s Consent to the Use of the Auditor’s Report in Connection with a Designated
Document
r. CSRS 4200, Compilation Engagements
s. CSRS 4400, Agreed-upon Procedures Engagements

This guide focuses on the implications of CSQM 1 and 2 at the firm level, including the design,
implementation, operation and evaluation of an SOQM.

1.2 Scope of the Standard

One of the most significant changes is the scope of services covered by CSQM 1. Canadian Standards on
Quality Control (CSQC) applied to all assurance services, including audits and reviews of financial
statements but did not extend to related services engagements performed under the CPA Canada
Handbook — Assurance (Exhibit 1.2-1). The new standards on quality management have been extended to
cover such engagements so firms that do not provide assurance services are going to have to design,
implement, operate and evaluate an SOQM.

Related service engagements do not include other services a practitioner may offer outside of the CPA
Canada Handbook — Assurance, such as tax and consulting; however, CSQM 1 promotes integrating
quality into all aspects of the firm.

EXHIBIT 1.2-1

Examples of Related Services Engagements:

1. CSRS 4200, Compilation Engagements

2. CSRS 4400, Agreed-upon Procedures Engagements

3. CSRS 4460, Reports on Supplementary Matters Arising from an Audit or a Review Engagement

* CSRS = Canadian Standard on Related Services

 Chapter 1.1: Overview of the Quality Management Standards 4

1.3 Effective Date

Firms will be required to design and implement an SOQM that complies with the new and revised standards
by the effective date depending on the type of engagement performed. Then, within one year of this date, an
evaluation of their revised SOQM will need to be performed.

The effective dates of the new and revised quality management suite of standards, depending on the type of
engagement performed, are outlined in the following exhibit.

EXHIBIT 1.3-1

Type of Engagement Performed Design and Implementation of Evaluation of SOQM

SOQM

Audits, reviews and other assurance December 15, 2022 On or before December 15,
engagements 2023

Related services December 15, 2023 On or before December 15,

2024

1.4 System of Quality Management

The objective of the SOQM is to provide the firm reasonable assurance that:

1. The firm and its personnel fulfill their responsibilities in accordance with professional standards and
legal and regulatory requirements, and conduct engagements in accordance with such standards and
requirements.
2. Engagement reports issued by the firm are appropriate in their circumstances.

CSQM 1 requires firms to apply a risk-based approach in designing, implementing and operating the SOQM
so that the firm can proactively manage quality on its engagements. The interrelated components of the
SOQM are illustrated in the following exhibit.
 Chapter 1.1: Overview of the Quality Management Standards 5

EXHIBIT 1.4-1

The two main processes that need to be addressed in the SOQM are the firm's:

1. Risk assessment process.

2. Monitoring and remediation process.

These processes are applied to the remaining components of a SOQM, which include:

1. Governance and leadership.

2. Relevant ethical requirements.

3. Acceptance and continuance.

4. Engagement performance.

5. Resources.

6. Information and communication.

An evaluation of the entire SOQM is required at least annually. This new approach will require firms to
transition from using an extensive list of policies or procedures (addressing stand-alone quality elements) to
an integrated approach that reflects the quality system as a whole.
 Chapter 1.1: Overview of the Quality Management Standards 6

1.5 The Firm's Risk Assessment Process

The development of a firm's risk assessment process can be summarized in three key phases as outlined in
the following exhibit.

EXHIBIT 1.5-1

1. Establish Quality Objectives

The following exhibit outlines the quality objectives included in CSQM 1 for each of the six quality
components.

EXHIBIT 1.5-2

Quality Component Quality Objectives

1. Governance and leadership • The firm demonstrates a commitment to quality through a culture that
recognizes and reinforces:
(CSQM 1.28)
– The firm’s role in serving the public interest by consistently
performing quality engagements.
– The importance of professional ethics, values and attitudes.
 Chapter 1.1: Overview of the Quality Management Standards 7

Quality Component Quality Objectives

– The responsibility of all individuals for quality, relating to the

performance of engagements or activities within the SOQM and
their expected behaviour.
– The importance of quality in the firm's strategic decisions and
actions, including the firm's financial and operational priorities.
• Leadership is responsible and accountable for quality.
• Leadership demonstrates a commitment to quality through actions
and behaviours.
• The organizational structure and assignment of roles, responsibilities
and authority is appropriate to enable the design, implementation
and operation of the SOQM.
• Resource needs, including financial resources, are planned for and
resources are obtained, allocated or assigned in a manner that is
consistent with the firm's commitment to quality.

2. Relevant ethical requirements • The firm and its personnel:

– Understand the relevant ethical requirements to which the firm
(CSQM 1.29)
and the firm's engagements are subject.
– Fulfill their responsibilities in relation to the relevant ethical
requirements to which the firm and the firm's engagements are
subject.
• Others, including the network, network firms, or service providers,
who are subject to the relevant ethical requirements to which the firm
and the firm's engagements are subject:
– Understand the relevant ethical requirements that apply to them.
– Fulfill their responsibilities in relation to the relevant ethical
requirements that apply to them.

3. Acceptance and continuance of • Judgments by the firm about whether to accept or continue a client
client relationships and specific relationship or specific engagement are appropriate based on the
engagements following:
– Information obtained about the nature and circumstances of the
(CSQM 1.30)
engagement and the integrity and ethical values of the client
(including management and, when appropriate, those charged
with governance) that is sufficient to support such judgments.
– The firm's ability to perform the engagement in accordance with
professional standards and applicable legal and regulatory
requirements.
• The financial and operational priorities of the firm do not lead to
inappropriate judgments about whether to accept or continue a client
relationship or specific engagement.
 Chapter 1.1: Overview of the Quality Management Standards 8

Quality Component Quality Objectives

4. Engagement performance • Engagement teams understand and fulfill their responsibilities in

connection with the engagement, including as applicable, the overall
(CSQM 1.31) responsibility of engagement partners for managing and achieving
quality on the engagement and being sufficiently involved throughout
the engagement.
• The nature, timing and extent of direction and supervision of
engagement teams and review of the work performed is appropriate,
and the work performed by less experienced engagement team
members is directed, supervised and reviewed by more experienced
engagement team members.
• Engagement teams exercise appropriate professional judgment, and
when applicable to the type of engagement, professional skepticism.
• Consultation on difficult or contentious matters is undertaken and
conclusions agreed are implemented.
• Difference of opinion within the engagement team, or between the
engagement team and the EQR or individuals performing activities
within the firm's SOQM, are brought to the attention of the firm and
resolved.
• Engagement documentation is assembled on a timely basis after the
date of the engagement report and is appropriately maintained and
retained to meet the needs of the firm and comply with law,
regulation, relevant ethical requirements or other professional
standards.

5. Resources Human Resources

(CSQM 1.32) • Personnel are hired, developed and retained, and have the
competence and capabilities to:
– Consistently perform quality engagements, including having
knowledge or experience relevant to the engagements the firms
perform.
– Perform activities or carry out responsibilities in relation to the
operation of the SOQM.
• Personnel demonstrate a commitment to quality through their actions
and behaviours, develop and maintain the appropriate competence
to perform their roles, and are held accountable or recognized
through timely evaluations, compensation, promotion and other
incentives.
• Individuals are obtained from external sources (e.g., the network,
another network firm or a service provider) when the firm does not
have sufficient or appropriate personnel to enable the operation of
the firm's SOQM or performance of engagements.
 Chapter 1.1: Overview of the Quality Management Standards 9

Quality Component Quality Objectives

• Engagement team members are assigned to each engagement,

including an engagement partner, who has appropriate competence
and capabilities (including being given sufficient time) to consistently
perform quality engagements.
• Individuals are assigned to perform activities within the SOQM who
have appropriate competence and capabilities (including sufficient
time) to perform such activities.
Technological Resources
• Appropriate technological resources are obtained or developed,
implemented, maintained and used to enable the operation of the
firm's SOQM and the performance of engagements.
Intellectual Resources
• Appropriate intellectual resources are obtained or developed,
implemented and maintained, and used to enable the operation of
the firm's SOQM and the consistent performance of quality
engagements, and such intellectual resources are consistent with
professional standards and applicable legal and regulatory
requirements, where applicable.
Service Providers
• Human, technological or intellectual resources from service providers
are appropriate for use in the firm's SOQM and in performing
engagements, taking into account the quality objectives.

(CSQM 1, Para. .32)

6. Information and communication • The information system identifies, captures, processes and
maintains relevant and reliable information that supports the SOQM,
(CSQM 1.33) whether from internal or external sources.
• The culture of the firm recognizes and reinforces the responsibility of
personnel to exchange information with the firm and with one
another.
• Relevant and reliable information is exchanged throughout the firm
and with engagement teams:
– Information is communicated to personnel and engagement
teams, and the nature, timing and extent of the information is
sufficient to enable them to understand and carry out their
responsibilities relating to performing activities within the SOQM
or engagements.
– Personnel and engagement teams communicate information to
the firm when performing activities within the SOQM or
engagements.
 Chapter 1.1: Overview of the Quality Management Standards 10

Quality Component Quality Objectives

• Relevant and reliable information is communicated to external

parties:
– Information is communicated by the firm to or within the firm's
network or to service providers, if any, enabling the network or
service providers to fulfill their responsibilities relating to the
network requirements or network services or resources provided
by them.
– Information is communicated externally when required by law,
regulation or professional standards, or to support external
parties' understanding of the SOQM.

While firms are required to establish quality objectives specified for these components, there may be
circumstances when a quality objective (or part of the objective) is not relevant to the firm. This may happen
because of the nature and circumstances of the firm or its engagements. For example, a sole proprietor may
not have staff. In this case, those objectives under resources relating to personnel would not be relevant
and, therefore, not included in the firm’s SOQM.

In addition to the quality objectives outlined in the standard, additional objectives may be necessary for a
firm to achieve the overall objectives of the firm's SOQM.

2. Identify and Assess Risks Involved in Meeting Quality Objectives

After the quality objectives have been established, the firm then identifies risks and the degree to which
those risks would prevent the firm from achieving those objectives. The risks are not provided by the
standard (unlike the quality objectives), so firms must identify and assess their own quality risks, making the
SOQM customized and scaled to the specifics of the firm.

Risks arise from how, and the degree to which, a condition, event, circumstance, action or inaction may
adversely affect the achievement of a quality objective. Not all risks would be considered a quality risk. The
decision as to whether it is a quality risk requires consideration of:

1. Whether there is a reasonable possibility of the risk occurring.

2. Whether the risk would adversely affect the achievement of one or more objectives (either individually or
in combination with other risks).

The conditions, events, circumstances, actions or inactions in the following exhibit will need to be
considered.
 Chapter 1.1: Overview of the Quality Management Standards 11

EXHIBIT 1.5-3

Areas to Understand Consideration

Nature and circumstances of the • Complexity and operation characteristics of the firm.
firm • Strategic and operational decisions and actions, business
(CSQM 1.25) processes and business model of the firm.
• The characteristics and management style of leadership.
• The resources of the firm, including the resources provided by
service providers.
• Law, regulation, professional standards and the environment in
which the firm operates.
• In the case of a firm that belongs to a network, the nature and
extent of the network requirements and network services, if any.

Nature and circumstances of • The type of engagement performed by the firm and the reports to
engagements be issued.

(CSQM 1.25) • The types of entities for which such engagements are undertaken.

3. Design and Implement Responses to Quality Risks

Based on the quality risks identified and assessed, appropriate responses to the risks can be designed and
implemented.

In developing the responses to quality risks, the responses should be designed in a manner that is based
on, and responsive to, the reasons for the assessment given to the quality risks.

Regardless of the identified and assessed risks, the firm is also required to establish policies or procedures
(where applicable) as outlined in the following exhibit.

EXHIBIT 1.5-4

Topic Policies or Procedures to Be Established to:

Relevant ethical requirements • Identify, evaluate and address threats to compliance with the
relevant ethical requirements.
(CSQM 1.34(a))
• Identify, communicate, evaluate and report any breaches of the
relevant ethical requirements, and appropriately respond to the
causes and consequences of the breaches in a timely manner.
 Chapter 1.1: Overview of the Quality Management Standards 12

Topic Policies or Procedures to Be Established to:

Compliance with independence Obtain, at least annually, a documented confirmation of compliance with
independence requirements from all personnel required by relevant
(CSQM 1.34(b))
ethical requirements to be independent.

Commitment to quality Receive, investigate and resolve complaints and allegations about
failures to perform work in accordance with professional standards and
(CSQM 1.34(c))
applicable legal and regulatory requirements, or non-compliance with
the firm's policies or procedures.

Client acceptance/continuance Address the following circumstances:

(CSQM 1.34(d)) • The firm becomes aware of information subsequent to accepting or

continuing a client relationship or specific engagement that would
have caused it to decline the client relationship or specific
engagement had that information been known prior to accepting or
continuing the client relationship or specific engagement.
• The firm is obligated by law or regulation to accept a client
relationship or specific engagement.

Communications with external • Require communication with TCWG when performing an audit of
parties financial statements of listed entities about how the SOQM supports
the consistent performance of quality audit engagements.
(CSQM 1.34(e))
• Address when it is otherwise appropriate to communicate with
external parties about the firm's SOQM.
• Address the information to be provided when communicating
externally Points 1. and 2. above, including the nature, timing,
extent and appropriate form of the communication.

Engagement quality reviews (EQR) • Determine when an EQR, in accordance with CSQM 2, is required.
(when applicable) • Require an EQR for:
(CSQM 1.34(f)) – Audits of financial statements of listed entities.
– Audits or other engagements for which an EQR is required by
law or regulation.
– Audits or other engagements for which the firm determines that
an EQR is an appropriate response to address one or more
quality risks.
 Chapter 1.1: Overview of the Quality Management Standards 13

1.6 The Monitoring and Remediation Process

The purpose of the monitoring and remediation process is to:

1. Provide relevant, reliable and timely information about the design, implementation and operation of the
SOQM.

2. Take appropriate actions to respond to identified deficiencies so that they can be remediated on a timely
basis.

In addition to enabling the firm's evaluation of the SOQM, the monitoring and remediation process facilitates
the proactive and continual improvement of engagement quality and the SOQM.

In designing and performing monitoring activities, the points in the following exhibit will need to be taken into
account. (CSQM 1.37)

EXHIBIT 1.6-1

The reasons for the assessments given to the quality risks

The design of the responses.

The design of the firm's risk assessment process, and monitoring and remediation process.

Changes in the system of quality management.

The results of previous monitoring activities, including whether:

• Previous monitoring activities continue to be relevant in evaluating the firm's SOQM.

• Remedial actions to address previously identified deficiencies were effective.

Other relevant information, including:

• Complaints / allegations about actions / behaviours that do not demonstrate a commitment to quality.

• Information from external inspections.

• Information from service providers.

The following Exhibit outlines the required monitoring and remediation activities to be completed.
 Chapter 1.1: Overview of the Quality Management Standards 14

EXHIBIT 1.6-2

Required Activity Description

Completed file inspections In determining which engagements and engagement partners to select,
the firm must:
(CSQM 1.38)
• Consider the matters in Exhibit 1.6-1.
• Consider the nature, timing and extent of other monitoring activities
undertaken, and the engagements and engagement partners
subject to such monitoring activities.
• Select at least one completed file per partner for inspection on a
cyclical basis as determined by the firm.

Selection of monitor For the selection of the individuals performing the monitoring, the firm
must design and implement policies or procedures addressing the:
(CSQM 1.39)
• Competence and capabilities (including sufficient time) to perform
the monitoring activities effectively.
• Objectivity of the individuals performing the monitoring activities.
• Prohibition of the engagement team members or the engagement
quality reviewer of an engagement to perform any inspection on
that engagement.

Evaluation of findings and The firm must:

identification of deficiencies • Evaluate findings (including results of external inspections) to
(CSQM 1.40) determine whether deficiencies exist, including in the monitoring
and remediation process.

Evaluation of identified deficiencies The firm must:

(CSQM 1.41) • Evaluate the severity and pervasiveness of the deficiencies

identified by:
— Investigating the root cause(s).
— Evaluating the effect (both individually and in aggregate) on the
SOQM.

Respond to identified deficiencies • The firm must design and implement remedial actions to address
identified deficiencies that are responsive to the results of the root
(CSQM 1.42–45)
cause analysis.

• The individual who was assigned operational responsibility must

evaluate whether remedial actions:
 Chapter 1.1: Overview of the Quality Management Standards 15

Required Activity Description

 Are appropriately designed to address the identified

deficiencies and their related root cause(s) and have been
implemented.

 Were implemented to address previously identified deficiencies

are effective.

• If remedial actions are not appropriately designed and

implemented, or are ineffective, appropriate action must be taken to
modify the remedial actions, as necessary, to be effective.

• Respond to circumstances when there is an indication that required

procedures were omitted during the engagement or an
inappropriate report issued, including:

 Taking appropriate action to comply with relevant professional

standards, and applicable legal and regulatory requirements.

 When the report is considered to be inappropriate, considering

the implications and taking appropriate action, including
considering whether to obtain legal advice.

Ongoing communication related to • The individual who was assigned operational responsibility must
monitoring and remediation communicate on a timely basis to the appropriate individual the
following:
(CSQM 1.46-47)
 A description of the monitoring activities performed.

 The identified deficiencies, including the severity and

pervasiveness of such deficiencies.

 The remedial actions to address the identified deficiencies.

• The firm must communicate to the engagement teams and other
individuals to enable them to take prompt and appropriate action in
accordance with their responsibilities.

If you belong to a network, there are additional requirements included in CSQM 1, paragraphs .48–52 that
will be relevant.
 Chapter 1.1: Overview of the Quality Management Standards 16

1.7 Evaluating the System of Quality Management

Ultimate responsibility and accountability for the SOQM is assigned to an appropriate individual within (or
outside) the firm. At least annually, this individual is responsible for undertaking, at a point in time, on behalf
of the firm, an evaluation of the SOQM. Based on this evaluation, one of the conclusions included in Exhibit
1.7-1 will be made.

EXHIBIT 1.7-1

Conclusion Description

Reasonable assurance The SOQM provides the firm with reasonable assurance that the
objectives of the SOQM have been achieved.

Reasonable assurance, except for The SOQM provides the firm with reasonable assurance the objectives
matters of the SOQM have been met, except for matters related to deficiencies
that have a severe but not pervasive effect on the design,
implementation and operation of the SOQM.

No reasonable assurance The SOQM does not provide the firm with reasonable assurance that
the objectives of the SOQM are being achieved.

If the evaluation indicates that the SOQM does not provide the firm with reasonable assurance that the
objectives of the SOQM are being achieved, the firm is required to:

1. Take prompt and appropriate action.

2. Communicate to:

a. Engagement teams and other individuals (to the extent that it is relevant to their responsibilities).

b. External parties in accordance with the firm's policies or procedures. (CSQM 1.55)

In addition, and on a periodic basis, performance evaluations of the person(s) assigned overall responsibility
for the SOQM and those assigned operational responsibility for the SOQM are required. (CSQM 1.56)
 Chapter 1.1: Overview of the Quality Management Standards 17

1.8 Documentation
Documentation provides evidence that the firm complies with the requirements. It also provides:

1. The background knowledge of the firm and a history of decisions made about its SOQM.

2. The reasons given for risk assessments that can help support the consistent implementation and
operation of the risk responses.

3. Information for training personnel and engagement teams.

The documentation must be sufficient to achieve the following three principles:

1. Support a consistent understanding of the SOQM by personnel, including an understanding of their

roles and responsibilities with respect to the SOQM and the performance of engagements.

2. Support the consistent implementation and operation of the responses.

3. Provide evidence of the design, implementation and operation of the responses, to support the
evaluation of the SOQM by the individual(s) assigned ultimate responsibility and accountability for the
SOQM. (CSQM 1.57)

Documentation may take the form of:

1. Formal written manuals, checklists and forms.

2. IT applications or other digital forms.

The minimum documentation requirements (including as they relate to networks) comprise the following:

1. The individual assigned ultimate responsibility and accountability for the SOQM and operational
responsibility for the SOQM.

2. The firm's quality objectives and quality risks.

3. A description of the risk responses and how the firm's responses address the quality objectives.

4. Details of the firm's monitoring and remediation process, including:

a. Evidence of the monitoring activities performed and qualifications of the reviewers.
b. The evaluation of findings and identified deficiencies, and their related root cause(s).
c. Remedial actions to address identified deficiencies, and the evaluation of the design and
implementation of such remedial actions.
d. Communications to firm personnel about the monitoring and remediation activities.

The basis for the conclusion reached of the overall evaluation of the SOQM. (CSQM 1.58)
 Chapter 1.1: Overview of the Quality Management Standards 18

1.9 Retention
The firm is required to establish a period of time (e.g., seven years) for the retention of documentation for
the SOQM that is sufficient to enable the firm to monitor the design, implementation and operation of the
firm's SOQM. This is a matter of professional judgment and may have to be longer than expected, if
required by law or regulation. (CSQM 1.59)

1.10 Engagement Quality Review (EQR)

The objective of the firm, through appointing an eligible EQ reviewer, is to perform an objective evaluation of
the significant judgments made by the engagement team and the conclusions reached. (CSQM 2.12)

CSQM 2 specifically deals with requirements for EQR and addresses:

1. The appointment and eligibility of the engagement quality reviewer.

2. The engagement quality reviewer’s responsibilities relating to the performance and documentation of an
EQR.

CSQM 2 applies to all engagements where, in accordance with the firm’s quality management policies or
procedures, an EQR is required.

A separate standard for an EQR provides a number of benefits, including:

1. Placing emphasis on the importance of the EQR.

2. Enhancing the robustness of the requirements for the eligibility of engagement quality reviewers and the
performance and documentation of the review.

3. Providing a mechanism to differentiate the responsibilities of the firm more clearly and the engagement
quality reviewer.

4. Increasing the scalability of CSQM 1 because there may be cases when a firm may determine that
there are no audits or other engagements for which an EQR is an appropriate response to address one
or more quality risk(s).

To be eligible to be an EQ reviewer, the individual must not be a member of the engagement team and is
required to:

1. Have the competence and capabilities, including sufficient time, and the appropriate authority to perform
the EQR.

2. Comply with relevant ethical requirements.

3. Comply with relevant provisions of law and regulation, if any.

 Chapter 1.1: Overview of the Quality Management Standards 19

Policies or procedures are required to be designed and implemented for:

1. The criteria for engagements that require an EQR. (CSQM 1)

2. The assignment of the responsibility for the appointment of the EQ reviewer. (CSQM 2.17)

3. The appointment of the individual to perform the EQR. (CSQM 2.18)

4. Circumstances when the EQ reviewer’s eligibility to perform the EQR becomes impaired. (CSQM 2.19,
.22–23)
5. Eligibility for individuals who assist the EQ reviewer. (CSQM 2.20)

6. The requirement of the EQ reviewer to take overall responsibility for the performance of the EQR
including the work of assistants. (CSQM 2.21)

7. Performing the EQR. (CSQM 2.24)

8. Forming the EQR conclusion and when the engagement report can be dated. (CSQM 2.26–27)

9. Documenting the EQR (CSQM 2.28–29)

An EQR is an objective evaluation of the significant judgments made by the engagement team and the
conclusions reached. It is not intended to be an evaluation of whether the entire engagement complies with
professional standards and applicable legal and regulatory requirements or with the firm’s quality
management policies and procedures.

In performing the EQR, the EQ reviewer is required to perform the following procedures (CSQM 2.25):

1. Read and obtain an understanding of the information communicated by:

a. The engagement team regarding the nature and circumstances of the engagement and the entity.
b. The firm related to the firm’s monitoring and remediation process, in particular identified deficiencies
that may relate to, or affect, the areas involving significant judgments made by the engagement
team.

2. Discuss significant judgments and significant matters.

3. Review selected documentation relating to significant judgments.

4. For audit engagements:

a. Evaluate the basis for the engagement partner’s determination that relevant ethical requirements
have been fulfilled.
b. Evaluate the basis for the engagement partner’s determination that the engagement partner’s
involvement has been sufficient and appropriate.

5. Evaluate whether appropriate consultations have taken place.

6. Review:
a. For audits, the financial statements and audit report, and if applicable the description of the key
audit matters.
 Chapter 1.1: Overview of the Quality Management Standards 20

b. For reviews, the financial statements and the review engagement report.
c. For other assurance and related services engagements, the engagement report and when
applicable, the subject matter information.

The documentation of the EQR is required to be sufficient to enable an experienced practitioner, having no
previous connection with the engagement, to understand the nature, timing and extent of the procedures
performed by the EQ reviewer and the conclusions reached in performing the review. (CSQM 2.30)

1.11 Organization of this Guide

This guide has been developed to assist firms with designing, implementing and evaluating the quality
management standards (CSQM 1 and 2).

This guide includes application guidance and practice aids, including core forms, worksheets, checklists,
letters and libraries organized into the following sections:

1. Roles and Responsibilities.

2. Risk Assessment Process.

3. Quality Management Responses.

4. Monitoring and Remediation Responses.

5. Evaluating the SOQM.

6. Documentation.

Although the guide is presented in a linear manner, it should be noted that the process of developing,
implementing and maintaining a SOQM is iterative. Particularly in the first year of the SOQM, deficiencies
will be likely as additional quality risks are identified It is important that any identified deficiencies be
remediated on a timely basis.

Firms are encouraged to adopt a continual quality improvement mindset that recognizes that changes in
circumstances will likely have an impact on the SOQM. Depending on the circumstances of the firm and its
engagements, annual updates and monitoring to the SOQM may not be sufficient and therefore may be
required on a more frequent basis.

The following exhibit illustrates an overview of the entire process and the flow of information within the core
forms.
 Chapter 1.1: Overview of the Quality Management Standards 21

EXHIBIT 1.11-1

SYSTEM OF QUALITY MANAGEMENT

Form 3.10

Establish Roles and Responsibilities

Risk Assessment Process Monitoring and Remediation Process

Form 4.30
Form 6.20
Establish quality
objectives Design and perform the
monitoring activities

Form 4.30 Form 4.30

Form 6.30
Understand the Identify risks (i.e., what
Evaluate findings and
nature and can go wrong)
identify deficiencies
circumstances of the
firm and its
Form 4.30
engagements Form 6.35

Assess quality risks Evaluate and remediate

deficiencies
• Identify root cause
Form 5.10 • Evaluate effect on
Design and implement the SOQM
quality management
policies or procedures

Form 7.10

Evaluate the System of Quality Management