Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
Standards / SQM / SQM 01
Standard · SQM

SQM 1 Quality Management

158
Paragraphs
30,212
Words
Past Q citations
Practice on this → Open ICAI PDF

Standard on Quality Management (SQM) 1
Quality Management for Firms that Perform Audits or Reviews of
Financial Statements, or Other Assurance
or Related Services Engagements

CONTENTS
Paragraph(s)
Introduction
Scope of this SQM…...……………………………………………………………………… ............................ 1–5
The Firm's System of Quality Management………………………………………………... ........................ 6–11
Authority of this SQM………………………………………………………………………… ............................. 12
Effective Date ………………………………………………………………………………... ............................ 13
Objective ………………………………………………………………………………………...................... 14–15
Definitions ………………………………………………………………………………….... ............................ 16
Requirements
Applying, and Complying with, Relevant Requirements……………………………...…......................... 17–18
System of Quality Management……………………………………………………………......................... 19–22
The Firm's Risk Assessment Process…………………….………………………………... ...................... 23–27
Governance and Leadership……………………………….………………………………... ............................ 28
Relevant Ethical Requirements...………………………….………………………………... ............................ 29
Acceptance and Continuance of Client Relationships and Specific Engagements.…... ............................ 30
Engagement Performance …………………………………………………………………............................... 31
Resources………………...………………………………………..………………………….. ............................ 32
Information and Communication.………………………………..………………………….. ............................ 33
Specified Responses…….………………………………………..………………………….............................. 34
Monitoring and Remediation Process….……………… ............................………..………………………35–47
Network Requirements or Network Services….……………..……………………………........................ 48–52
Evaluating the System of Quality Management………………..………………………….. ...................... 53–56
Documentation ……………………………………………………………………………….. ...................... 57–60

Application and Other Explanatory Material
Scope of this SQM.…………………………………………………………………………... ...................... A1–A2
The Firm's System of Quality Management………………………………………………... ..................... A3–A5
Authority of this SQM………………………………………………………………………… ...................... A6–A9
Definitions …………………………………………………………………………………….................... A10–A28
Applying, and Complying with, Relevant Requirements……………………………...…............................. A29
System of Quality Management…………………………………………………………….................... A30–A38
The Firm's Risk Assessment Process…………………….………………………………... ................. A39–A54
Governance and Leadership……………………………….………………………………... ................. A55–A61
Relevant Ethical Requirements...………………………….………………………………... ................. A62–A66
Acceptance and Continuance of Client Relationships and Specific Engagements.…... ................. A67–A74
Engagement Performance………………………………………..…………………………................... A75–A85

1
Resources………………...………………………………………..………………………….. ............... A86–A108
Information and Communication.………………………………..………………………….. ............. A109–A115
Specified Responses…….………………………………………..…………………………............... A116–A137
Monitoring and Remediation Process….………………………..…………………………............... A138–A174
Network Requirements or Network Services….……………..……………………………............... A175–A186
Evaluating the System of Quality Management………………..………………………….. ............. A187–A201
Documentation ……………………………………………………………………………….. ............. A202–A206

Material Modifications vis-à-vis ISQM 1, “Quality Management for Firms that Perform Audits or Reviews of
Financial Statements, or Other Assurance or Related Services Engagements”

Standard on Quality Management (SQM) 1, “Quality Management for Firms that Perform Audits or
Reviews of Financial Statements, or Other Assurance or Related Services Engagements”, should be read
in the context of the “Preface to the Standards on Quality Management, Auditing, Review, Other
Assurance, and Related Services”.

2
Introduction
Scope of this SQM
1. This Standard on Quality Management (SQM) deals with a firm’s responsibilities
to design, implement and operate a system of quality management for audits or reviews
of financial statements, or other assurance or related services engagements.
2. Engagement quality reviews form part of the firm’s system of quality
management and:
(a) This SQM deals with the firm’s responsibility to establish policies or procedures
addressing engagements that are required to be subject to engagement quality
reviews.
(b) SQM 21 deals with the appointment and eligibility of the engagement quality
reviewer, and the performance and documentation of the engagement quality
review.
3. Other pronouncements of the Institute of Chartered Accountants of India (ICAI):
(a) Are premised on the basis that the firm is subject to the SQMs; and
(b) Include requirements for engagement partners and other engagement team
members regarding quality management at the engagement level. For example, SA
220(Revised), “Quality Management for an Audit of Financial Statements” deals
with the specific responsibilities of the auditor regarding quality management at the
engagement level for an audit of financial statements and the related responsibilities
of the engagement partner. (Ref: Para. A1)
4. This SQM is to be read in conjunction with relevant ethical requirements. Law,
regulation or relevant ethical requirements may establish responsibilities for the firm’s
management of quality beyond those described in this SQM. (Ref: Para. A2)
5. This SQM applies to all firms performing audits or reviews of financial
statements, or other assurance or related services engagements (i.e., if the firm
performs any of these engagements, this SQM applies and the system of quality
management that is established in accordance with the requirements of this SQM
enables the consistent performance by the firm of all such engagements).
The Firm’s System of Quality Management
6. A system of quality management operates in a continual and iterative manner
and is responsive to changes in the nature and circumstances of the firm and its
engagements. It also does not operate in a linear manner. However, for the purposes of
this SQM, a system of quality management addresses the following eight components:
(Ref: Para. A3)

1 SQM 2, Engagement Quality Reviews.

3
(a) The firm’s risk assessment process;
(b) Governance and leadership;
(c) Relevant ethical requirements;
(d) Acceptance and continuance of client relationships and specific engagements;
(e) Engagement performance;
(f) Resources;
(g) Information and communication; and
(h) The monitoring and remediation process.
7. This SQM requires the firm to apply a risk-based approach in designing,
implementing and operating the components of the system of quality management in an
interconnected and coordinated manner such that the firm proactively manages the
quality of engagements performed by the firm. (Ref: Para. A4)
8. The risk-based approach is embedded in the requirements of this SQM through:
(a) Establishing quality objectives. The quality objectives established by the firm consist
of objectives in relation to the components of the system of quality management
that are to be achieved by the firm. The firm is required to establish the quality
objectives specified by this SQM and any additional quality objectives considered
necessary by the firm to achieve the objectives of the system of quality
management.
(b) Identifying and assessing risks to the achievement of the quality objectives (referred
to in this standard as quality risks). The firm is required to identify and assess
quality risks to provide a basis for the design and implementation of responses.
(c) Designing and implementing responses to address the quality risks. The nature,
timing and extent of the firm’s responses to address the quality risks are based on
and are responsive to the reasons for the assessments given to the quality risks.
9. This SQM requires that, at least annually, the individual(s) assigned ultimate
responsibility and accountability for the system of quality management, on behalf of the
firm, evaluates the system of quality management and concludes whether the system of
quality management provides the firm with reasonable assurance that the objectives of
the system, stated in paragraph 14(a) and (b), are being achieved. (Ref: Para. A5)
Scalability
10. In applying a risk-based approach, the firm is required to take into account:
(a) The nature and circumstances of the firm; and
(b) The nature and circumstances of the engagements performed by the firm.
Accordingly, the design of the firm’s system of quality management, in particular the
complexity and formality of the system, will vary. For example, a firm that performs
4
different types of engagements for a wide variety of entities, including audits of financial
statements of listed entities, will likely need to have a more complex and formalized
system of quality management and supporting documentation, than a firm that performs
only reviews of financial statements or compilation engagements.
Networks and Service Providers
11. This SQM addresses the firm’s responsibilities when the firm:
(a) Belongs to a network, and the firm complies with network requirements or uses
network services in the system of quality management or in the performance of
engagements; or
(b) Uses resources from a service provider in the system of quality management or in
the performance of engagements.
Even when the firm complies with network requirements or uses network services or
resources from a service provider, the firm is responsible for its system of quality
management.
Authority of this SQM
12. Paragraph 14 contains the objective of the firm in following this SQM. This SQM
contains: (Ref: Para. A6)
(a) Requirements designed to enable the firm to meet the objective in paragraph 14;
(Ref: Para. A7)
(b) Related guidance in the form of application and other explanatory material; (Ref:
Para. A8)
(c) Introductory material that provides context relevant to a proper understanding of this
SQM; and
(d) Definitions. (Ref: Para. A9)
Effective Date
Recommendatory
13. Systems of quality management in compliance with this SQM are required to be
designed and implemented by April 1, 2025, and the evaluation of the system of quality
management required by paragraphs 53–54 of this SQM is required to be performed
within one year following April 1, 2025.
Mandatory
13. Systems of quality management in compliance with this SQM are required to be
designed and implemented by April 1, 2026, and the evaluation of the system of quality
management required by paragraphs 53–54 of this SQM is required to be performed
within one year following April 1, 2026.

5
Objective
14. The objective of the firm is to design, implement and operate a system of quality
management for audits or reviews of financial statements, or other assurance or related
services engagements performed by the firm, that provides the firm with reasonable
assurance that:
(a) The firm and its personnel fulfill their responsibilities in accordance with professional
standards and applicable legal and regulatory requirements, and conduct
engagements in accordance with such standards and requirements; and
(b) Engagement reports issued by the firm or engagement partners are appropriate in
the circumstances.
15. The public interest is served by the consistent performance of quality
engagements. The design, implementation and operation of the system of quality
management enables the consistent performance of quality engagements by providing
the firm with reasonable assurance that the objectives of the system of quality
management, stated in paragraph 14(a) and (b), are achieved. Quality engagements
are achieved through planning and performing engagements and reporting on them in
accordance with professional standards and applicable legal and regulatory
requirements. Achieving the objectives of those standards and complying with the
requirements of applicable law or regulation involves exercising professional judgment
and, when applicable to the type of engagement, exercising professional skepticism.
Definitions
16. For purposes of this SQM, the following terms have the meanings attributed
below:
(a) Deficiency in the firm’s system of quality management (referred to as “deficiency” in
this SQM) – This exists when: (Ref: Para. A10, A159–A160)
(i) A quality objective required to achieve the objective of the system of quality
management is not established;
(ii) A quality risk, or combination of quality risks, is not identified or properly
assessed; (Ref: Para. A11)
(iii) A response, or combination of responses, does not reduce to an acceptably
low level the likelihood of a related quality risk occurring because the
response(s) is not properly designed, implemented or operating effectively; or
(iv) An other aspect of the system of quality management is absent, or not
properly designed, implemented or operating effectively, such that a
requirement of this SQM has not been addressed. (Ref: Para. A12)
(b) Engagement documentation – The record of work performed, results obtained, and
conclusions the practitioner reached (terms such as “working papers” or “work
papers” are sometimes used).

6
(c) Engagement partner – The partner or other individual, appointed by the firm who is
a member of the Institute of Chartered Accountants of India and is in full time
practice and is responsible for the engagement and its performance, and for the
report that is issued on behalf of the firm, and who, where required, has the
appropriate authority from a professional, legal or regulatory body.
(d) Engagement quality review – An objective evaluation of the significant judgments
made by the engagement team and the conclusions reached thereon, performed by
the engagement quality reviewer and completed on or before the date of the
engagement report.
(e) Engagement quality reviewer – A partner, other individual in the firm2, or an external
individual3, appointed by the firm to perform the engagement quality review.
(f) Engagement team – All partners and staff performing the engagement, and any
other individuals who perform procedures on the engagement, excluding an
external expert4 and internal auditors who provide direct assistance on an
engagement. (Ref: Para. A13)
(g) External inspections – Inspections or investigations, undertaken by an external
oversight authority, related to the firm’s system of quality management or
engagements performed by the firm. (Ref: Para. A14)
(h) Findings (in relation to a system of quality management) – Information about the
design, implementation and operation of the system of quality management that has
been accumulated from the performance of monitoring activities, external
inspections and other relevant sources, which indicates that one or more
deficiencies may exist. (Ref: Para. A15–A17)
(i) Firm – A sole practitioner/proprietor, partnership including limited liability partnership
or any such entity of professional accountants, as may be permitted by law. (Ref:
Para. A18)
(j) Listed entity – An entity whose shares, stock or debt are quoted or listed on a
recognized stock exchange, or are marketed under the regulations of a recognized
stock exchange or other equivalent body.
(k) Network firm – A firm or entity that belongs to the firm’s network.
(l) Network – A larger structure: (Ref: Para. A19)
(i) That is aimed at cooperation; and
(ii) That is clearly aimed at profit or cost-sharing or shares common ownership,
control or management, common quality management policies or procedures,
common business strategy, the use of a common brand name, or a significant
part of professional resources.

2 Such other person should be a member of the Institute of Chartered Accountants of India.
3 Such other person should be a member of the Institute of Chartered Accountants of India.
4 SA 620, “Using the Work of an Auditor’s Expert”, paragraph 6(a), defines the term “auditor’s expert.”

7
(m) Partner – Any individual with authority to bind the firm with respect to the
performance of a professional services engagement.
(n) Personnel – Partners and staff in the firm. (Ref: Para. A20–A21)
(o) Professional judgment – The application of relevant training, knowledge and
experience, within the context of professional standards, in making informed
decisions about the courses of action that are appropriate in the design,
implementation and operation of the firm’s system of quality management.
(p) Professional standards – Engagement Standards, as defined in the “Preface to the
Standards on Quality Management, Auditing, Review, Other Assurance, and
Related Services”, and relevant ethical requirements.
(q) Quality objectives – The desired outcomes in relation to the components of the
system of quality management to be achieved by the firm.
(r) Quality risk – A risk that has a reasonable possibility of:
(i) Occurring; and
(ii) Individually, or in combination with other risks, adversely affecting the
achievement of one or more quality objectives.
(s) Reasonable assurance – In the context of the SQMs, a high, but not absolute, level
of assurance.
(t) Relevant ethical requirements – Principles of professional ethics and ethical
requirements that are applicable to professional accountants when undertaking
engagements that are audits or reviews of financial statements or other assurance
or related services engagements. Relevant ethical requirements ordinarily comprise
the provisions of the Code of Ethics issued by ICAI (“the Code of Ethics”) related to
audits or reviews of financial statements, or other assurance or related services
engagements. (Ref: Para. A22–A24, A62)
(u) Response (in relation to a system of quality management) – Policies or procedures
designed and implemented by the firm to address one or more quality risk(s): (Ref:
Para. A25–A27, A50)
(i) Policies are statements of what should, or should not, be done to address a
quality risk(s). Such statements may be documented, explicitly stated in
communications or implied through actions and decisions.
(ii) Procedures are actions to implement policies.
(v) Service provider (in the context of this SQM) – An individual or organization external
to the firm that provides a resource that is used in the system of quality
management or in the performance of engagements. Service providers exclude the
firm’s network, other network firms or other structures or organizations in the
network. (Ref: Para. A28, A105)

8
(w) Staff – Professionals, other than partners, including any experts which the firm
employs.
(x) System of quality management – A system designed, implemented and operated by
a firm to provide the firm with reasonable assurance that:
(i) The firm and its personnel fulfill their responsibilities in accordance with
professional standards and applicable legal and regulatory requirements, and
conduct engagements in accordance with such standards and requirements;
and
(ii) Engagement reports issued by the firm or engagement partners are appropriate
in the circumstances.
Requirements
Applying, and Complying with, Relevant Requirements
17. The firm shall comply with each requirement of this SQM unless the requirement
is not relevant to the firm because of the nature and circumstances of the firm or its
engagements. (Ref: Para. A29)
18. The individual(s) assigned ultimate responsibility and accountability for the firm’s
system of quality management, and the individual(s) assigned operational responsibility
for the firm’s system of quality management shall have an understanding of this SQM,
including the application and other explanatory material, to understand the objective of
this SQM and to apply its requirements properly.
System of Quality Management
19. The firm shall design, implement and operate a system of quality management.
In doing so, the firm shall exercise professional judgment, taking into account the nature
and circumstances of the firm and its engagements. The governance and leadership
component of the system of quality management establishes the environment that
supports the design, implementation and operation of the system of quality
management. (Ref: Para. A30–A31)
Responsibilities
20. The firm shall assign: (Ref: Para. A32–A35)
(a) Ultimate responsibility and accountability for the system of quality management to
the firm’s chief executive officer or the firm’s managing partner (or equivalent) or, if
appropriate, the firm’s managing board of partners (or equivalent);
(b) Operational responsibility for the system of quality management;
(c) Operational responsibility for specific aspects of the system of quality management,
including:
(i) Compliance with independence requirements; and (Ref: Para. A36)
(ii) The monitoring and remediation process.
9
21. In assigning the roles in paragraph 20, the firm shall determine that the
individual(s): (Ref: Para. A37)
(a) Has the appropriate experience, knowledge, influence and authority within the firm,
and sufficient time, to fulfill their assigned responsibility; and (Ref: Para. A38)
(b) Understands their assigned roles and that they are accountable for fulfilling them.
22. The firm shall determine that the individual(s) assigned operational responsibility
for the system of quality management, compliance with independence requirements and
the monitoring and remediation process, have a direct line of communication to the
individual(s) assigned ultimate responsibility and accountability for the system of quality
management.
The Firm’s Risk Assessment Process
23. The firm shall design and implement a risk assessment process to establish
quality objectives, identify and assess quality risks and design and implement
responses to address the quality risks. (Ref: Para. A39–A41)
24. The firm shall establish the quality objectives specified by this SQM and any
additional quality objectives considered necessary by the firm to achieve the objectives
of the system of quality management. (Ref: Para. A42–A44)
25. The firm shall identify and assess quality risks to provide a basis for the design
and implementation of responses. In doing so, the firm shall:
(a) Obtain an understanding of the conditions, events, circumstances, actions or
inactions that may adversely affect the achievement of the quality objectives,
including: (Ref: Para. A45– A47)
(i) With respect to the nature and circumstances of the firm, those relating to:
a. The complexity and operating characteristics of the firm;
b. The strategic and operational decisions and actions, business processes
and business model of the firm;
c. The characteristics and management style of leadership;
d. The resources of the firm, including the resources provided by service
providers;
e. Law, regulation, professional standards and the environment in which the
firm operates; and
f. In the case of a firm that belongs to a network, the nature and extent of the
network requirements and network services, if any.
(ii) With respect to the nature and circumstances of the engagements performed by
the firm, those relating to:
a. The types of engagements performed by the firm and the reports to be
issued; and
10
b. The types of entities for which such engagements are undertaken.
(b) Take into account how, and the degree to which, the conditions, events,
circumstances, actions or inactions in paragraph 25(a) may adversely affect the
achievement of the quality objectives. (Ref: Para. A48)
26. The firm shall design and implement responses to address the quality risks in a
manner that is based on, and responsive to, the reasons for the assessments given to
the quality risks. The firm’s responses shall also include the responses specified in
paragraph 34. (Ref: Para. A49–A51)
27. The firm shall establish policies or procedures that are designed to identify
information that indicates additional quality objectives, or additional or modified quality
risks or responses, are needed due to changes in the nature and circumstances of the
firm or its engagements. If such information is identified, the firm shall consider the
information and when appropriate: (Ref: Para. A52–A53)
(a) Establish additional quality objectives or modify additional quality objectives already
established by the firm; (Ref: Para. A54)
(b) Identify and assess additional quality risks, modify the quality risks or reassess the
quality risks; or
(c) Design and implement additional responses, or modify the responses.
Governance and Leadership
28. The firm shall establish the following quality objectives that address the firm’s
governance and leadership, which establishes the environment that supports the
system of quality management:
(a) The firm demonstrates a commitment to quality through a culture that exists
throughout the firm, which recognizes and reinforces: (Ref: Para. A55–A56)
(i) The firm’s role in serving the public interest by consistently performing quality
engagements;
(ii) The importance of professional ethics, values and attitudes;
(iii) The responsibility of all personnel for quality relating to the performance of
engagements or activities within the system of quality management, and their
expected behavior; and
(iv) The importance of quality in the firm’s strategic decisions and actions, including
the firm’s financial and operational priorities.
(b) Leadership is responsible and accountable for quality. (Ref: Para. A57)
(c) Leadership demonstrates a commitment to quality through their actions and
behaviors. (Ref: Para. A58)
(d) The organizational structure and assignment of roles, responsibilities and authority

11
is appropriate to enable the design, implementation and operation of the firm’s
system of quality management. (Ref: Para. A32, A33, A35, A59)
(e) Resource needs, including financial resources, are planned for and resources are
obtained, allocated or assigned in a manner that is consistent with the firm’s
commitment to quality. (Ref: Para. A60–A61)
Relevant Ethical Requirements
29. The firm shall establish the following quality objectives that address the fulfillment
of responsibilities in accordance with relevant ethical requirements, including those
related to independence: (Ref: Para. A62–A64, A66)
(a) The firm and its personnel:
(i) Understand the relevant ethical requirements to which the firm and the firm’s
engagements are subject; and (Ref: Para. A22, A24)
(ii) Fulfill their responsibilities in relation to the relevant ethical requirements to
which the firm and the firm’s engagements are subject.
(b) Others, including the network, network firms, individuals in the network or network
firms, or service providers, who are subject to the relevant ethical requirements to
which the firm and the firm’s engagements are subject:
(i) Understand the relevant ethical requirements that apply to them; and (Ref:
Para. A22, A24, A65)
(ii) Fulfill their responsibilities in relation to the relevant ethical requirements that
apply to them.
Acceptance and Continuance of Client Relationships and Specific Engagements
30. The firm shall establish the following quality objectives that address the
acceptance and continuance of client relationships and specific engagements:
(a) Judgments by the firm about whether to accept or continue a client relationship or
specific engagement are appropriate based on:
(i) Information obtained about the nature and circumstances of the engagement
and the integrity and ethical values of the client (including management, and,
when appropriate, those charged with governance) that is sufficient to support
such judgments; and (Ref: Para. A67–A71)
(ii) The firm’s ability to perform the engagement in accordance with professional
standards and applicable legal and regulatory requirements. (Ref: Para. A72)
(b) The financial and operational priorities of the firm do not lead to inappropriate
judgments about whether to accept or continue a client relationship or specific
engagement. (Ref: Para. A73– A74)
Engagement Performance
31. The firm shall establish the following quality objectives that address the
performance of quality engagements:

12
(a) Engagement teams understand and fulfill their responsibilities in connection with the
engagements, including, as applicable, the overall responsibility of engagement
partners for managing and achieving quality on the engagement and being
sufficiently and appropriately involved throughout the engagement. (Ref: Para. A75)
(b) The nature, timing and extent of direction and supervision of engagement teams
and review of the work performed is appropriate based on the nature and
circumstances of the engagements and the resources assigned or made available
to the engagement teams, and the work performed by less experienced
engagement team members is directed, supervised and reviewed by more
experienced engagement team members. (Ref: Para. A76–A77)
(c) Engagement teams exercise appropriate professional judgment and, when
applicable to the type of engagement, professional skepticism. (Ref: Para. A78)
(d) Consultation on difficult or contentious matters is undertaken and the conclusions
agreed are implemented. (Ref: Para. A79–A81)
(e) Differences of opinion within the engagement team, or between the engagement
team and the engagement quality reviewer or individuals performing activities within
the firm’s system of quality management are brought to the attention of the firm and
resolved. (Ref: Para. A82)
(f) Engagement documentation is assembled on a timely basis after the date of the
engagement report, and is appropriately maintained and retained to meet the needs
of the firm and comply with law, regulation, relevant ethical requirements, or
professional standards. (Ref: Para. A83–A85)
Resources
32. The firm shall establish the following quality objectives that address appropriately
obtaining, developing, using, maintaining, allocating and assigning resources in a timely
manner to enable the design, implementation and operation of the system of quality
management: (Ref: Para. A86–A87)
Human Resources
(a) Personnel are hired, developed and retained and have the competence and
capabilities to: (Ref: Para. A88–A90)
(i) Consistently perform quality engagements, including having knowledge or
experience relevant to the engagements the firm performs; or
(ii) Perform activities or carry out responsibilities in relation to the operation of the
firm’s system of quality management.
(b) Personnel demonstrate a commitment to quality through their actions and
behaviors, develop and maintain the appropriate competence to perform their roles,
and are held accountable or recognized through timely evaluations, compensation,
promotion and other incentives. (Ref: Para. A91–A93)
(c) Individuals are obtained from external sources (i.e., the network, another network
firm or a service provider) when the firm does not have sufficient or appropriate
13
personnel to enable the operation of firm’s system of quality management or
performance of engagements. (Ref: Para. A94)
(d) Engagement team members are assigned to each engagement, including an
engagement partner, who have appropriate competence and capabilities, including
being given sufficient time, to consistently perform quality engagements. (Ref: Para.
A88–A89, A95–A97)
(e) Individuals are assigned to perform activities within the system of quality
management who have appropriate competence and capabilities, including
sufficient time, to perform such activities.
Technological Resources
(f) Appropriate technological resources are obtained or developed, implemented,
maintained, and used, to enable the operation of the firm’s system of quality
management and the performance of engagements. (Ref: Para. A98–A101, A104)
Intellectual Resources
(g) Appropriate intellectual resources are obtained or developed, implemented,
maintained, and used, to enable the operation of the firm’s system of quality
management and the consistent performance of quality engagements, and such
intellectual resources are consistent with professional standards and applicable
legal and regulatory requirements, where applicable. (Ref: Para. A102–A104)
Service Providers
(h) Human, technological or intellectual resources from service providers are
appropriate for use in the firm’s system of quality management and in the
performance of engagements, taking into account the quality objectives in
paragraph 32 (d),(e),(f) and (g). (Ref: Para. A105–A108)
Information and Communication
33. The firm shall establish the following quality objectives that address obtaining,
generating or using information regarding the system of quality management, and
communicating information within the firm and to external parties on a timely basis to
enable the design, implementation and operation of the system of quality management:
(Ref: Para. A109)
(a) The information system identifies, captures, processes and maintains relevant and
reliable information that supports the system of quality management, whether from
internal or external sources. (Ref: Para. A110–A111)
(b) The culture of the firm recognizes and reinforces the responsibility of personnel to
exchange information with the firm and with one another. (Ref: Para. A112)
(c) Relevant and reliable information is exchanged throughout the firm and with
engagement teams, including: (Ref: Para. A112)
(i) Information is communicated to personnel and engagement teams, and the
nature, timing and extent of the information is sufficient to enable them to

14
understand and carry out their responsibilities relating to performing activities
within the system of quality management or engagements; and
(ii) Personnel and engagement teams communicate information to the firm when
performing activities within the system of quality management or engagements.
(d) Relevant and reliable information is communicated to external parties, including:
(i) Information is communicated by the firm to or within the firm’s network or to
service providers, if any, enabling the network or service providers to fulfill their
responsibilities relating to the network requirements or network services or
resources provided by them; and (Ref: Para. A113)
(ii) Information is communicated externally when required by law, regulation or
professional standards, or to support external parties’ understanding of the
system of quality management. (Ref: Para. A114–A115)
Specified Responses
34. In designing and implementing responses in accordance with paragraph 26, the
firm shall include the following responses: (Ref: Para. A116)
(a) The firm establishes policies or procedures for:
(i) Identifying, evaluating and addressing threats to compliance with the relevant
ethical requirements; and (Ref: Para. A117)
(ii) Identifying, communicating, evaluating and reporting of any breaches of the
relevant ethical requirements and appropriately responding to the causes and
consequences of the breaches in a timely manner. (Ref: Para. A118–A119)
(b) The firm obtains, at least annually, a documented confirmation of compliance with
independence requirements from all personnel required by relevant ethical
requirements to be independent.
(c) The firm establishes policies or procedures for receiving, investigating and resolving
complaints and allegations about failures to perform work in accordance with
professional standards and applicable legal and regulatory requirements, or non-
compliance with the firm’s policies or procedures established in accordance with
this SQM. (Ref: Para. A120–A121)
(d) The firm establishes policies or procedures that address circumstances when:
(i) The firm becomes aware of information subsequent to accepting or continuing a
client relationship or specific engagement that would have caused it to decline
the client relationship or specific engagement had that information been known
prior to accepting or continuing the client relationship or specific engagement;
or (Ref: Para. A122–A123)
(ii) The firm is obligated by law or regulation to accept a client relationship or
specific engagement. (Ref: Para. A123)

15
(e) The firm establishes policies or procedures that: (Ref: Para. A124–A126)
(i) Require communication with those charged with governance when performing
an audit of financial statements of listed entities about how the system of quality
management supports the consistent performance of quality audit
engagements; (Ref: Para. A127– A129)
(ii) Address when it is otherwise appropriate to communicate with external parties
about the firm’s system of quality management; and (Ref: Para. A130)
(iii) Address the information to be provided when communicating externally in
accordance with paragraphs 34(e)(i) and 34(e)(ii), including the nature, timing
and extent and appropriate form of communication. (Ref: Para. A131–A132)
(f) The firm establishes policies or procedures that address engagement quality
reviews in accordance with SQM 2, and require an engagement quality review for:
(i) Audits of financial statements of listed entities;
(ii) Audits or other engagements for which an engagement quality review is
required by law or regulation; and (Ref: Para. A133)
(iii) Audits or other engagements for which the firm determines that an engagement
quality review is an appropriate response to address one or more quality risk(s).
(Ref: Para. A134-A137)
Monitoring and Remediation Process
35. The firm shall establish a monitoring and remediation process to: (Ref: Para.
A138)
(a) Provide relevant, reliable and timely information about the design, implementation
and operation of the system of quality management.
(b) Take appropriate actions to respond to identified deficiencies such that deficiencies
are remediated on a timely basis.
Designing and Performing Monitoring Activities
36. The firm shall design and perform monitoring activities to provide a basis for the
identification of deficiencies.
37. In determining the nature, timing and extent of the monitoring activities, the firm
shall take into account: (Ref: Para. A139–A142)
(a) The reasons for the assessments given to the quality risks;
(b) The design of the responses;
(c) The design of the firm’s risk assessment process and monitoring and remediation
process; (Ref: Para. A143–A144)
(d) Changes in the system of quality management; (Ref: Para. A145)

16
(e) The results of previous monitoring activities, whether previous monitoring activities
continue to be relevant in evaluating the firm’s system of quality management and
whether remedial actions to address previously identified deficiencies were
effective; and (Ref: Para. A146– A147)
(f) Other relevant information, including complaints and allegations about failures to
perform work in accordance with professional standards and applicable legal and
regulatory requirements or non-compliance with the firm’s policies or procedures
established in accordance with this SQM, information from external inspections and
information from service providers. (Ref: Para. A148–A150)
38. The firm shall include the inspection of completed engagements in its monitoring
activities and shall determine which engagements and engagement partners to select.
In doing so, the firm shall: (Ref: Para. A141, A151–A154)
(a) Take into account the matters in paragraph 37;
(b) Consider the nature, timing and extent of other monitoring activities undertaken by
the firm and the engagements and engagement partners subject to such monitoring
activities; and
(c) Select at least one completed engagement for each engagement partner on a
cyclical basis determined by the firm.
39. The firm shall establish policies or procedures that:
(a) Require the individuals performing the monitoring activities to have the competence
and capabilities, including sufficient time, to perform the monitoring activities
effectively; and
(b) Address the objectivity of the individuals performing the monitoring activities. Such
policies or procedures shall prohibit the engagement team members or the
engagement quality reviewer of an engagement from performing any inspection of
that engagement. (Ref: Para. A155– A156)
Evaluating Findings and Identifying Deficiencies
40. The firm shall evaluate findings to determine whether deficiencies exist, including
in the monitoring and remediation process. (Ref: Para. A157–A162)
Evaluating Identified Deficiencies
41. The firm shall evaluate the severity and pervasiveness of identified deficiencies
by: (Ref: Para. A161, A163–A164)
(a) Investigating the root cause(s) of the identified deficiencies. In determining the
nature, timing and extent of the procedures to investigate the root cause(s), the firm
shall take into account the nature of the identified deficiencies and their possible
severity. (Ref: Para. A165–A169)
(b) Evaluating the effect of the identified deficiencies, individually and in aggregate, on
the system of quality management.

17
Responding to Identified Deficiencies
42. The firm shall design and implement remedial actions to address identified
deficiencies that are responsive to the results of the root cause analysis. (Ref: Para.
A170–A172)
43. The individual(s) assigned operational responsibility for the monitoring and
remediation process shall evaluate whether the remedial actions:
(a) Are appropriately designed to address the identified deficiencies and their related
root cause(s) and determine that they have been implemented; and
(b) Implemented to address previously identified deficiencies are effective.
44. If the evaluation indicates that the remedial actions are not appropriately
designed and implemented or are not effective, the individual(s) assigned operational
responsibility for the monitoring and remediation process shall take appropriate action to
determine that the remedial actions are appropriately modified such that they are
effective.
Findings About a Particular Engagement
45. The firm shall respond to circumstances when findings indicate that there is an
engagement(s) for which procedures required were omitted during the performance of
the engagement(s) or the report issued may be inappropriate. The firm’s response shall
include: (Ref: Para. A173)
(a) Taking appropriate action to comply with relevant professional standards and
applicable legal and regulatory requirements; and
(b) When the report is considered to be inappropriate, considering the implications and
taking appropriate action, including considering whether to obtain legal advice.
Ongoing Communication Related to Monitoring and Remediation
46. The individual(s) assigned operational responsibility for the monitoring and
remediation process shall communicate on a timely basis to the individual(s) assigned
ultimate responsibility and accountability for the system of quality management and the
individual(s) assigned operational responsibility for the system of quality management:
(Ref: Para. A174)
(a) A description of the monitoring activities performed;
(b) The identified deficiencies, including the severity and pervasiveness of such
deficiencies; and
(c) The remedial actions to address the identified deficiencies.
47. The firm shall communicate the matters described in paragraph 46 to
engagement teams and other individuals assigned activities within the system of quality

18
management to enable them to take prompt and appropriate action in accordance with
their responsibilities.
Network Requirements or Network Services
48. When the firm belongs to a network, the firm shall understand, when applicable:
(Ref: Para. A19, A175)
(a) The requirements established by the network regarding the firm’s system of quality
management, including requirements for the firm to implement or use resources or
services designed or otherwise provided by or through the network (i.e., network
requirements);
(b) Any services or resources provided by the network that the firm chooses to
implement or use in the design, implementation or operation of the firm’s system of
quality management (i.e., network services); and
(c) The firm’s responsibilities for any actions that are necessary to implement the
network requirements or use network services. (Ref: Para. A176)
The firm remains responsible for its system of quality management, including
professional judgments made in the design, implementation and operation of the system
of quality management. The firm shall not allow compliance with the network
requirements or use of network services to contravene the requirements of this SQM.
(Ref: Para. A177)
49. Based on the understanding obtained in paragraph 48, the firm shall:
(a) Determine how the network requirements or network services are relevant to, and
are taken into account in, the firm’s system of quality management, including how
they are to be implemented; and (Ref: Para. A178)
(b) Evaluate whether and, if so, how the network requirements or network services
need to be adapted or supplemented by the firm to be appropriate for use in its
system of quality management. (Ref: Para. A179–A180)
Monitoring Activities Undertaken by the Network on the Firm’s System of Quality
Management
50. In circumstances when the network performs monitoring activities relating to the
firm’s system of quality management, the firm shall:
(a) Determine the effect of the monitoring activities performed by the network on the
nature, timing and extent of the firm’s monitoring activities performed in accordance
with paragraphs 36–38;
(b) Determine the firm’s responsibilities in relation to the monitoring activities, including
any related actions by the firm; and
(c) As part of evaluating findings and identifying deficiencies in paragraph 40, obtain
the results of the monitoring activities from the network in a timely manner. (Ref:
Para. A181)
Monitoring Activities Undertaken by the Network Across the Network Firms

19
51. The firm shall:
(a) Understand the overall scope of the monitoring activities undertaken by the network
across the network firms, including monitoring activities to determine that network
requirements have been appropriately implemented across the network firms, and
how the network will communicate the results of its monitoring activities to the firm;
(b) At least annually, obtain information from the network about the overall results of
the network’s monitoring activities across the network firms, if applicable, and: (Ref:
Para. A182–A184)
(i) Communicate the information to engagement teams and other individuals
assigned activities within the system of quality management, as appropriate, to
enable them to take prompt and appropriate action in accordance with their
responsibilities; and
(ii) Consider the effect of the information on the firm’s system of quality
management.
Deficiencies in Network Requirements or Network Services Identified by the Firm
52. If the firm identifies a deficiency in the network requirements or network services,
the firm shall: (Ref: Para. A185)
(a) Communicate to the network relevant information about the identified deficiency;
and
(b) In accordance with paragraph 42, design and implement remedial actions to
address the effect of the identified deficiency in the network requirements or
network services. (Ref: Para. A186)
Evaluating the System of Quality Management
53. The individual(s) assigned ultimate responsibility and accountability for the
system of quality management shall evaluate, on behalf of the firm, the system of
quality management. The evaluation shall be undertaken as at a point in time, and
performed at least annually. (Ref: Para. A187–A189)
54. Based on the evaluation, the individual(s) assigned ultimate responsibility and
accountability for the system of quality management shall conclude, on behalf of the
firm, one of the following: (Ref: Para. A190, A195)
(a) The system of quality management provides the firm with reasonable assurance
that the objectives of the system of quality management are being achieved; (Ref:
Para. A191)
(b) Except for matters related to identified deficiencies that have a severe but not
pervasive effect on the design, implementation and operation of the system of
quality management, the system of quality management provides the firm with
reasonable assurance that the objectives of the system of quality management are
being achieved; or (Ref: Para. A192)

20
(c) The system of quality management does not provide the firm with reasonable
assurance that the objectives of the system of quality management are being
achieved. (Ref: Para. A192– A194)
55. If the individual(s) assigned ultimate responsibility and accountability for the
system of quality management reaches the conclusion described in paragraph 54(b) or
54(c), the firm shall: (Ref: Para. A196)
(a) Take prompt and appropriate action; and
(b) Communicate to:
(i) Engagement teams and other individuals assigned activities within the system
of quality management to the extent that it is relevant to their responsibilities;
and (Ref: Para. A197)
(ii) External parties in accordance with the firm’s policies or procedures required by
paragraph 34(e). (Ref: Para. A198)
56. The firm shall undertake periodic performance evaluations of the individual(s)
assigned ultimate responsibility and accountability for the system of quality
management, and the individual(s) assigned operational responsibility for the system of
quality management. In doing so, the firm shall take into account the evaluation of the
system of quality management. (Ref: Para. A199–A201)
Documentation
57. The firm shall prepare documentation of its system of quality management that is
sufficient to: (Ref: Para. A202–A204)
(a) Support a consistent understanding of the system of quality management by
personnel, including an understanding of their roles and responsibilities with respect
to the system of quality management and the performance of engagements;
(b) Support the consistent implementation and operation of the responses; and
(c) Provide evidence of the design, implementation and operation of the responses, to
support the evaluation of the system of quality management by the individual(s)
assigned ultimate responsibility and accountability for the system of quality
management.
58. In preparing documentation, the firm shall include:
(a) The identification of the individual(s) assigned ultimate responsibility and
accountability for the system of quality management and operational responsibility
for the system of quality management;
(b) The firm’s quality objectives and quality risks; (Ref: Para. A205)
(c) A description of the responses and how the firm’s responses address the quality
risks;

21
(d) Regarding the monitoring and remediation process:
(i) Evidence of the monitoring activities performed;
(ii) The evaluation of findings, and identified deficiencies and their related root
cause(s);
(iii) Remedial actions to address identified deficiencies and the evaluation of the
design and implementation of such remedial actions; and
(iv) Communications about monitoring and remediation; and
(e) The basis for the conclusion reached pursuant to paragraph 54.
59. The firm shall document the matters in paragraph 58 as they relate to network
requirements or network services and the evaluation of the network requirements or
network services in accordance with paragraph 49(b). (Ref: Para. A206)
60. The firm shall establish a period of time for the retention of documentation for the
system of quality management that is sufficient to enable the firm to monitor the design,
implementation and operation of the firm’s system of quality management, or for a
longer period if required by law or regulation.
***
Application and Other Explanatory Material
Scope of this SQM (Ref: Para. 3–4)
A1. Other pronouncements of ICAI, including SRE 2400(Revised)5 and Guidance
Note on Reports or Certificates for Special Purposes (Revised 2016), also establish
requirements for the engagement partner for the management of quality at the
engagement level.
A2. The Code of Ethics contains requirements and application material for
professional accountants that enable professional accountants to meet their
responsibility to act in the public interest. As indicated in paragraph 15, in the context of
engagement performance as described in this SQM, the consistent performance of
quality engagements forms part of the professional accountant’s responsibility to act in
the public interest.
The Firm’s System of Quality Management (Ref: Para. 6–9)
A3. The firm may use different terminology or frameworks to describe the
components of its system of quality management.
A4. Examples of the interconnected nature of the components include the following:
• The firm’s risk assessment process sets out the process the firm is required to
follow in implementing a risk-based approach across the system of quality
management.
5 Standard on Review Engagements (SRE) 2400(Revised), “Engagements to Review Historical Financial
Statements”.

22
• The governance and leadership component establishes the environment that
supports the system of quality management.
• The resources and information and communication components enable the design,
implementation and operation of the system of quality management.
• The monitoring and remediation process is a process designed to monitor the entire
system of quality management. The results of the monitoring and remediation
process provide information that is relevant to the firm’s risk assessment process.
• There may be relationships between specific matters, for example, certain aspects
of relevant ethical requirements are relevant to accepting and continuing client
relationships and specific engagements.
A5. Reasonable assurance is obtained when the system of quality management
reduces to an acceptably low level the risk that the objectives stated in paragraph 14(a)
and (b) are not achieved. Reasonable assurance is not an absolute level of assurance,
because there are inherent limitations of a system of quality management. Such
limitations include that human judgment in decision making can be faulty and that
breakdowns in a firm’s system of quality management may occur, for example, due to
human error or behavior or failures in information technology (IT) applications.
Authority of this SQM (Ref: Para. 12)
A6. The objective of this SQM provides the context in which the requirements of this
SQM are set, establishes the desired outcome of this SQM and is intended to assist the
firm in understanding what needs to be accomplished and, where necessary, the
appropriate means of doing so.
A7. The requirements of this SQM are expressed using “shall.”
A8. Where necessary, the application and other explanatory material provides further
explanation of the requirements and guidance for carrying them out. In particular, it
may:
• Explain more precisely what a requirement means or is intended to cover; and
• Include examples that illustrate how the requirements might be applied.
While such guidance does not in itself impose a requirement, it is relevant to the proper
application of the requirements. The application and other explanatory material may
also provide background information on matters addressed in this SQM. Where
appropriate, additional considerations specific to certain entities such as, Central/State
governments and related government entities (for example, agencies, boards,
commissions) are included within the application and other explanatory material. These
additional considerations assist in the application of the requirements in this SQM. They
do not, however, limit or reduce the responsibility of the firm to apply and comply with
the requirements in this SQM.
A9. This SQM includes, under the heading “Definitions,” a description of the
meanings attributed to certain terms for purposes of this SQM. These definitions are
23
provided to assist in the consistent application and interpretation of this SQM, and are
not intended to override definitions that may be established for other purposes, whether
in law, regulation or otherwise. The Glossary of Terms relating to Engagement and
Quality Management Standards issued by the Auditing and Assurance Standards Board
of ICAI includes the terms defined in this SQM. The Glossary of Terms also includes
descriptions of other terms found in the SQMs to assist in common and consistent
interpretation and translation.
Definitions
Deficiency (Ref: Para. 16(a))
A10. The firm identifies deficiencies through evaluating findings. A deficiency may
arise from a finding, or a combination of findings.
A11. When a deficiency is identified as a result of a quality risk, or combination of
quality risks, not being identified or properly assessed, the response(s) to address such
quality risk(s) may also be absent, or not appropriately designed or implemented.
A12. The other aspects of the system of quality management consist of the
requirements in this SQM addressing:
• Assigning responsibilities (paragraphs 20–22);
• The firm’s risk assessment process;
• The monitoring and remediation process; and
• The evaluation of the system of quality management.
Examples of deficiencies related to other aspects of the system of quality management
• The firm’s risk assessment process fails to identify information that indicates
changes in the nature and circumstances of the firm and its engagements and the
need to establish additional quality objectives, or modify the quality risks or
responses.
• The firm’s monitoring and remediation process is not designed or implemented in a
manner that:
o Provides relevant, reliable and timely information about the design,
implementation and operation of the system of quality management.
o Enables the firm to take appropriate actions to respond to identified deficiencies
such that deficiencies are remediated on a timely basis.
• The individual(s) assigned ultimate responsibility and accountability for the system
of quality management does not undertake the annual evaluation of the system of
quality management.

24
Engagement Team (Ref: Para. 16(f))
A13. SA 220(Revised)6 provides guidance in applying the definition of engagement
team in the context of an audit of financial statements.
External Inspections (Ref: Para. 16(g))
A14. In some circumstances, an external oversight authority may undertake other
types of inspections, for example, thematic reviews that focus on, for a selection of
firms, particular aspects of audit engagements or firm-wide practices.
Findings (Ref: Para. 16(h))
A15. As part of accumulating findings from monitoring activities, external inspections
and other relevant sources, the firm may identify other observations about the firm’s
system of quality management, such as positive outcomes or opportunities for the firm
to improve, or further enhance, the system of quality management. Paragraph A158
explains how other observations may be used by the firm in the system of quality
management.
A16. Paragraph A148 provides examples of information from other relevant sources.
A17. Monitoring activities include monitoring at the engagement level, such as
inspection of engagements. Furthermore, external inspections and other relevant
sources may include information that relates to specific engagements. As a result,
information about the design, implementation and operation of the system of quality
management includes engagement-level findings that may be indicative of findings in
relation to the system of quality management.
Firm (Ref: Para. 16(i))
A18. The definition of “firm” in relevant ethical requirements may differ from the
definition set out in this SQM. As per the Code of Ethics, a firm is a sole practitioner,
partnership including limited liability partnership or any such entity of professional
accountants, as may be permitted by law.
Network (Ref: Para. 16(l), 48)
A19. Networks and the firms within the network may be structured in a variety of ways.
For example, in the context of a firm’s system of quality management:
• The network may establish requirements for the firm related to its system of quality
management, or provide services that are used by the firm in its system of quality
management or in the performance of engagements;
• Other firms within the network may provide services (e.g., resources) that are used
by the firm in its system of quality management or in the performance of
engagements; or

6 SA 220(Revised), paragraphs A15–A25.

25
• Other structures or organizations within the network may establish requirements for
the firm related to its system of quality management, or provide services.
For the purposes of this SQM, any network requirements or network services that are
obtained from the network, another firm within the network or another structure or
organization in the network are considered “network requirements or network services.”
Personnel (Ref: Para. 16(n))
A20. In addition to personnel (i.e., individuals in the firm), the firm may use individuals
external to the firm in performing activities in the system of quality management or in the
performance of engagements. For example, individuals external to the firm may include
individuals from other network firms (e.g., individuals in a service delivery center of a
network firm) or individuals employed by a service provider (e.g., a component auditor
from another firm not within the firm’s network).
A21. Personnel also includes partners and staff in other structures of the firm, such as
a service delivery center in the firm.
Relevant Ethical Requirements (Ref: Para. 16(t), 29)
A22. The relevant ethical requirements that are applicable in the context of a system
of quality management may vary, depending on the nature and circumstances of the
firm and its engagements. The term “professional accountant” may be defined in
relevant ethical requirements. For example, the Code of Ethics defines the term
“professional accountant” and further explains the scope of provisions in the Code of
Ethics that apply to individual professional accountants in public practice and their firms.
A23. The Code of Ethics addresses circumstances when law or regulation precludes
the professional accountant from complying with certain parts of the Code of Ethics. It
further acknowledges that some provisions in law or regulation might differ from or go
beyond those set out in the Code of Ethics and that professional accountants need to
be aware of those differences and comply with the more stringent provisions, unless
prohibited by law or regulation.
A24. Various provisions of the relevant ethical requirements may apply only to
individuals in the context of the performance of engagements and not the firm itself. For
example:
• Part 2 of the Code of Ethics applies to individuals who are professional accountants
in public practice when they are performing professional activities pursuant to their
relationship with the firm, whether as a contractor, employee or owner, and may be
relevant in the context of the performance of engagements.
• Certain requirements in Parts 3 and 4 of the Code of Ethics also apply to individuals
who are professional accountants in public practice when they are performing
professional activities for clients.
Compliance with such relevant ethical requirements by individuals may need to be
addressed by the firm’s system of quality management.

26
Example of relevant ethical requirements that are applicable only to individuals and not
the firm, and which relate to the performance of engagements
Part 2 of the Code of Ethics addresses pressure to breach the fundamental principles,
and includes requirements that an individual shall not:
• Allow pressure from others to result in a breach of compliance with the fundamental
principles; or
• Place pressure on others that the accountant knows, or has reason to believe,
would result in the other individuals breaching the fundamental principles.
For example, circumstances may arise when, in performing an engagement, an
individual considers that the engagement partner or another senior member of the
engagement team has pressured them to breach the fundamental principles.

Response (Ref: Para. 16(u))
A25. Policies are implemented through the actions of personnel and other individuals
whose actions are subject to the policies (including engagement teams), or through their
restraint from taking actions that would conflict with the firm’s policies.
A26. Procedures may be mandated, through formal documentation or other
communications, or may result from behaviors that are not mandated but are rather
conditioned by the firm’s culture. Procedures may be enforced through the actions
permitted by IT applications, or other aspects of the firm’s IT environment.
A27. If the firm uses individuals external to the firm in the system of quality
management or in the performance of engagements, different policies or procedures
may need to be designed by the firm to address the actions of the individuals. SA
220(Revised)7 provides guidance when different policies or procedures may need to be
designed by the firm to address the actions of individuals external to the firm in the
context of an audit of financial statements.
Service Provider (Ref: Para. 16(v))
A28. Service providers include component auditors from other firms not within the
firm’s network.
Applying, and Complying with, Relevant Requirements (Ref: Para. 17)
A29. Examples of when a requirement of this SQM may not be relevant to the firm
• The firm is a sole practitioner. For example, the requirements addressing the
organizational structure and assigning roles, responsibilities and authority within the
firm, direction, supervision and review and addressing differences of opinion may
not be relevant.
• The firm only performs engagements that are related services engagements. For
7 SA 220(Revised), paragraphs A23–A25.

27
example, if the firm is not required to maintain independence for related services
engagements, the requirement to obtain a documented confirmation of compliance
with independence requirements from all personnel would not be relevant.

System of Quality Management
Design, Implement and Operate a System of Quality Management (Ref: Para. 19)
A30. Quality management is not a separate function of the firm; it is the integration of
a culture that demonstrates a commitment to quality with the firm’s strategy, operational
activities and business processes. As a result, designing the system of quality
management and the firm’s operational activities and business processes in an
integrated manner may promote a harmonious approach to managing the firm, and
enhance the effectiveness of quality management.
A31. The quality of professional judgments exercised by the firm is likely to be
enhanced when individuals making such judgments demonstrate an attitude that
includes an inquiring mind, which involves:
• Considering the source, relevance and sufficiency of information obtained about the
system of quality management, including information related to the nature and
circumstances of the firm and its engagements; and
• Being open and alert to a need for further investigation or other action.
Responsibilities (Ref: Para. 20–21, 28(d))
A32. The governance and leadership component includes a quality objective that the
firm has an organizational structure and assignment of roles, responsibilities and
authority that is appropriate to enable the design, implementation and operation of the
firm’s system of quality management.
A33. Notwithstanding the assignment of responsibilities related to the system of quality
management in accordance with paragraph 20, the firm remains ultimately responsible
for the system of quality management and holding individuals responsible and
accountable for their assigned roles. For example, in accordance with paragraphs 53
and 54, although the firm assigns the evaluation of the system of quality management
and conclusion thereon to the individual(s) assigned ultimate responsibility and
accountability for the system of quality management, the firm is responsible for the
evaluation and conclusion.
A34. An individual(s) assigned responsibility for the matters in paragraph 20 is
typically a partner of the firm so that they have appropriate influence and authority within
the firm, as required by paragraph 21. However, based on the legal structure of the firm,
there may be circumstances when an individual(s) may not be a partner of the firm but
the individual(s) has the appropriate influence and authority within the firm to perform
their assigned role because of formal arrangements made by the firm or the firm’s
network.

28
A35. How the firm assigns roles, responsibilities and authority within the firm may vary
and law or regulation may impose certain requirements for the firm that affect the
leadership and management structure or their assigned responsibilities. An individual(s)
assigned responsibility for a matter(s) in paragraph 20 may further assign roles,
procedures, tasks or actions to other individuals to assist them in fulfilling their
responsibilities. However, an individual(s) assigned responsibility for a matter(s) in
paragraph 20 remains responsible and accountable for the responsibilities assigned to
them.

Scalability example to demonstrate how assigning roles and responsibilities may be
undertaken
• In a less complex firm, ultimate responsibility and accountability for the system of
quality management may be assigned to a single managing partner with sole
responsibility for the oversight of the firm. This individual may also assume
responsibility for all aspects of the system of quality management, including
operational responsibility for the system of quality management, compliance with
independence requirements and the monitoring and remediation process.
• In a more complex firm, there may be multiple levels of leadership that reflect the
organizational structure of the firm, and the firm may have an independent
governing body that has non-executive oversight of the firm, which may comprise
external individuals. Furthermore, the firm may assign operational responsibility
for specific aspects of the system of quality management beyond those specified
in paragraph 20(c), such as operational responsibility for compliance with ethical
requirements or operational responsibility for managing a service line.
A36. Compliance with independence requirements is essential to the performance of
audits, or reviews of financial statements, or other assurance engagements, and is an
expectation of stakeholders relying on the firm’s reports. The individual(s) assigned
operational responsibility for compliance with independence requirements is ordinarily
responsible for the oversight of all matters related to independence so that a robust and
consistent approach is designed and implemented by the firm to deal with
independence requirements.
A37. Law, regulation or professional standards may establish additional requirements
for an individual assigned responsibility for a matter(s) in paragraph 20, such as
requirements for professional licensing, professional education or continuing
professional development.
A38. The appropriate experience and knowledge for the individual(s) assigned
operational responsibility for the system of quality management ordinarily includes an
understanding of the firm’s strategic decisions and actions and experience with the
firm’s business operations.
The Firm’s Risk Assessment Process (Ref: Para. 23)
A39. How the firm designs the firm’s risk assessment process may be affected by the
nature and circumstances of the firm, including how the firm is structured and
organized.
29
Scalability examples to demonstrate how the firm’s risk assessment process may differ
• In a less complex firm, the individual(s) assigned operational responsibility for the
system of quality management may have a sufficient understanding of the firm
and its engagements to undertake the risk assessment process. Furthermore, the
documentation of the quality objectives, quality risks and responses may be less
extensive than for a more complex firm (e.g., it may be documented in a single
document).
• In a more complex firm, there may be a formal risk assessment process, involving
multiple individuals and numerous activities. The process may be centralized
(e.g., the quality objectives, quality risks and responses are established centrally
for all business units, functions and service lines) or decentralized (e.g., the
quality objectives, quality risks and responses are established at a business unit,
function or service line level, with the outputs combined at the firm level). The
firm’s network may also provide the firm with quality objectives, quality risks and
responses to be included in the firm’s system of quality management.

A40. The process of establishing quality objectives, identifying and assessing quality
risks and designing and implementing responses is iterative, and the requirements of
this SQM are not intended to be addressed in a linear manner. For example:
• In identifying and assessing quality risks, the firm may determine that an additional
quality objective(s) needs to be established.
• When designing and implementing responses, the firm may determine that a quality
risk was not identified and assessed.
A41. Information sources that enable the firm to establish quality objectives, identify
and assess quality risks and design and implement responses form part of the firm’s
information and communication component and include:
• The results of the firm’s monitoring and remediation process (see paragraphs 42
and A171).
• Information from the network or service providers, including:
o Information about network requirements or network services (see paragraph
48); and
o Other information from the network, including information about the results of
monitoring activities undertaken by the network across the network firms (see
paragraphs 50–51).
Other information, both internal or external, may also be relevant to the firm’s risk
assessment process, such as:
• Information regarding complaints and allegations about failures to perform work in
accordance with professional standards and applicable legal and regulatory
requirements, or non- compliance with the firm’s policies or procedures established
in accordance with this SQM.

30
• The results of external inspections.
• Information from regulators about the entities for whom the firm performs
engagements which is made available to the firm, such as information from a
securities regulator about an entity for whom the firm performs engagements (e.g.,
irregularities in the entity’s financial statements or non-compliance with securities
regulation).
• Changes in the system of quality management that affect other aspects of the
system, for example, changes in the firm’s resources.
• Other external sources, such as regulatory actions and litigation against the firm or
other firms that may highlight areas for the firm to consider.
Establish Quality Objectives (Ref: Para. 24)
A42. Law, regulation or professional standards may establish requirements that give
rise to additional quality objectives. For example, a firm may be required by law or
regulation to appoint non-executive individuals to the firm’s governance structure and
the firm considers it necessary to establish additional quality objectives to address the
requirements.
A43. The nature and circumstances of the firm and its engagements may be such that
the firm may not find it necessary to establish additional quality objectives.
A44. The firm may establish sub-objectives to enhance the firm’s identification and
assessment of quality risks, and design and implementation of responses.
Identify and Assess Quality Risks (Ref: Para. 25)
A45. There may be other conditions, events, circumstances, actions or inactions not
described in paragraph 25(a) that may adversely affect the achievement of a quality
objective.
A46. A risk arises from how, and the degree to which, a condition, event,
circumstance, action or inaction may adversely affect the achievement of a quality
objective. Not all risks meet the definition of a quality risk. Professional judgment assists
the firm in determining whether a risk is a quality risk, which is based on the firm’s
consideration of whether there is a reasonable possibility of the risk occurring, and
individually, or in combination with other risks, adversely affecting the achievement of
one or more quality objectives.

Examples of the firm’s understanding of Examples of quality risks that may arise
the conditions, events, circumstances,
actions or inactions that may adversely
affect the achievement of the quality
objectives

• The strategic and operational In the context of governance and
decisions and actions, business leadership, this may give rise to a number
31
processes and business model of of quality risks such as:
the firm: The firm’s overall financial • Resources are allocated or assigned
goals are overly dependent on the in a manner that prioritizes the
extent of services provided by the services not within the scope of this
firm not within the scope of this SQM and may negatively affect the
SQM. quality of engagements within the
scope of this SQM.
• Decisions about financial and
operational priorities do not fully or
adequately consider the importance
of quality in the performance of
engagements within the scope of
this SQM.

• The characteristics and In the context of governance and
management style of leadership: leadership, this may give rise to a number
The firm is a smaller firm with a few of quality risks such as:
engagement partners with shared • Leadership’s responsibilities and
authority. accountability for quality are not
clearly defined and assigned.
• The actions and behaviors of
leadership that do not promote
quality are not questioned.

• The complexity and operating In the context of resources, this may give
characteristics of the firm: The firm rise to a number of quality risks including:
has recently completed a merger • Technological resources used by the
with another firm. two merged firms may be
incompatible.
• Engagement teams may use
intellectual resources developed by
a firm prior to the merger, which are
no longer consistent with the new
methodology being used by the new
merged firm.

A47. Given the evolving nature of the system of quality management, the responses
designed and implemented by the firm may give rise to conditions, events,
circumstances, actions or inactions that result in further quality risks. For example, the
firm may implement a resource (e.g., a technological resource) to address a quality risk,
and quality risks may arise from the use of such resource.
A48. The degree to which a risk, individually, or in combination with other risks may

32
adversely affect the achievement of a quality objective(s) may vary based on the
conditions, events, circumstances, actions or inactions giving rise to the risk, taking into
account, for example:
• How the condition, event, circumstance, action or inaction would affect the
achievement of the quality objective.
• How frequently the condition, event, circumstance, action or inaction is expected to
occur.
• How long it would take after the condition, event, circumstance, action or inaction
occurred for it to have an effect, and whether in that time the firm would have an
opportunity to respond to mitigate the effect of the condition, event, circumstance,
action or inaction.
• How long the condition, event, circumstance, action or inaction would affect the
achievement of the quality objective once it has occurred.
The assessment of quality risks need not comprise formal ratings or scores, although
firms are not precluded from using them.
Design and Implement Responses to Address the Quality Risks (Ref: Para. 16(u),
26)
A49. The nature, timing and extent of the responses are based on the reasons for the
assessment given to the quality risks, which is the considered occurrence and effect on
the achievement of one or more quality objectives.
A50. The responses designed and implemented by the firm may operate at the firm
level or engagement level, or there may be a combination of responsibilities for actions
to be taken at the firm and engagement level.

Example of a response designed and implemented by the firm that operates at both the
firm and engagement level
The firm establishes policies or procedures for consultation which include with whom
consultation should be undertaken by engagement teams and the specific matters for
which consultation is required. The firm appoints suitably qualified and experienced
individuals to provide the consultations. The engagement team is responsible for
identifying when matters for consultation occur and initiating consultation, and
implementing the conclusions from consultation.8

A51. The need for formally documented policies or procedures may be greater for
firms that have many personnel or that are geographically dispersed, in order to achieve
consistency across the firm.

8 SA 220(Revised), paragraph 35.

33
Changes in the Nature and Circumstances of the Firm or its Engagements (Ref:
Para. 27)

A52. Scalability example to demonstrate how policies or procedures for identifying
information about changes in the nature and circumstances of the firm and its
engagements may vary
• In a less complex firm, the firm may have informal policies or procedures to identify
information about changes in the nature and circumstances of the firm or its
engagements, particularly when the individual(s) responsible for establishing quality
objectives, identifying and assessing quality risks and designing and implementing
responses is able to identify such information in the normal course of their activities.
• In a more complex firm, the firm may need to establish more formal policies or
procedures to identify and consider information about changes in the nature and
circumstances of the firm or its engagements. This may include, for example, a
periodic review of information relating to the nature and circumstances of the firm
and its engagements, including ongoing tracking of trends and occurrences in the
firm’s internal and external environment.

A53. Additional quality objectives may need to be established, or quality risks and
responses added to or modified, as part of the remedial actions undertaken by the firm
to address an identified deficiency in accordance with paragraph 42.
A54. The firm may have established quality objectives in addition to those specified by
this SQM. The firm may also identify information that indicates that additional quality
objectives already established by the firm are no longer needed, or need to be modified.
Governance and Leadership
Commitment to Quality (Ref: Para. 28(a))
A55. The firm’s culture is an important factor in influencing the behavior of personnel.
Relevant ethical requirements ordinarily establish the principles of professional ethics,
and are further addressed in the relevant ethical requirements component of this SQM.
Professional values and attitudes may include:
• Professional manner, for example, timeliness, courteousness, respect,
accountability, responsiveness, and dependability.
• A commitment to teamwork.
• Maintaining an open mind to new ideas or different perspectives in the professional
environment.
• Pursuit of excellence.
• A commitment to continual improvement (e.g., setting expectations beyond the
minimum requirements and placing a focus on continual learning).
• Social responsibility.
34
A56. The firm’s strategic decision-making process, including the establishment of a
business strategy, may include matters such as the firm’s decisions about financial and
operational matters, the firm’s financial goals, how financial resources are managed,
growth of the firm’s market share, industry specialization or new service offerings. The
firm’s financial and operational priorities may directly or indirectly affect the firm’s
commitment to quality, for example, the firm may have incentives that are focused on
financial and operational priorities that may discourage behaviors that demonstrate a
commitment to quality.
Leadership (Ref: Para. 28(b) and 28(c))
A57. The responses designed and implemented by the firm to hold leadership
responsible and accountable for quality include the performance evaluations required by
paragraph 56.
A58. Although leadership establishes the tone at the top through their actions and
behaviors, clear, consistent and frequent actions and communications at all levels within
the firm collectively contribute to the firm’s culture and demonstrates a commitment to
quality.
Organizational Structure (Ref: Para. 28(d))
A59. The organizational structure of the firm may include operating units, operational
processes, divisions or geographical locations and other structures. In some instances,
the firm may concentrate or centralize processes or activities in a service delivery
center, and engagement teams may include personnel from the firm’s service delivery
center who perform specific tasks that are repetitive or specialized in nature.
Resources (Ref: Para. 28(e))
A60. The individual(s) assigned ultimate responsibility and accountability or
operational responsibility for the system of quality management is in most cases able to
influence the nature and extent of resources that the firm obtains, develops, uses and
maintains, and how those resources are allocated or assigned, including the timing of
when they are used.
A61. As resource needs may change over time it may not be practicable to anticipate all
resource needs. The firm’s resource planning may involve determining the resources
currently required, forecasting the firm’s future resource needs, and establishing
processes to deal with unanticipated resource needs when they arise.
Relevant Ethical Requirements (Ref: Para. 16(t), 29)
A62. The Code of Ethics sets out the fundamental principles of ethics that establish
the standards of behavior expected of a professional accountant and establishes the
Independence Standards. The fundamental principles are integrity, objectivity,
professional competence and due care, confidentiality and professional behaviour. The
Code of Ethics also specifies the approach that a professional accountant is required to
apply to comply with the fundamental principles and, when applicable, the
Independence Standards. In addition, the Code of Ethics addresses specific topics
relevant to complying with the fundamental principles. Law or regulation may also

35
contain provisions addressing ethical requirements, including independence, such as
privacy laws affecting the confidentiality of information.
A63. In some cases, the matters addressed by the firm in its system of quality
management may be more specific than, or additional to, the provisions of relevant
ethical requirements.
Examples of matters that a firm may include in its system of quality management that
are more specific than, or additional to, the provisions of relevant ethical requirements
• The firm prohibits the acceptance of gifts and hospitality from a client, even if the
value is trivial and inconsequential.
• The firm sets rotation periods for all engagement partners, including those
performing other assurance or related services engagements, and extends the
rotation periods to all senior engagement team members.

A64. Other components may affect or relate to the relevant ethical requirements
component.
Examples of relationships between the relevant ethical requirements component and
other components
• The information and communication component may address the communication of
various matters related to relevant ethical requirements, including:
o The firm communicating the independence requirements to all personnel and
others subject to independence requirements.
o Personnel and engagement teams communicating relevant information to the
firm without fear of reprisals, such as situations that may create threats to
independence, or breaches of relevant ethical requirements.
• As part of the resources component, the firm may:
o Assign individuals to manage and monitor compliance with relevant ethical
requirements or to provide consultation on matters related to relevant ethical
requirements.
o Use IT applications to monitor compliance with relevant ethical requirements,
including recording and maintaining information about independence.

A65. The relevant ethical requirements that apply to others depend on the provisions
of the relevant ethical requirements and how the firm uses others in its system of quality
management, or in the performance of engagements.
Examples of relevant ethical requirements that apply to others
• Relevant ethical requirements may include requirements for independence that
apply to network firms or employees of network firms, for example, the Code of
Ethics includes independence requirements that apply to network firms.
• Relevant ethical requirements may include a definition of engagement team or
36
other similar concept, and the definition may include any individual who performs
assurance procedures on the engagement (e.g., a component auditor or a service
provider engaged to attend a physical inventory count at a remote location).
Accordingly, any requirements of the relevant ethical requirements that apply to
the engagement team as defined in the relevant ethical requirements, or other
similar concept, may also be relevant to such individuals.
• The principle of confidentiality may apply to the firm’s network, other network firms
or service providers, when they have access to client information obtained by the
firm.

A66. In achieving the quality objectives in this SQM related to independence, auditors
of certain entities such as, Central/State governments and related government entities
(for example, agencies, boards, commissions) may address independence in the
context of the applicable legal and regulatory requirements and statutory measures.
Acceptance and Continuance of Client Relationships and Specific Engagements
The Nature and Circumstances of the Engagement and the Integrity and Ethical
Values of the Client (Ref: Para. 30(a)(i))
A67. The information obtained about the nature and circumstances of the engagement
may include:
• The industry of the entity for which the engagement is being undertaken and
relevant regulatory factors;
• The nature of the entity, for example, its operations, organizational structure,
ownership and governance, its business model and how it is financed; and
• The nature of the underlying subject matter and the applicable criteria, for example,
in the case of integrated reporting:
o The underlying subject matter may include social, environmental or health and
safety information; and
o The applicable criteria may be performance measures established by a
recognized body of experts.
A68. The information obtained to support the firm’s judgments about the integrity and
ethical values of the client may include the identity and business reputation of the
client’s principal owners, key management, and those charged with its governance.
Examples of factors that may affect the nature and extent of information obtained about
the integrity and ethical values of the client
• The nature of the entity for which the engagement is being performed, including the
complexity of its ownership and management structure.
• The nature of the client’s operations, including its business practices.

37
• Information concerning the attitude of the client’s principal owners, key
management and those charged with its governance towards such matters as
aggressive interpretation of accounting standards and the internal control
environment.
• Whether the client is aggressively concerned with maintaining the firm’s fees as low
as possible.
• Indications of a client-imposed limitation in the scope of work.
• Indications that the client might be involved in money laundering or other criminal
activities.
• The reasons for the proposed appointment of the firm and non-reappointment of the
previous firm.
• The identity and business reputation of related parties.

A69. The firm may obtain the information from a variety of internal and external
sources, including:
• In the case of an existing client, information from current or previous engagements,
if applicable, or inquiry of other personnel who have performed other engagements
for the client.
• In the case of a new client, inquiry of existing or previous providers of professional
accountancy services to the client, in accordance with relevant ethical requirements.
• Discussions with other third parties, such as bankers, legal counsel and industry
peers.
• Background searches of relevant databases (which may be intellectual resources).
In some cases, the firm may use a service provider to perform the background
search.
A70. Information that is obtained during the firm’s acceptance and continuance
process may often also be relevant to the engagement team when planning and
performing the engagement. Professional standards may specifically require the
engagement team to obtain or consider such information. For example, SA
220(Revised)9 requires the engagement partner to take into account information
obtained in the acceptance and continuance process in planning and performing the
audit engagement.
A71. Professional standards or applicable legal and regulatory requirements may
include specific provisions that need to be addressed before accepting or continuing a
client relationship or specific engagement and may also require the firm to make
inquiries of an existing or predecessor firm when accepting an engagement. For

9 SA 220 (Revised), paragraph 23.

38
example, when there has been a change of auditors, SA 30010 requires the auditor, prior
to starting an initial audit, to communicate with the predecessor auditor in compliance
with relevant ethical requirements. The Code of Ethics also includes requirements for
the consideration of conflicts of interests in accepting or continuing a client relationship
or specific engagement and communication with the existing or predecessor firm when
accepting an engagement that is an audit or review of financial statements.
The Firm’s Ability to Perform the Engagement (Ref: Para. 30(a)(ii))
A72. The firm’s ability to perform the engagement in accordance with professional
standards and applicable legal and regulatory requirements may be affected by:
• The availability of appropriate resources to perform the engagement;
• Having access to information to perform the engagement, or to the persons who
provide such information; and
• Whether the firm and the engagement team are able to fulfill their responsibilities in
relation to the relevant ethical requirements.

Examples of factors the firm may consider in determining whether appropriate
resources are available to perform the engagement
• The circumstances of the engagement and the reporting deadline.
• The availability of individuals with the appropriate competence and capabilities,
including sufficient time, to perform the engagement. This includes having:
o Individuals to take overall responsibility for directing and supervising the
engagement;
o Individuals with knowledge of the relevant industry or the underlying subject
matter or criteria to be applied in the preparation of the subject matter
information and experience with relevant regulatory or reporting
requirements; and
o Individuals to perform audit procedures on the financial information of a
component for purposes of an audit of group financial statements.
• The availability of experts, if needed.
• If an engagement quality review is needed, whether there is an individual available
who meets the eligibility requirements in SQM 2.
• The need for technological resources, for example, IT applications that enable the
engagement team to perform procedures on the entity’s data.
• The need for intellectual resources, for example, a methodology, industry or
subject matter-specific guides, or access to information sources.

10 SA 300, “Planning an Audit of Financial Statements”, paragraph 12(b).

39
The Firm’s Financial and Operational Priorities (Ref: Para. 30(b))
A73. Financial priorities may focus on the profitability of the firm, and fees obtained for
the performance of engagements have an effect on the firm’s financial resources.
Operational priorities may include strategic focus areas, such as growth of the firm’s
market share, industry specialization or new service offerings. There may be
circumstances when the firm is satisfied with the fee quoted for an engagement but it is
not appropriate for the firm to accept or continue the engagement or client relationship
(e.g., when the client lacks integrity and ethical values).
A74. There may be other circumstances when the fee quoted for an engagement is
not sufficient given the nature and circumstances of the engagement, and it may
diminish the firm’s ability to perform the engagement in accordance with professional
standards and applicable legal and regulatory requirements. The Code of Ethics
addresses fees and other types of remuneration, including circumstances that may
create a threat to compliance with the fundamental principle of professional competence
and due care if the fee quoted for an engagement is too low.
Engagement Performance
Responsibilities of the Engagement Team and Direction, Supervision and Review
(Ref: Para. 31(a) and 31(b))
A75. Professional standards or applicable legal and regulatory requirements may
include specific provisions regarding the overall responsibility of the engagement
partner. For example, SA 220 (Revised) deals with the overall responsibility of the
engagement partner for managing and achieving quality on the engagement and for
being sufficiently and appropriately involved throughout the engagement, including
having responsibility for appropriate direction and supervision of the engagement team
and review of their work.

A76. Examples of direction, supervision and review
• Direction and supervision of the engagement team may include:
o Tracking the progress of the engagement;
o Considering the following with respect to members of the engagement team:
▪ Whether they understand their instructions; and
▪ Whether the work is being carried out in accordance with the planned
approach to the engagement;
o Addressing matters arising during the engagement, considering their
significance and modifying the planned approach appropriately; and
o Identifying matters for consultation or consideration by more experienced
engagement team members during the engagement.
• A review of work performed may include considering whether:
o The work has been performed in accordance with the firm’s policies or
procedures, professional standards and applicable legal and regulatory

40
requirements;
o Significant matters have been raised for further consideration;
o Appropriate consultations have been undertaken and the resulting conclusions
have been documented and implemented;
o There is a need to revise the nature, timing and extent of planned work;
o The work performed supports the conclusions reached and is appropriately
documented;
o The evidence obtained for an assurance engagement is sufficient and
appropriate to support the report; and
o The objectives of the engagement procedures have been achieved.

A77. In some circumstances, the firm may use personnel from a service delivery
center in the firm or individuals from a service delivery center in another network firm to
perform procedures on the engagement (i.e., the personnel or other individuals are
included in the engagement team). In such circumstances, the firm’s policies or
procedures may specifically address the direction and supervision of the individuals and
review of their work, such as:
• What aspects of the engagement may be assigned to individuals in the service
delivery center;
• How the engagement partner, or their designee, is expected to direct, supervise and
review the work undertaken by individuals in the service delivery center; and
• The protocols for communication between the engagement team and individuals in
the service delivery center.
Professional Judgment and Professional Skepticism (Ref: Para. 31(c))
A78. Professional skepticism supports the quality of judgments made on an assurance
engagement and, through these judgments, the overall effectiveness of the engagement
team in performing the assurance engagement. Other pronouncements of ICAI may
address the exercise of professional judgment or professional skepticism at the
engagement level. For example, SA 220(Revised)11 provides examples of impediments
to the exercise of professional skepticism at the engagement level, unconscious auditor
biases that may impede the exercise of professional skepticism, and possible actions
that the engagement team may take to mitigate such impediments.
Consultation (Ref: Para. 31(d))
A79. Consultation typically involves a discussion at the appropriate professional level,
with individuals within or outside the firm who have specialized expertise, on difficult or
contentious matters. An environment that reinforces the importance and benefit of
consultation and encourages engagement teams to consult may contribute to
supporting a culture that demonstrates a commitment to quality.

11 SA 220 (Revised), paragraphs A34–A36.

41
A80. Difficult or contentious matters on which consultation is needed may either be
specified by the firm, or the engagement team may identify matters that require
consultation. The firm may also specify how conclusions are to be agreed and
implemented.
A81. SA 220(Revised)12 includes requirements for the engagement partner related to
consultation.
Differences of Opinion (Ref: Para. 31(e))
A82. The firm may encourage that differences of opinion are identified at an early
stage, and may specify the steps to be taken in raising and dealing with them, including
how the matter is to be resolved and how the related conclusions should be
implemented and documented. In some circumstances, resolving differences of opinion
may be achieved through consulting with another practitioner or firm, or a professional
or regulatory body.
Engagement Documentation (Ref: Para. 31(f))
A83. Law, regulation or professional standards may prescribe the time limits by which
the assembly of final engagement files for specific types of engagements are to be
completed. Where no such time limits are prescribed in law or regulation, the time limit
may be determined by the firm. In the case of engagements conducted under the SAs
or SAEs, an appropriate time limit within which to complete the assembly of the final
engagement file is ordinarily not more than 60 days after the date of the engagement
report.
A84. The retention and maintenance of engagement documentation may include
managing the safe custody, integrity, accessibility or retrievability of the underlying data
and the related technology. The retention and maintenance of engagement
documentation may involve the use of IT applications. The integrity of engagement
documentation may be compromised if it is altered, supplemented or deleted without
authorization to do so, or if it is permanently lost or damaged.
A85. Law, regulation or professional standards may prescribe the retention periods for
engagement documentation. If the retention periods are not prescribed, the firm may
consider the nature of the engagements performed by the firm and the firm’s
circumstances, including whether the engagement documentation is needed to provide
a record of matters of continuing significance to future engagements. In the case of
engagements conducted under the SAs or SAEs, the retention period is ordinarily no
shorter than seven13 years or such other period as may be specified by ICAI from the
date of the engagement report, or, if later, the date of the auditor’s report on the group
financial statements, when applicable.

12 SA 220 (Revised), paragraph 35.
13 The Council of the Institute had in August 2009, pursuant to the provisions of Rule 12 of the Chartered Accountants

(Procedures of Investigations of Professional and Other Misconduct and Cases) Rules, 2007 had amended the audit
documentation retention period appearing as ten years in paragraph 83 of SQC 1 to seven years. As a consequence
of above decision of the Council, the audit documentation retention period appearing as ten years in paragraph A23
of SA 230, ‘Audit Documentation’, issued in January 2009, shall also stand amended to seven years. However, the
corresponding requirement in ISQM 1 is five years.

42
Resources (Ref: Para. 32)

A86. Resources for the purposes of the resources component include:

• Human resources.
• Technological resources, for example, IT applications.
• Intellectual resources, for example, written policies or procedures, a methodology or
guides.
Financial resources are also relevant to the system of quality management because
they are necessary for obtaining, developing and maintaining the firm’s human
resources, technological resources and intellectual resources. Given that the
management and allocation of financial resources is strongly influenced by leadership,
the quality objectives in governance and leadership, such as those that address
financial and operational priorities, address financial resources.

A87. Resources may be internal to the firm, or may be obtained externally from the
firm’s network, another network firm or service provider. Resources may be used in
performing activities within the firm’s system of quality management, or in the
performance of engagements as part of operating the system of quality management. In
circumstances when a resource is obtained from the firm’s network or another network
firm, paragraphs 48–52 form part of the responses designed and implemented by the
firm in achieving the objectives in this component.

Human Resources

Hiring, Developing and Retaining Personnel and Personnel Competence and
Capabilities (Ref: Para. 32(a), 32(d))
A88. Competence is the ability of the individual to perform a role and goes beyond
knowledge of principles, standards, concepts, facts, and procedures; it is the integration
and application of technical competence, professional skills, and professional ethics,
values and attitudes. Competence can be developed through a variety of methods,
including professional education, continuing professional development, training, work
experience or coaching of less experienced engagement team members by more
experienced engagement team members.
A89. Law, regulation or professional standards may establish requirements addressing
competence and capabilities, such as requirements for the professional licensing of
engagement partners, including requirements regarding their professional education
and continuing professional development.
A90. Examples of policies or procedures relating to hiring, developing and retaining
personnel
The policies or procedures designed and implemented by the firm relating to hiring,
developing and retaining personnel may address:

43
• Recruiting individuals who have, or are able to develop, appropriate competence.
• Training programs focused on developing the competence of personnel and
continuing professional development.
• Evaluation mechanisms that are undertaken at appropriate intervals and include
competency areas and other performance measures.
• Compensation, promotion and other incentives, for all personnel, including
engagement partners and individuals assigned roles and responsibilities related to
the firm’s system of quality management.

Personnel’s Commitment to Quality and Accountability and Recognition for Commitment
to Quality (Ref: Para. 32(b))
A91. Timely evaluations and feedback help support and promote the continual
development of the competence of personnel. Less formal methods of evaluation and
feedback may be used, such as in the case of firms with fewer personnel.
A92. Positive actions or behaviors demonstrated by personnel may be recognized
through various means, such as through compensation, promotion, or other incentives.
In some circumstances, simple or informal incentives that are not based on monetary
rewards may be appropriate.
A93. The manner in which the firm holds personnel accountable for actions or
behaviors that negatively affect quality, such as failing to demonstrate a commitment to
quality, develop and maintain the competence to perform their role or implement the
firm’s responses as designed, may depend on the nature of the action or behavior,
including its severity and frequency of occurrence. Actions the firm may take when
personnel demonstrate actions or behaviors that negatively affect quality may include:
• Training or other professional development.
• Considering the effect of the matter on the evaluation, compensation, promotion or
other incentives of those involved.
• Disciplinary action, if appropriate.
Individuals Obtained from External Sources (Ref: Para. 32(c))

A94. Professional standards may include responsibilities for the engagement partner
regarding the appropriateness of resources. For example, SA 220(Revised)14 addresses
the responsibility of the engagement partner for determining that sufficient and
appropriate resources to perform the engagement are assigned or made available to
the engagement team in a timely manner in accordance with the firm’s policies or
procedures.

14 SA 220 (Revised), paragraph 25.

44
Engagement Team Members Assigned to Each Engagement (Ref: Para. 32(d))
A95. Engagement team members may be assigned to engagements by:
• The firm, including assigning personnel from a service delivery center in the firm.
• The firm’s network or another network firm when the firm uses individuals from the
firm’s network or another network firm to perform procedures on the engagement
(e.g., a component auditor or a service delivery center of the network or another
network firm).
• A service provider when the firm uses individuals from a service provider to perform
procedures on the engagement (e.g., a component auditor from a firm that is not
within the firm’s network).
A96. SA 220(Revised)15 addresses the responsibility of the engagement partner to
determine that members of the engagement team, and any auditor’s external experts
and internal auditors who provide direct assistance who are not part of the engagement
team, collectively have the appropriate competence and capabilities, including sufficient
time, to perform the engagement. The responses designed and implemented by the firm
to address the competence and capabilities of engagement team members assigned to
the engagement may include policies or procedures that address:
• Information that may be obtained by the engagement partner and factors to
consider in determining that the engagement team members assigned to the
engagement, including those assigned by the firm’s network, another network firm
or service provider, have the competence and capabilities to perform the
engagement.
• How concerns about the competence and capabilities of engagement team
members, in particular those assigned by the firm’s network, another network firm or
service provider, may be resolved.
A97. The requirements in paragraphs 48–52 are also applicable when using
individuals from the firm’s network or another network firm on an engagement, including
component auditors (see, for example, paragraph A179).
Technological Resources (Ref: Para. 32(f))
A98. Technological resources, which are typically IT applications, form part of the
firm’s IT environment. The firm’s IT environment also includes the supporting IT
infrastructure and the IT processes and human resources involved in those processes:
• An IT application is a program or a set of programs that is designed to perform a
specific function directly for the user or, in some cases, for another application
program.
• The IT infrastructure is comprised of the IT network, operating systems, and
databases and their related hardware and software.
15 SA 220 (Revised), paragraph 26.

45
• The IT processes are the firm’s processes to manage access to the IT environment,
manage program changes or changes to the IT environment and manage IT
operations, which includes monitoring the IT environment.
A99. A technological resource may serve multiple purposes within the firm and some
of the purposes may be unrelated to the system of quality management. Technological
resources that are relevant for the purposes of this SQM are:
• Technological resources that are directly used in designing, implementing or
operating the firm’s system of quality management;
• Technological resources that are used directly by engagement teams in the
performance of engagements; and
• Technological resources that are essential to enabling the effective operation of the
above, such as, in relation to an IT application, the IT infrastructure and IT
processes supporting the IT application.

Scalability examples to demonstrate how the technological resources that are relevant
for the purposes of this SQM may differ
• In a less complex firm, the technological resources may comprise a commercial IT
application used by engagement teams, which has been purchased from a service
provider. The IT processes that support the operation of the IT application may also
be relevant, although they may be simple (e.g., processes for authorizing access to
the IT application and processing updates to the IT application).
• In a more complex firm, the technological resources may be more complex and may
comprise:
o Multiple IT applications, including custom developed applications or applications
developed by the firm’s network, such as:
▪ IT applications used by engagement teams (e.g., engagement software and
automated audit tools).
▪ IT applications developed and used by the firm to manage aspects of the
system of quality management (e.g., IT applications to monitor
independence or assign personnel to engagements).
o The IT processes that support the operation of these IT applications, including
the individuals responsible for managing the IT infrastructure and IT processes
and the firm’s processes for managing program changes to the IT applications.

A100. The firm may consider the following matters in obtaining, developing,
implementing and maintaining an IT application:
• The data inputs are complete and appropriate;
• Confidentiality of the data is preserved;

46
• The IT application operates as designed and achieves the purpose for which it is
intended;
• The outputs of the IT application achieve the purpose for which they will be used;
• The general IT controls necessary to support the IT application’s continued
operation as designed are appropriate;
• The need for specialized skills to utilize the IT application effectively, including the
training of individuals who will use the IT application; and
• The need to develop procedures that set out how the IT application operates.
A101. The firm may specifically prohibit the use of IT applications or features of IT
applications until such time that it has been determined that they operate appropriately
and have been approved for use by the firm. Alternatively, the firm may establish
policies or procedures to address circumstances when the engagement team uses an
IT application that is not approved by the firm. Such policies or procedures may require
the engagement team to determine that the IT application is appropriate for use prior to
using it on the engagement, through considering the matters in paragraph A100. SA
220(Revised)16 addresses the engagement partner’s responsibilities for engagement
resources.
Intellectual Resources (Ref: Para. 32(g))
A102. Intellectual resources include the information the firm uses to enable the
operation of the system of quality management and promote consistency in the
performance of engagements.

Examples of intellectual resources
Written policies or procedures, a methodology, industry or subject matter-specific
guides, accounting guides, standardized documentation or access to information
sources (e.g., subscriptions to websites that provide in-depth information about entities
or other information that is typically used in the performance of engagements).

A103. Intellectual resources may be made available through technological resources,
for example, the firm’s methodology may be embedded in the IT application that
facilitates the planning and performance of the engagement.
Use of Technological and Intellectual Resources (Ref: Para. 32(f)–32(g))
A104. The firm may establish policies or procedures regarding the use of the firm’s
technological and intellectual resources. Such policies or procedures may:
• Require the use of certain IT applications or intellectual resources in the
performance of engagements, or relating to other aspects of the engagement, such
as in archiving the engagement file.

16 SA 220 (Revised), paragraphs 25–28.

47
• Specify the qualifications or experience that individuals need to use the resource,
including the need for an expert or training, for example, the firm may specify the
qualifications or expertise needed to use an IT application that analyzes data, given
that specialized skills may be needed to interpret the results.
• Specify the responsibilities of the engagement partner regarding the use of
technological and intellectual resources.
• Set out how the technological or intellectual resources are to be used, including how
individuals should interact with an IT application or how the intellectual resource
should be applied, and the availability of support or assistance in using the
technological or intellectual resource.
Service Providers (Ref: Para. 16(v), 32(h))
A105. In some circumstances, the firm may use resources that are provided by a
service provider, particularly in circumstances when the firm does not have access to
the appropriate resources internally. Notwithstanding that a firm may use resources
from a service provider, the firm remains responsible for its system of quality
management.
Examples of resources from a service provider
• Individuals engaged to perform the firm’s monitoring activities or engagement
quality reviews, or to provide consultation on technical matters.
• A commercial IT application used to perform audit engagements.
• Individuals performing procedures on the firm’s engagements, for example,
component auditors from other firms not within the firm’s network or individuals
engaged to attend a physical inventory count at a remote location.
• An auditor’s external expert used by the firm to assist the engagement team in
obtaining audit evidence.

A106. In identifying and assessing quality risks, the firm is required to obtain an
understanding of the conditions, events, circumstances, actions or inactions that may
adversely affect the achievement of the quality objectives, which includes conditions,
events, circumstances, actions or inactions relating to service providers. In doing so, the
firm may consider the nature of the resources provided by service providers, how and
the extent to which they will be used by the firm, and the general characteristics of the
service providers used by the firm (e.g., the varying types of other professional services
firms that are used), in order to identify and assess quality risks related to the use of
such resources.
A107. In determining whether a resource from a service provider is appropriate for use
in the firm’s system of quality management or in the performance of engagements, the
firm may obtain information about the service provider and the resource they provide
from a number of sources. Matters the firm may consider include:
• The related quality objective and quality risks. For example, in the case of a

48
methodology from a service provider, there may be quality risks related to the
quality objective in paragraph 32(g), such as a quality risk that the service provider
does not update the methodology to reflect changes in professional standards and
applicable legal and regulatory requirements.
• The nature and scope of the resources, and the conditions of the service (e.g., in
relation to an IT application, how often updates will be provided, limitations on the
use of the IT application and how the service provider addresses confidentiality of
data).
• The extent to which the resource is used across the firm, how the resource will be
used by the firm and whether it is suitable for that purpose.
• The extent of customization of the resource for the firm.
• The firm’s previous use of the service provider.
• The service provider’s experience in the industry and reputation in the market.
A108. The firm may have a responsibility to take further actions in using the resource
from a service provider so that the resource functions effectively. For example, the firm
may need to communicate information to the service provider in order for the resource
to function effectively, or, in relation to an IT application, the firm may need to have
supporting IT infrastructure and IT processes in place.
Information and Communication (Ref: Para. 33)
A109. Obtaining, generating or communicating information is generally an ongoing
process that involves all personnel and encompasses the dissemination of information
within the firm and externally. Information and communication is pervasive to all
components of the system of quality management.
The Firm’s Information System (Ref: Para. 33(a))
A110. Reliable and relevant information includes information that is accurate, complete,
timely and valid to enable the proper functioning of the firm’s system of quality
management and to support decisions regarding the system of quality management.
A111. The information system may include the use of manual or IT elements, which
affect the manner in which information is identified, captured, processed, maintained
and communicated. The procedures to identify, capture, process, maintain and
communicate information may be enforced through IT applications, and in some cases
may be embedded within the firm’s responses for other components. In addition, digital
records may replace or supplement physical records.

Scalability example to demonstrate how the information system may be designed in a
less complex firm
Less complex firms with fewer personnel and direct involvement of leadership may not
need rigorous policies and procedures that specify how information should be identified,
captured, processed and maintained.

49
Communication Within the Firm (Ref: Para. 33(b), 33(c))
A112. The firm may recognize and reinforce the responsibility of personnel and
engagement teams to exchange information with the firm and with one another by
establishing communication channels to facilitate communication across the firm.

Examples of communication among the firm, personnel and engagement teams
• The firm communicates the responsibility for implementing the firm’s responses to
personnel and engagement teams.
• The firm communicates changes to the system of quality management to personnel
and engagement teams, to the extent that the changes are relevant to their
responsibilities and enables personnel and engagement teams to take prompt and
appropriate action in accordance with their responsibilities.
• The firm communicates information that is obtained during the firm’s acceptance
and continuance process that is relevant to engagement teams in planning and
performing engagements.
• Engagement teams communicate to the firm information about:
o The client that is obtained during the performance of an engagement that may
have caused the firm to decline the client relationship or specific engagement
had that information been known prior to accepting or continuing the client
relationship or specific engagement.
o The operation of the firm’s responses (e.g., concerns about the firm’s processes
for assigning personnel to engagements), which in some cases, may indicate a
deficiency in the firm’s system of quality management.
• Engagement teams communicate information to the engagement quality reviewer or
individuals providing consultation.
• Group engagement teams communicate matters to component auditors in
accordance with the firm’s policies or procedures, including matters related to
quality management at the engagement level.
• The individual(s) assigned operational responsibility for compliance with
independence requirements communicates to relevant personnel and engagement
teams changes in the independence requirements and the firm’s policies or
procedures to address such changes.

Communication with External Parties
Communication to or within the Firm’s Network and to Service Providers (Ref: Para.
33(d)(i))
A113. In addition to the firm communicating information to or within the firm’s network or
to a service provider, the firm may need to obtain information from the network, a
network firm or a service provider that supports the firm in the design, implementation
and operation of its system of quality management.

50
Example of information obtained by the firm from within the firm’s network
The firm obtains information from the network or other network firms about clients of
other network firms, where there are independence requirements that affect the firm.

Communication with Others External to the Firm (Ref: Para. 33(d)(ii))
A114. Examples of when law, regulation or professional standards may require the firm
to communicate information to external parties
• The firm becomes aware of non-compliance with laws and regulations by a client,
and relevant ethical requirements require the firm to report the non-compliance with
laws and regulations to an appropriate authority outside the client entity, or to
consider whether such reporting is an appropriate action in the circumstances.
• Law or regulation requires the firm to publish a transparency report and specifies
the nature of the information that is required to be included in the transparency
report.
• Securities law or regulation requires the firm to communicate certain matters to
those charged with governance.

A115. In some cases, law or regulation may preclude the firm from communicating
information related to its system of quality management externally.

Examples of when the firm may be precluded from communicating information
externally
• Privacy or secrecy law or regulation prohibits disclosure of certain information.
• Law, regulation or relevant ethical requirements include provisions addressing the
duty of confidentiality.
Specified Responses (Ref: Para. 34)
A116. The specified responses may address multiple quality risks related to more than
one quality objective across different components. For example, policies or procedures
for complaints and allegations may address quality risks related to quality objectives in
resources (e.g., personnel’s commitment to quality), relevant ethical requirements and
governance and leadership. The specified responses alone are not sufficient to achieve
the objectives of the system of quality management.
Relevant Ethical Requirements (Ref: Para. 34(a))
A117. Relevant ethical requirements may contain provisions regarding the identification
and evaluation of threats and how they are to be addressed. For example, the Code of
Ethics provides a conceptual framework for this purpose and, in applying the conceptual
framework, requires that the firm use the reasonable and informed third party test.
A118. Relevant ethical requirements may specify how the firm is required to respond to
51
a breach. For example, the Code of Ethics sets out requirements for the firm in the
event of a breach of the Code of Ethics and includes specific requirements addressing
breaches of the Independence Standards, which includes requirements for
communication with external parties.
A119. Matters the firm may address relating to breaches of the relevant ethical
requirements include:
• The communication of breaches of the relevant ethical requirements to appropriate
personnel;
• The evaluation of the significance of a breach and its effect on compliance with
relevant ethical requirements;
• The actions to be taken to satisfactorily address the consequences of a breach,
including that such actions be taken as soon as practicable;
• Determining whether to report a breach to external parties, such as those charged
with governance of the entity to which the breach relates or an external oversight
authority; and
• Determining the appropriate actions to be taken in relation to the individual(s)
responsible for the breach.
Complaints and Allegations (Ref: Para. 34(c))
A120. Establishing policies or procedures for dealing with complaints and allegations
may assist the firm in preventing engagement reports from being issued that are
inappropriate. It also may assist the firm in:
• Identifying and dealing with individuals, including leadership, who do not act or
behave in a manner that demonstrates a commitment to quality and supports the
firm’s commitment to quality; or
• Identifying deficiencies in the system of quality management.
A121. Complaints and allegations may be made by personnel, or others external to the
firm (e.g., clients, component auditors or individuals within the firm’s network).
Information That Becomes Known Subsequent to Accepting or Continuing a
Client Relationship or Specific Engagement (Ref: Para. 34(d))
A122. Information that becomes known subsequent to accepting or continuing a client
relationship or specific engagement may:
• Have existed at the time of the firm’s decision to accept or continue the client
relationship or specific engagement and the firm was not aware of such information;
or
• Relate to new information that has arisen since the decision to accept or continue
the client relationship or specific engagement.

52
Examples of matters addressed in the firm’s policies or procedures for circumstances
when information becomes known subsequent to accepting or continuing a client
relationship or specific engagement that may have affected the firm’s decision to accept
or continue a client relationship or specific engagement
• Undertaking consultation within the firm or with legal counsel.
• Considering whether there is a professional, legal or regulatory requirement for the
firm to continue the engagement.
• Discussing with the appropriate level of the client’s management and with those
charged with governance or the engaging party the action that the firm might take
based on the relevant facts and circumstances.
• When it is determined that withdrawal is an appropriate action:
o Informing the client’s management and those charged with governance or the
engaging party of this decision and the reasons for the withdrawal.
o Considering whether there is a professional, legal or regulatory requirement for
the firm to report the withdrawal from the engagement, or from both the
engagement and the client relationship, together with the reasons for the
withdrawal, to regulatory authorities.

A123. In some circumstances, law or regulation may impose an obligation on the firm to
accept or continue a client engagement, or in the case of the certain entities, such as,
Central/State governments and related government entities (for example, agencies,
boards, commissions), the firm may be appointed through statutory provisions.

Example of matters addressed in the firm’s policies or procedures in circumstances
when the firm is obligated to accept or continue an engagement or the firm is unable to
withdraw from an engagement, and the firm is aware of information that would have
caused the firm to decline or discontinue the engagement
• The firm considers the effect of the information on the performance of the
engagement.
• The firm communicates the information to the engagement partner, and requests
the engagement partner to increase the extent and frequency of the direction and
supervision of the engagement team members and review of their work.
• The firm assigns more experienced personnel to the engagement.
• The firm determines that an engagement quality review should be performed.

Communication with External Parties (Ref. Para: 34(e))
A124. The firm’s ability to maintain stakeholder confidence in the quality of its
engagements may be enhanced through relevant, reliable and transparent
communication by the firm about the activities that it has undertaken to address quality,
and the effectiveness of those activities.

53
A125. External parties who may use information about the firm’s system of quality
management, and the extent of their interest in the firm’s system of quality
management, may vary based on the nature and circumstances of the firm and its
engagements.
Examples of external parties who may use information about the firm’s system of quality
management
• Management or those charged with governance of the firm’s clients may use the
information to determine whether to appoint the firm to perform an engagement.
• External oversight authorities may have indicated a desire for the information to
support their responsibilities in monitoring the quality of engagements and in
understanding the work of firms.
• Other firms who use the work of the firm in the performance of engagements
(e.g., in relation to a group audit) may have requested such information.
• Other users of the firm’s engagement reports, such as investors who use
engagement reports in their decision making, may have indicated a desire for the
information.

A126. The information about the system of quality management provided to external
parties, including information communicated to those charged with governance about
how the system of quality management supports the consistent performance of quality
engagements, may address such matters as:
• The nature and circumstances of the firm, such as the organizational structure,
business model, strategy and operating environment.
• The firm’s governance and leadership, such as its culture, how it demonstrates a
commitment to quality, and assigned roles, responsibilities and authority with
respect to the system of quality management.
• How the firm fulfills its responsibilities in accordance with relevant ethical
requirements, including those related to independence.
• Factors that contribute to quality engagements, for example, such information may
be presented in the form of engagement quality indicators with narrative to explain
the indicators.
• The results of the firm’s monitoring activities and external inspections, and how the
firm has remediated identified deficiencies or is otherwise responding to them.
• The evaluation undertaken in accordance with paragraphs 53–54 of whether the
system of quality management provides the firm with reasonable assurance that the
objectives of the system are being achieved and the conclusion thereon, including
the basis for the judgments made in undertaking the evaluation and concluding.
• How the firm has responded to emerging developments and changes in the
circumstances of the firm or its engagements, including how the system of quality
management has been adapted to respond to such changes.

54
• The relationship between the firm and the network, the overall structure of the
network, a description of network requirements and network services, the
responsibilities of the firm and the network (including that the firm is ultimately
responsible for the system of quality management), and information about the
overall scope and results of network monitoring activities across the network firms.
Communication with Those Charged with Governance (Ref. Para: 34(e)(i))
A127. How the communication with those charged with governance is undertaken (i.e.,
by the firm or the engagement team) may depend on the firm’s policies or procedures
and the circumstances of the engagement.
A128. SA 260 (Revised) deals with the auditor’s responsibility to communicate with
those charged with governance in an audit of financial statements, and addresses the
auditor’s determination of the appropriate person(s) within the entity’s governance
structure with whom to communicate17 and the communication process.18 In some
circumstances, it may be appropriate to communicate with those charged with
governance of entities other than listed entities (or when performing other
engagements), for example, entities that may have public interest or public
accountability characteristics, such as:
• Entities that hold a significant amount of assets in a fiduciary capacity for a large
number of stakeholders including financial institutions, such as certain banks,
insurance companies, and pension funds.
• Entities with a high public profile, or whose management or owners have a high
public profile.
• Entities with a large number and wide range of stakeholders.
A129. The firm may determine it is appropriate to communicate to those charged with
governance of certain entities, such as, Central/State governments and related
government entities (for example, agencies, boards, commissions), about how the firm’s
system of quality management supports the consistent performance of quality
engagements, taking into account the size and complexity of the entity, the range of its
stakeholders, the nature of the services it provides, and the role and responsibilities of
those charged with governance.
Determining When it is Otherwise Appropriate to Communicate with External Parties
(Ref. Para: 34(e)(ii))
A130. The firm’s determination of when it is appropriate to communicate with external
parties about the firm’s system of quality management is a matter of professional
judgment and may be influenced by matters such as:
• The types of engagements performed by the firm, and the types of entities for which
such engagements are undertaken.

17 SA 260 (Revised), “Communication with Those Charged with Governance”, paragraphs 11–13.
18 SA 260 (Revised), paragraphs 18–22.

55
• The nature and circumstances of the firm.
• The nature of the firm’s operating environment, such as customary business
practice and the characteristics of the financial markets in which the firm operates.
• The extent to which the firm has already communicated with external parties in
accordance with law or regulation (i.e., whether further communication is needed,
and if so, the matters to be communicated).
• The expectations of stakeholders from the firm, including the understanding and
interest that external parties have expressed about the engagements undertaken by
the firm, and the firm’s processes in performing the engagements.
• Other trends.
• The information that is already available to external parties.
• How external parties may use the information, and their general understanding of
matters related to firms’ system of quality management and audits or reviews of
financial statements, or other assurance or related services engagements.
• The public interest benefits of external communication and whether it would
reasonably be expected to outweigh the costs (monetary or otherwise) of such
communication.
The above matters may also affect the information provided by the firm in the
communication, and the nature, timing and extent and appropriate form of
communication.
Nature, Timing and Extent and Appropriate Form of Communication with External
Parties (Ref. Para: 34(e)(iii))
A131. The firm may consider the following attributes in preparing information that is
communicated to external parties:
• The information is specific to the circumstances of the firm. Relating the matters in
the firm’s communication directly to the specific circumstances of the firm may help
to minimize the potential that such information becomes overly standardized and
less useful over time.
• The information is presented in a clear and understandable manner, and the
manner of presentation is neither misleading nor would inappropriately influence the
users of the communication (e.g., the information is presented in a manner that is
appropriately balanced towards positive and negative aspects of the matter being
communicated).
• The information is accurate and complete in all material respects and does not
contain information that is misleading.
• The information takes into consideration the information needs of the users for
whom it is intended. In considering the information needs of the users, the firm may
consider matters such as the level of detail that users would find meaningful and
whether users have access to relevant information through other sources (e.g., the
firm’s website).
56
A132. The firm uses professional judgment in determining, in the circumstances, the
appropriate form of communication with the external party, including communication
with those charged with governance when performing an audit of financial statements of
listed entities, which may be made orally or in writing. Accordingly, the form of
communication may vary.
Examples of form of communication to external parties
• A publication such as a transparency report or audit quality report.
• Targeted written communication to specific stakeholders (e.g., information about the
results of the firm’s monitoring and remediation process).
• Direct conversations and interactions with the external party (e.g., discussions
between the engagement team and those charged with governance).
• A webpage.
• Other forms of digital media, such as social media, or interviews or presentations
via webcast or video.

Engagements Subject to an Engagement Quality Review
Engagement Quality Review Required by Law or Regulation (Ref: Para. 34(f)(ii))
A133. Law or regulation may require an engagement quality review to be performed, for
example, for audit engagements for entities that:
• Are public interest entities;
• Operate in the public sector or which are recipients of government funding, or
entities with public accountability;
• Operate in certain industries (e.g., financial institutions such as banks, insurance
companies and pension funds);
• Meet a specified asset threshold; or
• Are under the management of a court or judicial process (e.g., liquidation).
Engagement Quality Review as a Response to Address One or More Quality Risk(s)
(Ref: Para. 34(f)(iii))
A134. The firm’s understanding of the conditions, events, circumstances, actions or
inactions that may adversely affect the achievement of the quality objectives, as
required by paragraph 25(a)(ii), relates to the nature and circumstances of the
engagements performed by the firm. In designing and implementing responses to
address one or more quality risk(s), the firm may determine that an engagement quality
review is an appropriate response based on the reasons for the assessments given to
the quality risks.

57
Examples of conditions, events, circumstances, actions or inactions giving rise to one or
more quality risk(s) for which an engagement quality review may be an appropriate
response
Those relating to the types of engagements performed by the firm and reports to be
issued:
• Engagements that involve a high level of complexity or judgment, such as:
o Audits of financial statements for entities operating in an industry that typically
has accounting estimates with a high degree of estimation uncertainty (e.g.,
certain large financial institutions or mining entities), or for entities for which
uncertainties exist related to events or conditions that may cast significant doubt
on their ability to continue as a going concern.
o Assurance engagements that require specialized skills and knowledge in
measuring or evaluating the underlying subject matter against the applicable
criteria (e.g., a greenhouse gas statement in which there are significant
uncertainties associated with the quantities reported therein).
• Engagements on which issues have been encountered, such as audit engagements
with recurring internal or external inspection findings, unremediated significant
deficiencies in internal control, or a material restatement of comparative information
in the financial statements.
• Engagements for which unusual circumstances have been identified during the
firm’s acceptance and continuance process (e.g., a new client that had a
disagreement with its previous auditor or assurance practitioner).
• Engagements that involve reporting on financial or non-financial information that is
expected to be included in a regulatory filing, and that may involve a higher degree
of judgment, such as pro forma financial information to be included in a prospectus.
Those relating to the types of entities for which engagements are undertaken:
• Entities in emerging industries, or for which the firm has no previous experience.
• Entities for which concerns were expressed in communications from securities or
prudential regulators.
• Entities other than listed entities that may have public interest or public
accountability characteristics, for example:
o Entities that hold a significant amount of assets in a fiduciary capacity for a
large number of stakeholders including financial institutions, such as certain
banks, insurance companies, and pension funds for which an engagement
quality review is not otherwise required by law or regulation.
o Entities with a high public profile, or whose management or owners have a high
public profile.
o Entities with a large number and wide range of stakeholders.

58
A135. The firm’s responses to address quality risks may include other forms of
engagement reviews that are not an engagement quality review. For example, for audits
of financial statements, the firm’s responses may include reviews of the engagement
team’s procedures relating to significant risks, or reviews of certain significant
judgments, by personnel who have specialized technical expertise. In some cases,
these other types of engagement reviews may be undertaken in addition to an
engagement quality review.
A136. In some cases, the firm may determine that there are no audits or other
engagements for which an engagement quality review or another form of engagement
review is an appropriate response to address the quality risk(s).
A137. The nature and circumstances of certain entities, such as, Central/State
governments and related government entities (for example, agencies, boards,
commissions), (e.g., due to their size and complexity, the range of their stakeholders, or
the nature of the services they provide) may give rise to quality risks. In these
circumstances, the firm may determine that an engagement quality review is an
appropriate response to address such quality risks. Law or regulation may establish
additional reporting requirements for the auditors of such entities (e.g., a separate report
on instances of non-compliance with law or regulation to the legislature or other
governing body or communicating such instances in the auditor’s report on the financial
statements). In such cases, the firm may also consider the complexity of such reporting,
and its importance to users, in determining whether an engagement quality review is an
appropriate response.
Monitoring and Remediation Process (Ref: Para. 35–47)
A138. In addition to enabling the evaluation of the system of quality management, the
monitoring and remediation process facilitates the proactive and continual improvement
of engagement quality and the system of quality management. For example:
• Given the inherent limitations of a system of quality management, the firm’s
identification of deficiencies is not unusual and it is an important aspect of the
system of quality management, because prompt identification of deficiencies
enables the firm to remediate them in a timely and effective manner, and
contributes to a culture of continual improvement.
• The monitoring activities may provide information that enables the firm to prevent a
deficiency through responding to a finding that could, over a period of time, lead to a
deficiency.
Designing and Performing Monitoring Activities (Ref: Para. 37–38)
A139. The firm’s monitoring activities may comprise a combination of ongoing
monitoring activities and periodic monitoring activities. Ongoing monitoring activities are
generally routine activities, built into the firm’s processes and performed on a real-time
basis, reacting to changing conditions. Periodic monitoring activities are conducted at
certain intervals by the firm. In most cases, ongoing monitoring activities provide
information about the system of quality management in a timelier manner.

59
A140. Monitoring activities may include the inspection of in-process engagements.
Inspections of engagements are designed to monitor that an aspect of the system of
quality management is designed, implemented and operating in the manner intended. In
some circumstances, the system of quality management may include responses that
are designed to review engagements while they are in the process of being performed
that appear similar in nature to an inspection of in-process engagements (e.g., reviews
that are designed to detect failures or shortcomings in the system of quality
management so that they can prevent a quality risk from occurring). The purpose of the
activity will guide its design and implementation, and where it fits within the system of
quality management (i.e., whether it is an inspection of an in-process engagement that
is a monitoring activity or a review of an engagement that is a response to address a
quality risk).
A141. The nature, timing and extent of the monitoring activities may also be affected by
other matters, including:
• The size, structure and organization of the firm.
• The involvement of the firm’s network in monitoring activities.
• The resources that the firm intends to use to enable monitoring activities, such as
the use of IT applications.
A142. When performing monitoring activities, the firm may determine that changes to
the nature, timing and extent of the monitoring activities are needed, such as when
findings indicate the need for more extensive monitoring activities.
The Design of the Firm’s Risk Assessment Process and Monitoring and Remediation
Process (Ref: Para. 37(c))
A143. How the firm’s risk assessment process is designed (e.g., a centralized or
decentralized process, or the frequency of review) may affect the nature, timing and
extent of the monitoring activities, including monitoring activities over the firm’s risk
assessment process.
A144. How the firm’s monitoring and remediation process is designed (i.e., the nature,
timing and extent of the monitoring and remediation activities, taking into account the
nature and circumstances of the firm) may affect the monitoring activities undertaken by
the firm to determine whether the monitoring and remediation process is achieving the
intended purpose as described in paragraph 35.

Scalability example to demonstrate the monitoring activities for the monitoring and
remediation process
• In a less complex firm, the monitoring activities may be simple, since information
about the monitoring and remediation process may be readily available in the form
of leadership’s knowledge, based on their frequent interaction with the system of
quality management, of the nature, timing and extent of the monitoring activities
undertaken, the results of the monitoring activities, and the firm’s actions to address
the results.

60
• In a more complex firm, the monitoring activities for the monitoring and remediation
process may be specifically designed to determine that the monitoring and
remediation process is providing relevant, reliable and timely information about the
system of quality management, and responding appropriately to identified
deficiencies.

Changes in the System of Quality Management (Ref: Para. 37(d))
A145. Changes in the system of quality management may include:
• Changes to address an identified deficiency in the system of quality management.
• Changes to the quality objectives, quality risks or responses as a result of changes
in the nature and circumstances of the firm and its engagements.
When changes occur, previous monitoring activities undertaken by the firm may no
longer provide the firm with information to support the evaluation of the system of quality
management and, therefore, the firm’s monitoring activities may include monitoring of
those areas of change.
Previous Monitoring Activities (Ref: Para. 37(e))
A146. The results of the firm’s previous monitoring activities may indicate areas of the
system where a deficiency may arise, particularly areas where there is a history of
identified deficiencies.
A147. Previous monitoring activities undertaken by the firm may no longer provide the
firm with information to support the evaluation of the system, including on areas of the
system of quality management that have not changed, particularly when time has
elapsed since the monitoring activities were undertaken.
Other Relevant Information (Ref: Para. 37(f))
A148. In addition to the sources of information indicated in paragraph 37(f), other
relevant information may include:
• Information communicated by the firm’s network in accordance with paragraphs
50(c) and 51(b) about the firm’s system of quality management, including the
network requirements or network services that the firm has included in its system of
quality management.
• Information communicated by a service provider about the resources the firm uses
in its system of quality management.
• Information from regulators about the entities for whom the firm performs
engagements, which is made available to the firm, such as information from a
securities regulator about an entity for whom the firm performs engagements (e.g.,
irregularities in the entity’s financial statements).
A149. The results of external inspections or other relevant information, both internal and
external, may indicate that previous monitoring activities undertaken by the firm failed to
identify a deficiency in the system of quality management. This information may affect
61
the firm’s consideration of the nature, timing and extent of the monitoring activities.
A150. External inspections are not a substitute for the firm’s internal monitoring
activities. Nevertheless, the results of external inspections inform the nature, timing and
extent of the monitoring activities.
Engagement Inspections (Ref: Para. 38)
A151. Examples of matters in paragraph 37 that may be considered by the firm in
selecting completed engagements for inspection
• In relation to the conditions, events, circumstances, actions or inactions giving rise
to the quality risks:
o The types of engagements performed by the firm, and the extent of the firm’s
experience in performing the type of engagement.
o The types of entities for which engagements are undertaken, for example:
▪ Entities that are listed.
▪ Entities operating in emerging industries.
▪ Entities operating in industries associated with a high level of complexity or
judgment.
▪ Entities operating in an industry that is new to the firm.
o The tenure and experience of engagement partners.
• The results of previous inspections of completed engagements, including for each
engagement partner.
• In relation to other relevant information:
o Complaints or allegations about an engagement partner.
o The results of external inspections, including for each engagement partner.
o The results of the firm’s evaluation of each engagement partner’s commitment
to quality.

A152. The firm may undertake multiple monitoring activities, other than inspection of
completed engagements, that focus on determining whether engagements have
complied with policies or procedures. These monitoring activities may be undertaken on
certain engagements or engagement partners. The nature and extent of these
monitoring activities, and the results, may be used by the firm in determining:
• Which completed engagements to select for inspection;
• Which engagement partners to select for inspection;
• How frequently to select an engagement partner for inspection; or
• Which aspects of the engagement to consider when performing the inspection of
completed engagements.

62
A153. The inspection of completed engagements for engagement partners on a cyclical
basis may assist the firm in monitoring whether engagement partners have fulfilled their
overall responsibility for managing and achieving quality on the engagements they are
assigned to.

Example of how a firm may apply a cyclical basis for the inspection of completed
engagements for each engagement partner
The firm may establish policies or procedures addressing the inspection of completed
engagements that:
• Set forth the standard period of the inspection cycle, such as the inspection of a
completed engagement for each engagement partner performing audits of financial
statements once every three years, and for all other engagement partners, once
every five years;
• Set out the criteria for selecting completed engagements, including that for an
engagement partner performing audits of financial statements, the engagement(s)
selected include an audit engagement;
• Address selecting engagement partners in a manner that is unpredictable; and
• Address when it is necessary or appropriate to select engagement partners more,
or less, frequently than the standard period set out in the policy, for example:
o The firm may select engagement partners more frequently than the standard
period set out in the firm’s policy when:
▪ Multiple deficiencies have been identified by the firm that have been
evaluated as severe, and the firm determines that a more frequent cyclical
inspection is needed across all engagement partners.
▪ The engagement partner performs engagements for entities operating in a
certain industry where there are high levels of complexity or judgment.
▪ An engagement performed by the engagement partner has been subject to
other monitoring activities, and the results of the other monitoring activities
were unsatisfactory.
▪ The engagement partner has performed an engagement for an entity
operating in an industry in which the engagement partner has limited
experience.
▪ The engagement partner is a newly appointed engagement partner, or has
recently joined the firm from another firm.
o The firm may defer the selection of the engagement partner (e.g., deferring for
a year beyond the standard period set out in the firm’s policy) when:
▪ Engagements performed by the engagement partner have been subject to
other monitoring activities during the standard period set out in the firm’s
policy; and
▪ The results of the other monitoring activities provide sufficient information

63
about the engagement partner (i.e., performing the inspection of completed
engagements would unlikely provide the firm with further information about
the engagement partner).

A154. The matters considered in an inspection of an engagement depend on how the
inspection will be used to monitor the system of quality management. Ordinarily, the
inspection of an engagement includes determining that responses that are implemented
at the engagement level (e.g., the firm’s policies and procedures in respect of
engagement performance), have been implemented as designed and are operating
effectively.
Individuals Performing the Monitoring Activities (Ref: Para. 39(b))
A155. The provisions of relevant ethical requirements are relevant in designing the
policies or procedures addressing the objectivity of the individuals performing the
monitoring activities. A self-review threat may arise when an individual who performs:
• An inspection of an engagement was:
o In the case of an audit of financial statements, an engagement team member or
the engagement quality reviewer of that engagement or an engagement for a
subsequent financial period; or
o For all other engagements, an engagement team member or the engagement
quality reviewer of that engagement.
• Another type of monitoring activity had participated in designing, executing or
operating the response being monitored.
A156. In some circumstances, for example, in the case of a less complex firm, there
may not be personnel who have the competence, capabilities, time or objectivity to
perform the monitoring activities. In these circumstances, the firm may use network
services or a service provider to perform the monitoring activities.
Evaluating Findings and Identifying Deficiencies (Ref: Para. 16(a), 40–41)
A157. The firm accumulates findings from the performance of monitoring activities,
external inspections and other relevant sources.
A158. Information accumulated by the firm from the monitoring activities, external
inspections and other relevant sources may reveal other observations about the firm’s
system of quality management, such as:
• Actions, behaviors or conditions that have given rise to positive outcomes in the
context of quality or the effectiveness of the system of quality management; or
• Similar circumstances where no findings were noted (e.g., engagements where no
findings were noted, and the engagements have a similar nature to the
engagements where findings were noted).

64
Other observations may be useful to the firm as they may assist the firm in investigating
the root cause(s) of identified deficiencies, indicate practices that the firm can support or
apply more extensively (e.g., across all engagements) or highlight opportunities for the
firm to enhance the system of quality management.
A159. The firm exercises professional judgment in determining whether findings,
individually or in combination with other findings give rise to a deficiency in the system
of quality management. In making the judgment, the firm may need to take into account
the relative importance of the findings in the context of the quality objectives, quality
risks, responses or other aspects of the system of quality management to which they
relate. The firm’s judgments may be affected by quantitative and qualitative factors
relevant to the findings. In some circumstances, the firm may determine it appropriate to
obtain more information about the findings in order to determine whether a deficiency
exists. Not all findings, including engagement findings, will be a deficiency.
A160. Examples of quantitative and qualitative factors that a firm may consider in
determining whether findings give rise to a deficiency
Quality Risks and Responses
• If the findings relate to a response:
o How the response is designed, for example, the nature of the response, the
frequency of its occurrence (if applicable), and the relative importance of the
response to addressing the quality risk(s) and achieving the quality objective(s)
to which it relates.
o The nature of the quality risk to which the response relates, and the extent to
which the findings indicate that the quality risk has not been addressed.
o Whether there are other responses that address the same quality risk and
whether there are findings for those responses.
Nature of the Findings and Their Pervasiveness
• The nature of the findings. For example, findings related to leadership actions and
behaviors may be qualitatively significant, given the pervasive effect this could
have on the system of quality management as a whole.
• Whether the findings, in combination with other findings, indicate a trend or
systemic issue. For example, similar engagement findings that appear on multiple
engagements may indicate a systemic issue.
Extent of Monitoring Activity and Extent of Findings
• The extent of the monitoring activity from which the findings arose, including the
number or size of the selections.
• The extent of the findings in relation to the selection covered by the monitoring
activity, and in relation to the expected deviation rate. For example, in the case of
inspection of engagements, the number of engagements selected where the
findings were identified, relative to the total number of engagements selected, and
the expected deviation rate set by the firm.

65
A161. Evaluating findings and identifying deficiencies and evaluating the severity and
pervasiveness of an identified deficiency, including investigating the root cause(s) of an
identified deficiency, are part of an iterative and non-linear process.
Examples of how the process of evaluating findings and identifying deficiencies,
evaluating identified deficiencies, including investigating the root cause(s) of identified
deficiencies, is iterative and non-linear
• In investigating the root cause(s) of an identified deficiency, the firm may identify
a circumstance that has similarities to other circumstances where there were
findings that were not considered a deficiency. As a result, the firm adjusts its
evaluation of the other findings and classifies them as a deficiency.
• In evaluating the severity and pervasiveness of an identified deficiency, the firm
may identify a trend or systemic issue that correlates with other findings that are
not considered deficiencies. As a result, the firm adjusts its evaluation of the other
findings and also classifies them as deficiencies.

A162. The results of monitoring activities, results of external inspections and other
relevant information (e.g., network monitoring activities or complaints and allegations)
may reveal information about the effectiveness of the monitoring and remediation
process. For example, the results of external inspections may provide information about
the system of quality management that has not been identified by the firm’s monitoring
and remediation process, which may highlight a deficiency in that process.
Evaluating Identified Deficiencies (Ref: Para. 41)
A163. Factors that the firm may consider in evaluating the severity and pervasiveness
of an identified deficiency include:
• The nature of the identified deficiency, including the aspect of the firm’s system of
quality management to which the deficiency relates, and whether the deficiency is in
the design, implementation or operation of the system of quality management;
• In the case of identified deficiencies related to responses, whether there are
compensating responses to address the quality risk to which the response relates;
• The root cause(s) of the identified deficiency;
• The frequency with which the matter giving rise to the identified deficiency occurred;
and
• The magnitude of the identified deficiency, how quickly it occurred and the duration
of time that it existed and had an effect on the system of quality management.
A164. The severity and pervasiveness of identified deficiencies affects the evaluation of
the system of quality management that is undertaken by the individual(s) assigned
ultimate responsibility and accountability for the system of quality management.

66
Root Cause of the Identified Deficiencies (Ref: Para. 41(a))
A165. The objective of investigating the root cause(s) of identified deficiencies is to
understand the underlying circumstances that caused the deficiencies to enable the firm
to:
• Evaluate the severity and pervasiveness of the identified deficiency; and
• Appropriately remediate the identified deficiency.
Performing a root cause analysis involves those performing the assessment exercising
professional judgment based on the evidence available.
A166. The nature, timing and extent of the procedures undertaken to understand the
root cause(s) of an identified deficiency may also be affected by the nature and
circumstances of the firm, such as:
• The complexity and operating characteristics of the firm.
• The size of the firm.
• The geographical dispersion of the firm.
• How the firm is structured or the extent to which the firm concentrates or centralizes
its processes or activities.
Examples of how the nature of identified deficiencies and their possible severity and the
nature and circumstances of the firm may affect the nature, timing and extent of the
procedures to understand the root cause(s) of the identified deficiencies
• The nature of the identified deficiency: The firm’s procedures to understand the root
cause(s) of an identified deficiency may be more rigorous in circumstances when an
engagement report related to an audit of financial statements of a listed entity was
issued that was inappropriate or the identified deficiency relates to leadership’s
actions and behaviors regarding quality.
• The possible severity of the identified deficiency: The firm’s procedures to
understand the root cause(s) of an identified deficiency may be more rigorous in
circumstances when the deficiency has been identified across multiple
engagements or there is an indication that policies or procedures have high rates of
non-compliance.
• Nature and circumstances of the firm:
o In the case of a less complex firm with a single location, the firm’s procedures to
understand the root cause(s) of an identified deficiency may be simple, since
the information to inform the understanding may be readily available and
concentrated, and the root cause(s) may be more apparent.
o In the case of a more complex firm with multiple locations, the procedures to
understand the root cause(s) of an identified deficiency may include using
individuals specifically trained on investigating the root cause(s) of identified
deficiencies, and developing a methodology with more formalized procedures
for identifying root cause(s).

67
A167. In investigating the root cause(s) of identified deficiencies, the firm may consider
why deficiencies did not arise in other circumstances that are of a similar nature to the
matter to which the identified deficiency relates. Such information may also be useful in
determining how to remediate an identified deficiency.
Example of when a deficiency did not arise in other circumstances of a similar nature,
and how this information assists the firm in investigating the root cause(s) of identified
deficiencies
The firm may determine that a deficiency exists because similar findings have occurred
across multiple engagements. However, the findings have not occurred in several
other engagements within the same population being tested. By contrasting the
engagements, the firm concludes that the root cause of the identified deficiency is a
lack of appropriate involvement by the engagement partners at key stages of the
engagements.

A168. Identifying a root cause(s) that is appropriately specific may support the firm’s
process for remediating identified deficiencies.
Example of identifying a root cause(s) that is appropriately specific
The firm may identify that engagement teams performing audits of financial statements
are failing to obtain sufficient appropriate audit evidence on accounting estimates
where management’s assumptions have a high degree of subjectivity. While the firm
notes that these engagement teams are not exercising appropriate professional
skepticism, the underlying root cause of this issue may relate to another matter, such
as a cultural environment that does not encourage engagement team members to
question individuals with greater authority or insufficient direction, supervision and
review of the work performed on the engagements.

A169. In addition to investigating the root cause(s) of identified deficiencies, the firm
may also investigate the root cause(s) of positive outcomes as doing so may reveal
opportunities for the firm to improve, or further enhance, the system of quality
management.
Responding to Identified Deficiencies (Ref: Para. 42)
A170. The nature, timing and extent of remedial actions may depend on a variety of
other factors, including:
• The root cause(s).
• The severity and pervasiveness of the identified deficiency and therefore the
urgency with which it needs to be addressed.
• The effectiveness of the remedial actions in addressing the root cause(s), such as
whether the firm needs to implement more than one remedial action in order to
effectively address the root cause(s), or needs to implement remedial actions as
interim measures until the firm is able to implement more effective remedial actions.

68
A171. In some circumstances, the remedial action may include establishing additional
quality objectives, or quality risks or responses may be added or modified, because it is
determined that they are not appropriate.
A172. In circumstances when the firm determines that the root cause of an identified
deficiency relates to a resource provided by a service provider, the firm may also:
• Consider whether to continue using the resource provided by the service provider.
• Communicate the matter to the service provider.
The firm is responsible for addressing the effect of the identified deficiency related to a
resource provided by a service provider on the system of quality management and
taking action to prevent the deficiency from recurring with respect to the firm’s system of
quality management. However, the firm is not ordinarily responsible for remediating the
identified deficiency on behalf of the service provider or further investigating the root
cause of the identified deficiency at the service provider.
Findings About a Particular Engagement (Ref: Para. 45)
A173. In circumstances when procedures were omitted or the report issued is
inappropriate, the action taken by the firm may include:
• Consulting with appropriate individuals regarding the appropriate action.
• Discussing the matter with management of the entity or those charged with
governance.
• Performing the omitted procedures.
The actions taken by the firm do not relieve the firm of the responsibility to take further
actions relating to the finding in the context of the system of quality management,
including evaluating the findings to identify deficiencies and when a deficiency exists,
investigating the root cause(s) of the identified deficiency.
Ongoing Communication Related to the Monitoring and Remediation (Ref: Para.
46)
A174. The information communicated about the monitoring and remediation to the
individual(s) assigned ultimate responsibility and accountability for the system of quality
management may be communicated on an ongoing basis or periodically. The
individual(s) may use the information in multiple ways, for example:
• As a basis for further communications to personnel about the importance of quality.
• To hold individuals accountable for their roles assigned to them.
• To identify key concerns about the system of quality management in a timely
manner.
The information also provides a basis for the evaluation of the system of quality
management, and conclusion thereon, as required by paragraphs 53–54.

69
Network Requirements or Network Services (Ref: Para. 48)
A175. In some circumstances, the firm may belong to a network. Networks may
establish requirements regarding the firm’s system of quality management or may make
services or resources available that the firm may choose to implement or use in the
design, implementation and operation of its system of quality management. Such
requirements or services may be intended to promote the consistent performance of
quality engagements across the firms that belong to the network. The extent to which
the network will provide the firm with quality objectives, quality risks and responses that
are common across the network will depend on the firm’s arrangements with the
network.
Examples of network requirements
• Requirements for the firm to include additional quality objectives or quality risks in
the firm’s system of quality management that are common across the network firms.
• Requirements for the firm to include responses in the firm’s system of quality
management that are common across the network firms. Such responses designed
by the network may include network policies or procedures that specify the
leadership roles and responsibilities, including how the firm is expected to assign
authority and responsibility within the firm, or resources, such as network developed
methodologies for the performance of engagements or IT applications.
• Requirements that the firm be subject to the network’s monitoring activities. These
monitoring activities may relate to network requirements (e.g., monitoring that the
firm has implemented the network’s methodology appropriately), or to the firm’s
system of quality management in general.
Examples of network services
• Services or resources that are optional for the firm to use in its system of quality
management or in the performance of engagements, such as voluntary training
programs, use of component auditors or experts from within the network, or use of
a service delivery center established at the network level, or by another network
firm or group of network firms.

A176. The network may establish responsibilities for the firm in implementing the
network requirements or network services.
Examples of responsibilities for the firm in implementing network requirements or
network services
• The firm is required to have certain IT infrastructure and IT processes in place to
support an IT application provided by the network that the firm uses in the system
of quality management.
• The firm is required to provide firm-wide training on the methodology provided by
the network, including when updates are made to the methodology.

70
A177. The firm’s understanding of the network requirements or network services and
the firm’s responsibilities relating to the implementation thereof may be obtained
through inquiries of, or documentation provided by, the network about matters such as:
• The network’s governance and leadership.
• The procedures undertaken by the network in designing, implementing and, if
applicable, operating, the network requirements or network services.
• How the network identifies and responds to changes that affect the network
requirements or network services or other information, such as changes in the
professional standards or information that indicates a deficiency in the network
requirements or network services.
• How the network monitors the appropriateness of the network requirements or
network services, which may include through the network firms’ monitoring
activities, and the network’s processes for remediating identified deficiencies.
Network Requirements or Network Services in the Firm’s System of Quality
Management (Ref: Para. 49)
A178. The characteristics of the network requirements or network services are a
condition, event, circumstance, action or inaction in identifying and assessing quality
risks.
Example of a network requirement or network service that gives rise to a quality risk
The network may require the firm to use an IT application for the acceptance and
continuance of client relationships and specific engagements that is standardized
across the network. This may give rise to a quality risk that the IT application does not
address matters in local law or regulation that need to be considered by the firm in
accepting and continuing client relationships and specific engagements.

A179. The purpose of the network requirements may include the promotion of
consistent performance of quality engagements across the network firms. The firm may
be expected by the network to implement the network requirements, however, the firm
may need to adapt or supplement the network requirements such that they are
appropriate for the nature and circumstances of the firm and its engagements.

Examples of how the network requirements or networks services may need to be
adapted or supplemented
Network Requirement or Network How the Firm Adapts or Supplements
Service the Network Requirement or Network
Service
The network requires the firm to include As part of identifying and assessing
certain quality risks in the system of quality risks, the firm includes the quality
quality management, so that all firms in risks that are required by the network.
the network address the quality risks. The firm also designs and implements
71
responses to address the quality risks
that are required by the network.
The network requires that the firm design As part of designing and implementing
and implement certain responses. responses, the firm determines:
• Which quality risks the responses
address.
• How the responses required by the
network will be incorporated into the
firm’s system of quality
management, given the nature and
circumstances of the firm. This may
include tailoring the response to
reflect the nature and circumstances
of the firm and its engagements
(e.g., tailoring a methodology to
include matters related to law or
regulation).
The firm uses individuals from other The firm establishes policies or
network firms as component auditors. procedures that require the engagement
Network requirements are in place that team to confirm with the component
drive a high degree of commonality auditor (i.e., the other network firm) that
across the network firms’ systems of the individuals assigned to the component
quality management. The network meet the specific criteria set out in the
requirements include specific criteria that network requirements.
apply to individuals assigned to work on a
component for a group audit.

A180. In some circumstances, in adapting or supplementing the network requirements
or network services, the firm may identify possible improvements to the network
requirements or network services and may communicate these improvements to the
network.
Monitoring Activities Undertaken by the Network on the Firm’s System of Quality
Management (Ref: Para. 50(c))
A181. The results of the network’s monitoring activities of the firm’s system of quality
management may include information such as:
• A description of the monitoring activities, including their nature, timing and extent;
• Findings, identified deficiencies, and other observations about the firm’s system of
quality management (e.g., positive outcomes or opportunities for the firm to
improve, or further enhance, the system of quality management); and
• The network’s evaluation of the root cause(s) of the identified deficiencies, the
assessed effect of the identified deficiencies and recommended remedial actions.

72
Monitoring Activities Undertaken by the Network Across the Network Firms (Ref:
Para. 51(b))
A182. The information from the network about the overall results of the network’s
monitoring activities undertaken across the network firms’ systems of quality
management may be an aggregation or summary of the information described in
paragraph A181, including trends and common areas of identified deficiencies across
the network, or positive outcomes that may be replicated across the network. Such
information may:
• Be used by the firm:
o In identifying and assessing quality risks.
o As part of other relevant information considered by the firm in determining
whether deficiencies exist in the network requirements or network services used
by the firm in its system of quality management.
• Be communicated to group engagement partners, in the context of considering the
competence and capabilities of component auditors from a network firm who are
subject to common network requirements (e.g., common quality objectives, quality
risks and responses).
A183. In some circumstances, the firm may obtain information from the network about
deficiencies identified in a network firm’s system of quality management that affects the
firm. The network may also gather information from network firms regarding the results
of external inspections over network firms’ systems of quality management. In some
instances, law or regulation may prevent the network from sharing information with
other network firms or may restrict the specificity of such information.
A184. In circumstances when the network does not provide the information about the
overall results of the network’s monitoring activities across the network firms, the firm
may take further actions, such as:
• Discussing the matter with the network; and
• Determining the effect on the firm’s engagements, and communicating the effect to
engagement teams.
Deficiencies in Network Requirements or Network Services Identified by the Firm
(Ref: Para. 52)
A185. As network requirements or network services used by the firm form part of the
firm’s system of quality management, they are also subject to the requirements of this
SQM regarding monitoring and remediation. The network requirements or network
services may be monitored by the network, the firm, or a combination of both.

Example of when a network requirement or network service is monitored by both the
network and the firm
A network may undertake monitoring activities at a network level for a common
methodology. The firm also monitors the application of the methodology by
engagement team members through performing engagement inspections.

73
A186. In designing and implementing the remedial actions to address the effect of the
identified deficiency in the network requirements or network services, the firm may:
• Understand the planned remedial actions by the network, including whether the firm
has any responsibilities for implementing the remedial actions; and
• Consider whether supplementary remedial actions need to be taken by the firm to
address the identified deficiency and the related root cause(s), such as when:
o The network has not taken appropriate remedial actions; or
o The network’s remedial actions will take time to effectively address the
identified deficiency.
Evaluating the System of Quality Management (Ref: Para. 53)
A187. The individual(s) assigned ultimate responsibility and accountability for the
system of quality management may be assisted by other individuals in performing the
evaluation. Nevertheless, the individual(s) assigned ultimate responsibility and
accountability for the system of quality management remains responsible and
accountable for the evaluation.
A188. The point in time at which the evaluation is undertaken may depend on the
circumstances of the firm, and may coincide with the fiscal year end of the firm or the
completion of an annual monitoring cycle.
A189. The information that provides the basis for the evaluation of the system of quality
management includes the information communicated to the individual(s) assigned
ultimate responsibility and accountability for the system of quality management in
accordance with paragraph 46.
Scalability examples to demonstrate how the information that provides the basis for the
evaluation of the system of quality management may be obtained
• In a less complex firm, the individual(s) assigned ultimate responsibility and
accountability for the system of quality management may be directly involved in
the monitoring and remediation and will therefore be aware of the information that
supports the evaluation of the system of quality management.
• In a more complex firm, the individual(s) assigned ultimate responsibility and
accountability for the system of quality management may need to establish
processes to collate, summarize and communicate the information needed to
evaluate the system of quality management.

Concluding on the System of Quality Management (Ref: Para. 54)
A190. In the context of this SQM, it is intended that the operation of the system as a
whole provides the firm with reasonable assurance that the objectives of the system of
quality management are being achieved. In concluding on the system of quality
management, the individual(s) assigned ultimate responsibility and accountability for the

74
system of quality management may, in using the results of the monitoring and
remediation process, consider the following:
• The severity and pervasiveness of identified deficiencies, and the effect on the
achievement of the objectives of the system of quality management;
• Whether remedial actions have been designed and implemented by the firm, and
whether the remedial actions taken up to the time of the evaluation are effective;
and
• Whether the effect of identified deficiencies on the system of quality management
have been appropriately corrected, such as whether further actions have been
taken in accordance with paragraph 45.
A191. There may be circumstances when identified deficiencies that are severe
(including identified deficiencies that are severe and pervasive) have been appropriately
remediated and the effect of them corrected at the point in time of the evaluation. In
such cases, the individual(s) assigned ultimate responsibility and accountability for the
system of quality management may conclude that the system of quality management
provides the firm with reasonable assurance that the objectives of the system of quality
management are being achieved.
A192. An identified deficiency may have a pervasive effect on the design,
implementation and operation of the system of quality management when, for example:
• The deficiency affects several components or aspects of the system of quality
management.
• The deficiency is confined to a specific component or aspect of the system of quality
management, but is fundamental to the system of quality management.
• The deficiency affects several business units or geographical locations of the firm.
• The deficiency is confined to a business unit or geographical location, but the
business unit or location affected is fundamental to the firm overall.
• The deficiency affects a substantial portion of engagements that are of a certain
type or nature.
Example of an identified deficiency that may be considered severe but not pervasive
The firm identifies a deficiency in a smaller regional office of the firm. The identified
deficiency relates to non-compliance with many firm policies or procedures. The firm
determines that the culture in the regional office, particularly the actions and behavior of
leadership in the regional office which were overly focused on financial priorities, has
contributed to the root cause of the identified deficiency. The firm determines that the
effect of the identified deficiency is:
• Severe, because it relates to the culture of the regional office and overall
compliance with firm policies or procedures; and
• Not pervasive, because it is limited to the smaller regional office.

75
A193. The individual(s) assigned ultimate responsibility and accountability for the
system of quality management may conclude that the system of quality management
does not provide the firm with reasonable assurance that the objectives of the system of
quality management are being achieved in circumstances when identified deficiencies
are severe and pervasive, actions taken to remediate the identified deficiencies are not
appropriate, and the effect of the identified deficiencies have not been appropriately
corrected.

Example of an identified deficiency that may be considered severe and pervasive
The firm identifies a deficiency in a regional office, which is the largest office of the firm
and provides financial, operational and technical support for the entire region. The
identified deficiency relates to non-compliance with many firm policies or procedures.
The firm determines that the culture in the regional office, particularly the actions and
behavior of leadership in the regional office which were overly focused on financial
priorities, has contributed to the root cause of the identified deficiency. The firm
determines that the effect of the identified deficiency is:
• Severe, because it relates to the culture of the regional office and overall
compliance with firm policies or procedures; and
• Pervasive, because the regional office is the largest office and provides support to
many other offices, and the non-compliance with firm policies or procedures may
have had a broader effect on the other offices.

A194. It may take time for the firm to remediate identified deficiencies that are severe
and pervasive. As the firm continues to take action to remediate the identified
deficiencies, the pervasiveness of the identified deficiencies may be diminished and it
may be determined that the identified deficiencies are still severe, but no longer severe
and pervasive. In such cases, the individual(s) assigned ultimate responsibility and
accountability for the system of quality management may conclude that, except for
matters related to identified deficiencies that have a severe but not pervasive effect on
the design, implementation and operation of the system of quality management, the
system of quality management provides the firm with reasonable assurance that the
objectives of the system of quality management are being achieved.
A195. This SQM does not require the firm to obtain an independent assurance report
on its system of quality management, or preclude the firm from doing so.
Taking Prompt and Appropriate Action and Further Communication (Ref: Para. 55)
A196. In circumstances when the individual(s) assigned ultimate responsibility and
accountability for the system of quality management reaches the conclusion described
in paragraph 54(b) or 54(c), the prompt and appropriate action taken by the firm may
include:
• Taking measures to support the performance of engagements through assigning
more resources or developing more guidance and to confirm that reports issued by

76
the firm are appropriate in the circumstances, until such time as the identified
deficiencies are remediated, and communicating such measures to engagement
teams.
• Obtaining legal advice.
A197. In some circumstances the firm may have an independent governing body that
has non-executive oversight of the firm. In such circumstances, communications may
include informing the independent governing body.

A198. Examples of circumstances when it may be appropriate for the firm to
communicate to external parties about the evaluation of the system of quality
management
• When the firm belongs to a network.
• When other network firms use the work performed by the firm, for example, in the
case of a group audit.
• When a report issued by the firm is determined by the firm to be inappropriate as a
result of the failure of the system of quality management, and management or those
charged with governance of the entity need to be informed.
• When law or regulation requires the firm to communicate to an oversight authority or
a regulatory body.

Performance Evaluations (Ref: Para. 56)
A199. Periodic performance evaluations promote accountability. In considering the
performance of an individual, the firm may take into account:
• The results of the firm’s monitoring activities for aspects of the system of quality
management that relate to the responsibility of the individual. In some
circumstances, the firm may set targets for the individual and measure the results of
the firm’s monitoring activities against those targets.
• The actions taken by the individual in response to identified deficiencies that relate
to the responsibility of that individual, including the timeliness and effectiveness of
such actions.
Scalability examples to demonstrate how the firm may undertake the performance
evaluations
• In a less complex firm, the firm may engage a service provider to perform the
evaluation, or the results of the firm’s monitoring activities may provide an indication
of the performance of the individual.
• In a more complex firm, the performance evaluations may be undertaken by an
independent non-executive member of the firm’s governing body, or a special
committee overseen by the firm’s governing body.

77
A200. A positive performance evaluation may be rewarded through compensation,
promotion and other incentives that focus on the individual’s commitment to quality, and
reinforce accountability. On the other hand, the firm may take corrective actions to
address a negative performance evaluation that may affect the firm’s achievement of its
quality objectives.
A201. In the case of certain entities, such as, Central/State governments and related
government entities (for example, agencies, boards, commissions), it may not be
practicable to perform a performance evaluation of the individual(s) assigned ultimate
responsibility and accountability for the system of quality management, or to take
actions to address the results of the performance evaluation, given the nature of the
individual’s appointment. Nevertheless, performance evaluations may still be
undertaken for other individuals in the firm who are assigned operational responsibility
for aspects of the system of quality management.
Documentation (Ref: Para. 57–59)
A202. Documentation provides evidence that the firm complies with this SQM, as well
as law, regulation or relevant ethical requirements. It may also be useful for training
personnel and engagement teams, ensuring the retention of organizational knowledge
and providing a history of the basis for decisions made by the firm about its system of
quality management. It is neither necessary nor practicable for the firm to document
every matter considered, or judgment made, about its system of quality management.
Furthermore, compliance with this SQM may be evidenced by the firm through its
information and communication component, documents or other written materials, or IT
applications that are integral to the components of the system of quality management.
A203. Documentation may take the form of formal written manuals, checklists and
forms, may be informally documented (e.g., e-mail communication or postings on
websites), or may be held in IT applications or other digital forms (e.g., in databases).
Factors that may affect the firm’s judgments about the form, content and extent of
documentation, including how often documentation is updated, may include:
• The complexity of the firm and the number of offices;
• The nature and complexity of the firm’s practice and organization;
• The nature of engagements the firm performs and the nature of the entities for
whom engagements are performed;
• The nature and complexity of the matter being documented, such as whether it
relates to an aspect of the system of quality management that has changed or an
area of greater quality risk, and the complexity of the judgments relating to the
matter; and
• The frequency and extent of changes in the system of quality management.
In a less complex firm, it may not be necessary to have documentation supporting
matters communicated because informal communication methods may be effective.
Nevertheless, a less complex firm may determine it appropriate to document such
communications in order to provide evidence that they occurred.
78
A204. In some instances, an external oversight authority may establish documentation
requirements, either formally or informally, for example, as a result of the outcome of
external inspection findings. Relevant ethical requirements may also include specific
requirements addressing documentation, for example, the Code of Ethics requires
documentation of particular matters, including certain situations related to conflicts of
interest, non-compliance with laws and regulations and independence.
A205. The firm is not required to document the consideration of every condition, event,
circumstance, action or inaction for each quality objective, or each risk that may give
rise to a quality risk. However, in documenting the quality risks and how the firm’s
responses address the quality risks, the firm may document the reasons for the
assessment given to the quality risks (i.e., the considered occurrence and effect on the
achievement of one or more quality objectives), in order to support the consistent
implementation and operation of the responses.
A206. The documentation may be provided by the network, other network firms, or
other structures or organizations within the network.

Material Modifications vis-à-vis ISQM 1, “Quality Management for
Firms that Perform Audits or Reviews of Financial Statements, or
Other Assurance or Related Services Engagements”
1. Paragraph 16(c) of ISQM 1, dealing with the definition of “engagement partner”
mentions that “other individual” can also act as engagement partner. SQM 1 has
retained this concept subject to the condition that such “other individual” should be a
member of the Institute of Chartered Accountants of India and should be in full time
practice.
2. Paragraph 16(e) of ISQM 1, dealing with the definition of “engagement quality
reviewer” mentions that “other individual in the firm” and “external individual” can also
act as engagement quality reviewer. SQM 1 has retained this concept subject to the
condition that such “other individual in the firm” and such “external individual” should be
a member of the Institute of Chartered Accountants of India.
3. Paragraph 16(i) of ISQM 1 defines “firm” as “a sole practitioner, partnership or
corporation or other entity of professional accountants, or public sector equivalent”. The
following changes have been made in the definition of “firm” given in paragraph 16(i) of
SQM 1 to align the definition with the Chartered Accountants Act, 1949:
• The word ‘Proprietor’ has been added in the definition.
• The word ‘Limited liability partnership’ has been added in the definition.
• The word ‘Corporation’ has been deleted from the definition.
• The word ‘Public sector equivalent’ has been deleted from the definition.
Further, in paragraph A18 of SQM 1 [i.e. application guidance of paragraph 16(i)], the
definition of “firm” as per the ICAI’s Code of Ethics has been added.

79
4. Paragraph A1 of the Application Section of ISQM 1 contains the reference of
ISAE 3000(Revised). ISAE 3000(Revised) has not been adopted in India. ICAI has
issued the “Guidance Note on Reports or Certificates for Special Purposes (Revised
2016)” which is based on principles of ISAE 3000(Revised). Accordingly, reference of
ISAE 3000(Revised) has been replaced by reference of “Guidance Note on Reports or
Certificates for Special Purposes (Revised 2016)” in paragraph A1 of SQM 1.
5. Paragraph A85 of the Application Section of ISQM 1 prescribes the minimum
period of retention of engagement documentation as five years. Paragraph A85 of SQM
1 prescribes the minimum period of retention of engagement documentation as “seven
years or such other period as may be specified by ICAI” since the provisions of the
Chartered Accountants Act, 1949, including Regulations issued thereunder, prescribe
the minimum period of retention of engagement documentation as seven years. In
paragraph A85 of SQM 1, a footnote has also been added regarding the relevant
Announcement issued by ICAI in 2010.
6. Paragraph A96 of the Application Section of ISQM 1 contains the following
guidance which is based on ISA 600:
“ISA 600 expands on how ISA 220(Revised) is to be applied in relation to an audit of
group financial statements.”
SA 600 used in India does not contain the abovementioned guidance. Hence, the
abovementioned guidance has been deleted in paragraph A96 of SQM 1.
7. Paragraphs A8, A66, A123, A129, A137, A201 of the Application Section of
ISQM 1 (paragraphs A8, A66, A123, A129, A137, A201 of SQM 1) deal with the
application of the requirements of ISQM 1 to public sector entities. Since as mentioned
in the “Preface to the Standards on Quality Management, Auditing, Review, Other
Assurance and Related Services”, the Engagement and Quality Management
Standards, apply equally to all entities, irrespective of their form, nature and size, a
specific reference to applicability of the Standard to public sector entities has been
deleted.
Further, it is also possible that even in case of non-public sector entities, these
requirements may exist pursuant to a requirement under the statute or regulation under
which they operate. Accordingly, the spirit of paragraphs A8, A66, A123, A129, A137,
A201 in ISQM 1 has been retained.

80

Excerpted from ICAI Board of Studies. Open original PDF →
Start 15-min diagnostic