Quality management – Implementation advice for smaller firms

By Bridget Noonan
Nov 16, 2022
Photo credit: BeeBright/iStock/Getty Images

Bridget Noonan, CPA, CA, will be a featured speaker at CPABC’s virtual PD Nexus: Public Practice Insights conference on November 22. In addition to participating in a panel discussion on firm risk management, she will be presenting a session on the new quality management standards. Visit the PD website for details on the conference or Bridget’s other upcoming (and archived) seminars.

For all firms that conduct assurance engagements, the new quality management standards came into effect on December 15, 2022. By this date, the new standards must be incorporated into the firm’s system of quality management (SOQM). All non-assurance firms have an additional year, with December 15, 2023, set as the deadline to incorporate the new standards.

About the new standards

The new quality management standards are, in short, good. They encourage all firms to consider their specifics, their clients, and their engagements when designing and implementing quality control procedures. This flexibility allows smaller firms to scale back their processes and procedures to address only those areas that are applicable.

However, the “blank canvas” approach that needs to be taken to document the risk assessment process and design the related responses is very time consuming. And time is the one thing most firms are short on right now, especially at the senior staff levels. Fortunately, there is a new resource available to assist you, as CPA Canada has released a new online guide for subscription: the Quality Management Guide (QMG).1

The QMG, which replaces the Quality Assurance Manual, provides guidance on how to implement the requirements, core practice aids to meet documentation requirements, and supplementary practice aids (including sample letters, forms, checklists, and sample policies and procedures) to assess your firm’s quality risks.

Don’t be fooled, however. This is not a “plug and play” resource—this is a tool designed to assist you in implementing your firm’s SOQM, in direct response to the risks identified and the engagements performed. And while the time savings provided by the QMG make it well worth the subscription, the volume of material it contains is likely to be overwhelming, so I recommend that you put time aside to walk through the application guidance, which outlines how this resource is meant to be used.

Some common questions

Firms often ask me the following when starting implementation:

Is this all just for compliance purposes, or will it actually improve file quality?

I agree that compliance with the Canadian Standard on Quality Management (CSQM1) for compliance’s sake does not add value to a firm. And using a generic quality control manual that offers little integration into your firm’s engagement performance is much like using generic checklists to perform assurance engagements—it may get you to compliance, but it won’t get you there efficiently.

Value is derived from identifying true quality risks for your firm and then tailoring and implementing firm- and engagement-specific policies and procedures. The procedures that will be effective are those that take into account the firm’s structure and staffing, the types of clients and engagements performed, the remuneration structure, and the engagement performance tools. Although the risks and responses in a case-study example may provide some inspiration, using this kind of template as the basis for your own risk assessment is not recommended for most firms.

For example, using a case-study template for an engagement quality control review (EQCR) policy may require a firm to conduct EQCRs on engagements that aren’t posing any actual quality risk. A better-directed policy would have the firm focus on engagements with complex accounting issues or completed by newer partners, rather than, say, focusing on revenue thresholds. As you reassess your firm’s quality risks, this is one area I recommend considering.

Is it really going to take 100+ hours to implement these new standards? 

By now you will have heard from peers—especially those in national firms—that the new quality management standards are going to set you back by more than 100 administrative hours. If your firm is registered with the Canadian Public Accountability Board, that estimate is not hyperbolic—in fact, it’s likely very low, as quality risks are magnified as you add complexity to regulatory and engagement requirements.

However, if you are a sole practitioner providing review and compilation services to non-complex private entities, with no professional staff, your firm’s quality risk assessment profile will be much simpler, and documenting its SOQM will be less time intensive. It is precisely this scalability of the new quality management standards that will enable you to implement firm- or engagement-specific policies.

I have an assurance licence but do not currently sign off on assurance engagements. Do I have until 2023 to implement my firm’s SOQM?

No—not likely, as firms are required to design and implement their SOQMs before they accept assurance engagement clients. Even if that were not the case, I’m not sure how a firm could meet the objectives under client acceptance and continuance, governance, and resources if it established its SOQM after it accepted assurance engagements.

How should I get started?

Reading CSQM1 and the application guidance is obviously the starting point. I also advise you to purchase CPA Canada’s QMG and walk through all the forms before diving into a risk assessment. Additionally, I recommend that you complete the documentation related to firm- and engagement-specific circumstances and resources (human, technological, and intellectual) in the QMG before working your way through the risk-assessment workbook.

Final tip

Assessing your firm’s quality risks and its policies and procedures to reduce these risks is an iterative, ongoing process. Therefore, I encourage you to consider how to document your SOQM in a manner that makes it easier to access, review, and update on a regular basis.


Bridget Noonan, CPA, CA, is an assurance partner with Clearline CPA and co-founder of Clearline Consulting. She assists small and mid-size firms across the country with professional compliance requirements, cyclical monitoring, training, practice management, succession planning, and automation. She is also a consultant for CPABC, a member of various CPA Canada task forces and committees, and a recurring PD instructor for both CPABC and CPASK.

This article originally appeared in the November/December 2022 issue of CPABC in Focus.


1 Visit The CPA Store to purchase an annual subscription to the 2022 Quality Management Guide.

In Other News