Down to the Wire: SQMS Implementation Deadline Coming Quickly
August 01, 2025
Firms should be focusing on updating their quality management policies and procedures in time for the December deadline.
By Rebecca Tres, CPA
“I hope you’ve all been focusing on quality management. We’re coming down to the wire.”
Sue Coffey, AICPA CEO of public accounting, reminded the crowd at AICPA & CIMA ENGAGE 25 in June about the profession’s preparedness for new quality management standards. An AICPA Town Hall survey revealed 60% of firms were, at best, unsure about meeting the deadline.
The AICPA Auditing Standards Board issued Statement of Quality Management Standards No. 1 (SQMS 1) in June 2022, with an effective date of Dec. 15, 2025. SQMS 1 is applicable to all CPA firms that have accounting or auditing practices.
While the process of developing and documenting your firm’s quality management policies and procedures will certainly require some time and effort, it does not need to be overwhelming. However, if you have not already begun this process, you’ll want to get started right away.
One of the areas that can be time-consuming and confusing is documenting a firm’s risk assessment regarding its system of quality management. We will walk through a sample risk assessment for one quality objective below.
A key SQMS 1 point: A system of quality management is scalable to firms of any size and complexity. Firms of different sizes that provide different levels of service will have different levels of identified risks and varying levels of responses, but all firms will be required to document their risk assessment and responses underlying their system of quality management.
SQMS 1 requires firms to first assess quality objectives in relation to the following components of quality management:
- Governance and leadership
- Relevant ethical requirements
- Acceptance & continuance
- Engagement performance
- Resources
- Information and communication
SQMS 1 defines quality objectives as “The desired outcomes in relation to the components of the system of quality management to be achieved by the firm”. The quality objectives for each of the six components of quality management listed above are clearly outlined in SQMS 1, beginning with paragraph 29 of the standard, but each firm may also consider additional quality objectives as they deem necessary. For example, SQMS 1 states the quality objectives for engagement performance include, among other things, the following related to consultation:
Consultation takes place to resolve difficult or contentious matters, and the conclusions agreed to are implemented (QM 10.32d).
The firm will consider all mandatory quality objectives and identify any additional quality objectives before moving on to the risk assessment process.
Auditors are already familiar with assessing risk during the planning phase for each audit engagement. The assessment of risk as it relates to a firm’s system of quality management is very similar. Much like the risk assessment of an audit must link to the procedures performed, the risk assessed regarding a firm’s system of quality management must link to the firm’s quality management policies and procedures.
Many of the practice aids that are available, including the tools published by the AICPA and Practitioners Publishing Company (PPC) outline the quality objectives established by SQMS 1 in a risk assessment summary grid. Using a published tool may be helpful with providing clear documentation of the firm’s risk assessment and linkage.
To add efficiency to the process, firms should begin by evaluating their current quality control document. It may be helpful to save a “working copy” of your current document and update it as needed while responding to the various risks identified. It is highly likely most firms already employ quality control documents that contain many appropriate risk responses, while others may need to be enhanced. Because there are eight components of quality management compared to six elements of quality control, firms will have to address the new components.
In the case of risk assessment related to achieving the quality objective related to engagement performance/consultation (see QM10.32d above), you’ll begin with the SQMS reference and the related quality objective. Then, you’ll identify the risk(s) related to the quality objective and respond. Current standards already require firms to document their policies and procedures around consultation, and the existing policies and procedures may be similar to what is outlined in the response below.
(To view the table, find it here.)
In this scenario, the time it took to document the quality objective, identify risk, and respond was fairly minimal. After the exercise has been completed for each QM component and the related quality objectives, you’ll want to ensure your QM policies and procedures are properly linked to the risk assessment. You will be required to produce evidence of the risk assessment to your peer reviewer, so clear documentation must be maintained.
Many firms have taken a team approach to the risk assessment process, which takes some of the burden from senior-level managers and partners and provides an opportunity to involve staff members in an important process. In addition, staff who perform the day-to-day work can typically provide the most insight related to risk.
The implementation date is another area of QM causing some confusion. The implementation date of Dec. 15, 2025, is mutually exclusive of engagement year-ends. For example, if you take on an audit with a Dec. 31, 2023, year-end and begin fieldwork after Dec. 15, 2025, you will still adhere to your system of quality management under SQMS 1, not the old system.
Once the QM system is established, its effectiveness must be routinely evaluated, and the evaluation documented and retained. This is different from the current quality control standard, as firms tend to rely on their peer review rather than perform formal monitoring inspections during peer review years. The QM system should be evaluated at least annually, even during peer review years. Please note, however, the evaluation of the QM system does not need to correlate with your firm’s peer review year-end.
As previously noted, the AICPA has published many resources to assist firms with implementing QM standards. Here are some helpful links:
Remember, your firm’s QM system is unique to your firm and will be an ongoing, fluid process. The system will change and evolve with your firm, and all firms performing accounting or auditing engagements will be required to maintain documentation supporting ongoing evaluation of their systems.
Rebecca Tres, CPA, is a partner at WellsColeman in Richmond, overseeing the firm’s assurance and peer review services. She is an active peer reviewer with more than 25 years of experience in public accounting and enjoys developing teams and mentoring students. Connect with her on LinkedIn.