Hello there!

The new quality management standards SQMS 1, QC 1000, and CSQM 1, are a step in the right direction for the profession. They bring structure, clarity, and a proactive mindset to how CPA firms manage quality.

On paper, these standards are well-organized and easy to follow.

But when it comes to putting them into practice?

That’s where things get tricky and, trust me, very hard!

From Quality Control to Quality Management

In the past, CPA firms operated under standards that were largely reactive.

These older frameworks emphasized quality control, which typically meant checking compliance after the fact - after an engagement tanked, after a staff mistake, or after a complaint logged.

The new standards shift this entirely.

Now, firms are expected to build a System of Quality Management (SoQM) that is proactive - one that anticipates and addresses risks before they escalate in to giant issues.

This requires an ongoing and firm-wide effort to understand where things can go wrong and to actively prevent them.

So, what exactly must you manage?

The answer is: Risk - more specifically, Quality Risks.

These are the things that threaten your firm's ability to deliver quality services consistently. The new standards want firms to look ahead and build systems that can manage these risks - not just react when things fall apart.

Let’s use a simple example to bring this to life:

Say your firm uses outdated engagement templates that don’t reflect current professional standards.

That’s a risk.

What is a Quality Objective?

Quality Objectives are the goals your firm must meet to demonstrate that it has a functioning, effective SoQM.

They aren’t generic.

Instead, they’re defined (in the standards), detailed and span various dimensions of your firm’s operations, such as leadership, HR, client acceptance, ethics, technology, and engagement execution, to name a few.

If you're not meeting these objectives, your system isn’t working.

For example:

  • Your engagement work should consistently meet professional standards.

  • You should have a reliable process to screen and onboard only appropriate clients.

  • Your staff should be properly trained and supervised.

  • Your tools and resources (like templates) should be up to date and effective

In our earlier example, if outdated templates are being used, you’re likely failing to meet the objective around engagement quality.

And, what is a Quality Risk?

This is the opposite of a Quality Objective.

It’s what can stop you from achieving those objectives.

A Quality Risk is anything that could lead to substandard work, a breach of professional standards, or the failure of your system to operate as designed and intended.

What makes this tricky is that the standards don’t actually define what a Quality Risk is. That’s left to each firm to figure out - based on its size, structure, services, and environment.

So again, using outdated templates isn’t just a workflow issue — it’s a Quality Risk because it can cause engagement teams to miss key updates to audit or assurance standards.

How do you manage Quality Risks?

You manage them by taking action, and these are called responses.

Basically, these are specific actions your firm takes to mitigate those risks.

There are three broad categories:

Policies: High-level statements of intent (e.g., “We ensure all templates are updated annually”). 

Procedures: Step-by-step actions to carry out those policies (e.g., “The quality lead reviews templates every July”). 

Controls: Mechanisms to enforce those procedures (e.g., “The system blocks use of templates older than 12 months”).

Here’s how it all connects:

➡ A response addresses a ➡ Quality Risk, which is tied to a ➡ Quality Objective, which is defined in the standards.

By updating your templates on a schedule and ensuring they’re reviewed before use, you reduce the risk of outdated content leading to non-compliance.

Sounds easy? Not quite.

At a surface level, this all makes sense and seems easy to achieve.

But firms quickly realize that designing a comprehensive SoQM, then implementing, operating, monitoring, and evaluating it is much more difficult in practice.

Here’s why:

  • The system must be tailored to your firm’s size, complexity, and services.

  • It must be operational, not theoretical - people have to actually follow it.

  • It must be updated continuously as risks evolve and standards change.

  • It must be monitored with evidence to show that it works.

  • Finally, all of this culminates into the firm's self-assessment (reporting).

  • And it must constantly adapt to based on how your firm and its circumstances evolve.

If your firm grows rapidly, and suddenly the templates no longer fit your service model, you’ve just introduced a new Quality Risk — and the system must adapt quickly.

Frequently Asked Questions

Here’s the FAQ for this issue:

Why do many firms struggle with their System of Quality Management?

Despite the clarity in the new standards, many firms still treat quality management as:

  • A paper exercise

  • A document nobody reads

  • A burden owned by one person or department

  • A compliance cost, rather than a value-addition

This mindset leads to superficial systems that may pass initial scrutiny but fail when pressure builds, whether that’s from regulatory changes, complex engagements, or rapid firm growth.

The firms that will succeed

Successful firms will be the ones who take ownership of quality management, not as an obligation, but as a strategic asset.

These firms:

✔ Design a SoQM that is integrated into daily operations,

✔ Invest in staff training and culture around quality (we'll talk about this in a later issue),

✔ Use technology to automate monitoring and controls,

✔ See quality as a strategic advantage, not just a cost!

By embedding the template review and approval process into a broader digital workflow or a simple SharePoint, for instance, a firm turns a quality risk into a proactive strength.

Final thought

The new standards give us a solid flight map, but they don’t fly the plane.

That’s up to you.

Implementing SQMS 1, QC 1000, and CSQM 1 isn’t just about writing policies. Instead, it’s about shifting not just your own mindset, but also how your entire firm thinks and operates around quality.

It’s not easy.

But it’s doable — with the right mindset, tools, and support.

The Quality Management Standards can be a real game-changer for your firm, IF you use them the right way.

How would you rate this newsletter issue?

Select an option below based on the value you received from this newsletter issue. along with any resources provided.

Login or Subscribe to participate

Well, that's it for now — hope you found this useful.

If you've any feedback or questions, write to me at [email protected], and I will personally respond to your email.

Until next time,

Athreya

Join us for the full experience.

Thanks for reading this issue of The AQRM Compass.

If you would like to try our affordable, yet powerful AQRM technology and consulting solutions, get started here.

Professional Disclaimer:

This email is intended as a professional outreach and knowledge sharing initiative that is consistent with applicable CPA Codes of Professional Conduct. If you prefer not to receive any further communications, please "unsubscribe" using the link below or email us, and we will immediately remove you from our list. Audimatiq Consulting Inc. is an independent consulting services, learning, thought leadership and technology solutions provider to CPA firms. We do not offer audit, review, or any type of assurance services and are not a registered CPA firm. ​Read our full disclosure here​.

Keep Reading

© 2026 The AQRM Compass.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv