CPA firms and professionals are adapting to new quality management requirements under the AICPA Statement on Quality Management Standards No. 1 (SQMS 1), which introduces a more comprehensive approach to quality management.
SQMS 1 moves beyond the policy-based approach of SQCS No. 8, requiring firms to develop a risk-based approach that identifies quality objectives and risks, implements appropriate responses, and supports continuous monitoring and improvement. The standard emphasizes a risk-based approach where firms tailor their quality management systems to their specific circumstances and client bases.
With a required implementation date of December 15, 2025, firms have an opportunity to strengthen their quality processes and better manage risks across their practices. Rather than viewing SQMS 1 as an administrative or compliance function, firms can leverage the implementation process to evaluate and improve their existing quality systems.
Whether you’re a sole practitioner or part of a multi-office firm, this guide will help you understand what SQMS 1 really means, why it matters, and most importantly, how to implement it effectively in your unique environment.
Jump to ↓
What is SQMS 1?
SQMS No. 1, A Firm’s System of Quality Management, brings a new approach designed to help firms meet their quality objectives. It requires each firm to establish and operate a system of quality management tailored to its nature and circumstances.
SQMS 1 consists of:
- Eight interrelated quality components
- Quality objectives within each quality component
- Non-component requirements to establish expectations for maintaining and carrying out the eight components and establish the framework for the system: including network requirements, documentation, and applying and complying with relevant requirements.
- It applies broadly to firms performing audits, reviews, compilations, preparations, and attestation engagements. It also supersedes the former quality control standard, SQCS No. 8, and separates firm-level requirements by establishing a separate standard for the engagement quality review process, (SQMS 2). Finally, it helps set the stage for the engagement-level quality requirements (SAS 146 , SSARS 26, and SSAE 23), which are effective for engagements with periods beginning on or after December 15, 2025.
Key shifts in quality approach
It’s important to keep in mind that shifting from system of quality control to a system of quality management is not a “find-and-replace” exercise. At its core, what firms previously knew as the system of quality control moves standards away from an engagement focus, to a systems focus. While many concepts may seem familiar, there are changes in definitions and requirements that require more robust documentation and an (at least) annual evaluation of the firm’s system of quality management.
The new framework organizes quality through the eight interrelated quality components of (Risk Assessment Process, Governance and Leadership, Relevant Ethical Requirements, Acceptance and Continuance, Engagement Performance, resources, Information and Communication, and Monitoring and Remediation). This underscores the notion that quality isn’t a checklist, but a system that serves as a framework for quality. Four components will likely drive the most significant and time-consuming change:
- Risk assessment process: A new firm-level risk assessment process that links quality objectives to risks and responses.
- Governance and leadership: Clear accountability for quality at the top, with leadership actions, resource allocation, and behaviors expected to reinforce a culture of quality.
- Resources (expanded): Coverage now extends beyond “human resources” to include technological, intellectual, and other service providers that support your system. Expect more documentation around tools, training, methodologies, and vendors.
- Monitoring and remediation: A stronger expectation to identify issues, perform root cause analysis, and remediate, shifting the focus from one-off engagement fixes to system improvement.
Across these components, the standard raises the bar on documentation, partner involvement, accountability, and continuous monitoring and improvement. This is moving from “doing” to “prove that you did, and that it worked.”
The risk-based framework
SQMS 1’s risk assessment involves a three-step process:
Step 1: Establish quality objectives (the standard provides a starting set).
Step 2: Identify and assess quality risks by considering both likelihood and impact of the risk, before considering your existing responses.
Step 3: Design and implement responses, including specified responses required by the standard, and evaluate whether they operate effectively. Responses can address multiple risks and can operate at the firm or engagement level.
Tailoring is important: your client mix, industries, technology, business model, staffing, and network affiliations (if applicable) all influence risk and the responses you will need. Some firms develop a risk rating system (e.g., low/medium/high) to help with the analysis, although the standard itself neither endorses nor precludes a firm from doing so.
 |
|
Getting started: Your next steps for SQMS 1
As organizations adapt to the evolving requirements of SQMS 1, understanding the expanded scope and practical application of the standard becomes crucial. The following section outlines key changes, core processes, and actionable next steps for successful implementation.
- Assign responsibility: SQMS 1 defines both “ultimate responsibility” and “operational responsibility” to be assigned. Make accountability explicit and update the system of quality management as roles and personnel change.
- Build your plan to finish: There is not much time remaining to build out the firm’s system of quality management, test it, train the firm, and coordinate with peer review as needed. Consider building a timeline or Gantt plan to back into the December 15, 2025 deadline.
- Inventory what you already have: Collect existing policies, procedures, training, tools, checklists, and vendor resources. Map them to relevant quality objectives as applicable.
- Map risks to responses and identify gaps: For each quality objective, articulate the risk of not achieving it and assess whether your current responses are sufficient. Flag where you need new or enhanced responses.
- Document everything: Your peer reviewer will expect clear linkage from objective → risk → response, plus evidence of operation and remediation.
- Train leadership and engagement teams: Partners must be “suitably and adequately involved” — earlier and more visibly — and teams need to understand new expectations across planning, review, and professional skepticism.
- Communicate with your peer reviewer early: Align on expectations, timing, and evidence so there are no surprises.
Building a robust quality management system often benefits from a thoughtful and structured approach, where quality principles are integrated into all aspects of a firm’s operations. When objectives, risks, and responses are in alignment, it can naturally encourage a culture of ongoing improvement and greater long-term resilience.
Consider these tools and resources as you prepare:
- The PPC Guide to Quality Management: Updated materials for SQMS 1 and 2—including checklists, and implementation guidance—to help you see the “before and after” and accelerate customization to your firm. The guide also includes:
- Example policies and procedures for both sole proprietors and small to midsize firms
- An example risk assessment grid
Training opportunities: AuditWatch Training Solutions offers a 6-hour course to provide firms with practical advice for developing a timeline, building out their risk assessment, and preparing for implementation.
- AICPA’s Quality Management Page: This comprehensive resource offers in-depth information on the new standards, essential for understanding and implementing changes.
Charting your firm’s path forward
As firms navigate the evolving landscape of quality management, embracing SQMS 1 marks a pivotal move from incremental engagement-level fixes to a comprehensive, forward-looking system.
By getting started now — assigning owners and responsibilities, mapping risks and responses, upgrading documentation, and embedding consistent training and remediation into your firm’s culture — you lay the groundwork for continuous improvement and resilience. The resources highlighted above, including practical tools, policies, and training opportunities like AuditWatch, can accelerate your journey and help you meet upcoming deadlines with confidence.
Want to learn more? Don’t miss the rest of our blog series as we unpack the new standards and offer actionable insights to support your firm’s success.
Ready to enhance your expertise with specialized training sessions? Seats are still available for AuditWatch’s “Navigating the New Quality Management Standard.” Register for one of the virtual classes from AuditWatch Training Solutions.
|
|
