“One of the biggest challenges is that firms are trying to do this by leveraging existing resources and technology, and that’s very difficult — especially for smaller firms.”
“One of the biggest challenges is that firms are trying to do this by leveraging existing resources and technology, and that’s very difficult — especially for smaller firms,” said Grant Thornton Audit Quality and Risk Managing Director Marcy Johnson.
The work begins with designing the system. “The way that the standard is laid out, the objectives are there, but how they apply to each firm is going to be unique,” Johnson said. “It’s not just ‘Here are the ten things every firm needs to have and do.’ It’s ‘Here are things that firms need to be able to demonstrate they have done,’ and how you may go about them is going to be different.”
Your system of quality management needs to track your objectives, risks and responses. These relationships are unique for every firm. “The evaluation of the system of quality management is not as easy as a check-the-box exercise, because you may have many-to-many relationships across your risks and responses,” Johnson said, adding that Grant Thornton has identified hundreds of different risks and responses to map. Every firm needs to begin by acknowledging the complexity of its relationships, tracing all of its responses that address each risk and all of the risks addressed by each response.
Your system of quality management needs to document and track these relationships within your firm’s risk management process itself, as well as your governance, ethical requirements and other areas. To align your system with your governance and leadership area, for example, be sure to:
- Capture your governance commitment to quality.
- Capture how leadership is responsible for quality.
- Document a strategy and priorities that demonstrate commitment to quality.
- Show an organizational structure that demonstrates commitment to quality.
- Show resource plans and allocations that demonstrate commitment to quality.
- Show how you fulfil responsibilities per legal, regulatory and professional standards.
For the governance and leadership component within your system of quality management, the relationships might look like this: