“For ISQM 1, I’ve spoken to people I have never spoken to before, because I needed to get new information.”
This might require collaboration with business areas that are not traditionally involved in quality assessments. To succeed, teams will need to develop and maintain relationships with people who have many competing demands on their time. Ashton recalled that, “For ISQM 1, I’ve spoken to people I have never spoken to before, because I needed to get new information.”
Once you capture the risks unique to your firm, you still have more to do. This can mean tracing those risks across departments and charting their possibility of occurrence — and should they occur, the significance of their effect. This framework can then be used for ongoing tracking, testing and reporting.
An ongoing culture
ISQM 1 will prompt deeper engagement across your firm, because it stresses active ownership of the quality program. “It’s really extended to the firm’s culture,” Ashton said. “I think that’s something very unique that was brought into this standard, which is something that you wouldn’t have thought of from a quality control perspective in the past.”
Your system of quality management needs to include ongoing monitoring that may result in findings about your quality management. You need to be able to visually represent your risk and response relationships, and key findings, for discussion.
Steve Villani, Grant Thornton Audit Risk Management National Managing Partner, noted, “You need an observable and replicable process for meeting the standard, and the process needs to continually evolve. It is very difficult to manage that through spreadsheets, because of all the relationships, breadth and scope.”
The key to successful ISQM 1 preparation is to appreciate and adapt for the challenge that the new standard presents.