An Overview of AICPA Quality Control Standards

The American Institute of Certified Public Accountants (AICPA) establishes a framework of quality control standards for its members. These standards guide Certified Public Accountant (CPA) firms in the competent and ethical execution of professional duties like audits, reviews, and compilations. The purpose is to ensure firms deliver high-quality work, which helps maintain public confidence in the accounting profession. This system provides a structure for managing practices by setting expectations for how services are planned, performed, and supervised, creating a culture of quality throughout the firm.

The Six Elements of a System of Quality Control

Historically, the AICPA’s quality control system was organized around six fundamental elements. These elements provide a structure for CPA firms to meet their professional responsibilities and are designed to work together as an integrated system. For example, strong leadership promotes adherence to ethical requirements, which influences client acceptance and personnel management. The effective application of these elements provides reasonable assurance of conforming with professional standards.

Leadership Responsibilities for Quality (“Tone at the Top”)

The concept of “tone at the top” refers to the responsibility of a firm’s leadership to establish an internal culture that prioritizes quality. Leaders must demonstrate a clear commitment to high-quality work that is not compromised by commercial considerations like deadlines or budgets. This involves assigning ultimate responsibility for the quality control system to a specific individual or group. Leaders are also expected to create policies that reward high-quality work and provide the necessary resources for personnel to meet professional standards.

Relevant Ethical Requirements

This element requires firms to establish policies ensuring compliance with all relevant ethical requirements, including independence, integrity, objectivity, and confidentiality. For attest engagements like audits and reviews, independence is of particular importance. Firms must have robust systems to ensure they and their staff are free from conflicts of interest, often using annual independence questionnaires to identify any financial or family relationships that could impair objectivity.

Acceptance and Continuance of Client Relationships

Firms must have procedures for deciding whether to accept a new client or continue serving an existing one. This process involves evaluating the integrity of the client’s management, the firm’s ability to perform the engagement competently, and its capacity to comply with legal and ethical requirements. Before accepting a new client, a firm may perform background checks and communicate with the predecessor auditor. For existing clients, firms conduct periodic re-evaluations to determine if there are reasons to terminate the relationship.

Human Resources

The quality of a firm’s work depends on the competence of its people. This element addresses policies for hiring, professional development, performance evaluation, and assigning personnel to engagements. Firms must recruit qualified individuals and provide them with the necessary training and continuing professional education (CPE). Engagements must be staffed with a team that collectively possesses the appropriate technical knowledge, and firms must have a system for supervising work and providing timely feedback.

Engagement Performance

This element focuses on the execution of engagements, requiring firms to establish policies ensuring work is planned, performed, supervised, and reviewed properly. This includes having clear guidelines for documenting the work performed and the conclusions reached. A key aspect is the review process, where work by less experienced staff is reviewed by more experienced team members. Firms are also required to have a consultation process for complex issues, allowing teams to seek guidance from designated experts.

Monitoring

The final element involves the ongoing evaluation of the firm’s system of quality control. Firms must have a monitoring process to provide reasonable assurance that the policies for the other five elements are suitably designed and effectively applied. This internal inspection can include reviewing a selection of completed engagements to assess compliance. Any identified deficiencies must be evaluated, and the firm must take appropriate remedial action to correct the issues and improve the system.

The Shift to New Quality Management Standards

The landscape of quality control has evolved with new standards issued by the AICPA, moving from a policies-based approach to a dynamic quality management system. The new framework is outlined in Statement on Quality Management Standards (SQMS) No. 1, A Firm’s System of Quality Management, and SQMS No. 2, Engagement Quality Reviews. These standards, effective for implementation by December 15, 2025, require firms to adopt a proactive, risk-based approach.

The core of the new standards is a risk assessment process. Under SQMS No. 1, firms must establish quality objectives and then identify and assess the risks that could prevent them from achieving those objectives. The firm must then design and implement responses to mitigate the identified risks. This process moves firms from passive compliance toward active management of quality.

SQMS No. 1 organizes the system around eight components, which add a formal risk assessment process and an information and communication component to familiar elements. A new requirement is that firm leadership must annually evaluate the system and conclude on its effectiveness.

SQMS No. 2 provides specific guidance on engagement quality reviews (EQRs). An EQR is an objective evaluation of the significant judgments made by the engagement team and the conclusions reached. SQMS No. 1 requires firms to determine when an EQR is an appropriate response to a quality risk, while SQMS No. 2 details the requirements for the reviewer’s eligibility and the performance of the review.

The Peer Review Process

The peer review process is the primary external monitoring mechanism for CPA firms, ensuring their quality management systems are effectively designed and followed. It is a mandatory evaluation of a firm’s accounting and auditing practice conducted by another independent CPA firm every three years for firms that are members of the AICPA and perform attest services. The program is intended to provide assurance to the public that a firm is adhering to professional standards.

There are two main types of peer reviews, and the one a firm undergoes depends on the level of assurance provided by its engagements.

System Reviews

A System Review is the more comprehensive type and is required for firms that perform engagements under the Statements on Auditing Standards (SASs) or Statements on Standards for Attestation Engagements (SSAEs), such as audits. This review involves an in-depth study of the firm’s system of quality management to assess if it is appropriately designed and if the firm complied with its policies during the one-year review period. The process includes interviewing personnel, examining administrative files, and reviewing a sample of high-risk engagements.

Engagement Reviews

An Engagement Review is less in scope and is for firms that do not perform audits but do perform services like compilations or reviews. The objective is to evaluate whether specific engagements are performed and reported on in conformity with professional standards by looking at a sample of engagement files. Unlike a System Review, this does not include an evaluation of the firm’s overall system of quality management, focusing instead on the final work product.

The outcome of a peer review is documented in a report. For a System Review, the potential outcomes are a “pass,” “pass with deficiencies,” or “fail,” indicating the health of the firm’s system. If deficiencies are found in any type of review, the firm is required to take corrective action.