Reviewing the Firm’s

System of Quality
Management (SOQM)

October 2023

For Crowe Global member firm internal use only.

Reviewing the SOQM 1

Reviewing the SOQM

The SOQM review is an evaluation of:
• Compliance with ISQM 1
• The design, implementation and effectiveness of the elements of the SOQM.

An effective review SOQM checklist will:

• Cover all the components of the SOQM, and all the relevant requirements for each
component.
• Include any additional relevant jurisdiction-specific requirements.
• Enable (and document) separate conclusions regarding the design, implementation and
effectiveness of all components of the SOQM.
• Be formulated in terms of clear non-ambiguous positive statements/questions.
• Take a consistent approach (i.e., ‘No’ will always be the ‘bad’ evaluation).
• Require written amplification (especially where the ‘No’ evaluation is given for a
question/statement).
• Limit the possibility of N/A to those issues where non applicability is a genuine option.
• Require the awarding of scores.

It is possible to review an SOQM without using a checklist but that would be extremely difficult and
inefficient and would give rise to completeness, accuracy and documentation risks. Most regulators
expect to see the use of checklists in monitoring reviews. However, it is important to note that few
regulators would be entirely satisfied with a checklist that required no written amplification and
restricted itself to ticking boxes.
In some jurisdictions, there is a regulatory requirement to use checklists produced or approved by the
regulators. Where this is the case, the firm must consider whether any additional evaluation needs to
be performed and documented and if so, the firm must provide a checklist to cover the performance
and documentation of the additional required work.
The reviewer must perform specific review activities, for example:
• Enquiry,
• Observation,
• Examination of completed documentation (perhaps on a sample basis).

The reviewer will also ordinarily make observations during either the preliminary procedures or the file
reviews. As noted in a separate guide (Reviewing a File), file reviews are an integral part of the
SOQM review, even though they may be done at different times and by different reviewers. The
reviewer may, depending on the structure of the monitoring process, need to consult with other (file)
reviewers and read their reports to help inform the completion of the SOQM evaluation.
Specific SOQM review activities may include (but need not be restricted to):
• Talking to the person/people with operational responsibility for e.g., SOQM, Learning and
Development, recruitment, ethical dilemmas, dispute resolution, Monitoring and Remediation
process;
• Reading the information within the SOQM documentation and considering whether:
o Objectives have been truly established.
o All relevant risks have been identified and appropriately assessed with sufficient
appropriate justification.
o Appropriate responses that might mitigate identified assessed risks have been
appropriately designed and implemented and are effective in operation.
• Reviewing (on a sample basis) items as appropriate which may include but may not be limited
to:

© 2023 Crowe Global www.crowe.org

Reviewing the SOQM 2

o Learning and Development plans

o CPD records
o Appraisal forms
o Independence forms
o Client acceptance forms
o Differences of opinion forms
o Consultation requests and conclusions
o Documentation relating to ethical dilemmas
o Documentation relating to Service Provider evaluation
o RCA documentation
o Action Plans
o Firm communications
o Previous review reports both internal and external where available.

In some firms, the person with operational responsibility for the Monitoring and Remediation process
may be the person conducting the SOQM review. Where this is the case, if possible, a different
reviewer should perform the evaluation of the design and implementation of the Monitoring and
Remediation process.

When making observations, the reviewer may consider issues including (but not restricted to):
• Overall:
o Have Objectives been tailored to the Firm’s nature and circumstances?
o Are all the Objectives you might expect to see actually there?
o Have all relevant Risks been identified?
o Are risk assessments sensible and supported?
o Have all identified Risks been appropriately linked to all the Objectives they might
impact?
o Do you believe selected Response elements are likely to mitigate identified and assessed
Risks?
o Have all mandatory Objectives and specified responses been incorporated appropriately
within the SOQM?
o Does the whole thing hang together?

• Risk Assessment Process:

o Has the Firm tailored its SOQM to match its own nature and circumstances rather than
being generic?

• Governance and Leadership:

o Has the firm actioned recommendations from previous reviews (internal, network level,
regulatory)?
o Has the firm prepared a Root Cause Analysis of previous review findings?
o If there is an RCA, has it been used to inform the firm's Action Plan following the previous
reviews?
o Does the firm have an appropriate Action Plan?
o If there is an Action Plan has it been implemented?
o If the audit methodology/tool has been identified as having issues in the past has
anything been done about it?
o Is there leadership by example in terms of CPD?
o Is the Quality function within the firm accorded the respect it deserves?
o Is the Quality function within the firm allocated the resources that it requires?

© 2023 Crowe Global www.crowe.org

Reviewing the SOQM 3

o Does the tone at the top roar like a lion or whisper like a mouse?

• Ethical Requirements:
o If there are any ethical dilemmas evident on any engagement files, were they handled in
an appropriate way?

• Acceptance and Continuance:

o Is there evidence on completed engagement files that procedures are implemented (and
effective)?
o Do the procedures actually in use match the procedures documented in the SOQM?
o Are appropriate members of engagement teams handling acceptance/continuance
issues?

• Engagement Performance:
o Is there evidence in reviewed completed engagement files that the methodology (or the
use of it in practice) is fit for purpose?
o Is direction, supervision and review done properly?
o Do engagement time budgets include sufficient time for DSR?
o Is scepticism evidenced sufficiently and appropriately?

• Resources:
o Is there evidence in the completed engagement files that Learning and Development is
effective (i.e., that there are no common issues that crop up again and again and never
seem to be resolved/improved)?
o Is there evidence that recruitment is effective (i.e., that staff are suited to their roles)?
o Are learning and development plans outcome based?
o Do learning and development plans flow from the firm's root cause analysis of previous
review findings?
o Are meaningful evaluations of Service Providers and the services they provide
performed?

• Information and Communications:

o Is there evidence that communications reach those they are intended to reach?
o Is there evidence that people are getting the information they need in the way that they
need it at the time they need it?

• Monitoring:
o Do previous review reports and documentation indicate that the quality of reviewers is
sufficient?
o Are reviewers reaching conclusions which are appropriate in the circumstances?
o Where an oversight function exists, does it seem to be working?
o Where they have taken place, have regulatory or network level reviews been positive
about the monitoring process?

• Remediation:
o Are RCA exercises meaningful (i.e., not cosmetic)?
o Do RCA exercises address all relevant deficiencies?
o Do RCA conclusions flow through to the Action Plan?
o Is there buy-in from the Firm and its staff?

© 2023 Crowe Global www.crowe.org

Reviewing the SOQM 4

• Network Requirements or Service:

o Is there evidence that communications between the Firm and the network and the Firm
and other member Firms are conducted appropriately?
o Is the Firm evaluating Network Requirements and Services appropriately before
incorporating them in the SOQM?

© 2023 Crowe Global www.crowe.org

Contact Information
David Chitty
International Accounting
& Audit Director
[email protected]

For Crowe Global member firm internal use only.

Crowe Global is a leading international network of separate and independent accounting and consulting firms that are licensed to use “Crowe” in connection with the provision
of professional services to their clients. Crowe Global itself is a non-practicing entity and does not provide professional services to clients. Services are provided by the
member firms. Crowe Global and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions.
© 2023 Crowe Global