Audit Quality Management: SQM1, EQCM & Compliance Framework [2026]

Published: March 18, 2026 | Category: Audit Procedures | Read Time: 16 minutes | Author: CORAA Team

---

Introduction

On June 30, 2026, all Indian audit firms must transition from ISA 220 to SQM1 (Service Quality Management 1)—ICAI's adapted quality management standard for India.

This isn't a minor change. It restructures how firms design, implement, and document quality control procedures.

SQM1 introduces:

• Entity-level quality management (firmwide quality objectives)
• Engagement-level quality management (per-engagement EQCM review)
• Continuous monitoring (ongoing quality assessment)
• NFRA defensibility (audit file documentation standards)

This pillar guide covers:

1. SQM1 Framework – What changed from ISA 220
2. Implementation Roadmap – How to transition your firm
3. EQCM Procedures – Engagement quality control review requirements
4. Lease Accounting Audits – SQM1 application to Ind AS 116
5. Related Party Transactions – SQM1 application to RP identification
6. NFRA Compliance – Documentation and defensibility

---

1. SQM1 Framework vs. ISA 220

What's New in SQM1?

Aspect	ISA 220	SQM1
Scope	Quality control for audits only	Quality management for all services (audit, review, agreed-upon procedures)
Responsibility	Engagement partner responsible	Firm & engagement partner both responsible
Monitoring	Periodic (annual reviews)	Continuous (throughout year)
Documentation	Memo and file review	Detailed quality management file
NFRA Focus	Point-in-time compliance	Year-round compliance evidence

Five Quality Objectives (SQM1)

SQM1 requires every firm to define quality objectives:

1. Competence

• Are engagement team members competent?
• Do they have audit experience?
• Are they appropriately trained?

2. Independence & Integrity

• Are there impairments? (client relationships, financial interests)
• Have RP transactions been identified?
• Has engagement team been screened?

3. Engagement Performance

• Are procedures being performed correctly?
• Is audit evidence sufficient and appropriate?
• Are ISA requirements being met?

4. Acceptance & Continuance

• Should we accept this client?
• Should we continue with this client?
• Are there red flags? (previous audit findings, compliance issues)

5. Monitoring

• Are quality procedures working?
• Are there breakdowns?
• Do we need corrective action?

---

2. Implementation Roadmap

Phase 1: Assess Current State (January 2026)

Inventory your processes:

• How do you currently manage quality? (ISA 220 procedures)
• What documentation exists?
• Where are gaps vs. SQM1 requirements?

Document findings:

• Gap analysis (SQM1 vs. current state)
• Priority areas (highest impact first)
• Resource requirements

Phase 2: Design SQM1 System (February 2026)

Define quality objectives:

• Write policy for each objective
• Document responsibility (who owns what?)
• Establish metrics (how will you measure?)

Example quality objective (Competence):

Policy: "All audit engagement partners have minimum 10 years' audit experience; all audit staff have completed annual continuing education (minimum 15 hours audit-related)."

Responsibility: HR + Partner

Metrics: Annual competence assessment; CE tracking

Define monitoring procedures:

• Ongoing (throughout year): Are procedures being performed?
• Periodic (annually): Are procedures working?
• Corrective action: What happens if quality breaks down?

Phase 3: Implement SQM1 (March–May 2026)

Train staff:

• Partners, managers, and staff on SQM1 procedures
• New engagement checklists
• Ongoing monitoring requirements

Rollout procedures:

• Implement engagement-level EQCM
• Configure monitoring procedures
• Document in audit manual

Pilot with new engagements:

• First few engagements under SQM1
• Refine procedures based on feedback
• Identify training gaps

Phase 4: Transition Existing Engagements (June 2026)

For ongoing clients:

• Apply SQM1 procedures to June 30 transitions
• Document transition in engagement files
• Communicate changes to clients (if needed)

Deadline: June 30, 2026

• All audits must use SQM1 (ISA 220 no longer permitted)
• All documentation must reflect SQM1 procedures

---

3. EQCM Procedures

What is EQCM?

EQCM = Engagement Quality Control Review

An independent review (typically by senior partner) ensuring:

• Engagement team has performed appropriate procedures
• Audit evidence is sufficient
• Auditor conclusions are supported
• No significant quality issues exist

When EQCM is Required (SQM1)

All audits require EQCM, except:

• Small engagements (revenue <₹1 crore, no public interest)
• Low-risk clients (stable business, no control issues)

(Even low-risk engagements benefit from EQCM; SQM1 allows discretion based on firm risk assessment)

EQCM Procedure Steps

Step 1: Reviewer Assignment

• Independent partner assigned (not engagement partner)
• At least 5 years' relevant audit experience
• No independence impairments

Step 2: Reviewer Access

• Access to full audit file
• Access to financial statements and disclosure notes
• Access to audit procedures and evidence
• Access to management representations

Step 3: Review Scope

The reviewer assesses:

Quality of Engagement Team:

• Were team members appropriate for engagement complexity?
• Did team have necessary audit experience?
• Did team understand SQM1 requirements?

Sufficiency of Audit Procedures:

• Were risk areas adequately covered?
• Did procedures align with identified risks?
• Did team obtain sufficient audit evidence?

Appropriateness of Audit Conclusions:

• Do conclusions flow from evidence?
• Are exceptions properly investigated?
• Are adjustments appropriate?

Significant Judgments:

• Complex technical areas (revenue recognition, lease classification, contingency assessment)
• Areas requiring auditor judgment
• Areas with management disagreements

Compliance with Standards:

• Do procedures comply with ISAs?
• Are disclosure requirements met (IAS 1, etc.)?
• Are client-specific considerations documented?

Step 4: Reviewer Documentation

EQCM Memo documents:

• Procedures performed by reviewer
• Significant issues identified
• Resolution of issues
• Reviewer conclusion

Example EQCM Memo (Excerpt):

Issue 1: Revenue Recognition Complexity

Observation: Revenue testing included complex contracts with multiple performance obligations.

Procedures: Reviewed revenue testing workpapers; traced sample contracts to revenue recognition policy; verified management's assessment of performance obligations.

Conclusion: Revenue testing adequate; recognitions appropriate per IAS 115.

Status: No exception

---

4. Lease Accounting Audits (Ind AS 116 + SQM1)

SQM1 Application to Lease Testing

Quality Objectives Applied to Lease Audits:

1. Competence

• Does engagement team understand Ind AS 116?
• Have they received lease accounting training?
• Has firm documented lease accounting competence?

2. Engagement Performance

• Were embedded leases identified? (supply agreements, facility agreements)
• Were ROU assets and liabilities calculated correctly?
• Were disclosures complete?

3. Monitoring

• Are lease testing procedures being performed consistently?
• Are common errors being caught (finance vs. operating classification)?
• Are NFRA findings on lease accounting being reduced?

Common Lease Audit Issues

Issue 1: Embedded Leases Missed

• Supply agreements include equipment use (embedded lease)
• Not identified by auditor (service vs. lease misclassification)
• NFRA finding: Accounting treatment incorrect

Fix (SQM1): Design procedures to catch embedded leases:

• Contract language screening (NLP for lease keywords)
• Supply agreement review (identify equipment use clauses)
• Performance of supplementary lease classification test

Issue 2: ROU Calculation Errors

• Lease payments miscalculated
• Discount rate applied incorrectly
• ROU asset or liability amounts wrong

Fix (SQM1): Implement control procedures:

• Review lease assumptions (is discount rate appropriate?)
• Recalculate ROU on sample (verify calculations)
• Compare prior year ROU changes (for consistency)

Issue 3: Disclosure Incompleteness

• Lease commitments not disclosed
• Lease payment schedule incomplete
• Related party lease information omitted

Fix (SQM1): Design disclosure procedures:

• Extract all leases from testing file
• Verify disclosure includes all leases identified
• Check disclosure completeness (Schedule 4 Ind AS 116 requirements)

Read more: Lease Accounting Audit (Ind AS 116): Testing & Verification Procedures

---

5. Related Party Transaction Procedures (SQM1)

SQM1 Application to RP Identification

Quality Objectives Applied to RP Testing:

1. Competence

• Does team understand what constitutes "related party"?
• Has firm documented RP policies?
• Is RP identification trained for all staff?

2. Independence

• Have we assessed RP relationships with our firm?
• Are there audit independence concerns?
• Have we documented any impairments?

3. Engagement Performance

• Have all RPs been identified?
• Have RP transactions been tested?
• Are RP disclosures complete?

Common RP Audit Issues

Issue 1: RPs Missed

• Associate or joint venture not identified as RP
• Key management personnel family relationships not disclosed
• Post-balance-sheet RP relationships not considered

Fix (SQM1): Implement systematic identification:

• RP identification questionnaire (comprehensive)
• Cross-check with board minutes and management certifications
• AI pattern detection (round-trip payments, related amounts)

Issue 2: RP Transaction Under-Testing

• RP transactions tested on same basis as third-party
• Specific RP audit procedures not performed
• Related party pricing not verified

Fix (SQM1): Design RP-specific procedures:

• Test RP transactions at lower thresholds
• Verify arm's length pricing where applicable
• Assess RP disclosures per IAS 24

Issue 3: RP Disclosure Gaps

• Nature of RP relationship not disclosed
• Transaction amounts incomplete
• Terms and conditions not disclosed

Fix (SQM1): Design disclosure procedures:

• Extract all identified RPs
• Map to financial statement disclosures
• Verify completeness per IAS 24

Read more: Related Party Transaction Procedures: AI + Manual Verification

---

6. NFRA Compliance & Defensibility

What NFRA Expects to See

When NFRA reviews an audit file, they look for SQM1 compliance:

1. Quality Management File

• SQM1 quality objectives documented
• Engagement-level EQCM documented
• Monitoring procedures documented

2. EQCM Memo

• Independent partner review
• Significant issues identified and resolved
• Reviewer conclusion documented

3. Engagement File

• Reference to SQM1 procedures applied
• Evidence of quality procedures performed
• Documentation that procedures were supervised

4. Compliance Procedures

• Acceptance/continuance assessment documented
• Independence confirmation obtained
• Training/competence requirements met

Sample NFRA Questions

Question 1: SQM1 Implementation

NFRA: "Did the firm implement SQM1 by June 30, 2026?"

Your evidence: Quality management file; training records; engagement file EQCM memos

Question 2: Quality Procedures

NFRA: "Were quality procedures applied to this engagement?"

Your evidence: EQCM memo; reference in audit file; monitoring documentation

Question 3: EQCM Review

NFRA: "Who performed the engagement quality review? Were they independent?"

Your evidence: EQCM memo; reviewer name; confirmation of independence

---

SQM1 vs. ISA 220: Transition Checklist

• Quality objectives documented (Competence, Independence, Performance, Acceptance/Continuance, Monitoring)
• Entity-level quality system designed (policies, procedures, documentation)
• EQCM procedures documented (who, when, scope, documentation)
• Staff trained on SQM1 (partners, managers, audit staff)
• Engagement files updated (SQM1 references, EQCM memos)
• Monitoring procedures designed (ongoing, annual, corrective action)
• Audit manual updated (SQM1 procedures documented)
• Client communications updated (if needed)
• June 30, 2026 transition complete (all engagements use SQM1)

---

Key Takeaways

1. SQM1 replaces ISA 220 on June 30, 2026. All Indian audit firms must transition. No extensions.

2. Quality management becomes entity-wide. SQM1 applies to all services (not just audits).

3. EQCM becomes mandatory. Independent partner review required for all audit engagements (with limited exceptions).

4. NFRA expects SQM1 compliance. Audit files will be reviewed for SQM1 procedures, EQCM documentation, and quality evidence.

5. Competence and monitoring are critical. SQM1 emphasizes team competence, continuous monitoring, and corrective action.

6. Five quality objectives guide everything. Competence, Independence, Engagement Performance, Acceptance/Continuance, Monitoring.

---

Related Blog Posts

• SQM1 Implementation Roadmap: ISA 220 to Compliance [2026]
• EQCM: Engagement Quality Control Review Procedures
• Lease Accounting Audit (Ind AS 116): Testing & Verification Procedures
• Related Party Transaction Procedures: AI + Manual Verification

---

About CORAA

CORAA helps Indian audit firms implement SQM1 and EQCM procedures. From quality management system design to engagement-level quality control review, reduce quality issues, improve NFRA defensibility, and ensure June 30, 2026 compliance.

Learn more: Visit our website

---

Sources

• ISA 220: Quality Management in Audits of Financial Statements
• SQM1: Service Quality Management (ICAI Standard for India)
• Ind AS 116: Leases
• Ind AS 37: Provisions, Contingent Liabilities and Contingent Assets
• IAS 24: Related Party Disclosures