India SQM 1 vs Global ISQM 1: How India's Audit Quality Standards Compare [2026]
Published: March 24, 2026 | Category: Audit Standards | Read Time: 18 minutes | Author: CORAA Team
Introduction: India's Late but Decisive Move to Quality Management
On October 14, 2024, the Institute of Chartered Accountants of India (ICAI) formally adopted the Standard on Quality Management 1 (SQM 1), making it mandatory for all audit firms from April 1, 2026. Globally, the International Standard on Quality Management 1 (ISQM 1), issued by the International Auditing and Assurance Standards Board (IAASB), became effective on December 15, 2022.
India is approximately 3.5 years behind the global effective date.
That gap matters. Over 70 jurisdictions have already adopted or converged with ISQM 1. The Big Four and mid-tier international networks have been operating under ISQM 1 since late 2022. Indian CA firms — particularly those with cross-border clients, international affiliations, or audits of listed entities — now face a compressed timeline to design, implement, and evaluate a quality management system that much of the world has already been running for years.
This post provides a direct, clause-level comparison of India's SQM 1 with the global ISQM 1. It covers what changed from SQC 1, where India has adapted the global standard, how enforcement differs across jurisdictions, and precisely what firms must do before the April 2026 deadline.
If you are looking for a complete SQM 1 implementation walkthrough, see our SQM 1 & EQCM Complete Guide. For the engagement-level transition from ISA 220, see our ISA 220 vs SQM 1 Transition Guide.
What Changed: From Quality Control to Quality Management
The SQC 1 Era (2009-2026)
India's SQC 1 (Standard on Quality Control 1), effective since 2009, was based on the old ISQC 1. It was a compliance-oriented standard: firms documented policies, performed annual file reviews, and maintained independence records. The standard was largely reactive — issues were identified after the fact, during periodic inspections or peer reviews.
SQC 1 had three fundamental limitations:
- No structured risk assessment. Firms were not required to identify and assess specific quality risks. Policies were generic.
- Minimal monitoring requirements. An annual inspection cycle was sufficient. There was no obligation for ongoing, real-time monitoring.
- No firm-level quality objectives. The standard focused on procedures rather than outcomes. A firm could be procedurally compliant and still have systemic quality failures.
The SQM 1 Paradigm Shift
SQM 1 (and its global counterpart ISQM 1) replaces the reactive compliance model with a proactive, risk-based quality management system. The shift is structural, not cosmetic.
Under SQM 1, the firm must:
- Set quality objectives — define what the quality management system is designed to achieve.
- Identify and assess quality risks — determine what could prevent those objectives from being achieved.
- Design and implement responses — create specific policies, procedures, and actions to address each identified risk.
- Monitor and remediate — continuously evaluate whether the system is working and correct deficiencies.
This is a fundamentally different approach. Under SQC 1, the question was: "Do we have the right policies in place?" Under SQM 1, the question is: "Is our system actually achieving quality outcomes, and if not, what are we doing about it?"
The Eight Components of ISQM 1 / SQM 1
Both the global ISQM 1 and India's SQM 1 are structured around eight interconnected components:
- Governance and Leadership — The firm's leadership takes ultimate responsibility for the quality management system. The tone at the top must prioritize quality over revenue.
- Relevant Ethical Requirements — Independence, integrity, objectivity, and confidentiality. Firms must design processes that go beyond mere declaration to active monitoring of threats.
- Acceptance and Continuance of Client Relationships and Engagements — Risk-based client evaluation. Not every client is worth keeping. Firms must have processes to decline or discontinue high-risk engagements.
- Engagement Performance — Procedures governing how engagements are planned, executed, supervised, reviewed, and documented.
- Resources — Human resources, technological resources, intellectual resources (methodology and tools), and service provider resources must be sufficient and appropriate.
- Information and Communication — The firm must establish processes for obtaining, generating, and communicating information necessary for the quality management system to function.
- The Monitoring and Remediation Process — Ongoing monitoring activities, annual evaluations, root cause analysis of deficiencies, and remedial actions.
- The Firm's Risk Assessment Process — The overarching process through which the firm identifies conditions, events, and circumstances that create quality risks, and designs responses.
These eight components are identical in both ISQM 1 and SQM 1. The architecture is the same. The differences lie in application, definitions, enforcement, and transition timelines.
Side-by-Side Comparison: India SQM 1 vs ISQM 1 (Global)
| Aspect | India SQM 1 (ICAI) | ISQM 1 (IAASB Global) |
|---|---|---|
| Issuing Body | ICAI (Institute of Chartered Accountants of India) | IAASB (International Auditing and Assurance Standards Board) |
| Effective Date | April 1, 2026 | December 15, 2022 |
| Replaces | SQC 1 (Standard on Quality Control 1) | ISQC 1 (International Standard on Quality Control 1) |
| Definition of "Firm" | Adapted for Indian CA partnership structure — includes sole proprietorships, partnership firms, and LLPs registered with ICAI | Broadly defined as a sole practitioner, partnership, or other entity of professional accountants |
| Ethical Requirements Reference | ICAI Code of Ethics (based on IESBA Code, with local adaptations) | IESBA International Code of Ethics for Professional Accountants |
| Engagement Quality Review Standard | SQM 2 (adopted alongside SQM 1) | ISQM 2 |
| Engagement-Level Standard | SA 220 (Revised) — Quality Management for an Audit of Financial Statements | ISA 220 (Revised) |
| Primary Enforcement Body | NFRA (National Financial Reporting Authority) for PIEs; ICAI for others | Varies by jurisdiction (PCAOB, FRC, CPAAOB, etc.) |
| Penalty Regime | NFRA: debarment up to 10 years, monetary penalties; ICAI: disciplinary proceedings | Varies — see Enforcement Comparison section below |
| Technology Provisions | Resources component includes technological resources; no prescriptive technology requirements | Same — technology acknowledged as a resource, not prescribed |
| Network Firm Requirements | Firms within networks must evaluate network-level quality management requirements | Same treatment under ISQM 1 |
| Transition Period | SQC 1 remains in effect until March 31, 2026; firms must design and implement SQM 1 system by April 1, 2026; evaluate within 1 year | ISQC 1 ceased to apply on December 15, 2022; firms had from December 15, 2020 to design and implement |
| System Evaluation Deadline | Within one year of April 1, 2026 (i.e., by March 31, 2027) | Within one year of December 15, 2022 (i.e., by December 14, 2023) |
| Scalability | Explicitly noted for sole practitioners and small firms | Same — ISQM 1 is scalable by nature |
The core requirements are substantively equivalent. India has not carved out exemptions or diluted the standard. What differs is timing, terminology aligned to Indian regulatory structures, and the enforcement mechanism.
India-Specific Adaptations and Regulatory Context
Definition of "Firm" Adapted for Indian Practice
India's CA profession operates under a unique structure. Unlike the UK or US, where audit firms can be corporations or LLPs of varying structures, Indian CA firms are constrained by the Chartered Accountants Act, 1949. A "firm" in the Indian context means:
- Sole proprietorship — A single CA holding a Certificate of Practice.
- Partnership firm — Registered under the Indian Partnership Act, 1932, with all partners being CAs.
- Limited Liability Partnership (LLP) — Registered under the LLP Act, 2008, with CA partners.
SQM 1's definition of "firm" has been adapted to align with these structures. This matters because the quality management system requirements must be proportionate. A two-partner firm in Tier-2 India cannot be expected to maintain the same infrastructure as a Big Four member firm — but it must still design a system that addresses its specific quality risks.
April 1 vs December 15: Aligned to the Indian Financial Year
ISQM 1 uses a December 15 effective date, aligned to the IAASB's standard calendar-year approach. India uses April 1, which aligns with the Indian financial year (April 1 to March 31). This is a practical adaptation — firms' internal planning, staffing, and budgeting cycles follow the April-March financial year.
SQC 1 Remains in Effect During Transition
Until March 31, 2026, SQC 1 continues to govern quality control for Indian CA firms. There is no gap between standards. Firms are expected to operate under SQC 1 while simultaneously designing their SQM 1 quality management system for go-live on April 1, 2026.
This dual-operation period is critical. Firms cannot afford to treat SQM 1 implementation as a future project — the design work must happen while SQC 1 obligations are still being met.
NFRA's Regulatory Position
The National Financial Reporting Authority (NFRA), established under Section 132 of the Companies Act, 2013, has jurisdiction over auditors of prescribed classes of companies — broadly, listed companies, large unlisted companies, and companies with public interest. NFRA has been vocal about audit quality deficiencies in India. As of 2024, NFRA had issued 94 disciplinary orders against auditors and audit firms, with penalties including debarment for up to 10 years.
NFRA's enforcement posture adds urgency to SQM 1 compliance. Firms auditing entities under NFRA's jurisdiction that fail to implement a quality management system by April 2026 face regulatory action that goes beyond ICAI's traditional disciplinary process. NFRA has the statutory authority to impose monetary penalties and debarment — tools that ICAI's disciplinary mechanism has historically been slower to deploy.
For firms auditing listed companies and other entities of public interest, SQM 1 compliance is not a best practice — it is a regulatory requirement with real enforcement consequences.
Global Implementation Timeline: When Countries Adopted ISQM 1
The following table shows when major jurisdictions adopted or plan to adopt ISQM 1 (or their converged equivalent):
| Country / Jurisdiction | Standard | Effective Date | Notes |
|---|---|---|---|
| United Kingdom | ISQM (UK) 1 | December 15, 2022 | Adopted by FRC with UK-specific amendments |
| Australia | ASQM 1 | December 15, 2022 | Adopted by AUASB; aligned with IAASB timeline |
| Singapore | SSQM 1 | December 15, 2022 | ISCA adoption; aligned with IAASB timeline |
| Canada | CSQM 1 | December 15, 2022 | CPA Canada; aligned with IAASB timeline |
| European Union | ISQM 1 (via member state adoption) | December 15, 2022 | Most EU member states followed IAASB timeline |
| South Africa | ISQM 1 | December 15, 2022 | IRBA adopted without modification |
| China | CSQM 1 | January 1, 2023 (large firms) / January 1, 2024 (others) | Two-phase rollout based on firm size |
| Japan | JISQM 1 | July 1, 2023 (listed entity auditors) / July 1, 2024 (others) | JICPA phased adoption; CPAAOB oversight |
| United States (AICPA) | SQMS 1 | December 15, 2025 | AICPA for non-SEC engagements; voluntary early adoption permitted |
| India | SQM 1 | April 1, 2026 | ICAI; replaces SQC 1 |
| United States (PCAOB) | QC 1000 | December 15, 2026 | PCAOB for SEC-registered firms; separate from AICPA standard |
Key observations from this timeline:
- Most developed markets adopted by December 2022. The UK, Australia, Singapore, Canada, and South Africa all went live on the IAASB's original effective date.
- China and Japan used phased approaches. Larger firms with more complex client bases were required to comply first, with smaller firms given an additional year.
- The US has two separate timelines. AICPA's SQMS 1 (for non-SEC work) became effective December 15, 2025. PCAOB's QC 1000 (for SEC-registered firms) has a later deadline of December 15, 2026.
- India is among the last major economies to adopt. Only the US PCAOB standard has a later effective date.
Enforcement Comparison Across Jurisdictions
The quality of an audit standard is only as good as its enforcement. Here is how the major regulators compare:
United States — PCAOB
The Public Company Accounting Oversight Board (PCAOB) imposed $37.4 million in monetary penalties in 2024 — a record high. The PCAOB conducts annual inspections of large firms and triennial inspections of smaller firms. Sanctions include monetary penalties, censure, temporary or permanent bars on individuals, and revocation of firm registration.
Under the new QC 1000 standard (effective December 2026), firms will face even more granular inspection criteria tied to the quality management system design and operating effectiveness.
India — NFRA and ICAI
NFRA has issued 94 disciplinary orders since its operationalization. NFRA can:
- Impose monetary penalties on auditors and audit firms.
- Debar auditors from practice for up to 10 years.
- Refer matters to the Central Government for further action.
For firms not under NFRA jurisdiction, ICAI's disciplinary mechanism applies. ICAI can impose reprimands, suspend membership, and recommend removal from the Register of Members. Historically, ICAI's disciplinary process has been slower and perceived as less stringent than NFRA's.
The practical implication: firms auditing PIEs (public interest entities) face NFRA's enforcement, while smaller firms face ICAI oversight. SQM 1 applies to both, but the enforcement intensity differs significantly.
United Kingdom — FRC
The Financial Reporting Council (FRC) can impose fines of up to GBP 6.5 million on audit firms and individuals. The FRC's Audit Quality Review (AQR) team conducts annual inspections of firms auditing public interest entities. The FRC publishes individual firm inspection reports publicly — a significant reputational enforcement tool beyond monetary penalties.
Japan — CPAAOB
The Certified Public Accountants and Auditing Oversight Board (CPAAOB) conducts tiered inspections every 2-3 years based on firm size and the nature of audit clients. CPAAOB has the authority to recommend administrative actions to the Financial Services Agency (FSA), including monetary penalties and suspension of audit registration. Japan's enforcement approach is less adversarial than the PCAOB model but has been strengthening since the phased JISQM 1 adoption.
Enforcement Summary Table
| Regulator | Jurisdiction | Max Penalty | Inspection Frequency | Key Enforcement Tool |
|---|---|---|---|---|
| PCAOB | United States (SEC firms) | No statutory cap; $37.4M imposed in 2024 | Annual (large) / Triennial (small) | Monetary penalties, debarment, public reporting |
| NFRA | India (PIE auditors) | Monetary + debarment up to 10 years | Risk-based; triggered by referral or suo motu | Debarment, monetary penalties, disciplinary orders |
| FRC | United Kingdom | Up to GBP 6.5M | Annual for PIE auditors | Fines, public inspection reports, sanctions |
| CPAAOB | Japan | Varies; FSA imposes | Every 2-3 years (tiered) | Administrative recommendations to FSA |
| ICAI | India (non-PIE auditors) | Reprimand, suspension, removal | Peer review cycle | Disciplinary proceedings, membership suspension |
What Indian CA Firms Must Do Before April 1, 2026
With the effective date days away, here is the concrete checklist of actions every Indian CA firm must complete:
1. Design the Quality Management System
Map your firm's specific quality objectives across all eight SQM 1 components. These are not boilerplate — they must reflect your firm's size, nature of practice, client profile, and risk environment. A firm auditing three listed companies has fundamentally different quality risks than a firm handling 200 tax audits.
For a detailed template, see our SQM 1 Quality Objectives Template.
2. Appoint Quality Management Leadership
SQM 1 requires the firm to assign operational responsibility for the quality management system. This means appointing:
- An individual (or individuals) responsible for the quality management system's design, implementation, and operation.
- An individual responsible for the monitoring and remediation process.
- Engagement quality reviewers for applicable engagements (governed by SQM 2).
In smaller firms, these roles may overlap with the managing partner. In larger firms, a dedicated quality management partner or team is necessary.
3. Conduct the Initial Risk Assessment
Identify conditions, events, and circumstances that give rise to quality risks. For each quality objective, ask: "What could go wrong?" and "How likely is it?"
Common quality risks for Indian CA firms include:
- Over-reliance on articled assistants for substantive procedures without adequate supervision.
- Client pressure to issue opinions on compressed timelines (especially during the March-June busy season).
- Insufficient independence monitoring for firms with large client portfolios.
- Inadequate documentation practices that do not meet current evidentiary standards.
4. Document Quality Objectives and Responses
For every identified quality risk, the firm must design a specific quality response — a policy, procedure, or action that mitigates the risk. These must be documented. Oral understanding is insufficient.
Example: If the quality risk is "insufficient review of engagement files before opinion issuance," the quality response might be "all statutory audit files must undergo a documented second-partner review within 48 hours of the proposed opinion date."
5. Set Up Monitoring and Remediation Processes
Monitoring under SQM 1 is not the old annual file review. It requires:
- Ongoing monitoring activities — real-time or periodic checks on whether quality responses are being implemented.
- An annual evaluation of the quality management system's overall effectiveness.
- Root cause analysis when deficiencies are identified.
- Remedial actions with documented timelines and accountability.
6. Evaluate the System Within One Year
SQM 1 requires the firm to perform an evaluation of the quality management system within one year of the effective date — i.e., by March 31, 2027. This evaluation must conclude whether the system provides reasonable assurance that the firm's quality objectives are being achieved.
The evaluation must result in one of three conclusions:
- The system provides reasonable assurance (no significant deficiencies).
- The system provides reasonable assurance except for identified matters that have been or are being remediated.
- The system does not provide reasonable assurance (significant deficiencies exist that require immediate action).
Option 3 triggers mandatory remedial action and may attract regulatory scrutiny from NFRA or ICAI.
How CORAA Supports SQM 1 Compliance
SQM 1 requires documented evidence of quality management across every engagement. For firms handling dozens or hundreds of audits, this creates a documentation and monitoring challenge that manual processes struggle to meet consistently.
CORAA's audit workflow automation directly supports several SQM 1 requirements. Automated engagement documentation creates the evidence trail that SQM 1 monitoring requires. Real-time progress tracking across engagements enables the ongoing monitoring that SQM 1 mandates — replacing the old model of reviewing files months after completion. Standardized procedure templates ensure that quality responses are applied uniformly across engagements rather than varying by team or partner.
For firms evaluating how to operationalize their SQM 1 quality management system without proportional increases in administrative overhead, see our pricing plans for options scaled to firm size.
Frequently Asked Questions
Is SQM 1 mandatory for all CA firms?
Yes. SQM 1 applies to all firms that perform audits or reviews of financial statements, or other assurance or related services engagements. This includes sole practitioners. The scope mirrors ISQM 1 globally. The standard is scalable — what a sole practitioner documents will differ from a 50-partner firm — but the obligation to design a quality management system is universal.
What happens if my firm does not comply with SQM 1 by April 2026?
The consequences depend on your firm's client profile. Firms auditing entities under NFRA jurisdiction (listed companies, prescribed classes of companies) face potential disciplinary action from NFRA, including monetary penalties and debarment of up to 10 years. Firms under ICAI's jurisdiction face disciplinary proceedings that can result in reprimand, suspension, or removal from the Register of Members. Beyond regulatory action, non-compliance creates professional liability exposure — if an audit failure occurs and the firm cannot demonstrate a functioning quality management system, the legal and reputational consequences are severe.
How is SQM 1 different from SQC 1?
The core difference is the shift from reactive quality control to proactive quality management. SQC 1 required firms to maintain policies and procedures. SQM 1 requires firms to set quality objectives, identify risks to those objectives, design specific responses, and continuously monitor whether the system is working. SQM 1 also introduces the formal requirement for root cause analysis of deficiencies, explicit resource planning (including technology), and a mandatory annual system evaluation. In structural terms, SQM 1 has eight defined components versus SQC 1's six elements.
Does SQM 1 apply to sole practitioners?
Yes. SQM 1 explicitly applies to sole practitioners who perform audits, reviews, or other assurance engagements. The standard acknowledges that a sole practitioner's quality management system will be less complex — for example, a sole practitioner may personally perform all quality management functions rather than delegating them. However, the requirement to design quality objectives, identify risks, implement responses, and monitor the system applies regardless of firm size. ICAI has indicated that guidance for sole practitioners will be part of the implementation support material.
Can automation tools help with SQM 1 compliance?
Yes, and this is one area where India can benefit from being a later adopter. Firms in jurisdictions that adopted ISQM 1 in 2022 have demonstrated that technology plays a critical role in three SQM 1 areas: (1) documentation — automated engagement workflows create contemporaneous records that satisfy evidentiary requirements; (2) monitoring — real-time dashboards and exception reporting enable the ongoing monitoring SQM 1 requires, replacing manual periodic reviews; and (3) consistency — standardized templates and automated checklists ensure quality responses are applied uniformly across engagements, reducing the risk of variation between teams or offices. For more on how automation intersects with audit quality standards, see our ISA 220 vs SQM 1 Transition Guide.
Conclusion: The Compliance Window Is Closing
India's adoption of SQM 1 is not an incremental change — it is the most significant restructuring of audit quality requirements since the profession's regulatory framework was established. The global experience since December 2022 has shown that firms which treated ISQM 1 as a compliance checkbox struggled, while those that used it as an opportunity to genuinely redesign their quality management processes saw measurable improvements in audit quality and client confidence.
Indian CA firms have a narrow window. The standard is effective April 1, 2026. The system must be evaluated by March 31, 2027. Firms that begin now — mapping quality objectives, assigning leadership, conducting risk assessments, and investing in the tools and processes that SQM 1 demands — will be positioned to meet both the regulatory requirement and the underlying goal: better audits.
For a step-by-step implementation roadmap, start with our SQM 1 & EQCM Complete Guide.
Get weekly audit insights
Practical guides on audit automation, SQM1 compliance, and Ind AS procedures — delivered to 2,000+ CA professionals every Friday.
No spam. Unsubscribe any time.
Topics