ISQM 1 & ISQM 2 in Malaysia: Enhancing Compliance Standards

🧭 ISQM 1 & ISQM 2 in Malaysia: Strengthening Audit Quality and Professional Accountability

Kuala Lumpur, October 2025 — Malaysia’s audit profession is entering a new era of accountability and excellence. With the rollout of International Standards on Quality Management (ISQM 1 & ISQM 2), practices across the country — from large firms to SMPs — must rethink how they manage, monitor, and evaluate audit quality.

These standards, issued by the International Auditing and Assurance Standards Board (IAASB) and adopted by the Malaysian Institute of Accountants (MIA), are effective for audits of financial statements beginning on or after 15 December 2022. Although the effective date has passed, many firms are still enhancing their documentation and monitoring frameworks.

Malaysia’s Judicial Appointment Controversy: What It Means for Governance and Business

📘 1️⃣ Understanding ISQM 1 and ISQM 2

ISQM 1 – Quality Management for Firms that Perform Audits or Reviews of Financial Statements
This standard replaces ISQC 1 and introduces a proactive “quality management” model instead of the traditional “quality control” approach. Consequently, every firm must design and operate a System of Quality Management (SQM) that fits its size, structure, and risk profile.

ISQM 2 – Engagement Quality Reviews (EQRs)
Meanwhile, ISQM 2 sets detailed requirements for engagement quality reviewers, covering eligibility, independence, and documentation. Together, the two standards aim to boost audit consistency and reinforce public trust in the profession.

🔍 2️⃣ Core Elements of ISQM 1

ISQM 1 defines eight interrelated components that form a robust quality-management system:

Governance and Leadership – establishing a culture of integrity and accountability.
Relevant Ethical Requirements – ensuring compliance with MIA By-Laws and independence rules.
Acceptance and Continuance of Client Relationships – evaluating risk before taking on or retaining engagements.
Engagement Performance – implementing consistent supervision and review processes.
Resources – maintaining sufficient and competent staff, technology, and tools.
Information and Communication – promoting open channels for quality-related information.
Risk Assessment Process – identifying and evaluating quality risks unique to each firm.
Monitoring and Remediation – performing ongoing evaluations and addressing deficiencies promptly.

Importantly, firms must document their quality objectives, risk assessments, and responses to demonstrate active quality management rather than reactive correction.

🧩 3️⃣ ISQM 2 and the Role of the Engagement Quality Reviewer

Under ISQM 2, the Engagement Quality Reviewer (EQR) acts as a critical safeguard for audit integrity.

Key requirements include:

Independence from the engagement team.
Comprehensive review of significant judgments and conclusions.
Proper documentation evidencing how responsibilities were fulfilled.

Furthermore, MIA and the Audit Oversight Board (AOB) focus heavily on EQR independence and timeliness during inspections. For that reason, firms must assign reviewers who possess both technical competence and objectivity.

🧮 4️⃣ Implementation in Malaysia — MIA and AOB Expectations

Both MIA and AOB (Securities Commission Malaysia) have issued guidance to support implementation.
However, they also expect firms to take ownership of compliance.

Current regulatory expectations:

Maintain a documented ISQM manual that reflects firm-specific risks.
Carry out annual monitoring and remediation cycles with evidence of follow-up.
Perform root-cause analysis for recurring findings.
Apply scalability thoughtfully — small firms may simplify but not omit key objectives.

Moreover, the MIA Practice Review Department (PRD) has identified ISQM readiness as a top inspection priority for 2025–2026. Hence, firms that delay may face remedial directives or additional reviews.

Malaysia’s Phased Rollout of e-Invoicing: What Businesses Need to Know

🧭 5️⃣ Steps to Build an Effective Quality Management System

To comply efficiently and strengthen internal governance:

Perform a quality-risk assessment. Identify independence, competence, and resource risks.
Document quality objectives and responses tailored to those risks.
Create or update an ISQM manual outlining controls and responsibilities.
Train partners and staff on risk-based quality management principles.
Designate an Engagement Quality Reviewer and clarify review procedures.
Monitor annually and remediate any deficiencies with action plans.

In addition, firms should integrate ISQM practices into everyday operations rather than treat them as compliance exercises. This approach builds a culture of continuous improvement.

💡 6️⃣ Beyond Compliance — Strategic Benefits

Implementing ISQM 1 and ISQM 2 delivers more than regulatory compliance. It also:

Enhances audit consistency and reliability.
Increases staff accountability and morale.
Reduces inspection findings and reputational risk.
Demonstrates commitment to ethical and transparent auditing.

Consequently, firms that embrace these standards position themselves as trusted advisors in Malaysia’s evolving assurance landscape.

Strike Off Procedure for a Company in Malaysia

🏢 7️⃣ How USAFE Supports Malaysian Audit Firms

At USAFE, we help firms turn compliance into competitive advantage.
Our dedicated quality-management team provides:

Tailored ISQM 1 / ISQM 2 implementation plans.
Customised quality manuals, templates, and risk maps.
Internal inspection and remediation support to prepare for MIA and AOB reviews.
Partner and manager training on risk assessment and documentation excellence.