Prepare for the new AICPA quality management standards

The American Institute of Certified Public Accountants (AICPA) has issued four new quality management and risk assessment standards for auditing private companies. These standards will go into effect December 15, 2025 — just over a year from now. That means time is running out for firms to update their risk processes and systems.

Not quite ready yet? We can help your firm prepare for the upcoming changes. Below, we’ll briefly review each new standard — then explain how tailored risk solutions can help your teams improve risk assessment during the pre-audit stage.

The 4 new quality standards

Strong accounting policies are obviously fundamental to compliance and quality management. But without reliable processes and tools to support the monitoring and enforcement of those policies, employees are more likely to make mistakes when conducting audits or evaluating new business for independence.

An engagement partner might think a spot check is sufficient, for example, when in actuality, a full review is required. Or a team might begin an audit without realizing that the audit required pre-approval from the audit committee. These kinds of errors can result in costly fines or regulatory penalties during inspections.

To help firms improve risk assessment and audit quality, the AICPA’s Auditing Standards Board (ASB) and Accounting and Review Services Committee (ARSC) issued four new auditing standards, summarized below:

Statement of Quality Management Standard No. 1

Accounting firms must establish quality objectives and implement a quality management system and a risk-based assessment process that meet these objectives.

Statement of Quality Management Standard No. 2

Before appointing an engagement quality (EQ) reviewer, accounting firms must determine whether the reviewer is eligible to address the firm’s engagement performance quality management objective.

Statement on Auditing Standards No. 146

Accounting firms must ensure their engagement partners and engagement teams are providing proper quality management for audits at the engagement level.

Statement on Standards for Accounting and Review Services (SSARS) No. 26

SSARS No. 26 enhances certain concepts related to quality management for engagements and ensures that these concepts are consistent between the auditing standards and SSARSs.

So how can your firm improve its risk assessment process and comply with these new standards?

5 solutions built to help your firm comply

When it comes to updating your firm’s processes, tailored risk solutions — supported with trusted AI — are the key.

Intapp Compliance offers integrated, AI-powered software to help accounting professionals efficiently assess risk during the pre-audit stage. From quickly surfacing potential conflicts to easily tracking audit clients, independence requirements, and regulated activity, your teams can effectively manage and demonstrate firm compliance. And by collecting data from new clients and surfacing potential issues, Intapp Compliance helps professionals quickly and accurately determine which engagements they can perform quality audits for.

Unlike generic risk solutions, Intapp Compliance is industry-tailored to support your accounting firm’s unique risk assessment processes. Users can create dynamic workflows and forms based on their firm’s needs, as well as standardize and automate processes such as due diligence and approval routing.

A key factor to a successful audit is a firm’s audit acceptance process. Intapp Compliance handles this successful setup in the following ways:

Pre-audit and during audit

Intapp Intake Capture risk-related information about a potential client to help determine whether to take on the engagement.
Intapp Conflicts Easily search, analyze, and resolve potential conflicts of a potential engagement using proprietary and third-party data. audit
Intapp Employee Compliance Review employees’ financial interests and outside activities before taking on an engagement to ensure compliance with your firm’s ethical policies.

During audit

Intapp Terms Enforce guidelines and requirements from the contract or engagement letter during the audit.
Intapp Walls Manage and control access to your firm’s data to protect sensitive information during the audit.

Don’t wait to update your firm’s risk and compliance processes. Invest in the right technology now so your teams can more accurately evaluate new business, highlight potential conflicts, and conduct successful audits that meet the AICPA’s quality management standards.

Schedule a demo and learn more about Intapp technology for accounting.

Schedule a demo

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	1 hour	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
drift_aid	1 year 1 month 4 days	Drift sets this cookie as a session identifier token. It is used to tie the visitor on your website to a current website session within the Drift system. This enables session-specific features, such as popping up a message only once during a 30 minute session to prevent a disruptive experience.
drift_campaign_refresh	1 hour	Drift sets this cookie as a unique ID for the specific user. This allows the website to target the user with relevant offers through its chat functionality.
driftt_aid	1 year 1 month 4 days	Drift sets this cookie as an anonymous identifier token. As people come onto the site, they will get this cookie.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
visitorId	1 year	ZoomInfo sets this cookie to identify a user.

Cookie	Duration	Description
__hstc	6 months	Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_fs_uid	never	Google Analytics sets this cookie to store an ID string on the current session.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
DRIFT_visitCounts	never	Drift sets this cookie to determine the number of visits of the specific visitor.
fs_lua	1 hour	Captures the timestamp of the last user action. It is used to assist with the FullStory session lifecycle, ensuring user activity extends the session. See “What defines a session in FullStory?” for more info on the session lifecycle.
fs_uid	1 year	This cookie is set by the provider Fullstory. This cookie is used for session tracking.
hubspotutk	6 months	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
prevBuyingStage	6 months	6sense intent data
sessionUUID	4 hr	A unique identifier for the visitor’s session on the website. Used to correlate page views andactivities to a single browsing session on the website. It will remain unique for the duration of the cookie.
sixSenseUUID	2yr 12hr	A third-party unique identifier for the visitor that is managed by 6sense.
svisitorUUID	2yr 12hr	A long lived unique identifier of this visitor on the website. It is either correlated to the 6suuid or a unique value, and can be changed during the lifetime of this cookie.
visitorUUID	2yr 12hr	A unique identifier for the visitor that is specific to the website, and will remain unique for theduration of the cookie.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
retargetingUID	1 wk	A unique identifier for the purposes of running 6sense Creative Ads
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_cfuvid	session	Description is currently not available.
int_s	1 hour	Description is currently not available.
int_vc	1 year	Description is currently not available.
loglevel	never	No description available.

5 ways to prepare for the AICPA’s new quality management standards

The 4 new quality standards

5 solutions built to help your firm comply

Pre-audit and during audit

During audit

Activator platform

Compliance

Time

Collaboration