Audit firms face increasing pressure to turn regulatory requirements like ISQM 1 into real, operational quality. But how do you move from policies and testing into daily behavior and accountability? In our second ISQM webinar, experts from RSM, Grant Thornton, and CERRIX shared practical insights on how audit firms can embed ISQM into the heart of their operations.
ISQM in Practice: Moving Beyond Documentation
“Before you can talk about control assurance, you first need a control framework,” said Harry Weijers, Quality Officer at RSM Netherlands. And that’s where most firms struggle—not in defining ISQM requirements, but in operationalizing them.
At RSM, the journey started by reverse-engineering existing quality handbooks and mapping them to ISQM risks and controls. That internal foundation was then enriched by external sources, including:
- The control framework
- Tools from the IAASB and IFAC
- Practice aids from Essera
- AI-based control suggestions
This multi-source approach helped build a comprehensive, living control framework that evolves with every audit cycle.
From Framework to Execution: The Control Assurance Model
Paul Bruggeman, founder of CERRIX, explained that real assurance requires more than control design. It requires execution:
“Many firms focus on effectiveness testing after the fact. But if you embed execution upfront, you get timely insights—and fewer surprises.”

CERRIX enables firms to schedule and document controls as tasks, linked directly to responsible owners. This proactive execution model creates a live view of whether controls are being performed and allows firms to monitor and improve quality in real time.
First-Line Ownership: A Cultural Shift
Jan Ludolf Heeres, Partner at Grant Thornton Advisory, emphasized a key principle: quality must live in the first line.
“We used to assign all controls to the Head of Audit. Now, we push responsibility to where execution actually happens—HR, IT, functional teams.”
This shift means that staff across the firm, not just risk teams, interact with the ISQM framework. And that requires support tools, accountability structures, and most of all—clarity.
Grant Thornton uses Cerex to set up monthly execution tasks for HR (e.g., onboarding documentation), with automated reminders and evidence tracking. Over 60% of their 214 ISQM-related controls are now integrated into these workflows.
Transparency Drives Awareness
Transparency is crucial for cultural adoption. At RSM, the incidents register is shared across offices. “People are much more aware when they see real examples from peers,” Weijers noted. “It’s not about blaming—it’s about learning.”
Measuring and Reporting on Quality
The challenge is not just to perform controls, but to track improvement over time. Both firms generate semi-annual partner-level reports summarizing:
- Residual risks
- Status of significant measures of improvement (MOIs)
- Progress on control execution
This real-time data from CERRIX is visualized in Power BI dashboards, providing leadership with actionable insights and audit trail.
“Quality isn’t a side project. It’s how we work. And tools like CERRIX help make that part of our rhythm,” Heeres said.
Final Thoughts
ISQM requires more than documentation. It’s about embedding quality into roles, workflows, and decision-making. That means defining your control framework, assigning ownership, enabling execution, and continuously learning.
Join our next webinar to see how audit firms are applying real-time monitoring and reporting across the ISQM lifecycle.
Frequently Asked Questions
Q: What is ISQM in auditing?
A: ISQM is a global standard that requires audit firms to implement a system of quality management tailored to their services and risks.
Q: How can firms make ISQM part of daily operations?
A: By integrating controls into business processes, assigning responsibility to operational leaders, and using platforms like CERRIX to plan, document, and monitor control execution.
Download your guide for ISQM implementation within Audit firms
Accessible popup
Welcome to Finsweet's accessible modal component for Webflow Libraries. This modal uses custom code to open and close. It is accessible through custom attributes and custom JavaScript added in the embed block of the component. If you're interested in how this is built, check out the Attributes documentation page for this modal component.