An engagement quality review (EQR) that consists of a partner reading the audit opinion and signing a form doesn’t meet ISQM 2’s requirements. It never did under ISQC 1 either, but the previous standard was vague enough that firms could argue the point. ISQM 2 removed that ambiguity. The reviewer must evaluate significant judgments and form an independent conclusion before the report is issued (ISQM 2.24–27). That takes more than a signature.

ISQM 2 requires the EQR reviewer to perform an objective evaluation of the significant judgments made by the engagement team and the conclusions reached, through procedures appropriate to the engagement’s nature and circumstances, before the engagement report is issued (ISQM 2.1 and ISQM 2.24). At firms like ours, the file should tell a story when the reviewer opens it. When it doesn’t, the review turns into reconstruction work the standard never contemplated.

Key Takeaways

  • How to determine which engagements require an EQR at your firm, including the mandatory categories and the firm-level criteria you need to set under ISQM 2.15
  • How to assess whether a proposed reviewer meets the eligibility and independence requirements of ISQM 2.18–21
  • What the reviewer actually needs to do on the file (the specific procedures ISQM 2.24–27 requires, not just “review the significant judgments”)
  • How to document an EQR so it survives regulatory inspection without turning into a parallel audit file

When is an engagement quality review required?

ISQM 2.13 sets out two categories. Audits of financial statements of listed entities always require an EQR. That’s a hard requirement from the standard, not a firm-level policy decision. The firm can’t opt out.

Beyond listed entities, ISQM 2.14 requires the firm to determine additional types of engagements for which an EQR is required. ISQM 1.34(f) reinforces this by requiring the firm’s quality management system to include policies addressing when an EQR is an appropriate response to quality risks.

This is where mid-tier firms need to make deliberate decisions rather than defaulting to “PIE audits only.” The standard provides guidance in ISQM 2.A16–A18 on factors to consider when setting these criteria. The nature and complexity of the engagement matters. An audit of a €120M financial services group with off-balance sheet structures presents different quality risks than a €5M trading company. The client’s risk profile matters. A first-year engagement with a client that was declined by another firm warrants more scrutiny than a long-standing client with clean inspection history.

Most Dutch firms subject to AFM supervision have set their EQR criteria to include PIE audits plus any engagement where a going concern conclusion other than unmodified is being considered, any engagement involving a first-year client above a revenue threshold, any engagement where the engagement partner has requested a consultation on a complex accounting or auditing matter, and any audit where significant related party transactions exceed materiality. If your firm’s criteria consist solely of “PIE audits,” you’re likely underweight on ISQM 2.14’s requirements given the standard’s intent.

ISQM 2.15 also requires the firm to consider whether an EQR should be a quality response for specific engagements that don’t meet the firm’s general criteria but present unusual circumstances. A long-standing non-PIE client that suddenly triggers a material going concern uncertainty might need an EQR even if it doesn’t meet your firm’s standing criteria. The engagement partner or the firm’s quality leadership can trigger this on a case-by-case basis. The point is that the decision must be documented and justified, not left implicit.

Who can perform the review

The eligibility requirements under ISQM 2.18–21 are more specific than many firms realize. The reviewer must be a partner or another individual within the firm, or an external individual, who has the competence and capabilities to perform the review (ISQM 2.18). At a small firm, this can create a genuine resource constraint. In our experience, this is the constraint that quietly drives non-compliance: the firm has the standard right but no eligible person on the bench.

If only two partners have PIE audit experience and one of them is the engagement partner, the pool of eligible reviewers is exactly one person.

ISQM 2.19 adds the independence dimension. The reviewer cannot have been a member of the engagement team for the engagement under review. This seems obvious, but the standard goes further. ISQM 2.19(b) requires the reviewer to not have made decisions on significant matters that would compromise their objectivity. A partner who advised the engagement team on the treatment of a complex IFRS 15 contract during the audit cannot then serve as the EQR reviewer for that file.

The cooling-off period is the rule firms most frequently misapply. ISQM 2.20 states that a former engagement partner (EP) must observe a cooling-off period before serving as the reviewer for that engagement. The IESBA Code of Ethics sets this at two years for PIE audits. If Partner A signed the audit opinion for Bakker Industrial B.V. in 2023, Partner A cannot serve as the EQR reviewer for Bakker Industrial’s 2024 or 2025 audits. The cooling-off applies to the EP role specifically, not to any incidental involvement with the client.

For firms with limited partner resources, ISQM 2.21 permits the use of an external individual as the reviewer. This could be a partner from a different firm within the same network, or an independent practitioner. The firm retains responsibility for determining that the external reviewer meets the competence and independence requirements. Using an external reviewer doesn’t reduce the rigour of the EQR procedures. It addresses the eligibility constraint, nothing more.

What the reviewer must do on the file

ISQM 2.24 defines the scope. The reviewer must discuss significant matters and significant judgments with the engagement partner. “Discuss” means an actual conversation about the basis for judgments, not a read-through of the engagement partner’s conclusions. The reviewer is not re-performing the audit. But the reviewer is evaluating whether the significant judgments are reasonable and supported by the evidence in the file.

ISQM 2.25 specifies the procedures. The reviewer must review selected engagement documentation relating to significant judgments made by the engagement team. “Selected” is important. The reviewer doesn’t review every working paper. The reviewer focuses on the areas where judgment was exercised and where the risk of material misstatement is highest. For a manufacturing company, that might mean the going concern assessment, the inventory valuation, the revenue recognition policy, and the materiality calculation. For a financial services entity, it’s the expected credit loss model and the fair value hierarchy classifications.

The reviewer must also evaluate the engagement team’s basis for the audit opinion (ISQM 2.25(e)). This isn’t a re-audit. It’s a question: based on the documentation in this file, does the evidence support the conclusion in the audit report? If the file contains a going concern assessment that identifies material uncertainty but the audit opinion is unmodified with no emphasis of matter paragraph, the reviewer has found a disconnect that must be resolved before the report is issued.

ISQM 2.26 requires the reviewer to evaluate whether appropriate consultations have been undertaken and whether the conclusions from those consultations have been implemented. If the engagement team consulted the firm’s technical department on a complex accounting treatment and the technical department recommended a specific disclosure, the reviewer checks whether that disclosure appears in the financial statements.

A consultation that produces a recommendation the engagement team didn’t follow is a significant matter the reviewer must discuss with the engagement partner.

ISQM 2.27 adds documentation requirements for the reviewer. The reviewer must document the procedures performed and the basis for the determination that eligibility requirements were met. The date and basis for the reviewer’s conclusion that no unresolved matters remain must also be recorded. The documentation must be completed before the engagement report is dated. Not “shortly after.” Before. This is the finding that generates the most review notes when an inspector arrives, because the EQR documentation is one of the easiest things to date-stamp wrong.

One area firms frequently underestimate is the reviewer’s authority under ISQM 2.28. If the engagement quality reviewer identifies concerns that are not resolved to the reviewer’s satisfaction, the engagement report cannot be issued. The reviewer has an effective veto. This isn’t a recommendation or an advisory opinion. An unresolved concern raised by the EQR reviewer means the engagement partner cannot override it. The firm must have a process under ISQM 1 for resolving disagreements between the engagement partner and the reviewer (ISQM 2.29), but until the matter is resolved, the report stays unsigned.

The difference between an EQR and a second partner review

Firms sometimes conflate the engagement quality review with an informal second partner review or a hot review. They’re different processes with different standards.

A second partner review (sometimes called a consultation or a pre-issuance review) is an internal quality control measure the firm may choose to apply. It has no specific standard governing its scope, timing, or documentation. Many firms use it as a lighter-touch quality control on non-PIE engagements that don’t trigger a formal EQR requirement.

An engagement quality review under ISQM 2 has specific procedural requirements (ISQM 2.24–27) and specific eligibility requirements (ISQM 2.18–21). A documented conclusion must be reached before the report is issued. Veto authority rests with the reviewer. Documentation must be assembled in the engagement file. The standard doesn’t give the firm discretion to scale the EQR down to a quick read-through on engagements that seem straightforward.

Where firms run into trouble is treating the EQR as if it were just a more formal version of the second partner review. The reviewer shows up the day before the opinion date, reads the key working papers (WPs), has a brief conversation with the EP, and signs off. If the engagement genuinely is straightforward and the file is well-documented, that might be sufficient. But ISQM 2.24 requires the reviewer to discuss significant matters, and ISQM 2.25 requires review of selected documentation relating to significant judgments. “Significant” is defined by the engagement’s circumstances, not by the reviewer’s available time. A reviewer who spends two hours on a PIE audit file with a material going concern uncertainty and a complex IFRS 9 ECL calculation has not performed the procedures the standard requires. Reading the WPs without forming an independent view is ticking and bashing dressed up as governance.

The practical test: can the reviewer demonstrate, from their documentation, which specific working papers they reviewed and why they were satisfied that the engagement team’s conclusions were supported? If the documentation doesn’t answer those questions, the EQR doesn’t meet ISQM 2.27 regardless of how experienced the reviewer is or how much time they spent.

Worked example: Dijkstra & Vermeer Accountants N.V.

Dijkstra & Vermeer is a mid-tier Dutch firm with 6 audit partners. The firm is performing the statutory audit of Groot Techniek B.V., a manufacturing company with €67M in revenue. Groot Techniek is a PIE-class entity, triggering a mandatory EQR. The engagement partner is Ms. Van der Berg. The firm assigns Mr. Janssen, a partner with 14 years of PIE audit experience who has had no involvement with Groot Techniek in the past four years, as the engagement quality reviewer.

Step 1: Verify reviewer eligibility

Mr. Janssen checks the firm’s independence records. He confirms he was not a member of the Groot Techniek engagement team at any point during the current or prior year and has not served as engagement partner for this client within the past two years (satisfying the IESBA cooling-off requirement under ISQM 2.20).

Documentation note: Record the eligibility assessment in the EQR documentation file. Include the reviewer’s name and the basis for competence (years of PIE audit experience, relevant industry knowledge). Record the specific independence confirmations obtained. Reference the firm’s independence register and the cooling-off period calculation. Link to ISQM 2.18–20.

Step 2: Identify significant judgments to review

Ms. Van der Berg (the engagement partner) provides Mr. Janssen with a summary of the significant judgments made during the audit. These include the going concern assessment (Groot Techniek’s current ratio is 0.94 and the client is renegotiating a €12M revolving credit facility that matures in eight months) and the inventory valuation (€18.4M of finished goods with an estimated NRV write-down of €1.1M). A further significant judgment relates to the revenue recognition treatment for a €4.2M long-term contract where percentage-of-completion estimates changed significantly during the year.

Documentation note: Record the significant judgments identified. For each, note the source of identification (engagement partner summary or reviewer’s own assessment of the file). Document any additional areas the reviewer identified as significant beyond those flagged by the engagement team.

Step 3: Perform EQR procedures

Mr. Janssen reviews the going concern working paper. The assessment identifies the credit facility renegotiation as a material uncertainty event. Management has provided a letter of intent from the bank indicating willingness to extend, but no signed term sheet exists at the date of the auditor’s report. The engagement team concluded that a material uncertainty exists, disclosed under IAS 1.25 , with a “Material Uncertainty Related to Going Concern” paragraph in the audit report under ISA 570.22 .

Mr. Janssen discusses this with Ms. Van der Berg. His concern: the working paper relies heavily on the letter of intent without assessing the conditions the bank attached to the extension. Ms. Van der Berg confirms the team obtained the bank’s conditions and assessed them against management’s latest forecast but documented this in a separate memo that wasn’t cross-referenced in the main going concern working paper.

Documentation note: Record the discussion and the resolution. Note the specific working papers reviewed (going concern assessment WP ref, bank letter of intent, separate bank conditions memo). Document the cross-referencing gap as a file completion point, not an EQR finding, since the work was done but the documentation linkage was incomplete.

Step 4: Conclude and document

Mr. Janssen completes his review of the inventory valuation and revenue recognition working papers. He identifies no unresolved matters. His overall conclusion: the significant judgments are supported by the engagement documentation and the proposed audit opinion (unmodified with a material uncertainty going concern paragraph) is appropriate given the evidence in the file. He documents this conclusion and dates it 28 March 2025, two days before the audit report date of 30 March 2025.

Documentation note: Record the overall EQR conclusion and the date of the conclusion. Confirm that all procedures were completed before the engagement report date. List the specific significant judgments reviewed and the procedures performed for each. This documentation must be assembled and finalised before the audit report is signed per ISQM 2.27.

Practical checklist for your next EQR

  1. Before starting the review, document your eligibility assessment (ISQM 2.18–20). Confirm no involvement with the engagement team and cooling-off period compliance. Record this in the EQR file, not in a separate independence register that reviewers won’t check.
  2. Obtain the engagement team’s list of significant judgments, but don’t rely on it as the complete population. Cross-check against the risk assessment summary and any areas flagged in the prior year’s review or inspection. ISQM 2.25 gives the reviewer scope to expand.
  3. For each significant judgment, review the engagement documentation that supports the conclusion. Focus on whether the documentation records the basis for the judgment (not just the outcome) and whether contrary evidence was considered. If the file says “management’s going concern assessment is adequate” without recording what management’s assessment actually said, the documentation is insufficient.
  4. Discuss the significant judgments with the engagement partner before finalizing your conclusion. ISQM 2.24 requires this discussion. A review performed entirely from the file, without engagement partner dialogue, doesn’t meet the standard.
  5. If you identify unresolved matters, document them and communicate to the engagement partner that the report cannot be issued until they’re resolved (ISQM 2.28). Don’t soften this into a suggestion. The standard gives you veto authority for a reason.
  6. Date your EQR conclusion before the engagement report date. Not on the same day “in practice but documented later.” Before. ISQM 2.27 is explicit on timing.

Common mistakes

  • The AFM’s review of EQR practices found cases where the reviewer’s documentation consisted entirely of a signed checklist with “yes/no” responses and no record of the discussions held with the engagement partner or the specific documentation reviewed. ISQM 2.27 requires the procedures performed to be documented, not just the conclusion.
  • The FRC’s 2022–23 inspection cycle identified instances where the EQR reviewer was involved in resolving a significant accounting matter during the audit and then served as the reviewer for the same engagement. ISQM 2.19(b) prohibits this because the reviewer has effectively made a decision that they’re now asked to evaluate objectively.
  • At smaller firms, reviewers sometimes complete the EQR after the audit report is dated, relying on the argument that the review was “substantially complete” before the report date. ISQM 2.27 requires documentation of the conclusion before the report is issued. A reviewer who signs off post-issuance hasn’t performed a compliant EQR, regardless of when the underlying review work happened.
  • Reviewers occasionally accept the engagement team’s self-identified list of significant judgments as the complete population. The list reflects what the team thought was significant, not what an independent reviewer would flag. ISQM 2.25 gives the reviewer discretion to expand the scope, and on engagements with complex estimates we’ve seen the reviewer’s own scan add at least one significant judgment the team didn’t flag.

Related content

  • Engagement quality review: Glossary entry covering the definition, eligibility requirements, and relationship between ISQM 2 and the broader quality management framework under ISQM 1.
  • Materiality Calculator: The materiality judgment is one of the most frequently reviewed significant judgments in an EQR. Use this tool to verify that the engagement team’s materiality calculation is documented with a clear benchmark rationale.

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

290+ guides published20 free toolsBuilt by practicing auditors

No spam. We’re auditors, not marketers.

Related ciferi content

Related guides:

ISQM 1: Quality Management at Non-Big 4 Firms
The firm-level quality management system within which EQRs operate
ISAE 3000: Assurance Engagements Guide
Non-audit assurance engagements subject to EQR requirements

Put audit concepts into practice with these free tools:

Materiality Calculator
Overall, performance & trivial materiality
Analytical Review Tool
Variance analysis with materiality thresholds
Sampling Calculator
MUS & classical sample sizes
Going Concern Checklist
Severity-weighted going concern indicators

Frequently asked questions

Which engagements require an engagement quality review under ISQM 2?

Audits of financial statements of listed entities always require an EQR (ISQM 2.13). Beyond that, ISQM 2.14 requires the firm to determine additional engagement types warranting an EQR based on quality risk factors such as engagement complexity, client risk profile, first-year engagements above a revenue threshold, going concern issues, and significant related party transactions exceeding materiality.

What is the cooling-off period for engagement quality reviewers?

Under ISQM 2.20, a former engagement partner must observe a cooling-off period before serving as the EQR reviewer. The IESBA Code of Ethics sets this at two years for PIE audits. If a partner signed the audit opinion in 2023, that partner cannot serve as the EQR reviewer for the 2024 or 2025 audits of the same client.

What is the difference between an EQR and a second partner review?

An EQR under ISQM 2 has specific procedural requirements (ISQM 2.24–27), eligibility and independence requirements (ISQM 2.18–21), and veto authority. A second partner review is an informal internal quality control measure with no specific standard governing its scope, timing, or documentation. The EQR cannot be scaled down to a quick read-through regardless of how straightforward the engagement appears.

Can the engagement quality reviewer block the issuance of the audit report?

Yes. Under ISQM 2.28, if the engagement quality reviewer identifies concerns that are not resolved to the reviewer's satisfaction, the engagement report cannot be issued. The reviewer has an effective veto. The firm must have a process for resolving disagreements, but until the matter is resolved, the report stays unsigned.

Further reading and source references

  • IAASB Handbook 2024: The authoritative source for the complete ISQM 2 text.
  • ISQM 1: The firm-level quality management standard within which engagement quality reviews operate.
  • ISA 220 (Revised): Quality management for an audit of financial statements, including the engagement partner's responsibilities for engagement quality.
  • IESBA Code of Ethics: Independence and cooling-off requirements applicable to engagement quality reviewers.

This guide reflects the ISQM 2 text as published in the IAASB 2024 Handbook. National implementations may include additional requirements. Always consult the applicable national standard alongside the international text. This content is for educational purposes and doesn't constitute legal or professional advice.

Last reviewed: March 2026 · Standards version: IAASB 2024 Handbook