What is Continuous Monitoring?
ISQM 1.42 requires the firm to establish monitoring activities that provide a basis for identifying deficiencies in the system of quality management. Those activities must include a combination of ongoing monitoring (continuous) and periodic inspection (cyclical file reviews). The standard does not prescribe frequency, but it does require the firm to consider the nature of engagements performed, the results of previous monitoring, external inspection findings received, and changes in the firm's circumstances.
The practical effect is that continuous monitoring fills the gap between annual file reviews. A firm performing 200 statutory audits cannot wait until November to discover that engagement teams have been skipping the engagement quality review sign-off since February. Continuous monitoring catches that pattern through real-time or near-real-time indicators: completion checklists flagged as overdue, methodology hotline queries spiking on a specific topic, partner sign-off dates recorded after the report date, or consultation requests concentrated in a single area of the standards.
ISQM 1.43 requires the firm to investigate the root cause of identified deficiencies rather than treating each instance as isolated. This connects directly to root cause analysis, where the monitoring output becomes the input. The firm's leadership must then evaluate whether the deficiency is systemic and, if so, revise the relevant quality responses under ISQM 1.44.
Key Points
- Continuous monitoring supplements periodic inspections; it does not replace them.
- The standard requires the firm to design monitoring activities that include both ongoing and periodic elements.
- Firms that delay deficiency identification until the annual inspection cycle risk repeating the same error across dozens of engagements.
- Most regulatory inspections now expect documented evidence of monitoring actions performed at least quarterly.
Worked example: Novak Pharma s.r.o.
Client: Czech mid-tier audit firm (not the audit client) with 14 partners and 95 professional staff, performing 180 statutory audits annually under ISAs. The firm implemented its ISQM 1 system of quality management in December 2022.
Step 1 — Design the monitoring indicators
The firm's quality management partner selects four continuous monitoring indicators. First, the percentage of engagements where the planning memorandum is signed off within 30 days of acceptance. Second, the number of consultations logged on the firm's methodology helpline per quarter. Third, the proportion of engagement quality reviews completed before report signing. Fourth, the rate of audit report reissuances or withdrawals. Together these indicators cover acceptance, planning, execution, and reporting.
Documentation note: record each indicator selected, the quality objective it maps to under ISQM 1.24, the data source, the measurement frequency, and the threshold that triggers investigation. File in the firm's quality management documentation.
Step 2 — Collect and evaluate data (Q1 2025)
The monitoring dashboard shows that 34 of 62 engagements accepted in Q1 had planning memorandums signed more than 30 days after acceptance (55% non-compliance). The helpline logged 28 consultations, 19 of which related to going concern assessments.
Documentation note: record the data extraction date, the raw figures, the compliance rate, and the breakdown of helpline queries by topic. Attach the dashboard report as evidence per ISQM 1.42.
Step 3 — Investigate root cause
The quality management partner interviews four engagement partners whose planning memorandums were late. The common factor is that all four were assigned new pharmaceutical clients requiring additional industry research, and the planning template does not include a field for industry-specific risk assessment. The template gap caused delays rather than negligence.
Documentation note: record the root cause investigation under ISQM 1.43, the interviews conducted (dates and participants), the findings from each interview, the identified root cause (template design gap), and the distinction from individual performance issues.
Step 4 — Remediate and communicate
The firm updates the planning template to include an industry-specific risk section. The quality management partner issues a firm-wide communication reminding teams of the 30-day planning deadline and explaining the template change. A follow-up monitoring review is scheduled for Q2 2025 to verify the remediation reduced the non-compliance rate.
Documentation note: record the remediation action under ISQM 1.44, the communication issued (date, recipients, content summary), and the scheduled follow-up date. Update the firm's deficiency tracker with the status change from "identified" to "remediation in progress.
Conclusion: the firm's continuous monitoring process identified a systemic planning delay and traced it to a template design gap rather than individual non-compliance. The remediation was targeted and verified by a Q2 follow-up, all completed before the annual inspection cycle began.
Why it matters in practice
The AFM's 2023 inspection findings on ISQM 1 implementation noted that firms frequently treated monitoring as identical to their pre-existing inspection programme, adding no continuous element. ISQM 1.42 requires a combination of ongoing and periodic activities. Renaming the annual file review as "monitoring" without adding real-time or near-real-time indicators fails the standard's design requirements.
Firms often identify deficiencies through monitoring but stop at corrective action on individual engagements without investigating root causes. ISQM 1.43 requires the firm to investigate the cause of identified deficiencies. Fixing a single engagement file without asking why the deficiency occurred leaves the systemic issue intact and guarantees recurrence.
Continuous monitoring vs. periodic inspection
| Dimension | Continuous monitoring | Periodic inspection |
|---|---|---|
| Timing | Ongoing throughout the year, often quarterly or monthly | Performed at a set point (typically annually after busy season) |
| What it examines | System operation indicators: completion rates, consultation patterns, deadline compliance, staffing variances | Completed engagement files: whether the work performed meets the standards |
| Detection speed | Near-real-time; identifies trends while engagements are still in progress | Retrospective; identifies issues months after the engagement was completed |
| Typical output | Dashboard of compliance indicators, threshold breaches, trend data, and escalation triggers | File review scores, inspection findings, individual engagement recommendations, and firm-wide themes |
The two are complements. Periodic inspection tells you whether the finished product met the standard. Continuous monitoring tells you whether the production process is working while it runs. A firm that relies solely on periodic inspection discovers problems too late to prevent recurrence across the current cycle.
Related terms
Frequently asked questions
How often should a firm perform continuous monitoring under ISQM 1?
ISQM 1 does not prescribe a fixed frequency. The firm must determine the timing based on the nature of monitoring activities, prior results, changes in the system, and the findings of external inspections. In practice, firms that collect indicator data quarterly and review it at the leadership level each quarter meet the standard's intent. ISQM 1.42 requires activities that are "ongoing," which means the firm should not batch all monitoring into a single annual event.
Does continuous monitoring replace the annual inspection of completed engagements?
No. ISQM 1.42 requires both ongoing and periodic monitoring activities. Periodic inspection (selecting completed engagement files for review) tests whether the quality management system actually prevented deficiencies from reaching the final work product. Continuous monitoring tests whether the system is operating as designed in real time. The two activities serve different purposes and both are required.
What happens if continuous monitoring reveals a deficiency in an engagement that is already completed?
The firm must evaluate the severity of the deficiency and determine whether the engagement conclusion remains appropriate. ISQM 1.44 requires the firm to evaluate the effect of identified deficiencies on the system of quality management. If the deficiency could have affected the audit opinion, ISA 220.42 requires the engagement partner to consider whether further action is needed, including communication with the entity or, in severe cases, withdrawal of the report.