System of Quality Management

The System of Quality Management reflects our commitment to transparency, continuous improvement, and maintaining the standards in the audits we perform.

It also strengthens our culture of quality and tone at the top by clearly defining leadership responsibilities and accountability for quality.

We continue to invest in the System of Quality Management and promote objectivity, independence and professional skepticism — principles that are essential to delivering high-quality audits.

Content overview

• Designing, implementing and operating a System of Quality Management
• System of Quality Management risk assessment process
• Governance and leadership
• Relevant ethical and legal requirements
• Client and engagement acceptance and continuance
• Engagement performance 
• Resources
• Information and communications
• System of Quality Management monitoring and remediation

Designing, implementing and operating a System of Quality Management

Our approach is to design, implement and operate a System of Quality Management that is applied consistently across EY member firms. This approach not only drives operating effectiveness but more importantly, it promotes engagement quality across the network. This is important as many audits require collaboration with other EY member firms.

To achieve this, EY member firms have access to policies, technologies, strategies, and programs that guide the design, implementation and operation of their Systems of Quality Management.

EY member firms are ultimately responsible for their System of Quality Management, including:

• Evaluating the policies, technologies, strategies, programs and baseline quality objectives, as well as the quality risks and responses provided to them
• Deciding whether these need to be supplemented to make them appropriate for use (e.g., amending a policy to comply with local laws or translating content into the local language)

Effectiveness: annual evaluation conclusion

Country Managing Partners, on behalf of EY member firms, are required to evaluate the System of Quality Management every year and conclude on its effectiveness. Member firms required to publish a Transparency Report include the annual evaluation conclusion of the member firm’s System of Quality Management.

This evaluation considers whether the EY member firm’s System of Quality Management provides reasonable assurance that:

• The member firm and its personnel are fulfilling their responsibilities, including when they deliver engagements, in line with professional standards and applicable laws and regulations
• Reports issued by the member firm and engagement partners are appropriate in the circumstances

The annual evaluation draws on information gathered through monitoring activities and other sources of information, including:

• Tests of key controls within the System of Quality Management
• Internal engagement inspections
• Other sources of information, such as: 
  • External engagement inspections
  • Tests of compliance with ethical requirements, including independence
  • Quality observations from external regulators relevant to the System of Quality Management
  • Issues reported through the Ethics Hotline

Professional judgment is applied when evaluating the results of monitoring activities and other sources of information, including deciding whether findings — alone or combined — constitute a deficiency in the System of Quality Management. Any identified deficiencies in the System of Quality Management require a root cause analysis and a remediation plan. Deficiencies are also evaluated for severity and pervasiveness. If a severe deficiency is identified, the member firm must determine whether the effect of the deficiency was corrected, and whether the actions taken were effective, in determining the annual evaluation conclusion.

Components of System of Quality Management

The System of Quality Management is built on interconnected components that include:

• Risk assessment process: Conducting a robust risk assessment process
• Governance and leadership: Driving a leadership-led culture that promotes quality
• Relevant and ethical requirements: Complying with relevant ethical requirements
• Client acceptance and continuance: Setting clear policies and guidance for client and engagement acceptance and continuance
• Engagement performance: Supporting a consistent approach to how engagements are performed, including team supervision, review and consultation
• Resources: Investing in intellectual resources, technology and EY people as well as contractors 
• Information and communications: Communicating relevant, reliable information internally and externally
• Monitoring and remediation process: Monitoring the System of Quality Management and making changes as needed to maintain effectiveness

System of Quality Management risk assessment process

EY member firms design and implement a risk assessment process to establish quality objectives, identify and assess quality risks, and design responses to address those risks. The risk assessment process is executed annually. 

To promote consistency while providing EY member firms a scalable and adaptable approach, global System of Quality Management baseline quality objectives, quality risks and responses have been developed by representatives of EY global leadership — including global Assurance leadership — with input from functional and service line groups at the global, Area and Region levels.

Global System of Quality Management baselines are presumed to apply to every member firm performing engagements within the scope of ISQM 1. Each EY member firm is responsible for reviewing these baselines and deciding whether they need to be supplemented or adapted.

Governance and leadership

Tone at the top

EY leaders set the right tone at the top to demonstrate our commitment to building a better working world through actions and behavior.

While tone at the top is essential, EY people know that quality and professional responsibility start with them. Within their teams and communities, they are leaders too.

The EY culture emphasizes collaboration and the importance of consultation when addressing complex or subjective issues in accounting, auditing, reporting, regulatory and independence matters.

Our approach to business ethics and integrity is outlined in the EY Global Code of Conduct and related policies and is embedded in our culture of consultation, training and internal communications. Senior leaders reinforce the importance of delivering quality work, complying with professional standards, following EY policies and leading by example. EY member firms also measure the quality of professional services as a key factor when evaluating and rewarding EY professionals.

Global Code of Conduct

The EY Global Code of Conduct provides clear principles to guide our actions and business conduct. It is organized into five categories:

• Working with one another
• Working with clients and others
• Acting with professional integrity
• Maintaining our objectivity and independence
• Protecting data, information and intellectual capital

Through EY policies and procedures that support compliance with the EY Global Code of Conduct — and through frequent communication — we strive to create an environment where all EY people act responsibly, including reporting misconduct without fear of retaliation.

Accountability frameworks

The EY accountability frameworks are a set of policies and frameworks that put quality into action. They outline how EY partners, principals, associate partners, executive directors, managing directors, directors, and other leaders are held accountable for responsibilities related to the System of Quality Management as well as risk and compliance — and how these link to their performance ratings.

These frameworks set clear expectations for quality and help maintain the confidence that external stakeholders place in EY.

Relevant ethical and legal requirements

The EY Global Code of Conduct guides how EY people act and conduct business. We are committed to following all applicable laws and regulations, and our values reinforce the commitment to doing what’s right. This commitment is supported by several policies and procedures, explained in the sections below.

Independence

Compliance with ethical requirements, including independence, is an important part of the System of Quality Management. It involves determining that we are independent in both fact and appearance. The ethical and independence requirements relevant to EY audits and professional services follow the International Ethics Standards Board for Accountants’ (IESBA) International Code of Ethics for Professional Accountants (including International Independence Standards), known as the IESBA Code. Member firms also comply with local ethical and independence requirements or codes applicable to their audits and services. For details on policies, tools and processes that help maintain independence, see the Independence practices section.

Non-compliance with laws and regulations

In line with the IESBA Code, EY has a policy designed to meet obligations with respect to non-compliance with laws and regulations (NOCLAR). This policy covers obligations related to non-compliant activity by clients or EY people, as it applies to their business activities.

In addition to NOCLAR reporting obligations, EY may need to report possible client misconduct — whether actual or suspected — to the appropriate authorities. Where these obligations apply, reports are made in line with local laws.

Global Compliance Office

While local laws and regulations are managed by specialists and EY member firms, EY also has a Global Compliance Office that oversees the design and implementation of compliance programs to meet legal and regulatory requirements.

The Global Compliance Office currently focuses on artificial intelligence (AI) compliance, data compliance, conflicts of interest, financial crime, independence, and Corporate Social Responsibility and Sustainability (CSR) compliance. These areas were selected based on the common issues they present across EY member firms.

Whistleblowing

The EY Ethics Hotline provides EY people, clients and others outside of the organization with a means to confidentially report activity that may involve unethical or improper behavior, and that may be in violation of professional standards or otherwise inconsistent with EY shared values or the Global Code of Conduct. The hotline is hosted by an external organization that provides confidential and, if desired, anonymous hotline reporting.

When a report is submitted through the EY Ethics Hotline, it is promptly reviewed by the ethics team at the relevant EY member firm. Depending on the content of the report, appropriate individuals from Risk Management, Talent, or other functions may also be involved in addressing the concerns raised.

Anti-bribery

The EY Global Anti-Bribery Policy provides EY people with direction on certain unethical and illegal activities. It reinforces the obligation to comply with anti-bribery laws, defines what constitutes bribery, and outlines reporting responsibilities when bribery is discovered. Recognizing the growing global impact of bribery and corruption, EY continues to embed anti-bribery measures across the organization.

Insider trading

Local laws and regulations prohibit trading securities or other financial instruments when in possession of material non-public information. EY is committed to acting with professional integrity and complying with these laws, regulations and standards. EY people must follow these requirements and are prohibited from trading while in possession of material non-public information.

The EY Global Insider Trading Policy explains what constitutes as insider information and identifies who EY people should consult if they have questions about their responsibilities.

Economic and trade sanctions

It is important that EY member firms and EY people comply with evolving rules on international economic and trade sanctions. EY provides processes to help identify sanctions issued in multiple geographies — both before accepting business relationships and as they continue. Guidance is also provided to EY people on impacted relationships and activities.

Anti-money laundering

In line with EY global anti-money laundering (AML) guidance, EY member firms classified as obliged entities under applicable AML regulations have policies and procedures designed to meet these obligations. This includes know your client (KYC) procedures, risk assessments and suspicious activity reporting. EY people receive training on their responsibilities and guidance on who to consult if they have questions.

Data protection and confidentiality

The EY Data Protection & Confidentiality Global Policy, EY Binding Corporate Rules Program, and related policies set principles and minimum standards for collecting, using and protecting information EY has responsibility for. This includes personal data relating to current, past and prospective EY professionals, clients, suppliers and business associates, as well as other information considered confidential to clients, third parties or EY. The policy aligns with the European Union’s General Data Protection Regulation (GDPR) requirements and other applicable data protection and privacy laws and regulations in addition to relevant professional standards that provide a framework for confidentiality. EY member firms may further strengthen applicable protections through local policy where required by law.

Data Stewardship Office

EY recognizes that data is a valuable resource for driving innovation and creating value but also requires strong protection. The EY Data Stewardship Office (DSO) was created to help enhance data governance and promote alignment across EY member firms, service lines and accounts in accordance with the EY Global Data Protection (DP) and Information Security Policies and Guidance.

Rotation and long association

EY complies with audit partner rotation requirements under the IESBA Code and, where applicable, the U.S. Securities and Exchange Commission (SEC). Rotation is important because it brings a fresh perspective and promotes independence from company management while retaining valuable experience and knowledge of the business. Combined with independence requirements and independent audit oversight, audit partner rotation helps strengthen independence and objectivity and serves as an important safeguard for audit quality.

EY uses processes to monitor compliance with internal rotation requirements for audit partners and other professionals who have had a long association with an audited entity.

External rotation

Where required under Article 17 (1) of the EU Audit Regulation, we comply with the external audit firm rotation requirements for public interest entities (PIEs).

Client and engagement acceptance and continuance

Global policy on client and engagement acceptance and continuance

The EY global policy on client and engagement acceptance and continuance sets principles for deciding whether to accept a new client, take on a new engagement with an existing client, or continue an existing relationship. These principles are essential for maintaining quality, managing risk, protecting EY people, and meeting regulatory requirements. This policy, issued by EYG, helps ensure adherence to EY values and drives consistency in the System of Quality Management.

The EY global policy on conflicts of interest sets global standards for addressing potential conflicts and outlines a process for identifying them. It also includes measures to mitigate conflicts as quickly and effectively as possible, using appropriate safeguards. These safeguards may include obtaining client consent to act for another party, identifying separate engagement teams to act for two or more parties, implementing appropriate separations between teams or declining an engagement to avoid a conflict.

The EY global policy on conflicts of interest and its guidance reflect the growing complexity of engagements and client relationships, as well as the need for speed and accuracy in responding to clients. These policies align with the latest IESBA Code.

Putting policy into practice

We use the EY Process for Acceptance of Clients and Engagements (PACE), an intranet-based system, to coordinate client and engagement acceptance and continuance activities in line with global, service line and member firm policies. PACE guides users through the requirements for both audit and non-audit engagements and highlights the policies and professional standards, including independence, needed to assess business opportunities and associated risks.

Engagement performance

Certification of technology

We follow a rigorous certification process to verify that automated tools and techniques used in audits are fit-for-purpose.

Certification addresses a range of aspects, including:

• That the solution has a clear audit evidence objective and was appropriately tested
• That methodology, enablement and learning are available to support its application
• That relevant legal and regulatory requirements have been managed (e.g., data privacy)

Reviews of audit work

EY policies outline requirements for timely and direct involvement of senior professionals, the level of review needed for work performed, and documenting the work performed and conclusions reached. Supervisory members of the audit team review audit documentation in detail for technical accuracy and completeness.

EY policies also outline the critical role of the Partner in Charge (PIC) in managing and achieving audit quality and reinforcing the importance of quality across the entire audit team, including component auditors.

Consultation requirements

EY consultation policies are built on a culture that encourages audit professionals to share perspectives on complex accounting, auditing and reporting matters.

For complex or sensitive matters, EY follows a formal process that requires consultation outside the audit team with professionals who have relevant experience, primarily in Professional Practice and Independence.

Engagement quality reviews

EY engagement quality review policies follow ISQM 2, Engagement Quality Reviews. They define which audits require engagement quality review and the qualifications of engagement quality reviewers.

Engagement quality reviewers receive training and enablement to carry out their review responsibilities. Importantly, they work independently from the audit team to provide an objective evaluation of significant judgments made and conclusions reached by the audit team.

Resources

We continue to invest in resources that support the System of Quality Management, including intellectual resources technology and EY people.

Audit methodology

Our Global Audit Methodology (EY GAM) provides a global framework for delivering high-quality audit services through the consistent application of thought processes, judgments and procedures in all audit engagements, no matter the size.

EY GAM emphasizes the importance of applying appropriate professional skepticism and requires compliance with relevant ethical requirements, including independence from the audited entity. Risk assessments shape the nature, timing and extent of audit procedures and are fundamental to EY GAM.

Technology

The latest phase of the US$1b technology investment introduces AI-powered capabilities to help accelerate audit transformation and scale AI across EY audit engagements. This builds on the strength of our existing leading-edge audit technology suite — integrating advanced tools into one seamless AI-powered platform while driving transformation through:

• Next-generation data-access capabilities and advanced analytics
• AI at scale
• An elevated user experience

In 2025, EY introduced 30 new and enhanced Assurance technology capabilities, bringing the total to more than 100 since the launch of the four-year technology investment program.

Attracting and developing EY people

EY is committed to attracting and retaining talented people and helping auditors thrive professionally and personally.

Audit professionals across the globe play a vital role in driving quality outcomes through a culture of continuous improvement. They prioritize learning and development while fostering a culture of innovation by upskilling to be proficient in technology-driven and AI-powered audit capabilities.

Information and communication

It’s important that relevant and reliable information is obtained, used and communicated to design, implement and operate the System of Quality Management. Effective two-way communication is important, particularly between:

• EY people
• Member firms within the EY network 
• External parties 
• Service providers

Our Global System of Quality Management policy sets the requirements for member firms to communicate both internally and externally about their System of Quality Management.

System of Quality Management monitoring and remediation

The System of Quality Management monitoring and remediation process aims to:

• Provide relevant, reliable and timely information on how each member firm’s System of Quality Management is designed, implemented and operating
• Provide a basis for the identification of deficiencies
• Take appropriate actions to respond to deficiencies

Information obtained from the monitoring and remediation process about the design, implementation and operation of the EY member firm’s System of Quality Management is evaluated along with other sources of information to conclude on the effectiveness in achieving the objectives of the EY member firm’s System of Quality Management.

The monitoring and remediation process is executed annually based on the Global System of Quality Management Monitoring and Remediation policy.

The information provided on this page is current as of the publication date, 3 February 2026.