When did the current APES 320 take effect?

The reissued APES 320 Quality Management for Firms that provide Non-Assurance Services is effective from 1 January 2023, with earlier adoption permitted. It replaced the earlier APES 320 Quality Control for Firms (2019).

Who has to comply with APES 320?

Public-practice firms whose members belong to CPA Australia, CA ANZ or the IPA and that provide non-assurance services — including sole practitioners. It applies in a scalable way proportionate to the firm's size and the nature of its engagements.

What is the difference between APES 320 and the old quality control standard?

The previous standard used a fixed quality control approach. The current APES 320 requires a risk-based system of quality management: set quality objectives, identify and assess risks, design responses, then monitor and remediate on an ongoing basis.

How does APES 320 relate to APES 110?

APES 110 sets the ethical and independence requirements; APES 320 requires firms to build a system giving reasonable assurance those requirements are met. Relevant ethical requirements are one of the components of the APES 320 system.

Does APES 320 cover audit and assurance work?

No. APES 320 covers non-assurance services. Quality management for audit and assurance engagements is governed by the separate ASQM standards issued by the AUASB, though many firms run a single system addressing both.

APES 320 Quality Management for accounting firms explained

APES 320 is the APESB standard requiring accounting firms that provide non-assurance services to design, implement and operate a risk-based system of quality management.

What is APES 320?

APES 320 *Quality Management for Firms that provide Non-Assurance Services* is the professional standard that requires Australian accounting firms to design, implement and operate a system of quality management over their non-assurance work — services such as tax, bookkeeping, advisory, compilation and other public-practice engagements.

It is issued by the Accounting Professional and Ethical Standards Board (APESB) and is binding on members of CPA Australia, Chartered Accountants Australia and New Zealand (CA ANZ) and the Institute of Public Accountants (IPA) who are in public practice. The current version is effective from 1 January 2023 and replaced the earlier APES 320 *Quality Control for Firms* (2019).

The headline change is a shift in mindset: from a static, checklist-style "quality control" manual to a dynamic, risk-based quality management system that a firm must keep evaluating and improving over time. The current standard draws on the structure of the international quality management standard ISQM 1, adapted by APESB for firms providing non-assurance services.

Who APES 320 applies to

APES 320 applies to a Firm (as defined in the standard) where one or more members of the professional bodies are in public practice and the firm provides non-assurance services. In practice this captures:

Sole practitioners and small public-practice firms providing tax, accounting and advisory services.
Mid-tier and large multidisciplinary firms, for the non-assurance parts of their business.
Networks and firms operating across multiple offices.

The standard is explicitly scalable. A solo tax agent is not expected to build the same documentation and infrastructure as a national firm — but every in-scope firm must still address each component of the system in a way proportionate to the nature and circumstances of the firm and the engagements it performs.

Note the scope: APES 320 covers non-assurance services. Audit and assurance engagements are governed by the separate auditing-and-assurance quality management standards (the ASQM series issued by the AUASB). Many firms therefore operate quality systems that satisfy both regimes.

The risk-based system of quality management

The defining feature of APES 320 is the risk-based approach. Rather than prescribing a fixed set of policies, the standard requires a firm to run an iterative cycle:

Establish quality objectives — the outcomes the firm wants its quality system to achieve.
Identify and assess quality risks — what could prevent those objectives from being met, considering the firm's size, services, clients and complexity.
Design and implement responses — policies and procedures that address each assessed risk.
Monitor and remediate — check that the responses are working and fix deficiencies.

This means two firms of similar size may legitimately end up with different systems, because their risks differ. The firm — not the standard — decides which risks are relevant and how far each response needs to go. That flexibility is the point, but it also raises the bar: the firm must be able to demonstrate *why* its system is appropriate.

The components you must address

APES 320 frames the system of quality management around a set of interrelated components. A firm must establish quality objectives and address risks across each of the following:

Governance and leadership — the firm's culture, accountability and "tone at the top" for quality.
The firm's risk assessment process — how the firm sets objectives, identifies risks and designs responses.
Relevant ethical requirements — including independence and the ethical obligations in APES 110.
Acceptance and continuance of client relationships and specific engagements.
Engagement performance — how work is planned, supervised, reviewed and concluded.
Resources — human, technological and intellectual resources (including the use of service providers).
Information and communication — capturing and exchanging quality-relevant information internally and externally.
Monitoring and remediation — ongoing evaluation of the system and correction of deficiencies.

These components are not silos. Information and communication, for example, feeds the risk assessment process; governance and leadership shape every other component. Documentation should make these linkages visible.

Timing, monitoring and remediation

The current APES 320 has been effective since 1 January 2023, so it is now business-as-usual rather than a transition project. Two recurring obligations matter most:

Annual evaluation of the system. The individual(s) with operational responsibility for the system must, at least annually, evaluate whether the system of quality management provides reasonable assurance that its objectives are being met, and conclude on its effectiveness. This is an ongoing duty, not a one-off implementation step.
Monitoring and remediation throughout the year. The firm runs monitoring activities (for example, inspections of completed engagements), identifies findings, evaluates whether they indicate deficiencies, determines the root cause, and takes remedial action.

Where a deficiency is identified, simply noting it is not enough — the standard expects root-cause analysis and a proportionate remedial response, with follow-up to confirm the fix worked.

If you are quoting a specific clause, defined term or effective date in firm policies, verify the current wording directly against the standard on the APESB website, as APESB periodically reissues and amends its pronouncements.

How APES 320 relates to APES 110

APES 320 does not stand alone. It sits within the APESB framework alongside the APES 110 Code of Ethics, which sets the fundamental ethical principles — integrity, objectivity, professional competence and due care, confidentiality and professional behaviour — plus the independence requirements.

The relationship is direct:

One component of the APES 320 system is relevant ethical requirements, which means the firm must build quality objectives and responses that give reasonable assurance the firm and its people comply with APES 110.
Breaches of ethics or independence are exactly the kind of quality risk the APES 320 system is meant to identify and respond to.

In short, APES 110 tells you *what* the ethical obligations are; APES 320 makes you build a firm-wide system to ensure those obligations — and quality more broadly — are consistently met. Both are relevant to anyone working in the tax practitioners space.

What firms should do now (and common pitfalls)

A practical baseline for an in-scope firm:

Confirm scope. Identify which services are non-assurance (APES 320) and which, if any, are assurance (ASQM regime).
Assign responsibility. Document who holds *ultimate* responsibility for the system and who holds *operational* responsibility.
Document the four-step cycle. Record your quality objectives, the risks you assessed, the responses you designed, and how you monitor them.
Schedule the annual evaluation. Diarise the formal conclusion on effectiveness and keep the supporting evidence.
Tie in APES 110. Make sure independence and ethics are addressed as quality objectives, not treated as a separate exercise.
Use professional-body tools. CPA Australia, CA ANZ and the IPA publish quality management manuals and templates that map to APES 320 — useful starting points, but tailor them to your firm's actual risks.

The most common failures are predictable:

Treating it as a manual, not a system. Buying a template and shelving it misses the risk-based, iterative nature of the standard.
Copy-paste risk assessments that fail to reflect your clients, services or technology.
"Set and forget". Skipping the annual evaluation or failing to act on monitoring findings is a frequent finding in professional-body quality reviews.
No root-cause analysis — logging a deficiency without identifying *why* it happened means the same issue recurs.
Assuming you're too small. Scalability reduces the burden — it does not remove the obligation. Sole practitioners are in scope.