PCAOB Proposes a New Quality Control Standard for Audit Firms That Will Enhance Communications to Audit Committees and Other Stakeholders

_{December 2022}

The Public Accounting Oversight Board (PCAOB) has issued for public comment a proposed quality control (QC) standard in an effort to lead registered public accounting firms to significantly improve their QC systems to support consistent performance of high quality audits and more reliable issuer financial statements for investors. The proposal provides an integrated, risk-based, and scalable standard that could be applied by firms of varying size and complexity. The proposal includes defined quality objectives, emphasis on firm governance and individual accountability, direction regarding monitoring and identified deficiency remediation as well as addresses changes in the audit practice. The proposal further introduces a required annual evaluation of the effectiveness of a firm’s QC system by the audit firm coupled with an annual, non-public QC report to be provided to the PCAOB Board, and enhanced communications regarding the results of the evaluation to the audit committee of each issuer. 

Background

Audit quality remains a top priority for all stakeholders within the financial reporting process. Current PCAOB QC standards were developed and issued by the American Institute of Certified Public Accountants (AICPA) before the PCAOB was established in 2002. Since then, the auditing environment has continued to change, reflecting increased use of evolving audit technology and expansion of the use of global audit networks and other outside resources in the execution of audits along with certain changes firms have made in response to remediation of deficiencies identified via PCAOB inspections. Additionally, the PCAOB cites that advances in internal control, quality management and enterprise risk management suggest that factors such as active involvement of leadership, focus on risk, clearly defined objectives, objective-oriented processes, monitoring, and remediation of identified issues can contribute to more effective QC. 

As part of the effort to modernize auditing standards, in November 2022, the PCAOB issued for public comment QC 1000, A Firm’s System of Quality Control. Additionally, with the proposal of QC 1000, the PCAOB is also proposing several other changes to their standards and rules. The proposal has been informed by other standard setters including the:

• IAASB’s International Standard on Quality Management 1, Quality Management for Firms that Perform Audits of Reviews of Financial Statements, or Other Assurance or Related Service Engagements (“ISQM 1”) – Effective December 15, 2022 
• AICPA’s Statement on Quality Management Standards (SQMS) No. 1, A Firms’ System of Quality Management – Effective December 15, 2025

While the proposed QC 1000 covers the same eight components as these two standards (see below), there is not complete alignment as the PCAOB proposal includes alternative or incremental provisions including: 

• Requirements regarding involvement of independent individuals in firm governance for the largest firms;
• An ethics and independence component aligned with SEC and PCAOB requirements;
• Specified requirements regarding firm technological resources;
• More specific requirements for the monitoring and remediation process; 
• Guidelines regarding a firm’s voluntary publication of information, firm statistics, or firm and engagement performance metrics; and 
• A more structured approach to the firm’s annual evaluation of its QC system coupled with a reporting requirement on new Form QC.

What would QC 1000 do?

The proposed standard, if adopted, would replace the current QC standards, and would provide a framework for a firm’s QC system. The proposal takes a structured approach requiring a firm to:

• annually evaluate its QC system and report the results of its evaluation on new Form QC to the PCAOB; and provide enhanced communications to the audit committee (or equivalent of each issuer and broker-dealer audit client); 
• expand the auditor’s responsibility to respond to deficiencies on completed engagements under an amended and retitled PCAOB AS 2901, Responding to Engagement Deficiencies After Issuance of the Audit Report, and related amendments to PCAOB attestation standards for broker-dealer engagements (this proposal would supersede the existing PCAOB standard ET 102 with a new standard, EI 1000, Integrity, and Objectivity, to better align PCAOB ethics requirements with the scope, approach, and terminology of QC 1000); and 
• have policies and procedures that address the use of technological resources.

The proposed standard also includes requirements regarding individual roles and responsibilities within the QC system and documentation requirements.

Under the proposal, all registered firms would be required to design a QC system that meets the requirements of QC 1000. Firms would be required to implement and operate the QC system in compliance with QC 1000 when they perform an engagement under PCAOB standards, play a substantial role in the preparation or furnishing of an audit report (as defined in PCAOB rules), or have current responsibilities under applicable professional and legal requirements regarding any such engagement. 

BDO Insight: 

QC systems are essential to how firms conduct audits and are in place to protect investors, shareholders and other users of financial statements. Audit committees, in their oversight of the audit process, need to take an active interest in what their audit firm is doing to develop and maintain quality controls to ensure that they deliver the highest audit quality execution. 

Proposed QC Framework

The proposed QC standard provides a framework for a firm’s QC system that is grounded in proactively identifying and managing risks to quality and establishing quality objectives with a feedback loop from ongoing monitoring and remediation that should drive continuous improvement, an explicit focus on firm governance and leadership and accountability, and specific direction in several areas that the current PCAOB standards do not address directly.

Proposed QC 1000 has eight basic components, consisting of:

• Two process components:
  • The firm’s risk assessment process
  • The monitoring and remediation process
• Six components that address aspects of the firm’s organization and operations:
  • Governance and leadership
  • Ethics and independence
  • Acceptance and continuance of client relationships and specific engagements
  • Engagement performance
  • Resources
  • Information and communication

Annual QC Evaluation and Reporting

The PCAOB believes that firms’ QC systems should address the integrity of firms’ external communications about themselves. Such information can influence the views of relevant stakeholders, including audit committees determining whether to engage or retain an auditor and investors determining whether to ratify such an appointment. Currently, auditors are not required to report on their QC system under PCAOB QC standards. However, the NYSE listing exchange requirements require audit committees of listed entities to annually discuss certain firm and engagement level matters including the:

• Firm’s internal quality control procedures
• Material issues raised in quality control reviews within the preceding five years and steps taken to address
• Relationships between auditor and the Company
• Review of any audit problems or difficulties and management’s response 

Additionally, many auditing firms voluntarily provide firm level quality information via annual audit quality reports or within websites and/or marketing materials. 

The PCAOB proposal differs from other QC standards in that it would require the firm to establish a specific quality objective that firm-level or engagement-level information communicated externally is accurate and not misleading and, with respect to any performance metrics, explains in reasonable detail how the metrics were determined and, if applicable, how the metrics or the method of determining them changed since performance metrics were last communicated. The PCAOB’s view is that a specific quality objective in this area would prompt firms to implement targeted policies and procedures that would address, for example, the quality and consistency of data and the need for context or explanation. This in turn would improve the informativeness, reliability, and comparability of such communications and avoid misleading the intended audience.

As one of the most significant elements of this proposal, audit firms would be required to furnish a non-public report on the QC environment to the PCAOB Board and would be required to communicate to the audit committee about the firm’s most recent annual evaluation of its QC system under amended AS 1301, Communications with Audit Committees– noting that the proposed communication requirement would not require a firm to disclose nonpublic information about the results of a PCAOB inspection and any necessary remediation by the firm that is subject to confidentiality restrictions under Section 105(b)(5)(A) of the Sarbanes-Oxley Act. The proposal would not prohibit a firm from voluntarily disclosing its Form QC or the contents thereof to the public or to certain stakeholders. Nor would the proposed rule prohibit the PCAOB from sharing Form QC with the SEC or other entities and provides that Form QC and its contents may be publicly disclosed in enforcement proceedings.  

BDO Insight:

This report and the related communications would allow regulators, the audit committee and potentially other stakeholders (e.g., management) to gain further insight into what is being done by audit firms to maintain high audit quality. This may provide additional context for audit committees to consider in making critical decisions regarding audit firm hiring and retention decisions. 

The proposed standard takes a proactive approach in identifying and managing risks to quality, as well as promotes continuous communication to support constant improvement while focusing on firm governance and leadership and accountability. 

BDO is committed to maintaining high audit quality and has been preparing voluntary public audit quality reports that provide further information about our people, processes, innovations and quality control system. Please refer to our latest 2022/2021 Audit Quality Report. 

Effective Date

The PCAOB is considering an effective date of December 15 of the year after approval by the SEC, with the first evaluation of the QC system to be made as of the following November 30. The PCAOB believes that firms should be permitted to elect to comply with the requirements of QC 1000, except reporting to the PCAOB on the annual evaluation of the QC system, before the effective date, at any point after SEC approval of the final standard.

Request for comments

The proposal contains over 90 questions for stakeholders to respond to, with public comments requested by February 1, 2023. 

BDO will continue to monitor and share developments on the PCAOB’s activities with respect to QC 1000 and specifically, how it may impact communications with audit committees.