Search within this section
Select a section below and enter your search term, or to search all click 2024 In brief
Favorited Content
PCAOB adopts foundational and quality control standards
Publication date: 30 May 2024
us In brief 2024-05
A PDF version of the full publication is attached here: PCAOB adopts foundational and quality control standards (PDF kb)
At a glance The PCAOB finalized two new standards, subject to approval by the SEC, on responsibilities of the auditor and a firm’s system of quality control. The new standards are intended to solidify the foundation of audits. |
What happened?
On May 13, the PCAOB adopted two new standards and related amendments to PCAOB standards, rules, and forms.
- AS 1000, General Responsibilities of the Auditor, retains and clarifies the general principles that are important for an audit, including reasonable assurance, professional care, professional skepticism, and professional judgment.
- QC 1000, A Firm’s System of Quality Control, replaces the existing PCAOB quality control (QC) standards with a new framework aimed at improving firms’ QC systems and protecting investors by facilitating the consistent preparation and issuance of informative, accurate, independent, and compliant engagement reports.
General Responsibilities of the Auditor (AS 1000)
AS 1000 emphasizes the auditor’s fundamental obligation to protect investors through the preparation and issuance of an informative, accurate, and independent auditor’s report. The standard states in its first paragraph that this responsibility transcends the auditor’s relationship with management and the audit committee, providing the foundation for an objective and independent audit.
AS 1000 and related amendments modernize, clarify, and streamline the general principles and responsibilities of auditors. They replace and reorganize five standards adopted by the Board on an interim basis in 2003. The new standard and amendments:
- Clarify the engagement partner’s responsibilities for supervision and review,
- Express the auditor’s requirement to be independent more directly by referring to independence criteria in the PCAOB and SEC’s rules, standards, and regulations,
- Clarify that the exercise of professional skepticism in an audit extends beyond the evaluation of the sufficiency and appropriateness of audit evidence to other information that is obtained to comply with PCAOB standards and rules, and
- Clarify the meaning of “presents fairly” in AS 2810, Evaluating Audit Results, and provide additional guidance about what this evaluation entails.
The changes to AS 2810 are not intended to change the auditor’s existing responsibilities for the evaluation of whether the financial statements are presented in conformity with the applicable financial reporting framework.
Amendments to AS 1215, Audit Documentation, accelerate the requirement for documentation completion from 45 days to 14 days.
A Firm’s System of Quality Control (QC 1000)
Effective QC systems are crucial for supporting the consistent performance of quality audits and other engagements under PCAOB standards. The Board’s existing QC standards were issued by the AICPA before the PCAOB was established. The auditing environment has changed significantly since that time, including evolving and greater use of technology, and increasing auditor use of outside resources, including other firms and providers of support services. Firms themselves have also changed significantly, as has the role of firm networks.
QC 1000 is a risk-based standard that includes establishing quality objectives, identifying and assessing quality risks, designing and implementing quality responses to address the quality risks, and monitoring the firm’s QC system. It encourages an ongoing feedback loop to drive continuous improvement of the QC system.
All registered firms will be required to design a compliant QC system, including those that do not currently perform engagements under PCAOB standards. Firms that perform or have responsibilities with respect to engagements under PCAOB standards – for example, audits of issuers or broker-dealers – will be required to implement and operate their QC systems.
“Advances in internal control, quality management, and enterprise risk management suggest that factors such as active involvement of leadership, focus on risk, clearly defined objectives, objective-oriented processes, monitoring, and remediation of identified issues can contribute to more effective QC systems.”
- PCAOB adopting release for QC 1000, A Firm’s System of Quality Control
Why the PCAOB adopted the new standard
The adopting release highlights the following improvements from existing QC standards:
- Emphasizing accountability, firm culture and the “tone at the top,” and firm governance through requirements for specified roles within and responsibilities for the QC system, including at the highest levels of the firm; quality objectives that link compensation to quality; and the requirement of an independent perspective in firm governance for the largest firms;
- Balancing a risk-based approach to QC with mandates, including required risk assessment and other QC related processes, quality objectives, and quality responses;
- Addressing changes in the audit practice environment, including the increasing participation of other firms and other outside resources, the role of firm networks, the evolving use of technology and other resources, and the increasing importance of internal and external firm communications;
- Broadening responsibilities for monitoring and remediation of deficiencies to create a more effective ongoing feedback loop that drives continuous improvement; and
- Requiring a rigorous annual evaluation of the firm’s QC system and reporting to the PCAOB certified by key firm personnel.
Roles and responsibilities for evaluating and reporting
QC 1000 designates the firm’s principal executive officer as ultimately responsible and accountable for the QC system as a whole. The firm must also assign other roles and responsibilities, including one individual who is operationally responsible and accountable. The individuals responsible and accountable are required to certify the firm’s evaluation of the effectiveness of the QC system on a confidential report to the PCAOB annually.
The firm will be required to conclude whether its QC system is: (1) effective with no unremediated deficiencies; (2) effective, except for one or more unremediated QC deficiencies that are not major QC deficiencies; or (3) not effective (i.e., one or more major QC deficiencies exist). If unremediated QC deficiencies exist, the firm would be required to describe them and summarize remedial actions taken or planned to be taken.
The PCAOB notes the data will inform its inspections process, including decisions about the selection of firms, engagements, and focus areas, to focus on firms and engagements with the greatest risk.
Communications
QC 1000 takes a principles-based approach to firm communications about matters of audit quality. Public reporting requirements, including in relation to firm and engagement level metrics, have been separately proposed.
Required external quality control function for certain firms
QC 1000 includes a requirement for larger audit firms (those that issue more than 100 issuer reports annually) to incorporate an external oversight function in their governance structures. Referred to as the “external quality control function” (EQCF), it is required to be composed of one or more persons who are not principals or employees of the firm and do not otherwise have a relationship with the firm that would interfere with the exercise of independent judgment on the QC system. The EQCF should have the experience, competence, authority, and time necessary to carry out its responsibilities. At a minimum, these responsibilities include evaluating significant judgments made and related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system. The specificity of this role goes beyond what was proposed during the PCAOB’s notice and comment process. For example, the nature and expectations for the role relative to the firm’s QC system is new as are statements about the individuals in this role being subject to supervisory liability under SOX. We observe that these new requirements seemingly create conflicts with provisions in SOX that, for example, afford confidentiality to information that would necessarily be part of any review and conclusions about the effectiveness of a firm’s QC system.
Relationship to other quality management standards
Although QC 1000 has commonalities with other international
and domestic
standards for firm QC systems that allow for leveraging work performed to comply with those standards, it goes beyond those standards in certain areas (for example, evaluation and reporting requirements, roles and responsibilities).
What’s next?
The PCAOB filed the adopted standards with the SEC. They will then be published in the Federal Register for notice and comment for 21 days, after which time the SEC determines whether to approve or disapprove.
Commenters will have the opportunity to consider and address the requirements (including the new requirements for an EQCF) during the SEC’s notice and comment process as part of the SEC’s consideration of whether to approve the PCAOB’s new standard. PwC expects to issue comment letters to the SEC with questions and concerns regarding certain elements of the final standards.
Subject to approval by the SEC:
- AS 1000 and related amendments (except documentation) will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2024.
- The 14-day documentation completion date requirement will take effect for audits of financial statements for fiscal years beginning on or after December 15, 2024 for registered public accounting firms that issue audit reports on more than 100 issuers in calendar year 2024, and a year later for all other registered public accounting firms.
- QC 1000 and related amendments to auditing standards, rules, and forms will take effect on December 15, 2025.
The PCAOB also recently updated its standard setting, research, and rulemaking agendas to reflect its recent progress and continued drive toward its strategic goal of modernizing its standards and rules.
To have a deeper discussion, contact:
| |
For more PwC accounting and reporting content, visit us at viewpoint.pwc.com. On the go? Take our PwC accounting podcast series with you at the Viewpoint podcasts page or wherever you listen to your podcasts.
| |
1 In brief, PCAOB proposes additional reporting by auditors.
2 The PwC Network adopted the IAASB’s International Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements, as of December 15, 2022.
3 Statement on Quality Management Standards (SQMS) 1, A Firm’s System of Quality Management, is effective as of December 15, 2025, and applies to firms that perform engagements under AICPA standards. SQMS 1 is substantively aligned to ISQM 1.
PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
Link copied
