SEC Approves PCAOB’s ‘Quality Control Standard’ for Audit Firms


Last week, the SEC approved the PCAOB’s new quality control standard – QC 1000 – that establishes a risk-based quality control framework for independent auditors to follow.

Here are four bullets about this new PCAOB standard – and the “bottom line” about what you need to do now:

  1. Independent auditors need to monitor themselves – Under QC 1000, independent auditors are required to implement and operate their own quality control systems.
  2. Auditors need to report annually to the PCAOB – Independent auditors also must conduct an annual evaluation of their QC systems and send a report to the PCAOB certified by key firm personnel.
  3. Larger auditors need external monitoring – Independent auditors that annually issue audit reports for more than 100 companies are required to establish an external quality control function (EQCF) composed of one or more people who can exercise independent judgment related to the auditor’s quality control system.
  4. Auditors aren’t happy about the new standard – Auditors fought hard against this since it was first floated 14 years ago, with particular focus on fighting the notion of independent outsiders to monitor quality control in the form of an EQCF.

Bottom Line: Your audit committee should be made aware of this new standard and that committee might want to ask questions of your independent auditor related to its quality control systems and EQCF (e.g., “Did the EQCF find any issues that we should be made aware of?”) during the annual committee’s evaluation of the independent auditor. Audit committees can have more visibility into their auditor’s controls and they may want to take advantage of that opportunity.

In addition, it’s quite possible that the fees for independent auditors goes up as the number of hours worked goes up. As the PCAOB itself recognized, companies likely will be the one paying for QC 1000. For smaller companies, they may find that their independent auditor may decide to avoid the costs of QC 1000 and deregister as a public company auditor. Companies with these smaller auditors should be asking them if they intend to continue serving as their auditor and what their fee structure will look like going forward.

Companies may also find that their auditor is not willing to exercise as much judgment as they did before, particularly as auditors become more focused on avoiding negative consequences of PCAOB inspections.

Authored by

Portrait photo of Broc Romanek over dark background

Broc Romanek

Cooley