• Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button
  • Slide title

    Write your caption here
    Button

Receive our
Monthly JGA Advisor


Subscribe

Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.

July 16, 2026
In March 2026, the Public Company Accounting Oversight Board (PCAOB) issued a Request for Public Comment as part of its effort to develop a new 2026–2030 strategic plan and reassess future standard-setting priorities. The Board sought stakeholder input on several fundamental questions, including the future direction of inspections and enforcement, the impact of its new quality control standard (QC 1000), enhancements to inspection reporting, standard-setting priorities, international alignment, the role of technology and artificial intelligence, and opportunities to improve transparency with stakeholders. The PCAOB indicated that this feedback would help shape both its strategic plan and future regulatory focus areas.  The response was significant. Stakeholders from across the audit ecosystem—including audit firms, investors, regulators, academics, technology providers, and professional organizations—submitted comment letters addressing how audit oversight should evolve over the next several years. JGA contributed to this dialogue through its own submission to the PCAOB, offering perspectives on inspection modernization, quality management, transparency, and the future of audit oversight. The breadth of feedback provides a valuable view into the challenges, priorities, and expectations shaping the next phase of audit regulation. JGA reviewed 69 comment letters submitted in response to the PCAOB’s request for comment and identified recurring themes across stakeholders. While perspectives vary on implementation, a broader message emerged. Firms are increasingly being asked to demonstrate that audit quality is embedded throughout their organizations, not only within individual engagements. Across stakeholders, there is growing emphasis on system-level quality management, enhanced monitoring, more transparent reporting, stronger emerging technologies, and the ability to respond effectively to evolving regulatory expectations. For many firms, the challenge is no longer simply complying with requirements but demonstrating that audit quality can be sustained at scale. The responses do not call for incremental refinement. They point toward structural change. A System Under Pressure A clear pattern emerged across the comment letters: audit quality is increasingly dependent on access to skilled professionals. For firm leaders, these pressures create practical challenges that extend beyond compliance. Audit firms face increasing difficulty recruiting and retaining experienced professionals while simultaneously responding to expanding regulatory expectations. Many firms must invest in quality control infrastructure, training programs, monitoring activities, and technology enhancements at a time when talent resources are already constrained. This concern is framed not as a near-term challenge, but as a foundational risk to audit quality. The sustainability of the profession, both in terms of talent and institutional capacity, is emerging as a critical issue. At the same time, smaller firms frequently highlighted the disproportionate cost and scalability challenges associated with regulatory compliance, with several respondents warning that increasing complexity may reduce participation among smaller audit providers. Together, these pressures point to a broader tension: how to maintain rigorous oversight while supporting a sustainable and competitive audit market. Reimagining the Inspection Model The most consistent and concentrated feedback across the comment letters relates to the PCAOB’s inspection model. The comment letters suggest that stakeholders increasingly expect inspection programs to provide more context, better severity differentiation, and clearer connections between inspection findings and firm-level quality management systems. Several responses also suggest moving away from binary or pass/fail-style evaluations toward graded or tiered models that better reflect the severity and context of findings. For audit firms, inconsistent inspection outcomes can create uncertainty regarding regulatory expectations, remediation priorities, and resource allocation. When firms are unable to clearly distinguish between systemic quality concerns and less significant documentation deficiencies, it becomes more difficult to prioritize corrective actions and demonstrate the effectiveness of remediation efforts. Taken together, this feedback signals a clear direction- inspection programs must evolve from retrospective, engagement-focused reviews into frameworks that assess how firms operate as systems. Quality Control as the Foundation of Audit Oversight Closely tied to inspection reform is the growing emphasis on quality control systems as the primary driver of audit quality. Perhaps the strongest signal from the comment letters is the growing expectation that audit oversight should focus on the effectiveness of firm’s quality management systems rather than solely on engagement-level outcomes. This includes alignment with emerging frameworks such as QC 1000 and a greater focus on firm-level processes over individual audit outcomes. The implication is significant. Quality is increasingly viewed as systemic, rather than situational, requiring oversight models that evaluate governance, processes, and internal controls at the organizational level. Increasing emphasis on quality control systems requires firms to demonstrate how governance, monitoring, root cause analysis, corrective actions, training, resource management, and accountability mechanisms collectively support audit quality across the organization. From Periodic Review to Continuous Monitoring Another defining theme is the push toward a more data-driven model of audit oversight. Technology providers, data organizations, audit firms, and individual respondents frequently advocated the use of centralized audit data, structured reporting, and analytics-enabled monitoring to support real-time or near real-time oversight. This represents a shift away from periodic, sample-based inspections toward continuous visibility into audit activity. For many firms, this shift raises operational challenges related to data availability, technology infrastructure, governance, and monitoring capabilities. Organizations may need to evaluate whether current systems can support more timely reporting, analytics-enabled monitoring, and greater transparency into quality-related metrics. Technology, in this context, is not viewed as an enhancement, but as an enabler of a fundamentally different oversight model—one built on accessibility, comparability, and timeliness of data. Transparency and Investor Relevance A consistent concern across investors and market participants is the limited usefulness of current reporting outputs. Audit reports, and in particular Critical Audit Matters (CAMs), are frequently described as lacking clarity and specificity. Respondents note that disclosures often fail to provide meaningful insight into what was audited, how risks were addressed, or what the outcomes were. Similarly, PCAOB inspection reports are seen as insufficiently detailed and not clearly connected to investor decision-making. The feedback reflects a broader expectation that audit oversight should produce information that is more transparent, comparable, and meaningful to investors. At a fundamental level, this reflects a broader expectation: that audit oversight should produce outputs that are not only accurate, but usable. AI: A Transformational Force with Governance Implications AI is consistently identified as a transformative force in auditing. Stakeholders recognize its potential to enhance analytics, improve anomaly detection, and increase efficiency. Common recommendations include greater transparency around the use of AI, clear accountability for outcomes, and safeguards to ensure that human judgment remains central to audit conclusions. Interestingly, respondents devoted relatively little attention to AI’s capabilities and significantly more attention to governance, accountability, transparency, and validation. That shift suggests the profession is becoming less concerned with whether AI will be adopted and more concerned with how its use will be governed. The Need for Coordination and Alignment Finally, many respondents highlight the importance of coordination across regulatory and standard-setting bodies. Feedback includes calls for clearer delineation of responsibilities between the PCAOB and other regulators, as well as greater alignment with international standard setters such as the International Auditing and Assurance Standards Board (IAASB). As capital markets continue to operate globally, stakeholders are increasingly focused on consistency across jurisdictions and the reduction of duplication in regulatory requirements. For firms operating across multiple regulatory environments, inconsistent requirements can increase compliance complexity, duplicate effort, and create challenges in maintaining globally consistent methodologies and quality management systems. What makes these themes particularly noteworthy is not that they represent entirely new concerns. Rather, stakeholders from across the audit ecosystem appear to be converging around a common view of where oversight should evolve. The emerging emphasis on quality management systems, transparency, technology-enabled monitoring, and governance suggests that firms may face increasing expectations to demonstrate not only audit execution quality, but also the effectiveness of the systems designed to support it. Converging Signals, Persistent Tensions While the themes across the comment letters are highly consistent, they also reveal important tensions that will shape the next phase of reform: The need for transparency alongside regulatory and legal constraints The balance between innovation and control, particularly in the use of AI The challenge of maintaining investor protection while supporting smaller firms The trade-off between standardized oversight and operational flexibility These tensions are not contradictions. They reflect the complexity of modern audit oversight. What Audit Firms Should Do Now While the future direction of PCAOB oversight will continue to evolve, firms do not need to wait for final regulatory action to prepare. In the near term, audit firms should consider: Evaluating whether their quality control systems are designed, implemented, and documented in a manner that demonstrates firm-level accountability for audit quality. Assessing whether inspection findings, internal monitoring results, and root cause analyses are connected to systemic corrective actions. Reviewing how audit technology, data analytics, and AI-enabled tools are governed, documented, and subject to human oversight. Enhancing transparency in audit committee communications, CAM evaluations, and other reporting outputs. Preparing for oversight models that may place greater emphasis on consistency, scalability, responsiveness, and continuous monitoring. Conclusion While the future direction of PCAOB oversight remains uncertain, the themes emerging from these comment letters point toward a more systemic, transparent, and technology-enabled approach to audit quality oversight. Firms that begin strengthening their quality management systems, monitoring capabilities, governance structures, and reporting practices today may be better positioned to respond to future regulatory expectations and demonstrate sustainable audit quality in an increasingly complex environment. JGA helps audit firms assess, design, and enhance quality control systems, inspection-readiness processes, remediation programs, audit methodology, training, and governance frameworks for emerging technologies. As audit oversight continues to evolve, firms that proactively evaluate their systems, documentation, and monitoring activities will be better positioned to respond to future regulatory expectations.
June 29, 2026
In our recent article, AI Governance Belongs in the Boardroom, Not the Server Room, we explored why firm leadership, not technology teams alone, must take ownership of AI governance. Governance establishes accountability. However, accountability alone does not prevent quality deficiencies. As firms increasingly deploy AI-enabled tools across audit execution and quality management processes, a new challenge is emerging. The very technology intended to improve consistency, efficiency, and audit quality may introduce new risks if governance, validation, and monitoring practices fail to keep pace. For Managing Partners, Chief Quality Officers, and SQMS leaders, the question is no longer whether AI should be adopted. The question is whether the firm’s system of quality management is prepared to govern its use. In this article, we examine a practical question that follows naturally from that discussion: What happens when governance exists, but the firm’s quality management processes fail to keep pace with technology adoption? Governance is Only the Beginning The governance discussion often focuses on who is responsible for AI. Equally important is how firms integrate AI into their systems of quality management. When firms deploy AI-enabled tools to support risk assessment, testing, supervision, or documentation, those tools become part of the firm’s quality response. Technology-related issues rarely present themselves as technology problems. More often, they appear as deficiencies in audit execution, supervision, documentation, or quality management. By the time those deficiencies become visible, the underlying technology considerations may have already affected multiple engagements. As firms evaluate the role of AI within their quality management, one governance question deserves particular attention: Who is accountable when the tool gets it wrong? While technology teams may support implementation, responsibility for how AI-enabled tools influence audit quality resides with firm leadership and the system of quality management. Leadership should evaluate whether AI-enabled tools align with firm methodology, support professional judgement, and introduce risks that require additional oversight. Firms create unnecessary quality risk when they treat AI primarily as an innovation or IT initiative rather than a quality management consideration. How AI Creates Quality Risks The use of AI does not change the auditor’s responsibilities. Requirements relating to audit evidence, professional skepticism, supervision, review, and documentation continue to apply. What changes is the way those risks may manifest. AI can accelerate processes, but it can also accelerate the consequences of weak controls, insufficient oversight, or flawed assumptions. The very technology implemented to improve audit quality may become the source of future inspection findings. AI introduces several audit quality risks, including: Over-reliance on automated outputs Reduced professional skepticism Inconsistent application across engagements Limited transparency around how conclusions are generated Insufficient documentation of judgment Unlike traditional technology risks, these issues may not be immediately visible. Deficiencies often emerge only after engagement teams have relied upon the technology across multiple audits. Firms may use AI-enabled tools to identify unusual journal entries or summarize large data populations. However, when engagement teams rely on AI-generated outputs without sufficiently applying professional judgment, skepticism, and client-specific knowledge, important risk indicators may be overlooked or insufficiently documented. This distinction is important because technology-related issues rarely present themselves as technology problems during an inspection, internal review, or remediation effort. More often, they appear as deficiencies in audit execution, supervision, documentation, or quality management. Through our work supporting firms with inspections, remediation initiatives, and quality management programs, we have observed that the underlying technology considerations are often identified only after broader quality concerns begin to emerge. Case Study: Accelerated Technology and AI Implementation Across our work with firms of varying sizes, we are observing a consistent pattern. Leadership focuses heavily on tool selection and implementation timelines, while significantly less attention is devoted to validation, monitoring, and ongoing evaluation. As a result, firms are discovering quality concerns only after the technology has already been deployed broadly across engagements. Consider a firm that adopted an AI-enabled risk assessment tool as part of its response to inspection findings related to audit execution and documentation. Leadership viewed the implementation as part of its remediation strategy and expected the technology to improve consistency across engagements. However, because validation, methodology updates, training, and monitoring failed to keep pace with implementation, engagement teams began relying on outputs that had not been sufficiently evaluated. Several challenges emerged. The firm had not fully validated the tool’s audit functionality, methodology updates were incomplete, training was limited, and accountability for oversight had not been clearly established. Subsequent post-issuance reviews identified engagement deficiencies directly tied to improper reliance on the tool’s outputs. By that stage, the tool had already been deployed across multiple engagements, amplifying the impact of those deficiencies. The lesson extends beyond implementation. Firms often devote significant effort to deploying new technology but considerably less attention to evaluating outcomes after deployment. Leadership should periodically ask a simple question: Is the tool improving quality? Without ongoing evaluation, firms may assume technology is achieving its intended objectives while quality risks continue to develop beneath the surface. Trusting AI Requires Validation Effective governance requires more than approving technology investments. At its core, validation is about answering a fundamental question: How do we know the output can be trusted? Leaders must understand how the firm validates AI-generated outputs and demonstrates that those outputs support audit objectives. How would the firm demonstrate to an inspector, peer reviewer, or internal reviewer that the tool was appropriately validated and monitored? Before deploying AI-enabled tools, firm leadership should be able to answer: How does this technology support the firm’s audit methodology? What quality risks does it introduce? How will outputs be validated? How will use be monitored across engagements? Final Thoughts Governance establishes accountability, but accountability alone does not ensure audit quality. Firms create risk when they treat AI implementation as a technology project instead of a quality response. The most significant AI risk facing firms today may not be the technology itself. It may be the assumption that implementation alone is sufficient. As firms continue adopting AI-enabled tools, leadership should consider a simple question: If this technology contributes to an engagement deficiency next year, can we demonstrate that we appropriately governed, validated, implemented, and evaluated its use? At Johnson Global Advisory, our perspective is informed by work performed across inspections, remediation efforts, technology risk assessments, and quality management initiatives. As firms continue integrating AI into audit execution and quality management processes, understanding how these areas intersect may become just as important as the technology itself.
June 29, 2026
As discussed in our prior articles, What Regulators Expect to See When AI is Used and AI Governance Belongs in the Boardroom, Not the Server Room, firms increasingly recognize that AI governance belongs within the system of quality management. However, inspection experience shows that even well-designed governance frameworks do not eliminate risk. Significant failures occur not only at the policy level, but also at the engagement level, where AI outputs are relied upon as audit evidence without sufficient validation. This article focuses on that execution gap. Specifically, it examines why validation of AI is emerging as one of the most significant audit evidence risks facing public company auditors today. For public company auditors, AI validation is no longer a technical exercise. It is an audit quality issue — and increasingly, an inspection issue. In the eyes of regulators, AI does not reduce evidentiary requirements; it changes how evidence must be evaluated, corroborated, and defended . How AI Changes Audit Evidence—and Raises the Validation Stakes PCAOB auditing standards governing audit evidence have not been rewritten for AI. The fundamental requirement remains the same: auditors must obtain sufficient appropriate audit evidence to support their opinion. What has changed is the evidence pipeline: when AI is used, outputs are often indirect (generated through models rather than procedures alone), abstracted (summaries, risk flags, or scores rather than raw data), and less intuitive to evaluate using traditional audit instincts. This creates a new risk: auditors may rely on AI assisted outputs without fully validating how those outputs were produced, what they mean, or whether they are reliable. From an inspection perspective, AI introduces a simple but critical question: How does the auditor know the AI result is reliable enough to rely on as audit evidence? Inspectors are increasingly focused on whether the engagement team can demonstrate the completeness and accuracy of inputs, the reasonableness of assumptions/logic (including prompts), the consistency and explainability of outputs, and the auditor’s independent evaluation and corroboration. A common misconception is equating firm tool approval (vendor diligence, IT review, or risk assessment) with audit evidence validation. Approval is necessary, but it is not sufficient: validation must occur at the engagement level, in the context of the specific audit objectives, data, and risks. Where AI Validation Commonly Breaks Down In practice, AI validation risk often arises in predictable ways:
Show More