Call a Spade a Spade: Is there a distinction between PCAOB and AICPA audits?

Firms have a habit of dividing audits between PCAOB/SEC audits and AICPA / private company audits. This permeates methodology, training, staffing, career paths, and honestly, all facets of a firm’s system of quality management.

I fully acknowledge that there are distinct differences in requirements for a PCAOB audit versus an AICPA audit, especially if the PCAOB audit is integrated under SEC 404 requirements. But let’s also have an honest dialogue and acknowledge that the core audit principles (I’m talking planning and risk assessment, understanding the entity and its controls, and the design of the overall responses to the risks of material misstatement) are VERY similar.

While 404 may require the testing of internal controls, regardless of the audit opinion or auditing standard, ALL auditors have to understand the company’s processes and controls and evaluate the design and implementation of those controls. The only difference between an integrated and a non-integrated audit is the testing over operating effectiveness of controls. This is true for both PCAOB and AICPA audits. In fact, let’s take a look at the guidance:

PCAOB: AS 2210.18 and .20 states: The auditor should obtain a sufficient understanding of each component of internal control over financial reporting ("understanding of internal control") to (a) identify the types of potential misstatements, (b) assess the factors that affect the risks of material misstatement, and (c) design further audit procedures…Obtaining an understanding of internal control includes evaluating the design of controls that are relevant to the audit and determining whether the controls have been implemented.

AICPA: AU-C Section 315.13 and .14 states: The auditor should obtain an understanding of internal control relevant to the audit…When obtaining an understanding of controls that are relevant to the audit, the auditor should evaluate the design of those controls and determine whether they have been implemented by performing procedures in addition to inquiry of the entity's personnel.

Both PCAOB and AICPA require the same planning procedures. The extent of those procedures will depend on risk and complexity of a client, but the procedures are the same: understand design of controls and determine whether they have been implemented. In fact, the guidance for AICPA indicates that evaluation of design and implementation is more than just inquiry. The PCAOB also states that in controls, inquiry alone is never sufficient.

If we take a step back, the reason both standards require this understanding of controls is because once an engagement team understands the controls, they can then identify the risks and potential misstatements and from that understanding, appropriately design an audit approach, whether integrated or not.

Time and again, when helping firms with audit quality, I’ll hear firms say something along the lines of “well, that’s a private company audit, so it’s different.” Is it really though?

The most unique aspects of a PCAOB audit stem from certain specific SEC and PCAOB independence requirements, specific audit committee communication requirements, and a few other auditor reporting considerations, such as critical audit matters. However, the majority of the audit standards are very similar. This shouldn’t be a surprise since the PCAOB initially took the AICPA auditing standards and adopted them as interim standards until the PCAOB could issue official guidance. While there is some wordsmithing here and there, the core principles remain largely unchanged. Perhaps the most significant difference in the two audit standards is the requirement of the PCAOB to perform a test of detail to address a significant risk and/or fraud risk, regardless of controls reliance, while the AICPA only requires a test of detail if there is no controls reliance.

There really isn’t much of a distinction otherwise. So why do firms treat AICPA and PCAOB audits so differently? Well, in my opinion, it’s because the PCAOB performs inspections and holds firms strictly to the standard. There is no regulator for the AICPA; rather, enforcement of AICPA standards is accomplished through peer review. Is that really sufficient? Isn’t peer review and the lack of an enforcement agency what ultimately gave rise to the PCAOB in the first place?

Essentially, firms are dividing audits between PCAOB and AICPA standards because the regulator of PCAOB auditing standards holds firms to a higher bar. Standards are largely the same and yet, we treat them as night and day. Is that really the right approach? When I challenge firms on auditing, generally most will acknowledge that audit is audit is audit, regardless of the standards. But when it comes to how we actually execute audits, firms inherently accept that there is a different standard. If we accept that there are minor differences between a PCAOB and AICPA audit, let’s see how that might change or impact aspects of a firm’s system of quality management.

Training

Currently, most firms break up their staff into public company and private company auditors and provide different training and career paths for the two populations. Does that really make sense? Perhaps audit training should be the same for all staff. The principles, after all, are largely the same. For those who work on a PCAOB audit, perhaps those staff should also attend a supplemental training where the “bridge” from an AICPA to a PCAOB audit is explained. But that might only be an additional hour or two of training. There just aren’t that many differences otherwise, to merit two distinct training paths.

In particular, I find this to be overwhelming present within the space of ICFR. Again, both PCAOB and AICPA have the same minimum requirements for understanding the design and implementation of controls and yet, most AICPA auditors never receive in-depth ICFR training. Historically, given most private company audits are non-integrated, perhaps that was okay. But with the ever-increasingly pervasive nature of technology within clients, all auditors need to have a strong understanding of internal controls. This helps to identify risks and plan an appropriate audit response.

Increasingly, I am seeing engagement teams struggle with adopting “hybrid” approaches to testing data and information coming from systems, but ultimately asserting to a “non-controls reliance” approach. In other words, teams don’t think they’re relying on controls, but they are relying on system generated reports which are inherently relying on controls over a system in order to ensure reliability. When I have conversations with these teams, they are quickly lost. Some assert to the fact that they evaluated the design of ITGCs and believed that they could rely on the system without testing the operating effectiveness. Some assert to the testing completeness and accuracy of information by tying a report back to the system. Well, that’s fine, except you haven’t tested controls over inputs into the system and you have tested controls around the system. These hybrid approaches are popping up more and more and teams don’t have the rhetoric or knowledge to understand internal controls, in particular around systems and information. If teams understood these concepts (because they were invited to ICFR trainings), they might be able to better plan a more appropriate audit approach, taking into account the decision to test or not test controls. It starts first with understanding; knowledge is power.

Methodology

Methodology is another area firms distinguish between PCAOB and AICPA audits. Again, I fully acknowledge that there are differences between the two standards and so an audit binder should have supplemental workpapers for a PCAOB audit that “bridge” the gap, such as requirements around independence and audit committee communications, etc. But again, the main audit principles are the same.

I think it’s appropriate to have two different “workpaper setups” for public and private company audits that ensure engagement teams will meet the minimum requirements. What I find is perhaps less acceptable is to have different methodologies when the standards are largely the same.

Let’s consider sampling for a moment. I’ve worked with multiple firms that have different sampling methodologies for public and private company audits. In the public company space, the PCAOB often challenges the use of a judgmental sample if the remaining untested balance is material. As a result, firms have moved away from judgmental samples in PCAOB audits and instead pushed teams to either apply targeted sampling (i.e. targeting items until the untested balance is below materiality) or statistical sampling. However, I’ve heard comments that in the private company space, the firm still often uses judgmental samples, and these are considered acceptable.

Let’s take a look at the sampling guidance for an AICPA audit. AU-C Section 530.06-.08 indicates:

When designing an audit sample, the auditor should consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn. (Ref: par. .A7–.A11) The auditor should determine a sample size sufficient to reduce sampling risk to an acceptably low level. (Ref: par. .A12–.A14) The auditor should select items for the sample in such a way that the auditor can reasonably expect the sample to be representative of the relevant population and likely to provide the auditor with a reasonable basis for conclusions about the population. (Ref: par. .A15–.A17)

When taking a deeper look into the referenced guidance (i.e. A14), the AICPA guidance specifically states:

The decision whether to use a statistical or nonstatistical sampling approach is a matter for the auditor's professional judgment; however, sample size is not a valid criterion to use in deciding between statistical and nonstatistical approaches…An auditor who applies nonstatistical sampling exercises professional judgment to relate the same factors used in statistical sampling in determining the appropriate sample size. Ordinarily, this would result in a sample size comparable with the sample size resulting from an efficient and effectively designed statistical sample, considering the same sampling parameters…

The AICPA does allow for judgmental samples, but it also explicitly states that those samples should consider the same sampling parameters (i.e. tolerable misstatement, expected misstatement, risk of material misstatement, assurance from other substantive procedures, number of sampling units, and stratification, etc.) and should be comparable to a statistical sample. Do you know how many times I’ve seen teams apply “professional judgment” and test only five items or maybe ten items? And when I ask what a statistical sample would yield, the answer is “Way too many. We ran the model and it would have been in the hundreds.” The AICPA explicitly states that “…sample size is not a valid criterion to use in deciding between statistical and nonstatistical approaches.” My response is always, “So how does this judgmental sample take into account risk of material misstatement and materiality?” The answer, to which, is typically silence. No documentation and no response.

This is just one example of how firms allow for different methodologies for public and private company audits, even though the principles are largely the same.

Firm Monitoring

Finally, as part of PCAOB and AICPA quality management standards, firms are required to perform internal monitoring procedures. This typically translates into lookback reviews performed during the slower summer months over a sample of audits.

In its Staff Update and Preview of 2020 Inspection Observations, the PCAOB indicates that it is

We also observed situations where we identified deficiencies through our inspection procedures that were not identified through an audit firm’s internal inspection procedures directed to the same engagements. Such results may indicate that the audit firm’s QC system related to monitoring does not provide reasonable assurance that the audit firm’s internal inspection program is suitably designed and/or being effectively applied.

What this tells me is that firms apply a different level of rigor internally than the PCAOB. It comes as no surprise that the PCAOB, being the regulator is by far the most exigent in terms of adhering to standards. Some might argue, it’s overly exigent, but that’s a debate for another time. The point of the matter is that firms are inherently missing the mark when inspecting their own work and are failing to identify quality concerns.

If firms are failing to identify internal issues, what does that mean for the peer review process for AICPA audits? The auditing profession was self-regulated up until the Enron scandal and the collapse of Arthur Andersen which brought about the advent of the PCAOB and Sarbanes-Oxley. I’m not saying the PCAOB is always right or justified, but that the profession missed the mark once before and if the PCAOB is finding that firms’ internal inspections are not of a sufficient quality, then arguably, peer reviews are not being held to the same rigor. I believe this all stems from the fact that firms, and the industry as whole, views PCAOB and AICPA standards as inherently different and thus, applies an inherently different level of quality. Yes, there is less public exposure in the private company world, but does that mean audits should be performed at a different level of quality?

When the auditing standards (or the core principles at least) are arguably the same, why do we have such a divergence in application of the standards when we execute on public company and private company audits? At the December AICPA SEC Conference, the SEC’s Division of Enforcement asked the question, “Where are the gatekeepers?” They indicated that there is an erosion of trust in the markets. The Division went on to share numerous examples of accounting concerns and made very clear they are challenging the gatekeepers, which includes the audit firms issuing the opinions.

Let’s call a spade a spade. An audit is an audit is an audit, regardless of whether it’s a PCAOB audit or an AICPA audit. Yes, there are distinct differences, but the core of an audit is the same. It’s time we as a profession apply the same level of quality to public as well as to private company audits.

Dane Dowell is a Director at Johnson Global Accountancy who works with PCAOB-registered accounting firms to help them identify, develop, and implement opportunities to improve audit quality. With over 12 years of public accounting experience, he spent nearly half of his career at the PCAOB where he conducted inspections of audits and quality control. Dowell has extensive experience in audits of ICFR and has worked closely with attorneys in the PCAOB’s Division of Enforcement and Investigations. Prior to the PCAOB, he worked with asset management clients at PwC in Denver, Singapore, and Washington, DC.

< Older Post

Newer Post >

JGA Makes First Contribution to The Daughters of The American Revolution

May 28, 2025

WASHINGTON, D.C.: Johnson Global is proud to announce our first charitable contribution in support of the daughters of the American Revolution (DAR) —a historic nonprofit organization founded in 1890 and dedicated to historic preservation, education, and patriotism. With over 130 years of tradition and more than one million members since its founding, the DAR continues to make a meaningful impact through local, national, and global initiatives. "We are honored to support an organization whose enduring mission aligns with our values and commitment to community" said Jackson Johnson, JGA President. "This partnership marks a significant milestone for Johnson Global Advisory as we expand our philanthropic efforts and invest in organizations creating lasting, positive change". "Thank you JGA for this impactful donation will allow our chapter to continue our mission" said Jill Mathieu, Regent of DAR. To explore more about the impact of DAR, visit: www.dar.org/discover About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

Joe Lynch to speak at 40th Midyear SEC Reporting & FASB Forum

May 28, 2025

Johnson Global Advisory ("JGA") is proud to announce that Joe Lynch, Shareholder and Managing Director, will be speaking on a panel at the 40th Midyear SEC Reporting & FASB Forum . Joe will deliver the PCAOB update on June 6, with attendance available both in person and virtually. This panel will summarize the activities of the PCAOB including: • Understand the current regulatory landscape and emerging issues under new SEC leadership • Summarize rulemaking from the FASB’s technical agenda, including segment reporting and disaggregation of income statement expenses • Anticipate accounting and reporting issues incurred with income taxes, including ASU 2023-09 “Improvements to Income Tax Disclosures” • Identify changes from the FASB on accounting for financial instruments • Prepare for disclosure requirements on ESG and climate change, including the EU’s Corporate Sustainability Reporting Directive (CSRD), the requirements of California’s ESG disclosures legislation and the status of the SEC final rule • Recall recent developments and the most frequent comment areas in the SEC review process Click here to register and learn more. About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

QC 1000 Implementation: Key Themes and Guidance from the PCAOB Workshop

May 28, 2025

On May 13th, 2025, the PCAOB held a QC 1000 workshop in Washington, DC, providing critical insights into the upcoming quality control standard. With the effective date of December 15th, 2025 , firms must proactively identify and manage quality risks by setting quality objectives, assessing risks, and implementing responses. Examples and case studies with breakout groups played a crucial role to help firms understand and apply each stage of the implementation process, from risk assessment to monitoring and remediation. Many attendees are still early in their understanding of the standard, highlighting the need for clear guidance and support. In a live poll, a significant portion of the workshop attendees indicated they have not yet started implementation. The inspection approach of QC 1000 has not been finalized. As such, they did not take any questions regarding how this would be inspected in its formative years. However, we did read between the lines from a different question around audit documentation, that it’s possible they may select components on a test basis during an inspection. Background of the Standard The QC 1000 standard emphasizes the integration of eight components: the risk assessment process, governance and leadership, ethics and independence, acceptance and continuance of engagements, engagement performance, resources, information & communication, and monitoring and remediation process. For more background information on QC 1000, please see these JGA resources: Applying the QC 1000 and Other Standards to Your Firm Understanding the Broader Benefits of ISQM 1 and SQMS 1 Applying the Benefits of ISQM 1 & SQMS 1 Across the Firm Key Topics from the Workshop Key terms such as applicable professional and legal requirements (APLR), firm personnel, other participants, and third-party providers were defined to clarify roles and responsibilities within the firm's QC system. The workshop included a walkthrough of Appendix A2 of the standard. The firm’s system must consider the APLRs that are applicable to the firm, which is unique to each firm. APLR is defined in the standard as: Professional standards, as defined in PCAOB Rule 1001(p)(vi); Rules of the PCAOB that are not professional standards; and To the extent related to the obligations and responsibilities of accountants or auditors in the conduct of engagements or in relation to the QC system, rules of the SEC, other provisions of U.S. federal securities law, ethics laws and regulations, and other applicable statutory, regulatory, and other legal requirements. It is important to be able to clearly identify the type of resource in your QC 1000 implementation journey. Paragraph .05 also discusses the terms firm personnel, other participants and third-party providers. These are defined in Appendix A.5 (firm personnel), A.7 (other participants) and A.13 (third -party providers). 1. Firm personnel include: EQR (inside the firm), Staff at shared service centers, secondees and leased staff, specialists employed by the firm. 2. Other participants include other auditors, EQR (outside the firm), internal auditors of the client that provide direct assistance to the auditors, specialists engaged by the firm, Networks, and external QC function. 3. Third-party providers include audit software providers, system security vendor, audit methodology provider, confirmation intermediary, pricing services, and broker-dealer monitoring systems. There are four distinct roles and responsibilities as described in paragraphs .11 -.17 of the QC standard. The first two roles are the certifiers of the Firm’s QC results: 1. The principal executive officer and 2. Individual responsible for the operational responsibility and accountability for the QC system as a whole. The principal executive officer (PEO) is ultimately responsible for the design, implementation, operation, and evaluation of the firm’s QC system. Only firm personnel are permitted to fill the roles required by QC 1000 . JGA Insights: 1. Not all “participants” of a firm’s structure must be included in a firm's quality control policies and procedures, which is especially important for shared service centers and outsourced staffing arrangements. These roles must be clearly defined and applied as the different levels of participants within an organization are considered differently by the standard. 2. PCAOB-registered firms of all sizes – regardless of whether the firm currently audits issuers – must adhere to these components, ensuring consistency with international quality control frameworks. 3. While it was expressed in the session by PCAOB Staff that firms are not expected to reengineer their process (e.g. more than 1 set of QC documentation), firms may need to align or “top-up” their processes with multiple standards to ensure comprehensive compliance. Keep in mind here that the top-up may not just be for QC 1000. In fact, a system in compliance with QC 1000 may need top-up considerations for SQMS 1 and/or ISQM 1. Risk Assessment Principles There were several examples and case studies to go through among table groups during the session. These activities helped illustrate the importance of getting risk assessment right, since this drives what the firm focuses on for an effective system. When it comes to implementing QC 1000, there are some key takeaways from the risk assessment process that can really guide firms in the right direction. JGA Insights: Here are a few important points to keep in mind as you work through identifying and assessing quality risks 1. The QC 1000 standard does not prescribe a specific method for identifying and assessing quality risks. This gives firms flexibility but also places responsibility on each firm individually based on their circumstances. It’s more work upfront from a “cookie-cutter” approach but ensures the design of a process that fits a firm’s unique context. 2. Quality risks should not be viewed as the opposite of quality objectives . Instead, they are factors that could potentially hinder the achievement of those objectives. 3. The threshold of “reasonable possibility of occurring” applies to all risks, including risks of intentional misconduct by firm personnel and other participants. This means that firms must consider the likelihood of risks occurring and their potential impact on the quality objectives. The PCAOB staff shared during the workshop that the concept of reasonably possible follows the same definition as used in FASB ASC Topic 450 on Contingencies. Ethics and Independence Considerations The QC 1000 standard does not alter existing ethics and independence requirements under PCAOB or SEC standards. Firms must continue to comply with those as currently written. Compared to other standards like ISQM 1 and SQMS 1, QC 1000 is more stringent in certain areas. For example, it requires: 1. Creating and maintaining a restricted entity list; 2. Periodic review of the list to ensure accuracy; 3. Appropriate certifications related to independence; and 4. Audit committee approvals where applicable. Register for the next workshop and get going on implementation To gain a deeper understanding of the QC 1000 standard and its implementation, we strongly encourage you to attend the PCAOB Smaller Firm Workshop on June 17, 2025, in Irving, Texas. This in-person-only session will provide valuable insights and practical guidance for firms navigating the new quality control standard. Register now to secure your spot. As always, reach out to your JGA Expert with any questions. About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

Joe Lynch, JGA Managing Director to Speak at AICPA® & CIMA® ENGAGE 25+

April 25, 2025

WASHINGTON, D.C.: Johnson Global is pleased to announce that Joe Lynch, JGA Managing Director will speak at the AICPA® & CIMA® ENGAGE+ 25 on May 15, 2025, and will be attending the full conference on June 9–12, 2025, at the ARIA Resort & Casino in Las Vegas, NV and live online. This CPE-eligible event is the premier annual event for accounting and finance professionals, bringing together thousands of peers, experts, and industry leaders for top-tier learning, networking, and career growth opportunities. Register by May 1, 2025, to take advantage of Early Bird rates— $1,995 for members ( regularly $2,095 ) and $2,445 for nonmembers ( regularly $2,545 ). *PCPS, Tax and PFP section members and CITP®, PFS™, CGMA® credential holders save an additional $150 . Discount reflected in section member/credential pricing during checkout. Register Today ! About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

JGA to Sponsor 2025 ALI-CLE Accountants' Liability Conference

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) is proud to sponsor the Accountants' Liability Conference hosted by ALI-CLE. This two-day event will take place in Washington, D.C. and virtually on June 2nd and 3rd. This is an excellent opportunity to gain valuable insights into a wide range of critical issues. The 2025 conference will focus on audits and oversight, providing essential guidance to help you navigate the evolving landscape of regulatory compliance and better protect your firm and clients. “We are pleased to sponsor this conference for the last several years. This event brings together top law firms, internal counsel, and risk experts for dynamic discussions on trending topics such as accounting liability and other important issues affecting the profession,” said Jackson Johnson, JGA President. “I look forward to personally engaging with participants, presenters, and stakeholders at this conference.” This year’s program is still being finalized but planned topics include: Recent Trends in Accounting Litigation Living in a post- Jarkesy world The future of enforcement PCAOB inspection program update SEC perspectives on gatekeeper liability AI and emerging technologies in the accounting industry Accounting firms entering the legal space International firm considerations Alternative practice structures and AICPA independence rules Register by April 25 to attend in-person and use the code “ JGA ” to save $250 off . OR, for webcast attendance, use the code " JOHNSON " to save $125 off the tuition. Click here to register. About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.

JGA Makes Third Annual Contribution to The Boys & Girls Club of Greater Kansas City

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) makes third annual contribution to the Boys & Girls Club of Greater Kansas City. The 29th Annual Kids Night Out is scheduled for Saturday, April 26, 2025, and promises to be an unforgettable evening, bringing together over 1,500 guests to support the children served by Boys & Girls Clubs of Greater Kansas City. “We’re thrilled to continue our support for the Boys & Girls Club of Greater Kansas City. This marks our third year backing this chapter, and I know that many of our JGA employees have personally benefited from the programs the Boys & Girls Clubs offer nationwide,” said Jackson Johnson, JGA President. “Kids Night Out is Boys & Girls Clubs of Greater Kansas City’s biggest fundraiser each year– and all dollars raised stay right here in Kansas City”, said Andy Burczyk, Board Member and Chair of Kids Night Out. “This organization is doing extraordinary things, and it is because we as a community invest in their impact.” For over 100 years, Boys & Girls Clubs of Greater Kansas City has provided a safe, supportive environment for youth. Serving over 8,000 kids and teens annually across 11 locations, the organization helps young people achieve their full potential through programs that promote academic success, healthy lifestyles, and character development. Through mentoring and leadership training, they equip members with the skills needed for success now and in the To learn more information on the Boys & Girls Club of Greater Kansas City and their work with the youth, please visit www.bgc-gkc.org . About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, as well as JGA professionals, are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.

Johnson Global Advisory Supports Sustainable Harvest International

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) is proud to provide a financial contribution to Sustainable Harvest International (“SHI”). SHI is a nonprofit helping Central American farmers adopt sustainable farming practices for over 27 years. Their mission is to address the destruction of tropical forests caused by slash-and-burn farming and logging. SHI’s mission benefits both current and future generations by equipping farmers with the knowledge to farm sustainably. “We’re proud to partner with Sustainable Harvest International in their important work,” said Jackson Johnson, JGA President. “This collaboration helps drive lasting, positive changes and by backing such vital organizations, we stay true to our mission of giving back and making a real difference. JGA’s philanthropic efforts focus on supporting organizations that are important to our people. I appreciate Vernon sharing his experience as a board member and we are grateful to work with him to amplify this organization.” Vernon Johnson, JGA Director, is a Board Member and Treasurer for SHI. He is actively involved in this organization. "My nonprofit work has helped me maintain perspective in both life and at work,” said Vernon. “It’s taught me to stay calm during challenges and focus on the bigger picture. This experience has improved my relationships and made me more resilient in stressful situations. My advice to busy professionals is to step back, appreciate the simple things, and not sweat the small stuff—being thankful and present can make a big difference." To learn more about SHI, visit www.sustainableharvest.org/donate . About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff and JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.

ISQM 1, SQMS 1: Influencing the Firm on the Benefits Beyond Compliance (Part II)

February 26, 2025

The implementation of the System of Quality Management (SQM) is not just a compliance requirement but an opportunity to drive significant business value. By aligning firm-wide goals, improving internal processes, and optimizing controls, firms can streamline their operations, reduce inefficiencies, and improve overall performance. The process also provides an opportunity for firms to gain valuable insights through key metrics, enabling data-driven decisions which provide strategic business insights, enhances audit quality, and promotes employee retention. In addition, early adopters who focus on the business value from the outset see improvements that reach across different practices within the firm, making the SQM implementation a strategic investment that benefits the whole firm long-term. We have seen that our work in this area results in meaningful improvements to the way the business of audit and assurance is conducted, and many of these improvements will have benefits that reach across other practices of the firm. This is part II of a series on the benefits of SQM implementation. This article builds on our insights from 2022 in Part I of this series . Compliance as a Driver Compliance is the main driver of the new System of Quality Management (for all standard-setters, referred to as “SQM”) standards issued by the IAASB, AICPA, and the PCAOB. There is no disputing that. However, for the early adopters, what we are finding is immense business value that come out of this process; more so if you start the process with business value in mind. Our ability to anticipate the benefits of executing ISQM 1 years ago is a key strength. Some firms have already implemented ISQM 1 at some level (partial adoption for group audits, for example). For SQMS 1 and QC 1000, since firms are all in various stages preparing for the December 15, 2025, go-live date, now is the time to lay out the strategic value drivers from this compliance exercise. Related: See a breakdown of the various implementation dates here . SQM implementation requires firms to take a closer look at their internal process; every process that touches the value chain of getting an audit done. To demonstrate how this requirement goes beyond the confines of the “audit practice”, consider these examples: Employee onboarding, training, and retention; Software tools and technology used to monitor internal aspects like independence; Tools used by engagement teams, for example, to test 100 percent of smart contracts or select journal entries to examine for fraud; Archiving of binders on time, and in compliance with audit documentation requirements; or Monitoring programs that identify and fix deficiencies in both audit performance and the underlying functions supporting the audit. Getting Buy-In, Aligning Goals, and Engaging Personnel We have seen firm quality leaders struggling to get the buy-in needed from stakeholders across the business (IT, HR, Tax, Advisory) for effective SQM implementation. And we have heard leadership from firms around the world ask: “What’s in it for us?” “All this investment just for a compliance exercise?” “Why do I need to be involved in something the audit group has to do?” But the best question we’ve heard is: “How can the system of quality management implementation improve our business?” When everyone is working toward the same objectives and goals, implementation becomes a cohesive and streamlined process. It’s important to have goals that are aligned throughout the organization, with them tailored to the component and roles within those areas. This includes: Getting the invested support from the partnership board down to process owners; Having goals that are specific and measurable (e.g. documenting the current process and eventually operating controls consistently and timely); Aligning the firm’s tone-at-the-top helps get everyone in sync; and Reinforcing management’s responsibility to establish a culture of quality and its importance in all the services performed by the firm. Management should: Lay out the long-term benefits of improved business performance, reduced risks, more timely and accurate data created which leads to insightful decisions; Emphasize the benefits of overall reduced costs related to non-compliance with network, firm, peer review, and regulators requirements; and Evaluate the potential for lower costs of insurance upon implementation and overtime. Understanding Current Processes Conducting interviews, gathering data, and documenting the processes within the firm’s system of quality management allows visibility of how these processes currently work (or don’t work). When SQM implementation project leaders invite personnel involved in a process together into one room and facilitates an open discussion, a clear picture of how each process really works materializes, and this strengthens cross-functional teaming. For instance, these meetings often result in the realization that two (or more) people are doing the same tasks (inefficiency) or discovering that no one is performing an important review check (gap). Formalizing and Optimizing Processes Once the current process is understood (“As-Is”) and with the right people in the room, the identification of areas where procedures can be more uniform, streamlined or simplified emerges. We often find that processes can be improved without adding more controls. This optimization effort incorporates standardization and normalization across the firm’s services and business functions providing benefit beyond the compliance exercise of the audit practice. Gaining Business Insights A sound system of quality management will bring new business insights and transparency to make confident decisions with reliable data. The optimization process will identify the key information used in the system of quality management (a similar concept to the work auditors performs with their companies as described here). This information provides new insights to help process owners and firm leaders make decisions. A firm can develop key quality metrics that are used to measure and improve the operation of the firm and audit quality which results in a modernized competitive firm. When a firm establishes a system to monitor the SQM environment, these insights allow for timely monitoring which enables leaders to quickly make decisions that address anomalies or negative trends as they arise. Getting Started Early Getting started early begins with: Firm leadership embracing the need for a consistent and well-monitored SQM to improve the business; Aligning objectives and goals for all firm personnel based on their role within the SQM; Disseminating to all firm personnel the importance of how their role contributes to the SQM; and Incentivizing all firm personnel to commit to their SQM objectives and goals which contributes to the benefits of these modern practices that lead to competitiveness. While compliance may be the hand forcing you forward, the upside to this “exercise” is that undoubtedly you will be a stronger, more efficient firm when executed correctly. We see firms that begin with such a mindset have more success internally and in the marketplace. Conclusion The journey of implementing a quality management system is transformative. Beyond compliance, it reveals deep insights and benefits, positioning firms at an advantage in our profession. For more information, reach out to your JGA audit quality expert. Jackson Johnson , JGA President and Founder, is a seasoned expert in audit quality and technical accounting matters. With nearly six years of experience at the PCAOB, he has worked with small and medium-sized accounting firms globally, focusing on firm quality control and ICFR audits. Jackson advises firms in PCAOB and SEC investigations related to cryptocurrency audits and has served on the Enforcement Advisory Committee of the California Board of Accountancy. Before his tenure at the PCAOB, he worked with public and private clients at Grant Thornton LLP in Boston, Los Angeles, and Hong Kong. Jackson is also a frequent speaker on quality control and enforcement issues in the accounting industry. Joe Lynch , JGA Managing Director and Shareholder, and a member of the AICPA Quality Management Implementation Task Force. Joe works with mid-market public accounting firms worldwide to implement quality management programs that integrate technology and process to improve the delivery of audits. Joe spent more than six years as an Inspection Leader at the PCAOB, he conducted inspections of quality control and global issuer audits at large firms in the US as well as foreign affiliate firms, focusing on examining quality control and the design and implementation of audit work. Joe also has experience supporting financial service industry audit teams at a Big Four firm. In addition, his experience includes active-duty service in the US Air Force and supporting companies with IT strategic initiatives such as designing the IT framework for technology departments as well as leading implementations of ERPs and systems.

PCAOB Withdraws Firm & Engagement Metrics Rule from SEC Approval Process

February 25, 2025

The Public Company Accounting Oversight Board (PCAOB) recently decided to withdraw proposed rules that would have required registered firms to report a significant new set of firms and engagement metrics. It was also set to mandate that large accounting firms submit financial statements to the U.S. Regulator, as part of a wider effort to enhance oversight. This decision came after criticisms from a variety of stakeholders from both the PCAOB and SEC comment process. For example, the American Institute of CPAs (AICPA) expressed concerns that these requirements could harm U.S. capital markets and negatively impact small and midsized audit firms, potentially driving them out of the public company auditing practice. The PCAOB's decision to withdraw the rules was seen as a positive move by the AICPA, which had urged the Securities and Exchange Commission (SEC) to refrain from approving the rules due to the significant challenges they posed. JGA commented to the SEC on the proposal; you can read our position on the proposal here .

Johnson Global Advisory Releases Updated 2025 Guide to Help PCAOB-Registered Firms Navigate the Inspection Process

January 17, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) has published a new third edition guide examining the key considerations faced by public company auditors during their PCAOB inspections. Drawing experience as audit and audit regulation experts and advisors to firms worldwide on all aspects of audit quality improvement, the JGA team has authored NAVIGATING PCAOB INSPECTIONS: Understanding the Inspection Process from Start to Finish.