Help Wanted: Audit Quality Considerations in Light of the Great Resignation

As a millennial, I was told that the 2008 global financial crisis was a “once-in-a-lifetime” economy. Many firms went on hiring freezes and some even had layoffs, rescinding offers previously extended to new college graduates. As a young 20-something-year-old, I was happy to know that the “exceptional” economy was early in my career and that the rest of my life would be smooth sailing. Or so I thought.

Then the pandemic of 2020 came around and yet again, the headlines proclaimed the unusual nature of the pandemic and the “once-in-a-lifetime” economic repercussions. Overnight it seemed, more than 10 million people lost their jobs and the world appeared to spiral out of control. Fast forward to August of 2022 and the economy has now fully recaptured the 10 million lost jobs. But surprisingly, there is suddenly a labor shortage. The Great Resignation. What? How is that possible?

Almost every industry is feeling it, whether the medical profession struggling with burnout from two-years of pandemic stress or the transportation industry struggling to find drivers to keep up with home deliveries. The audit industry is no exception; every client we work with is feeling it. We’re feeling it.

In a recent study published by McKinsey & Company, at the end of May 2022, there were 11.3 million job openings. And to make matters worse, “Despite significant changes in the economy since the onset of the Great Attrition (or what many call the Great Resignation), the share of workers planning to leave their jobs remains unchanged from 2021, at 40 percent. That’s two out of five employees in our global sample who said that they are thinking about leaving in the next three to six months.”

Talk with an economist and there are any number of reasons why there is a labor shortage in the current economy. But answers to “why” rarely provide practical solutions to “what do we do?”

For firms that are struggling with resources, we hear you. Within the audit and accounting profession, we know of many firms that have resorted to using part-time employees and independent contractors to help fill needs. Some firms have leveraged staff from various departments such as IT consulting or internal audit. While all these approaches fill the seats and provide resources to execute the audits, the question remains, what procedures are firms putting into place to ensure quality audits?

Firm QC Considerations

Acceptance and Continuance: Paramount to any audit, the firm process starts first and foremost with engagement acceptance and continuance. This process is already in place for firms, but how much thought is put into the careful completion of these checklists? The critical consideration here is capacity and competence. I know when I was an associate, I was charged with rolling forward the A&C forms from prior year; the senior then officially completed the form and the approval process started with the manager, then partner and up the chain depending on the type of client and the risk profile. In light of the current resource constraints, how are A&C forms capturing considerations around capacity and competence? And how do staff know whether the firm has the right resource capacity and competence? These are often higher-level discussions held at regional and national management levels, but how are those considerations being evaluated and documented? The reality is, if the firm doesn’t have the capacity or the right competence, it needs to either decline engagements or hire the right knowledge base/skill sets to execute a quality audit.

Independence: Once an engagement has been accepted, the firm then needs to determine the proper staffing. While it may be easy to pull from internal resources, such as leveraging IT consultants to come perform IT controls testing, the Firm needs to be intentional in making sure all engagement team members understand the independence implications of working on the audit. For instance, consulting has very few independence limitations, so an IT consultant may not be aware of the strict nature of SEC independence rules for a public company audit. Similarly, the use of contractors external to the firm is another viable solution to resource constraints, but the question still stands, despite completing an independence checklist/confirmation, has the consultant been educated on the specific nature of independence requirements for the audit?

Technical Knowledge: Assuming the borrowed staff and/or consultants are independent, what is the firm’s process for evaluating competence of these resources? Sure, firms know to review the CV and certifications, but we all know there is a distinction between an accountant and an auditor and yet both often have the same degree and may even both be CPAs. Or take an IT consultant for example. The IT consultant likely has a strong understanding of information systems and could easily perform a walkthrough and execute tests of operating effectiveness over automated controls and/or information technology general controls (ITGCs). However, mere execution is not the same as truly understanding the audit risks and implications of findings. For instance, in performing a walkthrough, the IT consultant may obtain an understanding of the change management process and as with all processes, there are always exceptions to the rules. The question is, would an IT consultant understand the audit implications for various exceptions? Or if the IT consultant is testing an automated control, would they know to test more than the mere functionality as described in the walkthrough? Would they know to test all possible scenarios to demonstrate that the system can only process information as described in the automated control?

Regardless the area, whether IT, valuation, tax or some other specialty knowledge, understanding audit risks is critical. After all, risk is what drives an audit. So, what does management do to ensure that resources have the proper audit understanding? While a three-hour training on PCAOB audit standards may help provide some insight and may placate the PCAOB from a “checklist” mentality, let’s be frank, audit risk is learned over time. There is a reason managers and partners perform reviews, having years of audit experience, slowly learning the risks and implications of various scenarios that emerge in audits. A three-hour training cannot replace years of experiential learning. The question remains, what are firms doing to bridge this gap? This points to consideration of the staffing mix and the need for appropriate review and supervision, as discussed below.

Monitoring: Current QC standards require various monitoring programs at a firm level. These programs are often executed for all internal resources, but what about external resources or resources from different divisions? Take independence monitoring and/or training/CPE/licensure monitoring, are “fill-in” resources subject to these same processes? While performing an independence check for an occasional contractor may be easy enough, as firms embrace more part-time workers and engage more contractors, firm QC processes will need to be amended to ensure appropriate checks over this emerging resource pool.

Tone at the Top: It’s worth emphasizing the importance of creating a culture of curiosity over conviction. Employees and teams should feel encouraged to ask questions, to seek for better understanding, and to not hesitate to consult with national office / upper management. Considering a lot of cumulative audit knowledge and experience is being lost through the great resignation, promoting a culture of knowledge sharing is even more important to ensuring employees feel comfortable raising their hand when they don’t understand something and feel supported by all levels of management so they can perform quality audits.

Engagement Team Considerations

Team Assignments: At the engagement team level, it’s important that firms consider the staffing mix on audit teams. While firms may have no choice but to use contractors and borrow staff from other departments, audit teams should still have “core audit members” who can share the audit knowledge and keep audit risks front of mind. Maybe that means the firm will need to rotate clients for some of its core assurance staff so that every team has core assurance members. As well, as audit areas are assigned, managers and partners should be thinking through risks at the financial statement level and ensuring higher risk audit areas are completed by stronger, core assurance members.

What about areas like IT or taxes where the area is specialized and may present a pervasive or significant risk? Firms need to be conscientious of these areas and if their resources do not themselves have the requisite audit knowledge and/or experience, then perhaps firms should consider specific coaching programs or targeted in-flight review programs that can compliment the use of contractors and/or borrowed staff. For instance, perhaps the firm uses an IT partner with years of in-depth audit experience to coach less experienced IT contractors across multiple engagements. As the workforce and employment model is changing, so too will the structure and makeup of engagement teams. Be creative.

Review and Supervision: In addition to the staffing mix, firms should consider review and supervision at the engagement team level. Though the standard around engagement team review and supervision has not changed, the expectations may be evolving. For areas performed by less experienced staff, whether new hires, borrowed staff, or independent contractors, managers and partners should be performing more in-depth reviews. For areas of higher risk, teams should consider whether additional levels of review are necessary. And for areas of specialized risk, as mentioned above, firms should consider whether there is a need for targeted in-flight reviews. Perhaps the most important factor for quality review and supervision is workload. What metrics is the firm using to monitor manager and partner workload? What are firms doing to relieve overworked managers and partners? This ties directly into the capacity discussions that management is having at the acceptance and continuance level.

Consultations: Finally, in conjunction with firm management setting the correct tone-at-the-top at the firm level, engagement teams should leverage firm-wide resources and not be afraid to consult when needed. Too often, teams only focus on required consultations, but nothing says that a team can’t consult when questions arise in other non-mandatory scenarios. Knowledge is power and firms have vast sums of cumulative audit knowledge and experience at the management levels, so don’t be afraid to reach out to national office with questions. Chances are, you aren’t the first to have that question.

Use of Other Firms Considerations

So far, we’ve focused mainly on the use of independent contractors and borrowed staff, but there is also a movement to using other audit firms to also assist with audits. Sometimes the other firm will issue an opinion and sometimes the other firm only performs audit procedures on behalf of the principal auditor. Currently, China comes to mind; given various restrictions due to COVID and regulatory concerns, many US firms are leveraging other audit firms in China to assist in executing audits. In our recent article of use of other auditors, we provide factors to consider, but the general theme points to review and supervision. So what procedures are firms implementing to ensure appropriate review over the work performed by other auditors? A mere review of the reporting package is likely not sufficient given the new PCAOB standards/amendments.

Technology Considerations

Given the digital age, we would be remiss not to mention technology. In our joint webinar on ISQM 1, Dayshape CEO, Andrew Bone, said: “For those already struggling to fill their current vacancies, the obvious question is where will this extra capacity come from? Unable to simply recruit and reluctant to scale back fee earning work, firms are looking to technological resources for answers. What firms are finding is that technology can help in a number of different ways.”

For instance, using technology for resource management will help firms easily identify available employees, what skills and experience various resources have, and potentially even reduce administrative burdens on resources, such as finding ways to automate administrative processes. “Technology can be used by firms to track and evidence that the right skills and competencies have been assigned to a project and that independence criteria have been met. When doing this at scale, technology can be extremely useful to help firms track skills firm-wide and demonstrate a robust and standardized process.”

In addition, technology can automate various Firm QC processes or monitor QC metrics (i.e. partner or manager workloads, as mentioned above). Bone continued, “technology can be used to implement automated project controls to provide assurance that the right quality measures and checks are in place and that these are followed consistently. These can be set at a firm level to ensure that the right people review and approve work at the right stage. Or at the engagement level where engagements failing certain quality criteria can also be automatically escalated.”

Finally, as we all know, big data can be incredibly powerful, and technology combined with data analytics could transform future audits. Already, technology is being used to help perform many non-subjective functions such as account reconciliations, cash proofs for revenue, various roll forwards for investments or equity or journal entries, etc. Technology requires an investment, but as we approach a more and more automated world, it will soon be inevitable, and thanks to software-as-a-service models, technology resources are becoming more and more accessible to the masses.

Key Takeaways

The Great Resignation is proving to be a challenging time for everyone. Whether flight cancellations or poor service in restaurants (if the restaurant stayed open), we’re all feeling the effects of staff shortages. For those who didn’t resign, it seems there is more to do with less (yet again). While use of contractors and borrowed staff is a temporary fix, firms should incorporate the following:

Acceptance and continuance decisions need to be thoughtfully considered, taking into account a firm’s capacity and competence.

Independence and ethics requirements should be clearly explained and understood by all staff working on audit engagements, regardless of whether they are internal or external.

Competence is more than just technical ability and should incorporate an element of understanding audit risk. This could be accomplished through trainings, but firms could also incorporate other elements such as engagement team coaching (either by team mangers and partners or through designated coaches), in-flight reviews, and consultations.

Engagement team staffing should be thoughtfully evaluated to ensure there is a mix of core assurance and other staff such as contractors or borrowed staff.

Review and supervision are becoming increasingly important, especially as the use of alternative resources increases. Ensure workloads allow for adequate time for coaching and review during an audit.

When using other audit firms, keep in mind the new PCAOB amendments and standards, largely pointing to increased responsibility around review and supervision for lead engagement teams.

There are tools, technology and services available to help. Firms must assess the gaps whether intellectual, human, or technological, and make investments now for the future.

No one knows how long the labor shortage will last. In the long term, the economy and the markets will adjust. My grandfather worked at one company his entire life. At the time, that was normal. Today, that’s exceptional. In the 90’s, companies complained about lack of loyalty when the younger generations began to change jobs more frequently, but sure enough, the workforce adjusted. Now with the Great Resignation, once again, companies are feeling the strain and in particular, the employees who didn’t resign. But, as has always been the case, the markets will adjust in time. Perhaps this is truly the emergence of the “gig economy” en masse. Perhaps this is creating the impetus needed for firms to more rapidly adopt technology, making audits more efficient. Whatever the outcome, in the short term, we can’t lose sight of audit quality. Filling seats isn’t the same as engaging the right resources with the appropriate firm QC protocols in place to enable teams made up of contractors, borrowed staff, and traditional assurance staff to perform high quality audits.

Dane Dowell is a Director at Johnson Global Accountancy who works with PCAOB-registered accounting firms to help them identify, develop, and implement opportunities to improve audit quality. With over 12 years of public accounting experience, he spent nearly half of his career at the PCAOB where he conducted inspections of audits and quality control. Dowell has extensive experience in audits of ICFR and has worked closely with attorneys in the PCAOB’s Division of Enforcement and Investigations. Prior to the PCAOB, he worked with asset management clients at PwC in Denver, Singapore, and Washington, DC.

< Older Post

Newer Post >

Rethinking Engagement Acceptance: Why “Yes” Isn’t Always the Right Answer

By Jackson Johnson • July 30, 2025

Introduction In today’s regulatory climate, audit firms must take a fresh look at how they evaluate engagement acceptance and client continuance. The stakes have never been higher. With the PCAOB’s newly adopted QC 1000 standard and the AICPA’s SQMS 1 framework now in effect , firms are expected to demonstrate a more rigorous, risk-based approach to quality control—starting with the very first decision: "Should we take this engagement?" The PCAOB recently released a new Audit Focus: Engagement Acceptance on this topic (Audit Focus). At the same time, we’ve been speaking, writing, and helping firms improve their process in this area. On the steps of PCAOB’s recent and timely guidance, this article explores the evolving risk landscape and offers practical guidance for firms to strengthen their engagement acceptance protocols in line with new regulatory expectations and JGA’s quality management insights. The New Risk Landscape: What QC 1000 and SQMS 1 Require The PCAOB’s QC 1000 standard introduces a scalable, risk-based framework that applies to all firms performing PCAOB engagements. It emphasizes that engagement acceptance is not just a procedural checkpoint, it’s a critical quality control decision that must reflect the firm’s risk profile, independence safeguards, and capacity to deliver a high-quality audit. Key risks highlighted in QC 1000 include: Independence and ethics violations: Firms must have systems to identify and escalate potential conflicts, including automated tracking of financial interests. Monitoring of in-process engagements: Firms are expected to assess quality risks before and during engagements, not just after the fact. Scalability and oversight: Larger firms face enhanced requirements, including external oversight and formal complaint tracking mechanisms. Similarly, SQMS 1 requires firms to design and implement a system of quality management that includes robust procedures for engagement acceptance and continuance. These procedures must consider: integrity and reputation of the client firm competence and resources ethical and legal requirements, and risks to audit quality and compliance. Issues arising from poor or inconsistent client or engagement acceptance policies and procedures isn’t new, but is being looked at in new ways by firms and their regulators with the: decrease in public company auditors qualified or going to market on conducting public company audits increasing number of firms that have been stripped of their privilege to conduct public company audits, and movement of companies to different auditors (think BF Borgers as the most egregious example, but your typical attrition in the most common case). The PCAOB, AICPA, and other regulators around the world, will take these business risks and apply them in a new lens in their inspection, peer review, and enforcement processes as they look at how firms have identified and addressed risks when implementing their QC system when it comes to client acceptance. Improving Communications: Predecessor Auditors & Audit Committees Recent PCAOB inspection findings and the Audit Focus document emphasize that engagement acceptance decisions are under increasing scrutiny. Deficiencies in areas like AS 1301 (Communications with Audit Committees) and AS 2610 (Successor Auditor Communications) often stem from weak or incomplete risk assessments at the outset of the engagement. Firms must be prepared to engage in transparent, candid conversations with audit committees, especially when the going gets tough. Whether it’s disclosing an unanticipated CAM , identifying a material weakness in internal control , or explaining a shift in audit scope, the ability to communicate openly and credibly is a hallmark of audit quality. Similarly, in our article on audit committees , we emphasized that audit committees are becoming more sophisticated and assertive. They expect auditors to be proactive, risk-aware, and ready to explain their judgments—not just their procedures. The Audit Focus does a great job of asking questions for firms to consider in assessing the quality of both management and the AC. As part of your engagement acceptance process, assess not only the technical risks of the engagement, but also the firm’s ability to maintain transparency and trust with the audit committee. Ask: Will we be able to have frank conversations with this client’s governance team? Are we prepared to deliver difficult messages if needed? Do we have the right people and protocols in place to support those conversations Internal Inspections: Engagement Acceptance as a Root Cause The Audit Focus also highlights how engagement acceptance decisions can directly impact audit quality and inspection outcomes. We encourage firms to examine their internal inspection programs to see how/whether outcomes can inform or rise to potential root causes targeting the firm’s engagement/client acceptance process. For example, a risk-based selection for the annual internal inspection process should include certain jobs tied specifically to new client and new engagements:

Innovative Solutions for QC 1000, SQMS 1, & ISQM 1: Quality Management tools in the Marketplace

By Jackson Johnson • July 15, 2025

Introduction As explored in previous JGA Advisor articles, the implementation of quality management standards such as ISQM 1, SQMS 1, and QC 1000 has reshaped how audit firms approach compliance, risk, and continuous improvement. These standards demand a proactive, risk-based, and firm-wide system of quality management (SoQM) that is both scalable and adaptable to local jurisdictions. We have seen through our work with firms that a tech solution is just part of the equation. Of course, having the right human capital with the capacity, drive, skills, and leadership to influence implementation across so many functions of the firm is critical. Also, understanding a baseline of risks and controls – beyond the minimum explained in the standards – will go a long way for smoother implementation. We recommend taking a look at the AICPA Practice Aid and many other AICPA resources for firms embarking on their implementation journey. While the standards themselves are rigorous, the complexity of implementation—especially across multiple jurisdictions—has led many firms to look to ways to document their system with reliable workflows in a database or other system. What we have seen is that – at a minimum – an excel solution, especially coupled with other tools like smart sheets, is the easiest entry point for a tech solution for implementation. Other more advanced tools not only streamline compliance but also enhance documentation, accountability, and real-time monitoring. In this article, we explore how three platforms—Inflo, Caseware, and QMCore—are helping firms meet these challenges and elevate their quality management systems. Why Software Matters for Quality Management Successfully implementing a SoQM under ISQM 1, SQMS 1, QC 1000, or other jurisdictional standards requires more than policies and procedures—it requires leadership, training, communication, and a culture of quality. But most importantly, it requires technology. Software platforms like QMCore, Inflo, and Caseware offer firms the ability to: Assign and track ownership of quality tasks across the firm, ensuring accountability, and transparency. Streamline risk assessment, monitoring, and remediation, which are core to all modern quality management standards. Provide real-time reporting and dashboards that allow leadership to monitor compliance and identify deficiencies early. Adapt to evolving regulatory requirements across jurisdictions, including CSQM 1 (Canada), SSQM 1 (Singapore), ASQM 1 (Australia), and PES 3 (South Africa). Educate and enable staff through embedded guidance, links to standards, and intuitive workflows. For firms evaluating whether to adopt software, the key considerations should include: scalability, jurisdictional adaptability, ease of implementation, audit trail integrity, and the ability to evolve with regulatory changes. We strongly suggest taking a look at our previous guidance on adoption of software audit tools as well. There are other applications being developed for the market as well. Inflo: A Centralized Platform for Quality Management Oversight Inflo’s Quality Management solution is designed to help firms implement and maintain a System of Quality Management (SoQM) that aligns with ISQM 1 and other global standards. Unlike traditional tools that focus solely on audit execution, Inflo’s platform provides a centralized environment for managing the entire quality lifecycle—from risk assessment to monitoring and remediation. Key Features of Inflo’s Quality Management Platform: Centralized Oversight: Inflo consolidates all quality management activities into a single platform, giving firm leadership real-time visibility into the status of quality objectives, risks, and responses. Customizable Risk Assessment: Firms can tailor their risk identification and assessment processes to reflect their unique service lines, geographies, and regulatory environments. Automated Monitoring & Remediation: Inflo streamlines the tracking of deficiencies and corrective actions, ensuring that issues are addressed promptly and transparently. Evidence of Compliance: The platform maintains a complete audit trail of all quality management activities, supporting both internal reviews and external inspections. Scalable Across Jurisdictions: Inflo’s solution is adaptable to various regulatory frameworks, making it suitable for firms operating in multiple countries or under different standard-setting bodies. By integrating quality management into a digital workflow, Inflo helps firms move beyond static documentation and toward a dynamic, data-driven approach to compliance and continuous improvement. Caseware: Integrated Methodology and Real-Time Collaboration Caseware’s cloud-based platform, particularly through its Dynamic Audit Solution (DAS), offers a comprehensive approach to quality management. Built in collaboration with CPA.com and the AICPA, Caseware provides: End-to-End Audit Workflow: Integrating methodology, workpapers, and execution tools in a single environment. Real-Time Collaboration: Enabling teams to work simultaneously on engagements, improving efficiency and reducing version control issues. Data-Driven Risk Assessment: Supporting a risk-focused audit approach aligned with ISQM 1 and SQMS 1. Caseware is especially effective for firms embedding quality management into daily audit operations while maintaining compliance with evolving standards. QMCore (FinReg): Purpose-Built for Global Quality Management Standards QMCore, developed by FinReg, is a purpose-built platform designed to help firms implement and maintain a System of Quality Management (SoQM) in compliance with ISQM 1, SQMS 1, QC 1000, and their global counterparts. It is powered by the FinReg GRC platform and has received technology accreditation from the ICAEW. Key Benefits of QMCore: Comprehensive Coverage: Seamlessly integrates all eight components of ISQM 1 and SQMS 1, including governance, risk assessment, monitoring, and remediation Task Ownership and Accountability: Allows firms to assign responsibilities clearly and track progress with ease Monitoring & Remediation: Embedded tools provide high visibility into deficiencies and corrective actions, with real-time dashboards and drill-down analytics Jurisdictional Flexibility: Adaptable to regional standards such as CSQM 1, SSQM 1, ASQM 1, and PES 3 Audit Trail Integrity: Tracks all inputs and changes, ensuring transparency and defensibility; and User Enablement: Educates staff on the standards, enables them to act, and evidences compliance through structured workflows and embedded guidance. QMCore is securely hosted on AWS and accessed via the internet, making it easy to implement and scale across firms of varying sizes and geographies. Conclusion The shift to modern quality management standards is not just a compliance exercise—it’s an opportunity to enhance audit quality, improve operational efficiency, and build a culture of continuous improvement. Software platforms like Inflo, Caseware, and QMCore are proving essential in helping firms navigate this transformation. Other players may be entering the market, and we encourage a discussion to understand the latest and compare benefits and what’s best for your firm. At Johnson Global Advisory, we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. For more information, please contact your JGA audit quality expert .

Navigating AI Governance: JGA Authors Governance & Compliance Chapter of the Accounting AI Playbook

By Jackson Johnson • June 30, 2025

This is an exert of the AI Accounting Playbook . Building Trust in AI Accounting As accounting firms adopt AI tools in audits, they face new questions about reliability, transparency, and compliance. Regulators like the PCAOB have made clear that if AI outputs can’t be explained or reproduced, they could violate existing standards. Yet formal guidance on AI use in audits remains limited, leaving firms unsure about how to move forward. Some firms have responded by limiting AI to non-public clients, but this caution also presents a chance to lead. Firms that build strong AI governance practices now can stay ahead of future regulation and establish trust in their use of AI. This chapter covers key compliance barriers, governance best practices, and steps to create a trusted control environment. Key Compliance Barriers Accountants face several key compliance barriers when using AI, particularly as regulators such as the PCAOB, AICPA, and SEC increase their scrutiny. Explainability One major challenge is explainability. Many AI models, especially machine learning and generative AI, don’t clearly show how they reach conclusions. This is a problem for auditors who need to support their findings. This lack of clarity makes it harder to meet audit evidence requirements, which must be sufficient, appropriate, and easy to understand, as outlined in PCAOB standard AS 1105. Poor Documentation Poor documentation is another major issue. This includes inadequate records of data inputs and outputs, training data, model logic, and controls over changes. Such deficiencies may violate documentation and risk assessment requirements, as seen when audit teams use AI for journal entry testing without documenting the rationale for flagged entries or threshold settings. Data Privacy Data privacy becomes a concern as firms use AI to handle large amounts of sensitive financial and personal information. This can lead to violations of laws like GDPR and CCPA, especially when client data is processed in cloud or third-party systems. Firms often struggle to maintain consistent policies for data classification, encryption, and access. Auditor independence may also be at risk if AI tools are built by a firm’s advisory armor are deeply integrated with a client’s systems. For instance, if both the firm and client use the same predictive AI tool for forecasting, it could lead to a self-review threat. AI Skills Gap A skills gap and overreliance on AI further complicate compliance. Many auditors lack the training needed to critically evaluate AI outputs or to recognize when human judgment should override algorithmic conclusions. This can lead to audit failures, such as misinterpreting a false negative from an AI-driven risk assessment as a clean result. Validation and Testing Testing and validating AI tools is another challenge, especially for tools that keep learning over time. Firms need to test tools when they’re first used and then on a regular basis, just like they do when relying on third-party service providers. But this is hard to do if the AI vendor doesn’t offer enough detail about how the tool works or the controls in place. Change Management Managing updates and changes to AI models is a concern. If a tool is updated or retrained without documentation, it can lead to inconsistent results. For example, a model may flag different transactions in different quarters without any clear reason why. Many firms also lack a formal AI governance plan tied to their quality management systems, which causes inconsistent control practices and unclear responsibilities. Lack of Guidance Regulators have been slow to issue formal guidance on how AI should be integrated into the audit process, leaving many firms in a state of uncertainty. The good news is that momentum is building. PCAOB Board Member Christina Ho has publicly emphasized the transformative potential of AI in auditing, particularly in automating routine tasks such as cross-referencing data, extracting key contract terms, and documenting interviews. She has advocated for the PCAOB to evolve its standards to promote responsible AI use, calling for transparency, bias mitigation, and auditability in AI tools. Similarly, the International Auditing and Assurance Standards Board (IAASB) has demonstrated its commitment to supporting firms by releasing its Technology Position, which is a strategic framework that outlines how the board will adapt auditing standards to align with emerging technologies, including AI. Until these guardrails are firmly in place, firms should proactively develop internal AI frameworks modeled on established control standards. COBIT can support firms in assessing and governing AI systems, including data and system integrity. COSO can be applied to evaluate AI governance, model risk, and internal control implications, particularly when AI impacts financial reporting or ICFR. NIST provides guidance to help firms build trustworthy AI systems and establish appropriate cyber security and governance protocols. Best Practices for Governance To use AI confidently and compliantly in accounting, especially in regulated environments like audit and assurance, firms should implement strong governance practices that align with both regulatory expectations and ethical standards. 1. Test AI Internally Before Use In Engagements Before you bring AI into your audits, you’ll need to put it through its paces. The starting point is an internal review and certification process, ideally led by your firm’s risk or national office. They should evaluate the AI tool’s design, logic, and controls, and may require your vendor to share documentation, control reports, and allow independent testing. A great way to do this is by running the AI on historical data from past audits with known results. That helps confirm whether the AI delivers the same conclusions auditors already reached. Scenario analysis is another smart move. Challenge the AI with tricky edge cases like known fraud or anomalies. This can expose blind spots or bias in the model. Be sure to maintain a complete audit trail of how the tool was tested and what controls were in place. If any issues pop up during testing, document and resolve them. And before you roll it out firm-wide, get an independent review of the tool. Think of it like a second set of eyes, similar to a concurring partner review. Only once your firm is fully confident in the tool should it be used in your accounting processes. 2. Develop AI Governance Policies Strong policies lay the foundation for responsible AI use. These should outline your standards for data inputs, risk reviews, decision-making responsibilities, and transparency. Deloitte recommends a universal governance policy that applies to all AI technologies across the firm. This policy should define acceptable (and prohibited) use cases, require approval for new AI tools, and establish review intervals. Ethical usage also needs to be a priority. That means clear guidelines around privacy, bias, and legal compliance — with transparency as a core value. Internally and externally, stakeholders should understand when and how AI is being used in order to build trust in AI usage. To oversee this, consider forming a dedicated AI GRC (Governance, Risk, Compliance) team. Roles might include a Chief AI Risk Officer, Data Protection Manager, AI Project Manager, and an AI Governance Committee. Need help building your framework? Look to proven models like NIST AI RMF and ISO 42001. COSO’s recent guide Realize the Full Potential of AI shows how to extend COSO’s ERM framework to AI, and it’s a great place to start. 3. Implement Data Quality Controls AI tools are only as reliable as the data they process. The old adage “garbage in, garbage out” underscores the importance of data quality in AI-driven accounting. To minimize the risk of inaccurate or biased AI outputs, firms should implement data validation, cleansing, and standardization processes. High-quality data improves AI performance and supports more reliable audit conclusions. Protecting sensitive data is also crucial. Firms should limit access to confidential information using role-based access controls (RBAC) and multi-factor authentication (MFA). Audit logs tracking data access provide an added layer of oversight, helping firms monitor and secure critical information. Data lifecycle management is equally important. Retention and deletion policies should be in place to ensure outdated data does not become a liability. While GDPR is an EU regulation, it sets a high standard for data management and serves as a strong benchmark for firms looking to enhance their data governance practices

JGA Makes First Contribution to The Daughters of The American Revolution

May 28, 2025

WASHINGTON, D.C.: Johnson Global is proud to announce our first charitable contribution in support of the daughters of the American Revolution (DAR) —a historic nonprofit organization founded in 1890 and dedicated to historic preservation, education, and patriotism. With over 130 years of tradition and more than one million members since its founding, the DAR continues to make a meaningful impact through local, national, and global initiatives. "We are honored to support an organization whose enduring mission aligns with our values and commitment to community" said Jackson Johnson, JGA President. "This partnership marks a significant milestone for Johnson Global Advisory as we expand our philanthropic efforts and invest in organizations creating lasting, positive change". "Thank you JGA for this impactful donation will allow our chapter to continue our mission" said Jill Mathieu, Regent of DAR. To explore more about the impact of DAR, visit: www.dar.org/discover About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

Joe Lynch to speak at 40th Midyear SEC Reporting & FASB Forum

May 28, 2025

Johnson Global Advisory ("JGA") is proud to announce that Joe Lynch, Shareholder and Managing Director, will be speaking on a panel at the 40th Midyear SEC Reporting & FASB Forum . Joe will deliver the PCAOB update on June 6, with attendance available both in person and virtually. This panel will summarize the activities of the PCAOB including: • Understand the current regulatory landscape and emerging issues under new SEC leadership • Summarize rulemaking from the FASB’s technical agenda, including segment reporting and disaggregation of income statement expenses • Anticipate accounting and reporting issues incurred with income taxes, including ASU 2023-09 “Improvements to Income Tax Disclosures” • Identify changes from the FASB on accounting for financial instruments • Prepare for disclosure requirements on ESG and climate change, including the EU’s Corporate Sustainability Reporting Directive (CSRD), the requirements of California’s ESG disclosures legislation and the status of the SEC final rule • Recall recent developments and the most frequent comment areas in the SEC review process Click here to register and learn more. About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

QC 1000 Implementation: Key Themes and Guidance from the PCAOB Workshop

May 28, 2025

On May 13th, 2025, the PCAOB held a QC 1000 workshop in Washington, DC, providing critical insights into the upcoming quality control standard. With the effective date of December 15th, 2025 , firms must proactively identify and manage quality risks by setting quality objectives, assessing risks, and implementing responses. Examples and case studies with breakout groups played a crucial role to help firms understand and apply each stage of the implementation process, from risk assessment to monitoring and remediation. Many attendees are still early in their understanding of the standard, highlighting the need for clear guidance and support. In a live poll, a significant portion of the workshop attendees indicated they have not yet started implementation. The inspection approach of QC 1000 has not been finalized. As such, they did not take any questions regarding how this would be inspected in its formative years. However, we did read between the lines from a different question around audit documentation, that it’s possible they may select components on a test basis during an inspection. Background of the Standard The QC 1000 standard emphasizes the integration of eight components: the risk assessment process, governance and leadership, ethics and independence, acceptance and continuance of engagements, engagement performance, resources, information & communication, and monitoring and remediation process. For more background information on QC 1000, please see these JGA resources: Applying the QC 1000 and Other Standards to Your Firm Understanding the Broader Benefits of ISQM 1 and SQMS 1 Applying the Benefits of ISQM 1 & SQMS 1 Across the Firm Key Topics from the Workshop Key terms such as applicable professional and legal requirements (APLR), firm personnel, other participants, and third-party providers were defined to clarify roles and responsibilities within the firm's QC system. The workshop included a walkthrough of Appendix A2 of the standard. The firm’s system must consider the APLRs that are applicable to the firm, which is unique to each firm. APLR is defined in the standard as: Professional standards, as defined in PCAOB Rule 1001(p)(vi); Rules of the PCAOB that are not professional standards; and To the extent related to the obligations and responsibilities of accountants or auditors in the conduct of engagements or in relation to the QC system, rules of the SEC, other provisions of U.S. federal securities law, ethics laws and regulations, and other applicable statutory, regulatory, and other legal requirements. It is important to be able to clearly identify the type of resource in your QC 1000 implementation journey. Paragraph .05 also discusses the terms firm personnel, other participants and third-party providers. These are defined in Appendix A.5 (firm personnel), A.7 (other participants) and A.13 (third -party providers). 1. Firm personnel include: EQR (inside the firm), Staff at shared service centers, secondees and leased staff, specialists employed by the firm. 2. Other participants include other auditors, EQR (outside the firm), internal auditors of the client that provide direct assistance to the auditors, specialists engaged by the firm, Networks, and external QC function. 3. Third-party providers include audit software providers, system security vendor, audit methodology provider, confirmation intermediary, pricing services, and broker-dealer monitoring systems. There are four distinct roles and responsibilities as described in paragraphs .11 -.17 of the QC standard. The first two roles are the certifiers of the Firm’s QC results: 1. The principal executive officer and 2. Individual responsible for the operational responsibility and accountability for the QC system as a whole. The principal executive officer (PEO) is ultimately responsible for the design, implementation, operation, and evaluation of the firm’s QC system. Only firm personnel are permitted to fill the roles required by QC 1000 . JGA Insights: 1. Not all “participants” of a firm’s structure must be included in a firm's quality control policies and procedures, which is especially important for shared service centers and outsourced staffing arrangements. These roles must be clearly defined and applied as the different levels of participants within an organization are considered differently by the standard. 2. PCAOB-registered firms of all sizes – regardless of whether the firm currently audits issuers – must adhere to these components, ensuring consistency with international quality control frameworks. 3. While it was expressed in the session by PCAOB Staff that firms are not expected to reengineer their process (e.g. more than 1 set of QC documentation), firms may need to align or “top-up” their processes with multiple standards to ensure comprehensive compliance. Keep in mind here that the top-up may not just be for QC 1000. In fact, a system in compliance with QC 1000 may need top-up considerations for SQMS 1 and/or ISQM 1. Risk Assessment Principles There were several examples and case studies to go through among table groups during the session. These activities helped illustrate the importance of getting risk assessment right, since this drives what the firm focuses on for an effective system. When it comes to implementing QC 1000, there are some key takeaways from the risk assessment process that can really guide firms in the right direction. JGA Insights: Here are a few important points to keep in mind as you work through identifying and assessing quality risks 1. The QC 1000 standard does not prescribe a specific method for identifying and assessing quality risks. This gives firms flexibility but also places responsibility on each firm individually based on their circumstances. It’s more work upfront from a “cookie-cutter” approach but ensures the design of a process that fits a firm’s unique context. 2. Quality risks should not be viewed as the opposite of quality objectives . Instead, they are factors that could potentially hinder the achievement of those objectives. 3. The threshold of “reasonable possibility of occurring” applies to all risks, including risks of intentional misconduct by firm personnel and other participants. This means that firms must consider the likelihood of risks occurring and their potential impact on the quality objectives. The PCAOB staff shared during the workshop that the concept of reasonably possible follows the same definition as used in FASB ASC Topic 450 on Contingencies. Ethics and Independence Considerations The QC 1000 standard does not alter existing ethics and independence requirements under PCAOB or SEC standards. Firms must continue to comply with those as currently written. Compared to other standards like ISQM 1 and SQMS 1, QC 1000 is more stringent in certain areas. For example, it requires: 1. Creating and maintaining a restricted entity list; 2. Periodic review of the list to ensure accuracy; 3. Appropriate certifications related to independence; and 4. Audit committee approvals where applicable. Register for the next workshop and get going on implementation To gain a deeper understanding of the QC 1000 standard and its implementation, we strongly encourage you to attend the PCAOB Smaller Firm Workshop on June 17, 2025, in Irving, Texas. This in-person-only session will provide valuable insights and practical guidance for firms navigating the new quality control standard. Register now to secure your spot. As always, reach out to your JGA Expert with any questions. About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporate solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

Joe Lynch, JGA Managing Director to Speak at AICPA® & CIMA® ENGAGE 25+

April 25, 2025

WASHINGTON, D.C.: Johnson Global is pleased to announce that Joe Lynch, JGA Managing Director will speak at the AICPA® & CIMA® ENGAGE+ 25 on May 15, 2025, and will be attending the full conference on June 9–12, 2025, at the ARIA Resort & Casino in Las Vegas, NV and live online. This CPE-eligible event is the premier annual event for accounting and finance professionals, bringing together thousands of peers, experts, and industry leaders for top-tier learning, networking, and career growth opportunities. Register by May 1, 2025, to take advantage of Early Bird rates— $1,995 for members ( regularly $2,095 ) and $2,445 for nonmembers ( regularly $2,545 ). *PCPS, Tax and PFP section members and CITP®, PFS™, CGMA® credential holders save an additional $150 . Discount reflected in section member/credential pricing during checkout. Register Today ! About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

JGA to Sponsor 2025 ALI-CLE Accountants' Liability Conference

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) is proud to sponsor the Accountants' Liability Conference hosted by ALI-CLE. This two-day event will take place in Washington, D.C. and virtually on June 2nd and 3rd. This is an excellent opportunity to gain valuable insights into a wide range of critical issues. The 2025 conference will focus on audits and oversight, providing essential guidance to help you navigate the evolving landscape of regulatory compliance and better protect your firm and clients. “We are pleased to sponsor this conference for the last several years. This event brings together top law firms, internal counsel, and risk experts for dynamic discussions on trending topics such as accounting liability and other important issues affecting the profession,” said Jackson Johnson, JGA President. “I look forward to personally engaging with participants, presenters, and stakeholders at this conference.” This year’s program is still being finalized but planned topics include: Recent Trends in Accounting Litigation Living in a post- Jarkesy world The future of enforcement PCAOB inspection program update SEC perspectives on gatekeeper liability AI and emerging technologies in the accounting industry Accounting firms entering the legal space International firm considerations Alternative practice structures and AICPA independence rules Register by April 25 to attend in-person and use the code “ JGA ” to save $250 off . OR, for webcast attendance, use the code " JOHNSON " to save $125 off the tuition. Click here to register. About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.

JGA Makes Third Annual Contribution to The Boys & Girls Club of Greater Kansas City

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) makes third annual contribution to the Boys & Girls Club of Greater Kansas City. The 29th Annual Kids Night Out is scheduled for Saturday, April 26, 2025, and promises to be an unforgettable evening, bringing together over 1,500 guests to support the children served by Boys & Girls Clubs of Greater Kansas City. “We’re thrilled to continue our support for the Boys & Girls Club of Greater Kansas City. This marks our third year backing this chapter, and I know that many of our JGA employees have personally benefited from the programs the Boys & Girls Clubs offer nationwide,” said Jackson Johnson, JGA President. “Kids Night Out is Boys & Girls Clubs of Greater Kansas City’s biggest fundraiser each year– and all dollars raised stay right here in Kansas City”, said Andy Burczyk, Board Member and Chair of Kids Night Out. “This organization is doing extraordinary things, and it is because we as a community invest in their impact.” For over 100 years, Boys & Girls Clubs of Greater Kansas City has provided a safe, supportive environment for youth. Serving over 8,000 kids and teens annually across 11 locations, the organization helps young people achieve their full potential through programs that promote academic success, healthy lifestyles, and character development. Through mentoring and leadership training, they equip members with the skills needed for success now and in the To learn more information on the Boys & Girls Club of Greater Kansas City and their work with the youth, please visit www.bgc-gkc.org . About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, as well as JGA professionals, are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.

Johnson Global Advisory Supports Sustainable Harvest International

March 21, 2025

WASHINGTON, D.C.: Johnson Global Advisory (JGA) is proud to provide a financial contribution to Sustainable Harvest International (“SHI”). SHI is a nonprofit helping Central American farmers adopt sustainable farming practices for over 27 years. Their mission is to address the destruction of tropical forests caused by slash-and-burn farming and logging. SHI’s mission benefits both current and future generations by equipping farmers with the knowledge to farm sustainably. “We’re proud to partner with Sustainable Harvest International in their important work,” said Jackson Johnson, JGA President. “This collaboration helps drive lasting, positive changes and by backing such vital organizations, we stay true to our mission of giving back and making a real difference. JGA’s philanthropic efforts focus on supporting organizations that are important to our people. I appreciate Vernon sharing his experience as a board member and we are grateful to work with him to amplify this organization.” Vernon Johnson, JGA Director, is a Board Member and Treasurer for SHI. He is actively involved in this organization. "My nonprofit work has helped me maintain perspective in both life and at work,” said Vernon. “It’s taught me to stay calm during challenges and focus on the bigger picture. This experience has improved my relationships and made me more resilient in stressful situations. My advice to busy professionals is to step back, appreciate the simple things, and not sweat the small stuff—being thankful and present can make a big difference." To learn more about SHI, visit www.sustainableharvest.org/donate . About Johnson Global Advisory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff and JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.johnson-global.com to learn more about Johnson Global.