JGA Team Perspectives: System of Quality Management – Using Technology in Your Practice and Audits

Johnson Global Advisory (“JGA”) is pleased to announce that Santina Rocca, Managing Director, will be speaking at the CAW Network USA Beyond Accounting – Not Just the Numbers event, in collaboration with Fordham University’s Center for Professional Accounting Practices – Gabelli School of Business on June 13 th , 2024. The conference will be a single stream event with five sessions and offers CPE credits. The sessions will cover: Leadership AI and Third-Party Risk Management Lunchtime breakout groups covering a variety of topics including sustainability, younger member priorities, future of audit and ‘future skills’. Resilience Enterprise Risk Management Evening Presentation – AI and Fraud by Homeland Security Investigations – New York Cyber Division. Click here to register and learn more. About Johnson Global Ad visory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.jgacpa.com to learn more about Johnson Global.

Johnson Global Advisory (“JGA”) is pleased to announce that Don Melody, Director, will be speaking at the Broker-Dealer Accounting Virtual Conference at CPE INC. on June 11th. Don and others will speak directly about their experience as FINRA, CFTC and PCAOB regulators on their latest initiatives and key priorities. Discover how these decisions may influence your company’s practices and bottom line, get critical updates on regulatory, accounting and auditing issues, and keep up with recent developments, such as the use of cryptoassets and the threats posed by cyberattacks and ransomware. Through this comprehensive agenda and immersive online platform, you’ll gain expert guidance and real-world strategies from current and former regulators, Big 4 leaders and other industry specialists on implementing the latest accounting standards, dealing with regulators, mitigating risks, and more AGENDA HIGHLIGHTS INCLUDE: • Technical Accounting Update • Regulatory Trends, Industry Initiatives & Challenges • PCAOB Update • Accounting for & Auditing of Digital Assets • Comments from the CFTC • SEC Enforcement Issues • Cybersecurity & Ransomware Register today and use the code WK24Z for a 20% off discount. About Johnson Global Ad visory JGA is dedicated to helping public accounting firms around the globe achieve the highest level of audit quality. All CPAs and former PCAOB inspection staff, JGA professionals are passionate and practical about working alongside firm leadership to ensure the right controls, policies, and practices are implemented throughout the organization. Visit www.jgacpa.com to learn more about Johnson Global.

The PCAOB released its first ever Spotlight related to audits of broker-dealers on January 31, 2024 - Insights Into the PCAOB’s Interim Inspection Program Related to Audits of Broker-Dealers. The Spotlight provided new insights and more context than the PCAOB’s typical annual reports on the broker-dealer inspection program results. What does this mean for your firm? Johnson Global Advisory will be hosting a webinar presented by JGA Directors Don Melody and Tanieke Samuel, who will take a deep dive into the PCAOB spotlight and provide their analysis of the issues raised by the PCAOB, as well as some key takeaways for auditors to improve the quality of their broker-dealer audits. Key Takeaways Participants will come away with a high-level overview of the PCAOB’s latest spotlight focusing on broker-dealer inspection reports. Presenters will also provide additional insights and key takeaways for best practices and quality control to readily apply. The objectives of this training session include the following and will also increase your technical competence in the following areas: • Broker-Dealer program and industry • Impact of standardized audit programs • Impact of low-cost providers and auditor changes Participants will earn 1 CPE credit. To be awarded the full CPE credit, you must complete all of the following: • Register as an individual participant • Be present in the live webinar throughout its entirety (i.e., 1 hour) • Respond to the required (3 out of 4) polling questions. For more information about CPE credit click here . To register for this webinar please click here . After registering you will receive a confirmation email that includes information about joining this webinar. For additional information or questions regarding this program, please contact JGA at info@jgacpa.com and indicate the title above. Additional Information Field of Study : Auditing Prerequisites: None Who Should Attend: Auditors of broker-dealers including engagement staff, managers and partners; audit quality and risk management professionals. Advanced Preparation: None Program Level : Basic Delivery Method: Group Internet Based Refunds and Cancellations: Not applicable to complimentary programs Johnson Global Advisory is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

Johnson Global Advisory (JGA) is pleased to announce Stephanie Mickens as a Director, focused on IT audit quality advisory. With more than 15 years of audit, IT integration, and audit quality compliance and regulatory experience, Stephanie’s skillset compliments JGA’s existing IT audit quality advisory services available to clients. She will work closely with Mark Whittenberg, CISA, and JGA Director, to advise on all things IT audit, including inspection services, audit quality assessment and improvement, implementation and monitoring activities. This addition strengthens JGA’s expertise when the use of technology drives business impact, and ways for auditors to implement technology continue to expand. “ I am thrilled to be able to bring my passion for audit quality into this new chapter at JGA ,” said Stephanie. “ We know that the use of technology – and now artificial intelligence – in the audit is not going away. It can seem intimidating, but our goal for clients is to embrace the change and go about utilizing technology the right way, with the help of people such as our JGA team who can share that knowledge. ” During the span of her career, Stephanie spent nearly five years as an Inspections Specialist at the Public Company Accounting Oversight Board (PCAOB) where she was one of a niche team of Information Systems Auditors. In this role, Stephanie supported audits of public companies performed by the Big Four network firms globally. Prior to her role with the PCAOB, Stephanie worked with PricewaterhouseCoopers LLP (PwC) for eight years as a Manager in the Risk Assurance practice, where she provided services related to the performance of assessments of internal control over financial reporting (ICFR) as part of Sarbanes Oxley 404 requirements for public companies. More recently, Stephanie was the IT Risk Assurance Lead at a national financial services company, where she led the execution of the IT ICFR program, including the company’s IT SOX scoping and risk assessment. Stephanie also served eight years at PwC Atlanta, leading and performing Information Technology General Controls testing for PCAOB audits, and leading SOC 1 and SOC 2 engagements. She has served in numerous leadership roles for the National Association of Black Accountants, Inc. (NABA). “ I’m so pleased that Stephanie has chosen to use JGA as a platform to reach firms worldwide and share her passion for audit quality, ” said Jackson Johnson. “ Her strong IT audit skills will complement the rest of our IT audit quality advisory experts to bring a stronger focus on how technology is driving improvements at all firms — large and small ”. The addition of Stephanie increases JGA’s professional services team to include fourteen former PCAOB staff, with a cumulative 156 years of service at the PCAOB and SEC, and more than 144 years of experience auditing public companies. Stephanie is based in the Atlanta, Georgia, area and received her Master of Accountancy at Georgia Southern University. To learn more about Stephanie and the full JGA team, read here. About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide.

On May 3, 2024, the SEC charged audit firm BF Borgers CPA PC and Benjamin F. Borgers (collectively, “Borgers”) with fraud affecting more than 1,500 SEC filings. According to the SEC’s Order , of the 369 BF Borgers clients whose public filings from January 2021 through June 2023 incorporated BF Borgers’ audits and reviews, at least 75% of the filings incorporated BF Borgers’s audits and reviews did not comply with PCAOB standards. Because a significant number of issuers have been impacted by the Order, the SEC’s Division of Corporation Finance released a statement on the topic (the “CF Release”). According to the CF Release, issuers that have engaged Borgers to audit or review financial information to be included in any Exchange Act filings to be made on or after the date of the Order will need to engage a new qualified, independent, PCAOB-registered public accountant. Further, the CF Release provides that: Form 10-K and Form 20-F filings on or after the date of the Order may not include audit reports from Borgers; and Form 10-Q filings on or after the date of the Order may not present financial information reviewed by BF Borgers. Accordingly, affected entities will be required to engage a new qualified, independent, PCAOB-registered public accountant to perform the current annual audit and quarterly reviews, as well as perform re-audits and rereviews of all relevant impacted periods. The CF Release also stated that “Exchange Act reports that were filed before the date of the Order do not necessarily need to be amended solely because of the Commission’s entry of the Order. However, issuers should consider whether their filings may need to be amended to address any reporting deficiencies arising from the BF Borgers engagement.” This document provides some helpful information for auditors who are considering or have recently accepted an audit engagement with an affected entity. Specifically, it discusses topics such as interim reviews, client acceptance and communications with the predecessor auditor. Interim Reviews The successor auditor may conduct the review of the current year interim financial information and the rereview of the prior year corresponding interim period, provided the firm also simultaneously proceeds with the annual audit and reaudits of the latest year (or years, depending on the client’s filing situation, i.e. based on the number of comparative periods presented). Auditors can find the requirements relating to reviews of quarterly financial statements in AS 4105 , Reviews of Interim Financial Information . According to that standard, an auditor may conduct a review of the interim financial information of an SEC registrant if the entity's latest annual financial statements have been or are being audited . (AS 4105.05) Because successor auditors will begin the reaudit of the prior year financial statements immediately following their engagement, auditors are permitted to proceed with the review of the clients’ quarterly financial statements for inclusion in the company’s Form 10-Q filing with the SEC. There are certain specific requirements auditors should be aware of when conducting initial reviews of interim financial statements relating to obtaining knowledge about internal controls and communicating with the predecessor auditor. Those requirements can be found at AS 4105.12 and .13. We encourage auditors to read and understand the requirements of AS 4105 before committing to engaging new clients. Client Acceptance As indicated in the CF Release, any prior period financial statements that had previously been audited by Borgers will need to be reaudited by the newly engaged auditor for inclusion in the issuers next Form 10-K or Form 20-F. Prior to starting an initial audit, the successor auditor will also be required to perform procedures regarding acceptance of the client relationship and the specific audit engagement; and communicate with the predecessor auditor as described in AS 2101.18. It is advisable that any firm should follow their client acceptance procedures with rigor. Prior to acceptance, firms should read the SEC Order carefully and consider the variety of risks involved with each prospective client, especially the heightened risk that a material misstatement may exist on prior year financial statements. Firms will also need to extend their acceptance procedures to cover all periods subject to reaudit. A few special considerations to highlight: Determine the auditing procedures necessary (and the ability) to obtain sufficient appropriate audit evidence regarding opening balances and consider the obstacles that may be involved. Perform background checks of management and the board of directors and understand the reasons for departures and changes from the date of the opening balances (and possibly beyond) to the present. Review all SEC comment letters and responses for all periods under audit and reaudit. For perspective clients with inventory, special consideration will need to be given as to how to obtain appropriate audit evidence because of the inability to perform physical inventory observation procedures in the prior periods. Inquire about the prospective clients’ books, records, internal controls and IT systems to understand the ability to obtain reliable information timely for all periods under audit. Assess whether the firm has the skills, knowledge and experience to take on a new client, and if the firm is considering taking on multiple issuers, whether they have the internal resources to perform the audits with the appropriate level of audit quality. Communications with the Predecessor Auditor PCAOB standards at AS 2610 require the successor auditor to communicate with and make a variety of inquiries with the predecessor auditor prior to accepting the engagement and that acceptance cannot be final until the communications received from the predecessor have been evaluated. Inquiry of the predecessor auditor is a necessary procedure because the predecessor auditor may be able to provide information that will assist the successor auditor in determining whether to accept the engagement. In addition, the successor auditor should request and review the working papers of the predecessor auditor for all periods that will be subject to reaudit. When possible misstatements are discovered during the audits or reaudits, the successor auditor will also be required to communicate with the predecessor auditor. According to PCAOB standards, in an initial review of interim financial information the auditor should perform procedures that will enable him or her to obtain sufficient knowledge of the entity’s business and its internal control. The standard goes on to describe steps the auditor should take, which includes making certain inquiries of the predecessor auditor and reviewing the predecessor auditors’ workpapers (including both the audit and quarterly review workpapers). The standard also states that, “if the predecessor accountant does not respond to the successor accountant's inquiries or does not allow the successor accountant to review the predecessor accountant's documentation, the successor accountant should use alternative procedures to obtain knowledge of the matters discussed in [that] paragraph.” Given the number of affected entities described in the Order, it is unclear whether Borgers will reply to successor auditor inquiries and how timely the responses will be. Thus, auditors considering accepting these engagements will need to be prepared to perform alternate procedures to address the possible gaps during the acceptance process. In summary, even though the facts and circumstances described in this SEC Order are unique, successor auditors are still required to perform the PCAOB standards’ requirements as described above.

Johnson Global Advisory (“JGA”) is proud to participate in the world-wide Learning at Work Week May 13th-19th. This annual event supports building learning cultures in workplaces. It aims to put a spotlight on the importance and benefits of continual learning and development. JGA actively supports “learning power” (the theme for this year Learning at Work Week) for our external clients and we’ve been working on some exciting opportunities to learn internally through growing, engaging and connecting opportunities as a team as well. Johnson Global is committed to amplifying quality in the profession. For more information about our training services click here.

Updated 5.13.2024 On May 13, 2024 the PCAOB held an Open Board Meeting - PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control . The PCAOB considered adopting a new auditing standard – AS 1000, General Responsibilities of the Auditor in Conducting an Audit as well as QC 1000, A Firm’s System of Quality Control. JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here .  PCAOB Updates PCAOB Solidifies Foundation of Every Audit With Adoption of New Standard on General Responsibilities of the Auditor PCAOB Adopts New Quality Control Standard With a Risk-Based Approach Designed to Drive Continuous Improvement in Audit Quality

PCAOB Publishes Spotlight Related to Root Cause Analysis In April 2024, the PCAOB released a Spotlight Root Cause Analysis – An Effective Practice to Drive Audit Quality which continues the Board’s goal of sharing its observations from its inspection and remediation activities, but this time related to Root Cause Analysis (RCA). RCA should not be a new concept to audit firms. In 2020, we published RCA: Seems like EVERYBODY is talking about Root Cause Analysis , where we shared the importance of performing an effective RCA to be able to understand what are the underlying causes of deficiencies which occur at your firm. We wanted to highlight a few important aspects coming through in this April 2024 Spotlight. The Spotlight rightly stated that RCA should be a multifaceted approach . There are a number of different tools, techniques, processes, and philosophies that firms can undertake to perform a RCA. In addition, there may not always only be one factor that is causing a deficiency – it could be a variety of factors such as lack of technical competence, failure of resource allocation at firm level, etc. The Spotlight also identified characteristics of a well-designed RCA process , which are important to highlight as follows: Have a dedicated team with RCA experience perform the RCA as they are more objective and have the requisite background. In helping our clients with RCA, we find by bringing in our objectivity, our PCAOB standards experience coupled with our RCA experience, engagement teams are more willing to be open and honest with their opinions of where they see potential root causes that resulted in deficiencies. Firms use a variety of methods and techniques to gather data which include review of workpapers, interviews with engagement teams immediately after the deficiencies are identified, and review of engagement metrics. All this information combined paints an informative picture of what caused the deficiencies. Firms should not only focus on looking at engagements that had negative quality outcomes, but also focus on looking at engagements which had positive outcomes arising from inspections or the firm’s internal monitoring. By identifying what worked well with some engagement teams, firms can then use that information to drive change with other engagement teams. Lastly, firms should be aware that the task of identifying root causes and implementing a new action to remediate this deficiency does not mean that the job is done. Firms should monitor these remedial actions to determine whether the actions that they undertook are in fact solving the problem. In conclusion, there is no time like the present to strengthen your RCA process . Remediating deficiencies (by providing training, developing new tools and templates, changing processes, etc.) is a time consuming and costly undertaking…you want to make sure that the action you are investing in, is actually going to remedy the problem. In addition, the PCAOB’s standard setting agenda includes a proposal for the new quality control standard that, if adopted, would require firms to perform RCA of its control deficiencies. Our recommendation is to start implementing your RCA process now so that you can refine and modify your RCA process.

Johnson Global is proud to sponsor My Sister's Place (MSP) 45th Anniversary Celebration on May 15, 2024 in Washington, D.C. MSP has been providing services to the D . C . community to empower survivors of domestic violence and their children, while fostering leadership and education to build a supportive community. MSP's experienced team provides training, case consultation, and advocacy to engage communities to prevent violence and abuse. Click here for more details.