If you feel like you’ve read this story before, you’re not alone. For the third year in a row, the PCAOB’s annual report on broker-dealer audits paints a familiar picture: high deficiency rates, recurring issues in revenue testing, and quality control systems that continue to fall short. The 2024 report marks more than a decade of inspections under the interim program - and yet, many of the same red flags remain. At JGA , we’ve tracked and provided our insights on these annual reports closely for the last several years¹. While we always take the PCAOB’s findings seriously, we also know that behind every statistic is a firm doing its best to navigate complex standards, resource constraints, and evolving expectations. That’s why Jackson Johnson , JGA President & Founding Shareholder, sat down with Tanieke Samuel , JGA Director, to unpack this year’s latest BD report - not just to highlight some noteworthy findings, but to translate them into practical guidance for firms working hard to get it right. Revenue Testing: A Familiar Story with New Implications Jackson Johnson (JJ) : The PCAOB flagged revenue testing as a recurring issue again this year - 48% of audits had deficiencies in this area. That’s consistent with 2023, but still a big jump from 34% in 2022. And the deficiencies weren’t limited to one revenue stream - they spanned commissions, advisory fees, 12b-1 fees, and more. Why do you think this continues to be such a challenge? Tanieke Samuel (TS) : ASC 606 isn’t new. The PCAOB isn’t moving the goalposts. What we’re seeing is that firms are still struggling to test revenue accurately - across all sources. In many cases, they’re not getting a solid understanding of how revenue is generated, and that’s where the breakdown starts. Whether it’s commissions, trailing fees, or advisory income, you have to understand the components and tailor your testing accordingly. And don’t overlook presentation and disclosure - if you’re lumping everything under ‘commissions’ without disaggregating or explaining the sources, that’s a red flag. Audit Committee Communications: A Missed Opportunity JJ : One of the more surprising findings this year was the uptick in deficiencies related to audit committee communications. The PCAOB cited failures to communicate the overall audit strategy, use of specialists, significant risks like related parties, and even uncorrected misstatements. These seem like foundational elements. What’s going wrong? TS : These aren’t gray areas. The standards are clear. But I think some firms are treating these communications as a formality - just rolling forward last year’s template. That’s risky. Audit committee communications should be a strategic touchpoint. You need to clearly explain your audit strategy, surface the right risks, and give the committee what they need to fulfill their oversight role. If you’re using specialists or identifying related party risks, those need to be part of the conversation - not an afterthought. JJ : This reminds me of recent Actionable Insights we issued earlier this year , where we encouraged firms to move beyond the standard AS 1301 checklist and use the PCAOB’s Spotlight as a conversation starter. Audit committees want more than compliance - they want clarity, prioritization, and meaningful dialogue. When firms treat these communications as a strategic opportunity, they not only meet the standard - they build trust and demonstrate value. Agree? TS : Absolutely. I’ve seen audit committees respond really well when firms take the time to prepare thoughtfully - bringing key issues to the forefront, previewing the discussion in advance, and even holding deep dives on emerging topics. It’s not just about what you say - it’s about how you engage. That’s what makes the difference. Journal Entry Testing: Still a Blind Spot JJ : Journal entry testing continues to be a pain point. The PCAOB noted that firms often fail to test the completeness of the population or apply meaningful fraud risk criteria. In some cases, teams just scan the listing and move on. Why is this still happening? TS : Some firms think that because they’ve tested certain entries substantively elsewhere, they don’t need to do more. But that misses the point of journal entry testing as a fraud detection tool. You have to start by asking: What fraud risks are relevant to this client? Then design your testing around those risks. Don’t just look for a keyword - think about what would actually raise a red flag in this environment. And document your rationale. That’s what separates a thoughtful procedure from a perfunctory one. JJ : Are you seeing this as a broker-dealer-specific issue, or is it just as prevalent in issuer audits? TS : It’s definitely broader. JJ : Across issuers and BD inspections, we’ve seen comment forms where teams selected journal entries based on high-dollar thresholds or year-end timing but didn’t tie those selections back to the fraud risk discussion. In one case, the team documented their criteria but didn’t evaluate whether the entries actually addressed the override risk they had identified. In another, the team selected entries from a non-representative population and didn’t test completeness. What specifically in BD-only firms are you seeing? TS : In BD-only firms, especially smaller ones, the journal entry population might be smaller, which can give a false sense of simplicity. That can lead to shortcuts - like scanning instead of testing. In issuer audits, the volume and complexity might be higher, but the same root issue shows up: teams not linking their procedures back to the fraud risk assessment. Whether it’s a BD or an issuer, the key is to critically evaluate your criteria and make sure your testing is responsive to the risks you’ve identified. QC 1000: Turning Insight Into Action JJ : With QC 1000 going into effect at the end of the year, firms have a real opportunity to use the PCAOB’s findings as a risk assessment tool. But it’s not just about checking a compliance box - it’s about using these findings to inform a more thoughtful, iterative approach to quality. For example, we’ve emphasized the importance of root cause analysis (RCA) as a foundation for risk assessment. TS : Exactly. I emphasize to clients that RCA helps firms move beyond surface-level fixes and identify systemic issues that may be contributing to recurring deficiencies. When firms use PCAOB findings as inputs into their RCA process, they’re not just reacting - they’re proactively identifying where their system might be vulnerable. RCA helps connect the dots between what went wrong and why it happened, which is essential for designing controls that actually work. It’s not just about fixing the symptom - it’s about addressing the underlying condition. JJ : As firms read this report and try to make sense of how to incorporate it into their QC 1000 implementation, how should they approach this? TS : I would say incorporating the observations from this report and reflecting the applicability to your own practice is the concept of continuous improvement. This is a foundational concept of QC 1000. Implementation is about more than policies - it’s about culture . It’s about how you learn from what’s happening in the field and apply it to how you manage risk across the firm. When risk assessment becomes a living process - not a one-time exercise - firms are better positioned to adapt, improve, and ultimately deliver higher-quality audits. That’s the mindset shift we’re encouraging. ¹See our Actionable Insights on the PCAOB’s annual broker-dealer inspection reports from each year by entering “broker-dealer” on the search bar of the JGA Advisor page on our website. At Johnson Global Advisory, we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. For more information, reach out to your JGA audit quality expert .