The PCAOB and China: What’s Happened Since the HFCAA Became Law

Since the signing of the Holding Foreign Companies Accountable Act (“HFCAA” or “Act”) into law in December 2020, the Public Company Accounting Oversight Board (“PCAOB”), the accounting firms registered with the PCAOB that are headquartered in mainland China and Hong Kong (collectively, “China”), and their US-listed company clients have been very active. 


Over the past three years we have seen – 

  1. US-listed companies based in China change auditors to accounting firms in PCAOB-accessible jurisdictions;
  2. A game-changing agreement between China authorities and the PCAOB enabling unobstructed access to inspect and investigate China-based auditors registered with the PCAOB;
  3. The completion and publication of the PCAOB’s first full inspections of two China-based accounting firms; and 
  4. The first enforcement actions of China-based firms as a result of using its full investigative authority.


We explore more about what has happened over the last three years, what China-based accounting firms may expect from the PCAOB in 2024, and the challenges they face. 


The HFCAA and the PCAOB’s Initial Determination it was unable to Inspect and Investigate China Auditors Fully

The HFCAA was enacted to address the limitations on the PCAOB’s ability to inspect and investigate PCAOB-registered public accounting firms headquartered in China because of positions taken by authorities in the People’s Republic of China (“PRC”).


According to the HFCAA, the PCAOB is required to determine whether it is “unable to inspect and investigate completely because of a position taken by an authority in the foreign jurisdiction” (e.g., China and Hong Kong). This determination is made by the PCAOB Board annually in accordance with the PCAOB’s rules1. If the PCAOB does not have complete access for inspections and investigations for two consecutive years, the SEC would be required to prohibit trading in the securities of issuers engaging those audit firms2


China-based US-Listed Companies Change Auditors

In December 2021, the PCAOB issued a report on its determination (the “Initial Determination”) that it was unable to inspect or investigate PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong because of positions taken by the PRC3


In March 2022, the SEC published a list of China-based US-listed companies that SEC staff identified were subject to possible trading prohibitions if the PRC did not permit the requisite access to the PCAOB, as required by the HFCAA. The SEC has continued to update the list on a rolling basis since March 2022, which now encompasses 174 companies (the SEC’s “Conclusive List”)4


The reaction by many China-based companies from the PCAOB’s Initial Determination and their appearance on the SEC’s Conclusive List was to change auditors in an apparent attempt to avoid the threat of having their stock delisted in the United States. After the Conclusive List was first published, 24 of those companies changed auditors, according to an article published by NikkeiAsia.5


Accounting firms in the US and Singapore were the primary beneficiaries of the fallout, according to the article6. Accounting firms that were and may continue to be beneficiaries of the reshuffle should carefully consider whether they have the scalability and quality controls in place to take on multiple audit clients over a short duration. Although the PCAOB’s settled enforcement action with Marcum LLP7 is an extreme example of what can go wrong when accepting too many clients at once, any firm that has taken on multiple China-based clients in short duration is at a heightened risk of a PCAOB inspection, investigation, and possible enforcement action.


PCAOB Obtains Access to Inspect and Investigate Completely

In August 2022, the PCAOB announced that it signed a Statement of Protocol with the China Securities Regulatory Commission and the Ministry of Finance of the People's Republic of China, marking the first step toward opening access for the PCAOB to inspect and investigate PCAOB registered public accounting firms headquartered in mainland China and Hong Kong completely8.  This was a game changer for the PCAOB and investors in US-listed companies with China-based auditors.


Inspection Results of the First Two Firms 

As a consequence of the Protocol, the PCAOB was successful in conducting its first two full inspections of China-based audit firms in 2022. In December 2022, the PCAOB vacated its Initial Determination because of the full access it experienced9 and the SEC followed suit by acknowledging that there are no issuers currently at risk of having their securities subject to a trading prohibition10


In May 2023, the PCAOB published the inspection reports of the two firms it inspected in 2022: KPMG Huazhen LLP (“KPMG Huazhen”) in mainland China and PricewaterhouseCoopers in Hong Kong (“PwC HK”). As the PCAOB suspected, there was a high rate of deficiencies, including part I.A deficiencies, which the PCAOB defines as having such significance that the PCAOB believed the firm, (i) at the time it issued its audit report(s), had not obtained sufficient appropriate audit evidence to support its opinion(s) on the issuer’s financial statements and/or ICFR or (ii) in audit(s) in which it was not the principal auditor, had not obtained sufficient appropriate audit evidence to fulfill the objectives of its role in the audit. 


According to the inspection reports – 

  • KPMG Huazhen11 was the principal auditor of 30 US-listed audit clients and participated in the audits of 77 other US-listed company audits. Of these, the PCAOB selected four audits for inspection, all of which were determined to have Part I.A deficiencies. 
  • PwC HK12 was the principal auditor of three US-listed audit clients and participated in the audits of 27 other US-listed company audits. Of these, the PCAOB selected four audits for inspection, three of which were determined to have Part I.A deficiencies.


Deficiencies were numerous and found in the financial statement areas of cash, revenue (and related accounts), inventory, other investments, goodwill and intangible assets, long-lived assets, and significant transactions, and involved departures from the following PCAOB rules and standards:

  1. Audit evidence (AS 1105)
  2. Audit documentation (AS 1215)
  3. Communications with audit committees (AS 1301)
  4. Auditing internal control over financial reporting (AS 2201)
  5. Responding to the risk of material misstatement (AS 2301)
  6. Substantive analytical procedures (AS 2305.16)
  7. Audit sampling (AS 2315)
  8. Consideration of fraud in a financial statement audit (AS 2401.61)
  9. Auditing accounting estimates (AS 2501)
  10. Auditor reporting on financial statements (AS 3101)
  11. Form AP - reporting of certain audit participants (Rule 3211) 


The PCAOB acknowledges that it is not unexpected to find numerous deficiencies in jurisdictions that are inspected for the first time and that the deficiencies identified by the PCAOB above are consistent with the types and number of findings the PCAOB has encountered in other first-time inspections around the world13. These deficiencies have not resulted in an enforcement action with these firms at this time. 


These two firms will almost assuredly be inspected again in 2024 or 2025.   


PCAOB Enforcement Activity

The PCAOB was also very active in sanctioning China-based accounting firms since it obtained access to fully investigate China-based accounting firms in the PRC. In 2023, the PCAOB published three settled enforcement actions with PCAOB registered firms based in China. Two of the cases involving PwC were the direct result of information learned in the inspections the PCAOB conducted in 2022 after securing complete inspection access, according to the PCAOB’s press release announcing the settlements14. The following summarizes the PCAOB’s findings and corresponding money penalties imposed (refer to the related Orders for other sanctions), according to the PCAOB’s Orders published on its website – 


  • PwC China and PwC HK violated the integrity and personnel management elements of the PCAOB quality control standards by failing to detect or prevent extensive, improper answer sharing on tests for mandatory internal training courses15. These firms agreed to collectively pay $7 million in money penalties to settle their cases.
  • Shandong Haoxin and four of its auditors falsified an audit report, failed to maintain independence from their issuer client, and improperly adopted the work of another accounting firm as their own. Interestingly, the US-listed company that was the audit client disclosed in the Order (Gridsum Holding Inc.) is not listed on the SEC’s Conclusive List. The firm agreed to pay $750,000 and the four auditors collectively agreed to pay $190,000 to settle the matter16


What to Expect in 2024

In a May 2023 news release by PCAOB Chair Erica Williams, she stated, “[t]he two firms we inspected in 2022 audited 40% of the total market share of U.S.-listed companies audited by Hong Kong and mainland China firms, and we are on track to hit 99% of the total market share by the end of this year.” 17 In addition, The 2024 PCAOB Budget includes the resources necessary to continue to drive inspection activities in support of the PCAOB’s mission to protect investors, “including inspecting the remaining firms registered in mainland China and Hong Kong under our mandate.”18 


These statements suggest the PCAOB continues to have unobstructed access to inspect and investigate PCAOB registered firms in China and Hong Kong. Accordingly, it is expected that – 


  1. The PCAOB will release the inspection reports of the accounting firms that comprise the remaining 56% of the 99% of the total market share of U.S.-listed companies audited by China accounting firms in or about May 2023, and we anticipate those reports to continue to reveal that firms based in China have a lot of work to do to improve audit quality. 
  2. Any remaining China-based accounting firms that have not been inspected—those making up the remaining 1% of the total market share—and follow-up inspections on those initially inspected are likely to occur this year, in 2024; and 
  3. The PCAOB’s Division of Enforcement and Investigations will likely have continued to receive referrals from the Inspection Division as a result of the 2023 inspections of China-based accounting firms, and there will be multiple enforcement actions in 2024 or later as a consequence. 


What Firms in HK and China Should Do Now

Prepare for initial inspection: An inspection is an examination of both the firm’s quality control policies and selected applicable client engagements. In essence, the inspection begins before the firm has even started an audit. An effective system of quality control provides the firm with reasonable assurance that its personnel comply with applicable professional standards and the firm’s standards of quality. In addition to reviewing the firm’s quality control documentation, the inspectors will review the audit work papers of the selected audits. Therefore, it is imperative that audit documentation be robust, easy to follow, provide a clear road map from planning and risk assessment to the conclusions reached, and is fully assembled in compliance with PCAOB standards. The achievement of these two objectives will go a long way toward making the firm’s initial inspection a smooth one.


Post-inspection: The next step for firms after their initial inspection is to perform a root-cause analysis and remediate. A sound remediation plan that includes (i) focused training (ii) enhancements to policies, procedures, and methodologies; (iii) the adoption of PCAOB-specific audit tools and templates; and (iv) the implementation of pre-issuance reviews on riskier audits and post-issuance reviews of completed audits are just a few of the things firms can do to prevent poor inspection results and avert a referral to enforcement.


Conclusion

In sum, every audit should be conducted with the highest level of quality and with the notion that your audit will be selected for a PCAOB inspection. The published inspection reports and enforcement actions of the China-based accounting firms should serve as a guide. Read them carefully and revisit the standards cited therein to understand precisely why the firms were criticized and how the standards should be applied. Make audit quality your top priority.


                                                                                                                                                                                                                                                                     


  1. PCAOB Rule 6100.
  2. This was originally three years in the HFCAA, it was reduced to two years with the singing of the Consolidated Appropriations Act, 2023.
  3. PCAOB Makes HFCAA Determinations Regarding Mainland China and Hong Kong.
  4. The list is located on the SEC’s website at SEC.gov Holding Foreign Companies Accountable Act.
  5. Chinese companies switch auditors to avoid U.S. delisting risk - Nikkei Asia, May 16, 2023.
  6. Id.
  7. See PCAOB press release: Imposing $3 Million Fine and Requiring First-Ever Changes to Supervisory Structure, PCAOB Sanctions Marcum LLP for Significant Quality Control Violations | PCAOB (pcaobus.org)
  8. PCAOB Signs Agreement with Chinese Authorities, Taking First Step Toward Complete Access for PCAOB to Select, Inspect and Investigate in China | PCAOB (pcaobus.org).
  9. FACT SHEET: PCAOB Secures Complete Access to Inspect, Investigate Chinese Firms for First Time in History | PCAOB (pcaobus.org)
  10. SEC.gov | Holding Foreign Companies Accountable Act
  11. 2022 - KPMG China - Inspection Report
  12. 2022 - PwC Hong Kong - Inspection Report
  13. PCAOB Secures Complete Access to Inspect, Investigate Chinese Firms for First Time in History | PCAOB (pcaobus.org)
  14. FACT SHEET: PCAOB Imposes Historic Sanctions on China-Based Audit Firms
  15. In the Matter of PricewaterhouseCoopers and In the Matter of PricewaterhouseCoopers Zhong Tian LLP
  16. In the Matter of Shandong Haoxin Certified Public Accountants Co., Ltd., et al
  17. PCAOB Releases 2022 Inspection Reports for Mainland China, Hong Kong Audit Firms | PCAOB (pcaobus.org)
  18. Chair Williams’ Statement Before the SEC Open Commission Meeting on the PCAOB’s Proposed 2024 Budget | PCAOB (pcaobus.org)

Joe Lynch, JGA Shareholder, to Provide Insights on Changes to Engagement Quality Review Requirements

By Jackson Johnson January 20, 2026
JGA is pleased to announce that Joe Lynch , JGA Shareholder, will be a featured guest on the upcoming AICPA & CIMA A&A Focus live webcast on February 4, 2026. Joe has been invited to join the program to provide insights on changes to engagement quality review requirements. This appearance offers a valuable opportunity for viewers to gain practical, real-time guidance on effective EQR practices—an increasingly critical component of audit quality and compliance under the evolving professional standards landscape. Click here for m ore information about the program and registration details. At Johnson Global Advisory, we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. For more information, please contact your JGA audit quality expert .

Quality Management in 2026: Considerations to Successfully Adapt to a Transforming Environment

By Boyd O'Rourke January 20, 2026
Introduction The accounting firm industry experienced a ground-breaking transaction in August of 2021 when TowerBrook acquired EisnerAmper, which marked the first private equity (“PE”) transaction of a large-scale accounting firm. This transaction was structured using an alternative practice structure (“APS”). Historically, licensing and independence rules have barred non-CPAs from owning accounting firms. Through an APS, a PE firm may invest in the non-attest entity with service lines such as tax advisory and consulting. The CPA partners retain control over the attest functions, which preserves regulatory compliance. While the APS model has been in existence since the 1990s, this August 2021 transaction brought new attention to this structure. What has followed is an extraordinary volume of deal activity. Per the CPA Trendlines (“CPAT”) Cornerstone report posted on November 18, 2025, CPAT has tracked over 115 PE-related transactions from 2020 to 2025, with over 80 transactions in 2025. While PE in the accounting firm space is no longer news, the pace and volume of transactions is certainly news-worthy. Impact of PE Investment The impact of PE investment on the accounting firm space is unprecedented. The APS has enabled PE to fuel billions of capital investment. PE-backed firms provide immediate payouts to partners at appealing valuations while providing access to capital to these firms for merger and acquisition growth, technology investments, and other priorities. Well-capitalized firms now have an improved ability to invest in technological capabilities, attract experienced talent to be more competitive for college graduates, and improve their market position. With new technologies, routine tasks are being automated such as data entry, tie-outs and controls testing, resulting in less time needed to perform certain audit procedures. What the regulators are saying At the AICPA December 2025 conference on Current SEC and PCAOB Developments, common topics were the presence of private equity in the accounting firm space and the opportunities and challenges that come with this investment. PCAOB Acting PCAOB Chair George Botic described that both transformative technologies (e.g., artificial intelligence or “AI”) and the continuing expansion of private equity investments in accounting firms are two developments that bring opportunities and challenges. Mr. Botic noted that while AI has enhanced risk assessment, reduced manual processes and made it possible to efficiently analyze entire populations of data (which can reduce the risk of missing irregularities or unusual patterns), that overreliance on AI may ultimately threaten auditors’ exercise of professional skepticism and judgment. As it relates to private equity, Mr. Botic noted that while these investments have the potential to enhance audit quality by increasing firm capacity and modernizing audit tools with advanced technologies, the presence of private equity presents a risk that firms shift incentives to prioritize profitability over audit quality. Mr. Botic stated, “Both AI and private equity investments in accounting firms carry the potential to truly reshape the profession. Yet these opportunities come with clear challenges to ensure that overreliance on AI and the pressures of private equity do not jeopardize audit quality.” SEC SEC Chair Atkins discussed in his remarks that he would like the PCAOB to modify its inspections process to place more reliance on the system of quality management and that inspection of certain engagements would inform the PCAOB if the firm’s system of quality management is effective. He also expressed a view that accountability for audit quality should move upward to firm leadership. How is a firm’s system of quality management (“SQM”) impacted? Today’s transforming environment has far-reaching impacts on a firm’s SQM. This publication will focus on risk assessment, governance and leadership, ethics and independence, resources, engagement performance, and monitoring and remediation. 

Year in Review: Here are the Top 10 Actionable Insights of 2025

By Jackson Johnson December 30, 2025
As we wrap up an incredible year, we’re showcasing the insights that sparked the most conversations and drove the most impact. Here are the Top 10 Actionable Insights from 2025: Use of Other Auditors: Managing Risk and the New PCAOB Standard ISQM 1, SQMS 1: Influencing the Firm on the Benefits Beyond Compliance (Part II) Case Study – Example Successor Auditor Considerations QC 1000 Implementation: Key Themes and Guidance from the PCAOB Workshop Clearing the Roadblocks: Auditing Estimates with Confidence in Small Firms Enhancing Auditor Independence: Key Themes from PCAOB Recent Spotlight The Never-Ending Story: How to Remediate Recurring EQR Findings – Part Deux Cryptic Audits of Crypto Assets: Auditing Digital Assets Innovative Solutions for QC 1000, SQMS 1, & ISQM 1: Quality Management tools in the Marketplace Enhancing Audit Evidence: PCAOB Expectations and What We Are Seeing in Practice

Enhancing Audit Evidence: PCAOB Expectations and What We Are Seeing in Practice

By Stephanie Mickens November 24, 2025
As companies increasingly rely on cloud platforms, external data providers, and integrated third-party systems, the boundary between “internal” and “external” information has blurred. Audit evidence today may originate outside the company, but often arrives through the company, transformed, mapped, merged, or embedded within systems before it reaches the auditor. In response to this evolving landscape, the PCAOB amended AS 1105, Audit Evidence, effective for audits of fiscal years beginning on or after December 15, 2025. Central to these amendments is AS 1105.10A, which introduces a principle-based, risk-scalable framework for evaluating the reliability of electronic information provided by the company. At JGA, we view this development as a natural response to the data ecosystems shaping today’s financial reporting. We also see it rapidly becoming a recurring area of focus by global audit regulators, particularly when the information supports significant risks, revenue, fraud procedures, or management estimates. This article summarizes key themes from the PCAOB’s Board Policy Statement on Evaluating External Electronic Information (issued September 2025) paired with practical observations from JGA’s inspection support and methodology enhancement work with firms across the profession. Why External Electronic Information is a Growing Focus Area Across industries, external platforms now drive core financial and operational processes: payment processors, logistics platforms, third-party fulfillment solutions, subscription systems, industry data services, and more. Although such information originates from outside the company, it is often: Received, stored, or routed through company systems Transformed within spreadsheets or EUCs Merged with internally generated data Exported in formats that allow modification Provided to auditors without a traceable chain to the original source. Our direct experience working with our clients shows that PCAOB inspection teams consistently emphasize that external does not inherently mean reliable. The auditor must understand how the information was obtained, how it was handled, and whether there was a reasonable possibility that it could have been modified before reaching the auditor. Understanding AS 1105.10A The Board Policy Statement highlights two foundational expectations: 1. Auditors should understand the source and flow of the information. Inspection teams frequently question whether the engagement team understood: The true originating source of the data How the company received it (e.g., automated feed vs. manual upload) Whether the information is editable or configurable Whether it passed through multiple systems or spreadsheets How it is used in controls, substantive testing, or significant estimates In JGA’s experience, inspection findings often arise from situations where teams relied on a “system-generated” or “externally sourced” report without fully understanding where it came from or whether it could have been changed. 2. Auditors should address the risk of modification. The standard allows for two broad approaches, testing the information itself or relying on controls, depending on the assessed risk. The standard is intentionally flexible, but this flexibility requires well-supported judgments, especially for information affecting significant accounts or fraud risks. The PCAOB also acknowledged scenarios where separate testing may not be required (e.g., direct-to-auditor feeds or read-only API transfers) but emphasized that this exception applies only when the risk of modification is no more than remote. What We Observe in PCAOB Inspections Through JGA’s transformation activities with firms, we continue to see consistent challenges in the following areas: Reliance on information provided by the company without evaluating whether transformed, filtered, or merged with other data sets. Use of external or industry data in analytics without understanding the methods, assumptions, or relevance to the issuer. External information embedded in significant estimates or complex models without evaluating management’s process for compiling that information. System-generated or external journal entry listings used in fraud procedures without establishing completeness and reliability. In each of these situations, inspection teams focus on whether engagement teams understood how the information was obtained, how it was processed, and whether there was a reasonable possibility of modification before it reached the auditor. Emerging PCAOB Expectations Although the standard is principles-based, several expectations are now appearing consistently in inspections: Reliability cannot be presumed, external information must be evaluated just like any other audit evidence. Understanding the company’s process for receiving and handling external information is foundational. Judgments about whether separate testing is required must be risk-responsive and well-supported. Documentation should clearly articulate the source of the information, the company’s process, and the basis for concluding the information was reliable. These expectations are shaping how firms need to think about IPE testing, data flows, and the role of technology within the audit. Areas Where Firms Often Seek Assistance Across our methodology enhancement and inspection support work, firms consistently ask for help in: Identifying when information is “external electronic information provided by the company”. Determining whether reliance on management’s process is appropriate. Navigating situations where data passes through multiple systems or spreadsheets. Evaluating third-party or industry data used in analytics. Assessing effects on significant risks, especially revenue and fraud. Aligning documentation practices with PCAOB expectations. Many firms have strong processes for testing IPE, but other nuances of the standards require an additional layer of consideration that is still evolving in practice. Looking Ahead As companies build increasingly automated and interconnected systems, auditors must deepen their understanding of those environments to obtain sufficient appropriate evidence. Firms that proactively adapt their methodologies and train engagement teams will be better positioned for both compliance and audit quality. At JGA , we help firms interpret emerging regulatory requirements, strengthen methodologies, and enhance the use of technology and data in the audit. Ultimately, ensure compliance and consistency get to our ultimate goal of helping firms grow and scale responsibly. To learn how we can help your firm navigate these expectations and #AmplifyQuality, visit www.johnson-global.com, or contact a member of your JGA client service team.

JGA Welcomes Boyd O’Rourke as Managing Director

By Jackson Johnson November 6, 2025
WASHINGTON, D.C. Johnson Global Advisory (JGA) is pleased to announce Boyd O’Rourke as a Managing Director, focused on helping audit firms meet their strategic objectives with audit quality in mind. With 30 years of experience in public accounting, Boyd has deep experience in firm management, strategy, risk management, and quality control. Boyd’s skillset complements JGA’s core services by adding new firm strategy and risk management service offerings. “ I have a passion for building high-functioning groups inside accounting firms,” said Boyd. “With private equity firmly in the accounting firm space, service line growth, acquisitions, and consolidation are happening at record speed. JGA’s goal is to help firms manage this growth while limiting exposure to regulatory and business risks. I am excited to advise firms navigating this most-critical period of their journey. ” Most recently, Boyd held multiple senior roles at CBIZ CPAs (formerly Mayer Hoffman McCann P.C.), including Executive Committee Member, National Practice Leader, Chief Risk and Quality Officer, National Director of Quality Control, Mid-west Regional Attest Practice Leader, and National Training Director. “ By most measures, Johnson Global Advisory is a small consulting firm—but over the past eight years, our impact on individual firms and the global profession as a whole has been vastly disproportionate to our size,” said Jackson Johnson, President and Founding Shareholder, JGA. “That is only possible because every professional that joins the JGA team brings deep senior-level experience, technical expertise, and a genuine ability to connect with our clients around the world. I am especially grateful that Boyd O’Rourke has chosen JGA as the platform to share his leadership and expertise to help firms grow and scale. Having known Boyd for several years, I’ve seen firsthand his commitment and executive approach to solving complex problems affecting public accounting firms. His decision to join us is a testament to the unique opportunities JGA offers—and to our shared mission of making a meaningful difference for our clients and the industry .” Boyd is based in the Kansas City area and received his Bachelor of Business Administration in Accounting from the University of Iowa. To learn more about Boyd and the full JGA team, read here . At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing solutions and tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®.

The Never-Ending Story: How to Remediate Recurring EQR Findings – Part Deux

By Geoff Dingle October 28, 2025
In September 2022, we wrote an article discussing the struggle that firms were experiencing at that time in remediating Quality Control (QC) criticisms as it relates to their Engagement Quality Review (EQR) process. This struggle seemingly continues today, as, so far in 2025, the PCAOB has publicly re-released previously issued inspection reports for 32 registered firms, and in 19 of those reports, EQR was a QC criticism that was released to the public as these firms had failed to satisfactorily remediate their EQR QC criticism¹. This means that firms continue to struggle to identify and effectively implement remedial actions to the satisfaction of the PCAOB that demonstrate that they have successfully remediated their non-compliance with AS 1220, Engagement Quality Review . So why are firms still failing to remediate this QC criticism? As we stated previously, having worked with engagement teams and looking at the nuanced and sometimes detailed nature of some of the PCAOB Part I findings, attributing the audit issue to a deficient EQR review can sometimes feel like the regulator is being overly exigent. In fact, in its adopting release to the EQR standard , the Board stated that it “…has been sensitive to commenters' concerns and agrees that the EQR should not become, in effect, a second audit.” This is a difficult concept for EQRs to balance though, as engagement teams often ask us, “As EQR am I required to review every test of design and operating effectiveness for internal controls related to every significant risk? Which substantive workpapers in significant risk audit areas should I review and to what level of detail?” Though not explicitly required in AS 1220, implicitly by the very nature of the EQR attribution, the PCAOB is inherently creating an expectation of a detailed EQR review. After all, AS 1220.09 does require the EQR to “review documentation.” When the PCAOB evaluates a firm’s Rule 4009 remediation response, they pay particular attention to recurring deficiencies. If the same deficiency is long-standing or occurs in subsequent reports, remediation efforts undertaken must be incremental in each remediation submission so as to address the recurring deficiency. Said otherwise, a firm cannot deliver the same training year after year and expect it to drive change; it must change its approach to remediate the recurring deficiencies. We have numerous clients telling us that this is the second or third inspection report that includes an EQR QC criticism. They often ask us, “This time, what can we do that is incremental that we haven’t already done?” Remediation Considerations The new quality control standards (QC 1000, ISQM 1 and SQMS1) require firms to perform root cause analyses for audit deficiencies. In doing so, firms should identify the real root cause behind why EQRs are failing to identify audit deficiencies and then design specific remedial actions to address these root causes. So, remedial action should be in response to the actual root cause of the EQR deficiency – i.e., what is the ultimate root cause of EQR’s not identifying the Part I deficiencies at the time of their review? The following are typical actions that we see firms undertake: a. Training as an Action For many firms, they start out the remedial process by providing training to audit professionals that specifically address the requirements of AS 1220. Some firms attempt this by sourcing online training from the marketplace. If this is the first time your firm has received a Part II EQR criticism, then this action might be effective. However, training designed to remediate quality control deficiencies must be specific to the facts and circumstances of your issue(s). Oftentimes though, when the EQR criticism is long-standing or repetitive, training alone is not sufficient. Key takeaway : Consider developing more robust training that specifically addresses nuances of firm findings and walk through examples of EQR reviews. b. EQR Sign-off Checklist as an Action Another common remedial action is for firms to make enhancements to their methodology, including their EQR sign-off checklist . Most firms subscribe to audit software programs already which have a basic EQR checklist that calls out the requirements under AS 1220. Modification to the EQR checklist and/or creation of addendums that specifically focus on the issues or concerns can be a meaningful improvement and can add rigor to the review process. Key takeaway : Firms should determine whether they need to modify their EQR sign-off checklist and/or create addendums to include specific bullets and questions addressing firm audit deficiencies, specifically calling it out to the EQR’s attention. c. EQR mentoring/coaching program as an Action Many firms have already implemented the previous two actions, and they may continue to see deficiencies in the QC criticism. The PCAOB is expecting firms to do more to ensure quality audits. As we have worked with firms on remediation, we recommend firms consider an EQR mentoring/coaching program . When designed and implemented properly – and timely – we believe this action to be important to a successful remediation of QC deficiencies around the EQR function. Key takeaway : Consider designing and implementing an EQR coaching or mentoring program, paying close attention to key elements important for effective remediation criteria. Other Considerations Given that global audit regulators have raised the bar in expectations on recurring findings – specifically on the EQR process – we cannot stress enough the importance of beginning the remediation process early . Engage the PCAOB in a dialogue immediately once your 12-month remediation period begins, to discuss the planned remedial actions and get feedback on the sufficiency of those actions. Pay particular attention to understanding what is considered timely implementation. Do not underestimate the amount of time it will take to fully implement remedial actions. Key takeaway : Engage the PCAOB early in the remediation process to seek feedback on the sufficiency of the remedial actions (perhaps even before the final report has been issued). EQR as last line of defense Another important point is that EQRs are essentially the last line of defense with regard to audit quality. Said differently, audit quality starts with the audit engagement team and the firm’s entire QC system (training, methodology, tools, etc.) that enables and supports audit engagement teams to perform quality audits. Firms must also consider the remedial actions that also address the PCAOB’s Part I audit deficiency(ies). The EQR QC criticism, while linked to its own standard, is really just the review of the audit work performed under all the other audit standards (e.g., AS 2501, AS 1301, etc.). It is a collective effort, and the EQR as well as the entire engagement team should be considered when remediating all QC criticisms identified in firm inspection reports. It may feel like a never-ending story and perhaps regulators are being overly rigorous, but the reality is this issue is not going away, so firms need to consider what incremental actions they can take to truly ensure EQRs perform quality reviews. At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®. ¹ Part I of a PCAOB inspection report contains audit deficiencies; this part is made public when the report is initially published. Part II contains the firm’s QC criticism(s); and this part is not initially released to the public. The firm has one year from the date the report is published to remediate the QC criticism(s). If the remediation is satisfactory to the Board, then Part II is kept private. However, if the firm fails to satisfactorily remediate the QC criticism, the QC criticism in Part II is then released to the public.

From Planning to Practice: 10 Steps to Build Your Firm’s Quality Management System

By Jackson Johnson September 30, 2025
With the effective date for SQMS 1 and QC 1000 fast approaching, firms of all sizes—especially small and sole practitioners—must take action to implement a system of quality management (SQM) that meets the new standards. The good news? You don’t have to start from scratch. Despite QC 1000’s implementation date deferral, the AICPA’s date hasn’t changed, and the international standards are already effective. It’s important to maintain momentum on the efforts toward implementation of all applicable standards for your firm. This article outlines 10 practical steps to help firms build their SQM. Each step includes actionable guidance and considerations for firms with limited resources, and ties into JGA’s broader thought leadership on quality management, risk assessment, and system evaluation. The 10 Steps to Build Your SQM Step 1: Establish a Project Team Form a team with the right mix of quality expertise and operational insight. For small firms, this may mean involving a manager who can grow into a leadership role or setting aside dedicated time as a sole practitioner. Recommended actions to consider: Identify internal champions with interest or experience in quality. Schedule recurring project meetings to maintain momentum. Join a peer group for support and shared learning. Step 2: Understanding and Awareness Document your firm’s business strategy, service offerings, and operational conditions. This step helps identify factors that may impact quality—such as remote work, new industries, or staff turnover. Recommended actions to consider: Conduct a strategy review with firm leadership. List recent changes in firm structure or engagement types. Use these insights to inform your risk assessment. Step 3: Assign Responsibilities Define who is accountable for the SQM. The new standards require clear delineation of ultimate and operational responsibility, including oversight of independence and monitoring. Recommended actions to consider: Assign roles based on existing responsibilities. Clarify delegation boundaries for managing partners. Document responsibilities in your quality manual. Step 4: Establish a Risk Assessment Function Design a process to identify and assess quality risks. This includes understanding conditions or events that could impact quality objectives. Recommended actions to consider: Create a risk assessment policy tailored to your firm. Use relatable examples to demystify risk factors. Leverage AICPA practice aids for structure and templates. Step 5: Perform the Initial Risk Assessment Conduct brainstorming sessions by component and document risks using the AICPA Risk Assessment Template. Include both formal and informal responses. Recommended actions to consider: Use the AICPA risk library to identify common risks. Tailor risks to your firm’s size and services. Include existing responses—even if informal—for evaluation. Step 6: Finalize the Gap Analysis Evaluate where your current responses fall short. This may include undocumented policies or areas where responses don’t fully address the risk. Recommended actions to consider: Identify gaps in governance, ethics, and technology. Determine which informal practices need formalization. Prioritize gaps based on risk severity and regulatory impact. Step 7: Implement Responses to Address the Gaps Develop policies and procedures to close gaps. Responses must be documented and operational. Recommended actions to consider: Draft policies that reflect your firm’s values and risks. Link procedures to specific quality objectives. Use existing documentation as a starting point. Step 8: Update Your Monitoring Process Move beyond peer review prep—monitoring should be continuous and system-wide. Recommended actions to consider: Assign monitoring responsibilities across the team. Incorporate testing of responses into internal inspections. Use dashboards or checklists to track progress. Step 9: Formalize Root Cause and Remediation Procedures Investigate deficiencies and document why they occurred. This step is essential for both system and engagement-level reviews. Recommended actions to consider: Conduct interviews to understand root causes. Use findings to improve policies and training. Apply remediation even if your firm only undergoes engagement reviews. Step 10: Initial Test of Design and Implementation Review documentation and walk through processes to ensure your system is operational and testable. Recommended actions to consider: Validate that each component is supported by evidence. Simulate a peer review to test your system. Confirm that objectives, risks, and responses align. Conclusion Implementing a system of quality management is not just a compliance exercise—it’s an opportunity to strengthen your firm’s foundation for audit quality, risk management, and long-term success. Whether you’re a sole practitioner or a small firm with a few partners, these 10 steps offer a scalable roadmap to meet the new standards. Ready to get started or need help refining your approach? Contact your JGA audit expert today to schedule a consultation and ensure your implementation is tailored to your firm’s needs. At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing these tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®.

Clearing the Roadblocks: Auditing Estimates with Confidence in Small Firms

By Jackson Johnson September 30, 2025
Introduction Auditing accounting estimates has long been one of the most judgment-intensive and inspection-prone areas of the audit. For smaller firms, the challenge is even greater due to limited resources and evolving regulatory expectations. At JGA , we’ve worked closely with firms navigating these complexities and have identified three critical areas where auditors can strengthen their approach and reduce risk. What’s Recurring and What’s New: Insights from PCAOB’s Latest Audit Focus The PCAOB’s recent Audit Focus¹ underscores persistent deficiencies in how auditors evaluate accounting estimates. Common issues include failure to identify significant assumptions, reliance on inquiry or simple recalculations, and inadequate testing beyond vouching to internal or external data. These recurring gaps continue to surface in inspections of smaller firms. What’s new is a sharper emphasis on critical accounting estimates—those with high uncertainty and material impact. Auditors are now expected to understand how management analyzes the sensitivity of assumptions to other likely outcomes and to incorporate that understanding into their evaluation of bias and reasonableness. Additionally, the PCAOB highlights good practices such as updating internal guidance, enhancing EQR partner reviews, and aligning audit programs with the standards. Key Takeaways and Our Recommended Action Items 1. Evaluate the Reasonableness of Significant Assumptions What the PCAOB said: The PCAOB continues to observe recurring deficiencies in how auditors evaluate significant assumptions used in accounting estimates. Common issues include failing to identify key assumptions, relying solely on inquiry or recalculations, and not assessing whether assumptions are consistent with external factors like market conditions or industry trends. Auditors are expected to evaluate assumptions both individually and in combination, and to consider management’s intent and ability to carry out specific actions when assumptions are forward-looking². JGA’s reaction: In our article “Like Making Concrete out of Jell-O”², we described the inherent difficulty of auditing estimates that are subjective, uncertain, and often based on future projections. We emphasized that auditors must go beyond surface-level validation and challenge management’s assumptions with rigor. In “An Update for Unprecedented Times”³, we noted that economic volatility has made assumption testing even more complex, requiring auditors to evaluate whether recurring assumptions still hold in today’s environment. JGA’s recommendation: Firms should implement structured assumption testing protocols that go beyond vouching. Use external data sources to validate assumptions and ensure that engagement teams document how each assumption was evaluated. Partner and EQR reviews should include a step to confirm that all significant assumptions were tested for reasonableness and consistency. 2. Develop Independent Expectations and Use Reliable Data What the PCAOB said: AS 2501 outlines three approaches to testing estimates, including developing an independent expectation. The PCAOB stresses that auditors must have a reasonable basis for their own assumptions and methods and must evaluate the relevance and reliability of third-party data. This is especially important when using unobservable inputs or when substituting auditor assumptions for those used by management². JGA’s reaction: We’ve consistently advocated independent modeling as a way to reduce bias and improve audit quality. In our earlier articles, we highlighted how auditors can use historical data, peer comparisons, and macroeconomic indicators to build independent expectations. In “An Update for Unprecedented Times”³, we emphasized that auditors must reassess models and assumptions that were previously considered reliable, especially in light of post-pandemic economic shifts. JGA’s recommendation: Firms should train engagement teams to build independent expectations using validated data sources. When using third-party data, document the evaluation of reliability per AS 1105. Consider integrating external audit methodology tools that support independent modeling and provide templates for documenting assumptions and methods. 3. Strengthen Audit Methodology and Engagement Oversight What the PCAOB said: The PCAOB highlights good practices from firms that have updated their internal guidance, audit programs, and review checklists. These updates include scoping exercises for identifying estimates subject to AS 2501, requiring EQR partners to review all significant inputs, and linking risk assessments to audit responses. These practices are especially important for smaller firms that may lack centralized oversight². JGA’s reaction: We’ve seen firsthand how firms that invest in methodology updates experience fewer inspection findings. In “Like Making Concrete out of Jell-O”², we discussed how subjective estimates—like goodwill impairments or startup valuations—require more than just technical compliance. In “An Update for Unprecedented Times”³, we noted that firms must adapt their methodologies to reflect new economic realities and ensure that recurring assumptions are still valid. JGA’s recommendation: Firms should revise their audit programs to include scoping for all types of estimates, not just those flagged as significant risks. Partner and EQR checklists should be updated to ensure comprehensive review of estimate testing. Risk assessment documentation should clearly link identified risks to specific audit responses, with traceable evidence. Conclusion Firms should assess their current audit programs and consider enhancements aligned with AS 2501. JGA offers tailored consultations to help firms implement best practices and prepare for inspections. Contact us today to schedule a review or download our latest audit quality resources. Auditing estimates doesn’t have to feel like “making concrete out of Jell-O.” With a disciplined approach to assumptions, independent analysis, and robust methodology, firms can deliver high-quality audits that stand up to regulatory scrutiny. JGA is here to help you lead with confidence. For more information, reach out to your JGA audit quality expert . Sources ¹PCAOB’s new publication Audit Focus- Auditing Accounting Estimates | PCAOB ²See our full article Auditing Estimates: Like Making Concrete out of Jell-O ³See our full article Auditing Estimates: An Update for Unprecedented Times

PCAOB Technology Innovation Alliance Working Group Report Focuses on Emerging Audit Technologies

By Jackson Johnson September 5, 2025
The PCAOB’s Technology Innovation Alliance (TIA) Working Group released a report on using AI, data analytics, and digital signatures to improve audit quality and investor protection. It recommends standardizing documentation, adopting responsible AI, and fostering innovation. Joe Lynch , JGA Managing Director, contributed insights as a stakeholder in the TIA roundtables and panels.

Timely Quality Management: Joe Lynch, JGA Managing Director, Insights Featured in Journal of Accountancy

By Jackson Johnson August 18, 2025
Learn how to build your firm’s quality management system on time with actionable insights from Joe Lynch , Managing Director at JGA, as featured in the Journal of Accountancy . This article outlines eight strategic steps to ensure effective and timely implementation of quality management practices for your business.