Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.
As we wrap up an incredible year, we’re showcasing the insights that sparked the most conversations and drove the most impact. Here are the Top 10 Actionable Insights from 2025: Use of Other Auditors: Managing Risk and the New PCAOB Standard ISQM 1, SQMS 1: Influencing the Firm on the Benefits Beyond Compliance (Part II) Case Study – Example Successor Auditor Considerations QC 1000 Implementation: Key Themes and Guidance from the PCAOB Workshop Clearing the Roadblocks: Auditing Estimates with Confidence in Small Firms Enhancing Auditor Independence: Key Themes from PCAOB Recent Spotlight The Never-Ending Story: How to Remediate Recurring EQR Findings – Part Deux Cryptic Audits of Crypto Assets: Auditing Digital Assets Innovative Solutions for QC 1000, SQMS 1, & ISQM 1: Quality Management tools in the Marketplace Enhancing Audit Evidence: PCAOB Expectations and What We Are Seeing in Practice
As companies increasingly rely on cloud platforms, external data providers, and integrated third-party systems, the boundary between “internal” and “external” information has blurred. Audit evidence today may originate outside the company, but often arrives through the company, transformed, mapped, merged, or embedded within systems before it reaches the auditor. In response to this evolving landscape, the PCAOB amended AS 1105, Audit Evidence, effective for audits of fiscal years beginning on or after December 15, 2025. Central to these amendments is AS 1105.10A, which introduces a principle-based, risk-scalable framework for evaluating the reliability of electronic information provided by the company. At JGA, we view this development as a natural response to the data ecosystems shaping today’s financial reporting. We also see it rapidly becoming a recurring area of focus by global audit regulators, particularly when the information supports significant risks, revenue, fraud procedures, or management estimates. This article summarizes key themes from the PCAOB’s Board Policy Statement on Evaluating External Electronic Information (issued September 2025) paired with practical observations from JGA’s inspection support and methodology enhancement work with firms across the profession. Why External Electronic Information is a Growing Focus Area Across industries, external platforms now drive core financial and operational processes: payment processors, logistics platforms, third-party fulfillment solutions, subscription systems, industry data services, and more. Although such information originates from outside the company, it is often: Received, stored, or routed through company systems Transformed within spreadsheets or EUCs Merged with internally generated data Exported in formats that allow modification Provided to auditors without a traceable chain to the original source. Our direct experience working with our clients shows that PCAOB inspection teams consistently emphasize that external does not inherently mean reliable. The auditor must understand how the information was obtained, how it was handled, and whether there was a reasonable possibility that it could have been modified before reaching the auditor. Understanding AS 1105.10A The Board Policy Statement highlights two foundational expectations: 1. Auditors should understand the source and flow of the information. Inspection teams frequently question whether the engagement team understood: The true originating source of the data How the company received it (e.g., automated feed vs. manual upload) Whether the information is editable or configurable Whether it passed through multiple systems or spreadsheets How it is used in controls, substantive testing, or significant estimates In JGA’s experience, inspection findings often arise from situations where teams relied on a “system-generated” or “externally sourced” report without fully understanding where it came from or whether it could have been changed. 2. Auditors should address the risk of modification. The standard allows for two broad approaches, testing the information itself or relying on controls, depending on the assessed risk. The standard is intentionally flexible, but this flexibility requires well-supported judgments, especially for information affecting significant accounts or fraud risks. The PCAOB also acknowledged scenarios where separate testing may not be required (e.g., direct-to-auditor feeds or read-only API transfers) but emphasized that this exception applies only when the risk of modification is no more than remote. What We Observe in PCAOB Inspections Through JGA’s transformation activities with firms, we continue to see consistent challenges in the following areas: Reliance on information provided by the company without evaluating whether transformed, filtered, or merged with other data sets. Use of external or industry data in analytics without understanding the methods, assumptions, or relevance to the issuer. External information embedded in significant estimates or complex models without evaluating management’s process for compiling that information. System-generated or external journal entry listings used in fraud procedures without establishing completeness and reliability. In each of these situations, inspection teams focus on whether engagement teams understood how the information was obtained, how it was processed, and whether there was a reasonable possibility of modification before it reached the auditor. Emerging PCAOB Expectations Although the standard is principles-based, several expectations are now appearing consistently in inspections: Reliability cannot be presumed, external information must be evaluated just like any other audit evidence. Understanding the company’s process for receiving and handling external information is foundational. Judgments about whether separate testing is required must be risk-responsive and well-supported. Documentation should clearly articulate the source of the information, the company’s process, and the basis for concluding the information was reliable. These expectations are shaping how firms need to think about IPE testing, data flows, and the role of technology within the audit. Areas Where Firms Often Seek Assistance Across our methodology enhancement and inspection support work, firms consistently ask for help in: Identifying when information is “external electronic information provided by the company”. Determining whether reliance on management’s process is appropriate. Navigating situations where data passes through multiple systems or spreadsheets. Evaluating third-party or industry data used in analytics. Assessing effects on significant risks, especially revenue and fraud. Aligning documentation practices with PCAOB expectations. Many firms have strong processes for testing IPE, but other nuances of the standards require an additional layer of consideration that is still evolving in practice. Looking Ahead As companies build increasingly automated and interconnected systems, auditors must deepen their understanding of those environments to obtain sufficient appropriate evidence. Firms that proactively adapt their methodologies and train engagement teams will be better positioned for both compliance and audit quality. At JGA , we help firms interpret emerging regulatory requirements, strengthen methodologies, and enhance the use of technology and data in the audit. Ultimately, ensure compliance and consistency get to our ultimate goal of helping firms grow and scale responsibly. To learn how we can help your firm navigate these expectations and #AmplifyQuality, visit www.johnson-global.com, or contact a member of your JGA client service team.
WASHINGTON, D.C. Johnson Global Advisory (JGA) is pleased to announce Boyd O’Rourke as a Managing Director, focused on helping audit firms meet their strategic objectives with audit quality in mind. With 30 years of experience in public accounting, Boyd has deep experience in firm management, strategy, risk management, and quality control. Boyd’s skillset complements JGA’s core services by adding new firm strategy and risk management service offerings. “ I have a passion for building high-functioning groups inside accounting firms,” said Boyd. “With private equity firmly in the accounting firm space, service line growth, acquisitions, and consolidation are happening at record speed. JGA’s goal is to help firms manage this growth while limiting exposure to regulatory and business risks. I am excited to advise firms navigating this most-critical period of their journey. ” Most recently, Boyd held multiple senior roles at CBIZ CPAs (formerly Mayer Hoffman McCann P.C.), including Executive Committee Member, National Practice Leader, Chief Risk and Quality Officer, National Director of Quality Control, Mid-west Regional Attest Practice Leader, and National Training Director. “ By most measures, Johnson Global Advisory is a small consulting firm—but over the past eight years, our impact on individual firms and the global profession as a whole has been vastly disproportionate to our size,” said Jackson Johnson, President and Founding Shareholder, JGA. “That is only possible because every professional that joins the JGA team brings deep senior-level experience, technical expertise, and a genuine ability to connect with our clients around the world. I am especially grateful that Boyd O’Rourke has chosen JGA as the platform to share his leadership and expertise to help firms grow and scale. Having known Boyd for several years, I’ve seen firsthand his commitment and executive approach to solving complex problems affecting public accounting firms. His decision to join us is a testament to the unique opportunities JGA offers—and to our shared mission of making a meaningful difference for our clients and the industry .” Boyd is based in the Kansas City area and received his Bachelor of Business Administration in Accounting from the University of Iowa. To learn more about Boyd and the full JGA team, read here . At Johnson Global Advisory , we support firms in selecting, implementing, and optimizing solutions and tools to meet their unique needs. For more insights, visit our blog or contact us to learn how we can help your firm AmplifyQuality®.
