Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide.
In September 2024, the PCAOB released a spotlight on auditor independence, highlighting critical observations from inspections (the “Spotlight”). As we react to these findings at JGA, we emphasize the importance of understanding these key themes and translating them into actionable solutions for our clients. 1. Audit Committee Pre-Approval of Services A persistent issue remains regarding the pre-approval of audit and non-audit services by audit committees. Too often, we see audit teams commence work prior to the date necessary engagement letters signed by the audit committee. This practice not only undermines compliance but also risks auditor independence. Actionable Insight: To mitigate this risk, firms should ensure that no work begins until the audit committee has pre-approved the engagement. Implementing an all-inclusive engagement letter that details all services—including consent and comfort letters, as well as quarterly reviews —will streamline the process and enhance compliance. 2. Independence Representations and Compliance Testing The Spotlight indicates an increase in the issuance of comment forms related to independence representations, particularly concerning personal independence compliance testing. A notable concern is the cutoff risk for new hires; for instance, if an independence representation is conducted annually in June, a new hire added in September may not be confirmed as independent. Actionable Insight: Firms should adopt a more frequent compliance representation and testing schedule—ideally quarterly or semi-annually—and ensure that new hires are included in these independence confirmations. This practice can help maintain independence throughout the audit engagement. Another best practice is to obtain independence representation from each new hire prior to commencing any work. Sometimes, we observe engagement partners stumble to respond on how they ensure all team members are independent of the issuer. Some firms require documenting individual team members independence reaffirmations within the issuer audit file while other firms rely on firm wide independence reaffirmations. In latter case, JGA recommends engagement partners should document that they checked that i) each team members’ independence representations had no exceptions and properly filed in the firm wide repository and ii) restricted list include this issuer. 3. Monitoring Restricted Entity Lists The spotlight highlights that smaller firms often circulate their restricted entity lists annually, which can lead to cutoff risks with new clients. This underscores the importance of continuous updates to the restricted list. Actionable Insight: Firms should verify independence based on an updated restricted entity list at the time of any new client engagement. Regular updates and confirmations of independence for new clients are essential to mitigate risks. Also, best practice is to obtain independence representations for each prospective audit client during client acceptance procedures. This practice along with new hire practice mentioned above would substantially bridge the gap between periodic firm wide independence reconfirmation processes. 4. Independence Policies The Spotlight notes that many smaller firms lack detailed written policies for monitoring independence. This gap can lead to inconsistencies in compliance and potential independence violations. Actionable Insight: JGA recommends that all firms, especially smaller ones, develop comprehensive written policies that detail how they monitor independence. This should include procedures for individual engagement independence certifications, ensuring all engagement team members have signed off on the firm-wide independence representation. The policy should outline regular independence testing procedures, including the nature, timing, frequency, and scope of these tests. This should encompass self-assessments of investment portfolio reviews for all partners, as well as independent testing of these reviews by an external consultant or HR personnel, including a sample of other audit staff. Policy should also provide guidance to all personnel on what to do in case of self-identified independence violations. Sometimes in attempt to self-cure the violation personnel may unintentionally exacerbate the issue. So, emphasize on promptly reporting independence violations over trying to self-cure them is very important. 5. Indemnification Clauses Indemnification clauses were particularly noted in foreign firms’ engagements, which can complicate compliance with U.S. requirements. It is crucial for firms to avoid creating conflicting terms across different engagement letters. Actionable Insight: Firms should use separate engagement letter templates for public company audits that strictly adhere to U.S. requirements. If an audit involves local statutory purposes, maintaining the most restrictive requirements across all engagements for the same client is advisable to ensure compliance. We note that most of the time it is not practicable to separate number of hours spent on local statutory audit while doing PCAOB audit. So, we strongly advise to remove any language that may be construed as indemnification of auditor liability from all engagements with SEC issuer audit clients. 6. Inclusion of Contractors in Independence Monitoring The oversight of contractors in the audit process can lead to lapses in independence compliance. The Spotlight suggests that many firms may not fully account for these individuals. Actionable Insight: Firms must obtain annual independence representations from all contractors before they commence work. Such independence representations should cover all period the contractors perform their work. This proactive measure will help ensure that independence is maintained throughout the audit process. Conclusion This spotlight on auditor independence serves as a crucial reminder of the ongoing challenges and the need for vigilance in compliance. At JGA, we are committed to bridging the gap between regulatory expectations and practical solutions. By implementing these actionable insights, firms can enhance their quality control systems, ensure compliance with respective standards and rules, and ultimately foster greater investor confidence. For personalized guidance on how to address these issues in your practice, reach out to your JGA Audit Quality Expert, or contact: Jackson Johnson, CPA President & Founding Shareholder jjohnson@jgacpa.com Farkhod Ikramov, CPA Director fikramov@jgacpa.com
The SEC’s recent approval of PCAOB’s QC 1000 standard marks a significant shift for accounting firms. QC 1000 aims to enhance the quality control (QC) systems of registered firms, with scalability based on firm size and complexity. The response from the industry, including our team at JGA, highlights both the challenges and opportunities that this change will present. This Alert outlines JGA's reaction to QC 1000 and discusses what it means for our clients. JGA commented on the proposal; you can read our position on the proposal here . During the SEC Open Commission Meeting on September 9, 2024, several notable points were raised regarding QC 1000. JGA’s review of the meeting and our team’s subsequent discussions focused on key risks with this change, such as the implementation challenges and effort, but also noted some positives regarding the potential for improved audit quality and opportunities to improve processes and managements insights. Our Main Takeaways Implementation Challenges QC 1000 requires all registered firms to design a system for compliance, even if they do not perform audits of issuers or broker-dealers. This is a significant concern, as firms may need to design systems for hypothetical scenarios, leading to confusion and unnecessary costs. Around 60% of firms will need to design frameworks they may not use. The standard imposes a higher level of rigor compared to existing QC standards, and firms may face difficulties aligning their systems with the new prescriptive requirements. Hester Peirce, one of the SEC Commissioners, cited these challenges as reasons for her opposition, echoing concerns from many smaller firms. Considerations Regarding Effort The design-only requirement (without immediate operational implementation) introduces additional costs for firms, particularly in smaller firms or those that do not handle issuer audits. Paul Munter, SEC’s Chief Accountant, acknowledged that firms could face increased costs, particularly those related to additional personnel, training, and system design. Scalability and Continuous Improvement On the positive side, JGA sees QC 1000 as a framework that, while complex, offers scalability based on firm size. This presents an opportunity for firms to improve audit quality continuously, which is likely to enhance their standing in the marketplace. While some firms might not feel immediate benefits, especially those focusing on non-issuer audits, the overall emphasis on audit quality in capital markets aligns with the long-term interests of many firms. Confidentiality Concerns The content of the new QC forms required under QC 1000 may raise concerns about confidentiality. While some protections are in place, firms must remain cautious about the sensitivity of the information included in these forms. What This Means for Our Clients For our clients—primarily accounting firms that must adopt QC 1000—the implications are multifaceted. Increased Compliance Burden: Clients will need to overhaul or redesign their QC systems, which will incur both time and financial investments. The 60% of firms that Commissioner Peirce mentioned, which are only hypothetically impacted by the standard, must still dedicate resources to comply, even if their actual use of QC 1000 remains limited. Cost of Implementation: Smaller firms will likely face disproportionately high costs as they align their systems with QC 1000's rigorous requirements. JGA recommends that clients assess their current QC systems and consider phased approaches to implementation where feasible. Partnering with external consultants or firms with QC expertise may help mitigate some of these costs. Training and Education Needs: Significant training will be necessary to ensure that teams understand and comply with QC 1000’s requirements. JGA encourages clients to begin training key personnel now, particularly those involved in quality control and compliance, to ensure a smooth transition. Scalability and Competitive Advantage: For firms able to navigate the transition successfully, there is the potential for a competitive advantage in the market. The emphasis on continuous improvement in audit quality could position firms as leaders in audit services, attracting clients who prioritize regulatory compliance and high-quality audits. Future Regulatory Scrutiny: The new standard may invite closer scrutiny from regulatory bodies like the PCAOB, particularly as it relates to the design of QC systems. Firms should expect more frequent inspections, and the robustness of their QC systems may become a key focus. Client Communication: JGA advises that firms begin communicating with their clients about the upcoming changes and the steps they are taking to ensure compliance. Transparency in this process will help maintain trust and demonstrate proactive management of regulatory changes. Conclusion QC 1000 represents both a challenge and an opportunity for our clients in the accounting sector. While the increased costs and implementation challenges are concerning, the scalability and focus on audit quality could yield long-term benefits. JGA recommends that firms take a strategic, proactive approach to compliance, balancing the immediate burdens with the potential to improve service quality and client satisfaction. As the landscape evolves, we will continue to monitor developments and provide guidance to ensure our clients remain compliant and competitive in this changing regulatory environment. Please reach out to your JGA audit quality expert, or contact: Joe Lynch, CPA, CITP Managing Director & Shareholder jlynch@jgacpa.com Shanett Edwards-Morton, CPA Director sedwards-morton@jgacpa.com
On July 25, 2024, the PCAOB released the Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers (PCAOB Release No. 2024-009) which provides (i) information about its 2023 inspections approach, (ii) a summary of the 2023 inspections observations, (iii) a description of good practices that may be effective to address those scenarios; and (iv) reminders for firms of the requirements of certain PCAOB standards. The PCAOB observed higher deficiency rates in examination, review, and audit engagements, which it described as a cause for significant concern . The PCAOB report overall noted at least one deficiency was observed in 70% of the 103 audit engagements reviewed, which marked an increase from the 58% deficiency rate observed in 2022. As has been the trend we've seen over the last couple of years, when supporting clients going through inspection. We, at JGA, have seen the rigor of the inspection process increase, particularly in the areas of revenue, journal entry testing and increasingly, audit committee communications and independence-related matters. The PCAOB’s report outlined an increase in the deficiency rate that was primarily driven by the increase in the number of inspections performed of firms that have not been previously inspected and the increase in the deficiency rate in audit engagements observed at the largest audit firms reviewed. From our perspective, firms that have not been previously inspected are typically smaller practitioners and they may not be aware or prepared for the rigor of an inspection. The PCAOB identified an increase in the deficiency rate in examination engagements of compliance reports. Some deficiencies noted, among others, were around the lack of obtaining a sufficient understanding of the financial responsibility rules and planning the examination engagement by obtaining a sufficient understanding of broker-dealer processes. We have observed this statement expressed over the years and it is the root cause of many inspection findings. We have also seen this issue surface when providing in-flight reviews of audits for our clients. When we see this issue in our practice monitoring engagements, we encourage firms to provide their audit professionals with training around identifying, evaluating and testing relevant controls at their clients. The PCAOB report outlines that revenue deficiencies increased to 48% from 34% in 2022. As seen in previous years, as it relates to the audits of broker-dealer financial statements, the PCAOB noted the highest deficiency rate around firms’ responses to the risk of material misstatement for revenue. The PCAOB identified deficiencies around testing the accuracy of the amount of revenue recorded, including accuracy of inputs that determine revenue, across all revenue sources indicated in the annual report. Our clients have the most success in avoiding these issues by spending the time up front during the risk assessment process and performing detailed walkthroughs of the revenue cycle. The annual report also identified various other areas of deficiencies noted in the 2023 inspection cycle. One area to note is that for the first time, auditor independence was presented separately in the report and the PCAOB noted instances of deficiencies around non-compliance with PCAOB Rule 3526. This could be an indication of the increased focus by the PCAOB on independence-related matters. The PCAOB also observed an increase in deficiencies related to auditor communications with audit committees. Additionally, the report highlighted deficiencies identified around the monitoring of firms’ accounting and audit practice and indicated that some firms did not perform annual internal inspections. Through our work, we’ve noticed a direct correlation between inspection deficiency rates, and a loosely defined or poorly defined internal inspection program. As the expectations haven’t changed around this, we encourage firms to take a look at their internal inspection programs to ensure they specifically cover BD audits and have tailored procedures specific to the risks in a BD audit. Similar to previous reports, for certain areas, the PCAOB has also provided good practices and reminders as illustrative examples that firms may find effective in addressing various scenarios. These include, but were not limited to, good practices related to evaluating service organization reports and the scope of services covered and reliance on evidence in SOC 1 reports. JGA has provided objective, independent feedback to firms, in real-time as engagement teams perform audit procedures around SOC 1 report evaluation and reliance. In addition, we have found that in-depth training sessions to firms on how to evaluate reports on service organization controls have ensured that all engagement team understand the risks around SOC 1 evaluation, especially in areas related to significant risks and what regulators are looking for in an adequate evaluation. We encourage firms to thoroughly read the annual report and explore ways in which the good practices outlined in the report can be used in their audits going forward.
Johnson Global Advisory
1717 K Street NW, Suite 902
Washington, D.C. 20006
USA
+1 (702) 848-7084
