An Interview with The Mexican Institute of Public Accountants

Sara Trifiro • April 6, 2020

This interview of Jackson Johnson, JGA President, by Rogelio Avalos Andrade C.P.C., Chairman of the Quality Oversight Management Committee, was published in the March 2020 Contaduría Pública from Mexican Institute of Public Accountants.


Download the full article here in both Spanish and English.


Jackson Johnson, Founder and President of Johnson Global Accountancy ("JGA"), a firm that provides advisory services to accounting firms to assist them in quality issues and help them to comply with quality standards, is a Certified Public Accountant in California and Massachusetts and member of the American Institute of Certified Public Accountants. With six years in the Division of Registration and Inspections at the PCAOB, he developed his experience in audits of financial statements at Grant Thornton in Boston, Los Angeles, and the member firm in Hong Kong. 


RA: Before I start with my questions to Jackson, we introduced him on how the audit practice in Mexico is being regulated and overseen. The Mexican Institute of Public Accountants (IMCP) oversees the audit and assurance practice from within this membership through its Vice-presidency of quality in the professional practice. This Vice-presidency issued the Standard of Quality Control (basically, identical to the ISQC1) and the Standard of Oversight of Quality Control (NRCC for its Spanish acronym), which sets forth the rules to perform inspections to firms to assess compliance with applicable laws, rules and professional standards in their systems of quality control and the documentation of a selection of completed audit and other attestation engagements. The NRCC rules that, those firms that are subject to similar and regular quality control inspections by other foreign regulators (such as the PCAOB), will not be subject to an inspection process by the IMCP. In Mexico, auditors of entities, listed in the Mexican Stock Exchange, are regulated by the National Banking and Securities Commission (CNBV for its Spanish acronym), which performs certain QC inspections on a “case by case” basis only. 


Jackson, similar to the peer review practice that you have in the US, would you think that we should include all firms in Mexico, regardless their size and structure, to a quality control inspection process? And why? 


JJ: I think there are several factors that would go into this evaluation, it’s important to consider the risks associated with investors and other stakeholders both of the companies being audited as well as the audit firms themselves. Firms that are inspected by the PCAOB within Mexico have stakeholders located in Mexico –and abroad– that have a vested interest in the integrity of those audits. Based on my understanding, however, a firm that is subject to PCAOB inspection may not have their non-PCAOB audits subject to periodic inspection. Those non-PCAOB audits would include public companies that are listed in Mexico with general public exposure. The audit of these companies still poses potential risk to the greater public markets within Mexico. This is an opportunity for firms and the regulatory environment, and stakeholders, to determine the risk of this oversight gap. As we have found in some of our work with non-PCAOB audits of registered firms, there are often differences in the quality of non-public audits as compared to PCAOB-audits. Because of the risk associated with a PCAOB audit, firms often allocate their strongest resources to ensure quality audits. However, because of a lack of regulatory exposure, non-public audits sometimes struggle to maintain strong quality. Firms could and should continue to ensure that they have appropriate quality controls for these audits in this “oversight gap.” 


In the model that is set up in the US, non-public audits that are outside the purview of PCAOB are subject to inspection by the AICPA National Peer Review Committee (NPRC). So there is an inspection review process for the firms that only audit private companies, and for the private company audits of firms that are also regulated by the PCAOB. For example, firms in the US that audit both public and private companies are subject to inspection by both regulatory entities. 


So I don’t necessarily agree that firms that are subject to similar and regular inspection by foreign regulators should be excluded from IMCP inspection, because that presents too much predictability into what audits are included in the population subject to quality control inspection (only those under foreign jurisdiction). 


RA: Jackson, in your capacity as consultants to PCAOB-registered firms, what would you say are the key aspects with respect to an inspection process and their results for smaller PCAOB – registered firms? 


JJ: The Big 4 in the US, and any other firms that audit one hundred or more issuers (currently 8 firms in the US) are subject to annual PCAOB inspections. The rest of the PCAOB-registered firms are statutorily required to be inspected once every three years. Based on our experience with our clients, the PCAOB may choose to inspect those smaller firms more frequently than once every three years, depending on the results of previous inspections. Based on our work supporting our clients through the inspection and remediation process, the focus on quality control (QC) tends to be on independence, practice monitoring (also known as internal inspection), and partner admittance and compensation. Inspection teams do touch on all the elements in the QC standards, however, and focus on changes since the last inspection. 


The inspection will also include a review of various aspects of audits selected by the inspection team. The inspection team member assigned to each audit will typically select higher risk audit areas and conduct meetings with the engagement team. In addition, they will review audit workpapers to understand the audit procedures performed over risk assessment and the engagement team’s responses to identified risks, including significant and fraud risks. 


In preparing for inspections, we have seen firms perform a wide range of activities. Overall, we have found that teams that spend time reviewing the audit files and refamiliarizing themselves with the audit issues are more successful in articulating these issues during the actual inspection. We believe that preparation is key. 


Keep in mind that there are a number of changes on the horizon. As I discussed in my recent article summarizing key PCAOB regulatory updates that the Board described at the recent annual AICPA Conference on Current SEC and PCAOB Developments in Washington, D.C., the PCAOB has established a dedicated team that will take a look at QC policies and effectiveness of all of the largest annually-inspected firms to draw comparisons and perhaps identify best practices. 1 This hasn’t been established or put into place for the triennially inspected firms, including Mexican PCAOB-registered firms. 


RA: Is there any scalability for smaller firms to comply with PCAOB standards? Does the PCAOB have different expectations for smaller firms? 


JJ: There is an expectation that all firms that audit US public companies, regardless of size, apply the same PCAOB standards throughout their audit practice. Of course, the larger firms have more complexity in how those standards and policies are carried out. For example, consider compliance with US SEC and PCAOB independence rules and regulations. A larger firm with multiple offices and multiple foreign affiliates will need more layers and processes to ensure that non-audit services provided to an entity in one location do not impair the independence of audit services provided to another entity in another location. Further, larger, more complex firms may also be auditing larger, more complex issuers. 


In our experience working with our clients, one common area where we see the same expectations are applied in a PCAOB inspection, for both small and large firms, are the tests of internal controls over financial reporting. For example, the level of precision of testing of management review controls is still an area that receives a lot of scrutiny by inspectors and we see these issues and comments surfacing on all inspections that we observe. 


RA: What would be common findings as a result of an inspection to a non-PCAOB registered firm and a registered firm? 


JJ: Non-PCAOB registered firms are subject to AICPA peer reviews only for external oversight. These re- views tend go into many more administrative aspects of the audit in addition to the audit procedures over the financial statement accounts and disclosures. The AICPA does not publish a significant amount of information regarding thematic issues in peer review results. From our work with clients in which we help firms get through their peer review with as much success as possible, we have noted that the issues tend to be similar and can revolve around matters such as (i) lack of procedures to understand the internal control environment and the financial reporting process; (ii) performing tests using an inadequate sample size; and (iii) inadequate testing of revenue recognition. 


The PCAOB does release more information that compiles results of inspections and identified broad themes. The Board’s Staff Preview of 2018 Inspection Observations identified common audit deficiencies from their 2018 inspections that included deficiencies over ICFR, Risk assessment and revenue, audit estimates, including the allowance for loan losses and business combinations, and procedures to perform the engagement quality review, or concurring review. 


In our work performing pre- and post-issuance reviews of PCAOB and non-PCAOB audits of various sizes, and assisting firms with their annual internal inspections, we have seen the quality of understanding internal controls is a big opportunity. For example, we have seen reliance on internal control to reduce substantive testing when insufficient work was performed on internal controls. Sometimes, engagement teams believe that gaining an understanding of internal controls –such as performing walkthroughs– gives teams the ability to rely on controls in a certain process or over certain assertions within a process. 


RA: What would you think firms frequently struggle with, in respect to carry out effective remediation plans or improvements to their QC Systems, including timing? 


JJ: In our work with clients, one of the areas that firms could do better in is root cause analysis. An effective remediation plan is only as good as an effective root cause analysis, otherwise the remedial actions may not be getting to the heart of why a deficiency actually occurred. At JGA we’ve seen a variety of root cause analyses ranging from formal, documented processes to informal conversations. We’ve found that the concept of having a formalized RCA is gaining traction at the triennially-inspected firms, but there’s much work to do in terms of developing what the process looks like and how it can be put into the QC process and consistently implemented. The new PCAOB Board members have indicated that a robust root cause analysis can lead to better identifying the underlying issues as to why an audit or QC deficiency occurred. Any of your readers that have gone through a PCAOB inspection in 2019 and that received a comment form may remember a new section that was added to the comment form asking firms to identify the relevant QC area that may be related to each finding. This is just one way that the PCAOB is driving home the importance of performing an RCA and asking the firms to take more accountability in this area. In addition, the PCAOB is considering incremental requirements to the new concept release on QC standards to require root cause analysis, or a separate standard, to align with proposed ISQM 1 that, as drafted, requires a firm to have a root cause analysis built into their QC system.


RA: As part of the QC inspection process carried by the IMCP, remediation plans are also requested to firms. Not having a robust structure such as PCAOB’s, what would be a good approach to follow-up remedial actions from firms and how to evaluate their effectiveness? 


JJ: Firms should continue to incorporate the monitoring of the effectiveness of remediation plans into their internal processes. This should be regardless of how the matter was identified, whether it was from internal inspection, or regulatory inspection. It should also be regardless of whether the external regulator has the capacity to follow up timely and thoroughly on these matters. This can be done through a number of mechanisms. First, firms can enhance their internal inspection process by selecting engagements where a particular matter is applicable, tailoring specific internal inspection procedures to vet out whether the issue is recurring in a subsequent audit of the same engagement, or different engagements with the same risks or audit issues. Further, the procedures performed by the concurring review, or Engagement Quality Review as we call it under PCAOB standards, can be enhanced to include specific procedures to review work pertaining to audit areas where deficiencies occurred in the past. 


From a purely regulatory perspective, a cost-effective approach to oversight of remediation actions could be one that’s more detective in nature. For instance, the regulator could consider the results of subsequent inspections and in instances where there are repeat findings (from previous inspections), the regulator could perform additional procedures to understand and evaluate effectiveness of firms’ remedial actions. In addition, the regulator could also risk-rate firms and inspections and focus remediation efforts on either firms with the worst inspections and/or on firms with the most risk exposure from a stakeholder perspective. 


RA: Some of the professionals that have been involved in a PCAOB inspection, at least in Mexico, have noted that the reporting and follow-up processes, as a result of inspections, take too much time [sometimes up to two years]. Have you noted any recent changes to the time it takes for Firms to receive draft/final inspection reports? 


JJ: I have not noted a significant change to report issuance time, either positive or negative. Based on the board’s remarks at the AICPA conference, the largest annually inspected firms will be the first to receive their reports in a new format, including a new Part I.B which will report on non-compliance with standards in an audit even though the audit opinion was supported. The Board gave examples such as non-compliance with AS 1215, Audit Documentation, or AS 1301 Communications with Audit Committees. From some conversations with clients, the rollout of this new report format has caused some delay with issuance of reports for the largest firms. 


RA: Jackson, followed to the earlier question, what would you tell about effectiveness of firms’ remediation plans considering such a long timing in the reporting and follow-up processes? 


JJ: Our clients need to be a little creative and be proactive to implement remedial actions timely –meaning before the next year’s audit– when they do not yet have a draft inspection report to clearly articulate the findings from the inspection. While the remediation actions are not required until the issuance of the report, the sooner changes can be implemented the sooner teams can start learning and improving their audits. So we often recommend some element of getting ahead of the report for the sake of making timely improvements to the Firm’s trainings, methodology, and QC policies and procedures. To start, firms have a copy of the comment forms and these comment forms are the basis of the report. Thus, while the criticisms in the report may evolve slightly from the comment forms, they are typically closely aligned and while the procedures the firms first implement may not fully respond to the criticisms in the report, we believe that implementing some remediation actions early is a meaningful way to improve audit quality immediately. We believe that firms in Mexico contemplating making changes to their system of quality control in response to findings from an IMCP inspection could follow a similar approach. Waiting for a report sometimes means waiting another audit year cycle. 


RA: On the other hand, how would you describe the major challenges an accounting firm should face to become PCAOB [or an equivalent regulator from other country] compliant? 


JJ: Among other matters, we have found working with our foreign-based clients that the most common challenges they face are understanding PCAOB and SEC independence rules and regulations and the “add-on” requirements or restrictions from their local jurisdictions. For example, the rules of cove- red persons, and what are considered prohibited non-audit services are usually more strict under US SEC and PCAOB rules and regulations than we have seen of local foreign jurisdictions. Firms need to have a tool in place to look at these for their US public companies and considering building in safeguards to ensure a qualified individual with experience in independence requirements in United States takes a look at these complex issues when it comes to client acceptance, retention, and communications to audit committees, and performance of any non-audit services, including tax services. 


Another area that is typically more challenging is around the understanding of the design and testing of the operating effectiveness of controls for integrated audits. While most understand the concept of controls, we find that many engagement teams struggle to understand how controls work in the context of an integrated audit and how effective or ineffective controls can impact the overall substantive audit approach. The PCAOB has specific standards dedicated solely to understanding and testing the design and operating effectiveness of controls in an integrated audit. 


RA: What would you recommend to those firms that, even they are not registered firms before the PCAOB, they have to comply with the requirement to implement a system of quality control? 


JJ: I would recommend firms to set a robust tone at the top reinforcing the importance of following the firm’s system of quality controls to ensure that audits are performed in accordance with the relevant standards. A strong tone at the top shows the rest of the firm that the QC manual is more than just a manual; it is a collection of documentation, requirements, and principles that everyone should think about and must adhere to each day they work on their audit clients. 


RA: How important the investment to adopt a system of quality control should be for an accounting firm? And, to what extent such an investment could limit a successful implementation? 


JJ: A good system of quality of control, reflective of the size, complexity, and nature of a firm’s practice, is very important. This requires an investment of time and money. What I see as even more important as the adoption of a system of QC is the ongoing monitoring of the effectiveness of the system of QC. This is where an investment is worthwhile so that proper identification of why something went wrong, and the steps to fix it, is important. A proper system of QC at a firm, therefore, is an evolutionary one. I think it needs to be evolutionary. 


RA: Various firms in Mexico have been inspected by the PCAOB, and over the past year to date, the Board has publicly announced certain enforcement actions to some of the reviewed firms. Given the jurisdiction this takes place, and from your professional perspective, what would you expect from regulators and the IMCP to react on the involved firms and individuals? 


JJ: I don’t have any insight into the process IMCP has to consider the findings from PCAOB on Mexican firms. I think it would be important for both the firm and any relevant regulatory bodies to understand the effect of the finding on the firm’s audits, including both the audits subject to the PCAOB findings as well as the audits that fall outside of the PCAOB’s jurisdiction. This would help the firm determine what else beyond any required remedial actions should be considered for these other aspects of the firm’s practice. A full and effective remediation plan would look at the applicability of the findings to the broader practice of the firm. 


RA: Given the proposed changes to the International Quality Standards, issued by the IAASB, do you know whether the PCAOB is planning on similar changes to its quality standards? And how challenging you foresee these changes to put in place for auditing firms? 


JJ: Yes! The PCAOB has issued a concept release in mid-December 2019 to propose significant changes to its QC standards. The potential approach proposed by the PCAOB in the concept release is based on the proposed International Standard on Quality Management, ISQM 1. This will strengthen the QC standards using an integrated risk-based framework and will help avoid unnecessary differences between PCAOB and IAASB frameworks, and also reduce costly evaluations around those differences to ensure they are addressed in firms that need to comply with both sets of standards. While it should be scalable, it is too early to tell how that would work in practice. The concept release is currently seeking feedback from the public and as a result, we don’t know yet whether ISQM 1 and the new PCAOB concept release will be the final adopted version. I believe the efforts required to implement the new standard –whatever the final standards may be from IASSB and PCAOB– will be well worth it and can help reduce costs in the future since the model is a risk-based approach. There are still a lot of moving parts and it will be some time before we have a final rule for firms to implement. 


RA: Jackson, again, I really appreciate the opportunity to have this chat with you. Your comments, feedback and points of view gives us, all what we compose the major professional accountancy organization in Mexico, an encouraging message on what we have to foresee in the near future regarding the improvement of quality, not only in the audit practice, but also, in our overall professional accountancy practices. Thank you very much, and all the success at JGA and your team for the work are currently doing. 


This article was featured in the Dossier section of March 2020 Contaduría Pública, a publication of Mexican Institute of Public Accountants.


 1 Recap of PCAOB Hot Topics at the AICPA National Conference  

Johnson Global Advisory Releases Updated 2025 Guide to Help PCAOB-Registered Firms Navigate the Inspection Process

By Mark Dudoit January 17, 2025
WASHINGTON, D.C.: Johnson Global Advisory (JGA) has published a new third edition guide examining the key considerations faced by public company auditors during their PCAOB inspections. Drawing experience as audit and audit regulation experts and advisors to firms worldwide on all aspects of audit quality improvement, the JGA team has authored NAVIGATING PCAOB INSPECTIONS: Understanding the Inspection Process from Start to Finish.

Firm and Engagement Metrics: Getting a Head Start

By Mark Dudoit December 20, 2024
Firm and Engagement Metrics: Getting a Head Start By: Shanett Edwards-Morton, JGA Director Introduction As regulatory requirements in the accounting profession continue to evolve, accounting firms are facing new challenges in ensuring compliance with quality management standards. One of the most significant changes comes with the adoption of the PCAOB’s QC 1000 and the associated Firm and Engagement Metrics requirements , which aim to increase transparency and accountability within the auditing process. These new requirements are set to provide critical data on a firm’s operations and other factors that can inform audit quality, including partner involvement, workload distribution, and other factors. In this article, we’ll explore the challenges and opportunities firms face as they begin collecting the information necessary for firm and engagement metrics. We’ll also provide actionable steps that, in concert with implementation of QC 1000 / ISQM 1 / SQMS 1, firms can take to ensure they’re ready for compliance, with a focus on the key areas highlighted in recent industry discussions. 1. Quality Management Implementation: Bridging Internal and External Requirements Key Insights: A major challenge shared by our clients was the distinction between internal quality management (QM) processes and external regulatory requirements. Firms are finding it difficult to ensure that the information they provide to regulators will be complete and accurate. The requirement to report accurate and non-misleading information to external parties under QC 1000 , such as firm and engagement level metrics necessitates a shift in how firms view and manage data internally. Action Items for Firms: Ensure Data Accuracy : Firms must evaluate their quality management system to ensure they are designed to meet the requirements for accurate and non-misleading information. This is crucial as QC 1000 requires firms to communicate data to external parties that is accurate and complete. Implement Data Tracking Systems : Develop systems to track and report data, ensuring that the information provided to external parties, including regulators aligns with quality management objectives. This may require new systems or modifications to existing systems. Evaluate Communication Processes : Firms should focus on improving or implementing communication processes to ensure that all external communications, especially those with regulators, meet the high standards of accuracy and clarity mandated by QC 1000. 2. Comparability of Metrics Among Accounting Firms Key Insights: The introduction of standardized firm and engagement metrics is designed to increase comparability and accountability across accounting firms. This allows regulators, investors, and stakeholders to evaluate firms based on consistent data. However, there are concerns about how these metrics might influence firm selection by audit committees and whether these metrics alone tell the full picture to accurately represent audit quality. Action Items for Firms: Adopt Standardized Metrics : Firms should ensure that their reported metrics align with the prescriptive guidelines outlined in the adopted Firm and Engagement Metrics Rule. This includes applying the defined roles in a consistent manner (such as engagement partners and managers) and calculating metrics consistently across all engagements. Prepare for External Scrutiny : Be aware that these metrics may not only be scrutinized by regulators but also by audit committees and investors. Firms should ensure that they are accurately capturing and reporting their metrics to avoid misrepresentations. Monitor AI Usage in Audits : Consider how AI tools may impact workload calculations and the measurement of audit hours. As AI becomes more prevalent in auditing , firms may need to report on the extent of its use, which could influence workload metrics. 3. Potential Implications of Reporting Metrics Key Insights: While firm and engagement-level metrics can provide valuable insights, there are potential risks to firms that are likely to emerge. These include the possibility that the metrics may inadvertently point to root causes of issues in the inspection process, particularly regarding workload and capacity challenges. Additionally, these metrics – coupled with inspection report findings - may influence how audit committees select firms, potentially providing a skewed representation of audit quality. Action Items for Firms: Use Metrics Internally for Root Cause Analysis : Firms should utilize firm and engagement level metrics as reported, when performing internal root cause analysis , identifying potential problems in workload distribution or staffing levels before they escalate. Evaluate the Impact on Firm Selection : Be mindful of how these metrics might affect firm selection. Firms should aim to demonstrate the full context behind their metrics to avoid misinterpretations that could impact their reputation. Balance Metrics with Qualitative Insights : Firms should complement quantitative metrics with qualitative insights, ensuring a comprehensive picture of their audit quality is presented to external stakeholders. 4. Engaging Stakeholders in the Use of Metrics Key Insights: One concern we have heard was the uncertain use of metrics by investors and other stakeholders. While the objective of the PCAOB in the rule-setting process was for investors and audit committees to analyze these metrics, it’s unclear how much weight they will place on the data in making decisions about firms’ audit quality. In the planning process, firms can take charge and shape stakeholder use and effectiveness of the use of firm and engagement metrics shared publicly. Action Items for Firms: Engage with the Investor Community : To better understand how investors will use the metrics, firms should engage more actively with the investor community. This could include attending shareholder meetings and investor calls to gain insights into what data investors prioritize when evaluating audit quality. Increase Transparency in Reporting : Firms should be transparent in explaining the context and methodology behind their metrics, helping the clients, audit committees and other stakeholders understand the full context to make informed decisions. Ensure Data Relevance : Firms should ask their clients whether the data currently being reported is sufficient, and whether additional data points might be necessary to better assess audit quality and reliability. 5. Getting Started with QC 1000 and Firm Metrics Key Insights: As firms begin implementing QC 1000 and collecting firm and engagement level metrics , they face the challenge of ensuring their existing systems are capable of tracking and reporting the required data. Many firms may need to redesign or enhance their internal controls to capture the necessary information accurately. Action Items for Firms: Align QC 1000 with Firm and Engagement Level Metrics Reporting : Firms should carefully review QC 1000’s requirements and align them with the firm and engagement level reporting requirements. Focus on the information and communication component, ensuring that data is collected and reported accurately and consistently. Evaluate Current Systems : Firms should assess whether their current systems are capable of tracking metrics such as workload and audit hours. If systems are lacking, firms should plan to either redesign or implement new controls to capture this data accurately. Implement Real-Time Monitoring : Firms should adopt real-time monitoring tools that allow them to proactively manage workload issues and other potential risks. This ensures that data is captured and analyzed continuously, improving overall quality management. Be Agile and Proactive : QC 1000 requires firms to monitor metrics and adapt to emerging issues. Firms should adopt an agile approach to quality management, ensuring that metrics are not just reported at the end of the period but are actively managed throughout the year. Conclusion: Preparing for the Future of Quality Management and Firm Metrics The new QC 1000 and firm and engagement level metrics requirements can represent a significant shift in how accounting firms track, report, and manage audit quality. By adopting these standards, firms can improve transparency, enhance accountability, and demonstrate their commitment to high-quality audits. However, the implementation of these new requirements will require careful planning and investment in both systems and processes. Firms that act now to align their systems with QC 1000, engage with stakeholders, and monitor their metrics in real-time will be better positioned to meet regulatory expectations and enhance their market reputation. As the industry moves towards more data-driven decision-making, firms that prioritize accuracy, transparency, and continuous improvement will be the leaders in delivering quality audits. For more information, please contact your JGA audit quality expert .

Key Takeaways from the 2024 AICPA SEC/PCAOB Conference: What It Means for Your Firm

By Mark Dudoit December 18, 2024
Key Takeaways from the 2024 AICPA SEC/PCAOB Conference: What It Means for Your Firm In December 2024, the AICPA SEC/PCAOB Conference in Washington D.C. brought together leaders from the SEC, FASB, and PCAOB to discuss critical developments in the accounting profession. The conference focused on fostering audit quality, improving the resilience of capital markets, and addressing ethical challenges. Below are the key takeaways from the conference speeches most relevant to you, including insights from Paul Munter, SEC Chief Accountant, Erica Williams, PCAOB Chair, Christina Ho, PCAOB Board Member, and Mark Uyeda, SEC Commissioner, and what these developments mean for the accounting firm clients we serve. 1. Munter’s Remarks on Upholding Independence Key Points: In his speech, Paul Munter, SEC Chief Accountant, emphasized the importance of maintaining auditor independence to preserve market integrity. Munter stressed that independence should be seen as a core professional standard, not just a compliance requirement, and urged auditors to foster a culture of skepticism and integrity. He called on auditors to ensure they challenge management when necessary to detect fraud and ensure accurate financial reporting. What This Means for Firms: The points are reminders to keep independence and objectivity at the forefront of engagement teams, despite the new technical complexities (e.g. PE deals), and general lowering our guard around these obligations: ways to continue to demonstrate this important across the firm system of QC are: 1. Reinforcing independence policies and ensure continuous training and monitoring; 2. Encouraging a skeptical mindset within audit teams to prevent ethical lapses; 3. Ensuring firm-wide commitment to independence, especially in long-term client relationships or where conflicts may arise. 2. PCAOB Chair Williams on Improvements in Deficiency Rates, and new standards Key Points: PCAOB Chair Erica Williams shared significant positive news, highlighting improvements in the aggregate deficiency rate at the largest audit firms. She attributed this progress to the firms’ increased efforts to enhance audit quality, including better risk assessment procedures and heightened transparency in reporting. Williams emphasized the importance of maintaining this momentum in order to build trust and credibility in the profession and the capital markets. Williams also discussed the newly adopted QC 1000 , the quality control standard that mandates firms to have comprehensive quality control systems to ensure that they meet PCAOB and SEC standards. She noted that this standard is designed to provide reasonable assurance that audit firms have the necessary controls in place to perform high-quality audits consistently. Additionally, she emphasized the critical role of the SEC in passing firm engagement metrics , which will help ensure that audit firms are held accountable for the quality of their engagements and provide investors with more detailed insight into firms’ performance. What This Means for Firms: Implement QC 1000 : Firms should begin preparing for the adoption of QC 1000 by reviewing and strengthening their own quality control systems. Ensure that these systems are robust enough to guarantee compliance with PCAOB and SEC standards and can provide reasonable assurance of consistent audit quality. Focus on Firm Engagement Metrics : If the SEC passes firm engagement metrics, firms will need to ensure they have clear, accurate data on their engagements, performance, and quality measures. Preparing now for these metrics will help firms stay ahead of the regulatory curve and demonstrate their commitment to transparency and high-quality audits. Enhance Risk Management and Quality Control : Firms should continue refining their risk-based audit approaches, focusing on stronger internal controls, and implementing transparent reporting practices. Continuous improvement will ensure the firm stays in line with both regulatory expectations and industry best practices. 3. PCAOB Board Member Christina Ho on Collaboration to Advance Audit Quality and Market Resiliency Key Points: In her speech, Christina Ho, Board Member of the PCAOB, stressed the need for genuine collaboration among regulators, auditors, and firms to advance audit quality and improve the resiliency of capital markets. This collaboration is essential to address emerging challenges, such as increasing regulatory expectations and the complexities of global markets. Ho highlighted that this collective effort is crucial to maintaining strong, transparent financial reporting and ensuring that audits remain effective and reliable, particularly as financial markets evolve. What This Means for Firms: Engage with regulators : Actively participate in consultations and industry forums to stay ahead of regulatory trends. Foster collaboration : Encourage open communication between audit teams, clients, and audit committees to ensure alignment on regulatory expectations. Adapt to global market changes : Firms must remain agile and ready to respond to the shifting dynamics of both domestic and international markets, ensuring that their audit processes remain resilient and effective. 4. SEC Commissioner Mark Uyeda on Crypto, and PCAOB’s Future Key Points: In his keynote, SEC Commissioner Mark Uyeda discussed the SEC's evolving role in the accounting and auditing of cryptocurrencies, noting that crypto is currently being accounted for and audited through enforcement activities. He stressed the need for greater clarity in crypto accounting and auditing standards. Uyeda also discussed the future of the PCAOB, stating that "all options are on the table." What This Means for firms: Crypto Accounting and Auditing : Firms need to stay abreast of emerging standards and enforcement actions in crypto accounting. As regulations evolve, firms must be prepared to adapt their auditing and reporting practices accordingly. Take a look at positions from other regulators or standard setters (e.g. CPAB), to inform what sufficient procedures looks like. PCAOB’s Future : The potential restructuring of the PCAOB may affect how audits are overseen in the future. Firms should monitor developments closely and assess the impact on their operations and regulatory compliance, and firm strategy. 5. Ethical Considerations and Audit Quality Throughout the conference, both SEC and PCAOB leaders emphasized the need for ethical leadership in the accounting profession. Lapses in ethics, whether intentional or inadvertent, can severely undermine trust in auditors and in financial markets. The speeches underscored the responsibility of firm leaders to uphold high ethical standards and ensure that these values are embedded in their teams’ daily practices. What This Means for Firms: Promote ethical leadership across all levels of the firm, ensuring that ethical considerations are integrated into every stage of the audit process. Invest in ongoing ethics training to reinforce the importance of upholding integrity and objectivity. Implement early detection mechanisms for identifying potential ethical lapses, ensuring timely corrective action. Conclusion: Positioning Your Firm for Success The 2024 AICPA SEC/PCAOB Conference provided crucial insights into the current and future landscape of the accounting profession. By focusing on audit quality, independence, collaboration, and ethical leadership, firms can not only meet regulatory requirements but also strengthen their reputations as trusted professionals in the marketplace. For JGA’s clients, the key takeaway is that maintaining robust quality control systems, engaging in ongoing dialogue with regulators, and staying ahead of emerging trends such as crypto accounting are critical strategies for ensuring continued success in a dynamic regulatory environment. For more information, reach out to your JGA audit quality expert.

Johnson Global Advisory Establishes Strategic Leadership Council and Appoints Three Council Members

By Mark Dudoit November 26, 2024
WASHINGTON, D.C., OCTOBER 1, 2024 - Johnson Global Advisory (JGA) is announcing the formation of its Strategic Leadership Council (SLC) , an initiative aimed at bolstering the firm's strategic direction and reinforcing its commitment to industry-leading advisory services. The Council, composed of executives from diverse sectors within the audit quality stakeholder ecosystem, will provide insights into the JGA leadership on industry trends, strategic decision-making, and growth opportunities. Kathleen M. Hamm, Greg Jonas, and Dave Sullivan are the first appointees to the SLC. Kathleen M. Hamm has an extensive background in financial regulation, control infrastructures, and risk management, particularly relating to fintech and cybersecurity. Her previous role as a Board Member of the Public Company Accounting Oversight Board (PCAOB) highlights her leadership in regulatory transformation and strategic policy development. "Joining JGA’s Strategic Leadership Council allows me to leverage my experience to further the Firm's mission in these transformative times," remarked Hamm. Greg Jonas is an independent consultant on auditing and business reporting matters. He served as Director of the Division of Research and Analysis at the PCAOB from 2012-2016. In addition to roles as a financial analyst at Morgan Stanley and Moody’s Investors Service, Greg spent 23 years at Arthur Andersen, serving in various roles supporting its global audit practice. “JGA serves a vital role in improving audit quality for the benefit of auditing firms and investors. I look forward to contributing to the firm’s success.” Dave Sullivan, a seasoned executive known for his strategic insight in audit quality and risk management, has over 35 years of experience from Deloitte. His leadership in global audit quality initiatives make him a pivotal addition to the council. "I look forward to collaborating with my fellow council members to propel JGA to new heights," stated Sullivan. The SLC will meet quarterly, advising JGA’s leadership team on critical business opportunities and challenges, ensuring the Firm remains at the forefront of industry innovation and strategic excellence. The first meeting of the SLC was held on Friday November 1, 2024, at JGA's Washington D.C. office. “I am proud to welcome Kathleen, Greg, and Dave to our new Strategic Leadership Council,” said Jackson Johnson, JGA President and Founding Shareholder. “Their collective expertise will be instrumental in guiding our strategic initiatives and ensuring that JGA continues to set high standards our clients expect in this sector.” About Johnson Global Advisory JGA partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB staff, JGA professionals are enthusiastic and practical in their support to firms in their audit quality journey. We accelerate opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigate those standards. JGA is committed to helping the profession in amplifying quality worldwide.

Joe Lynch to speak at 40th Annual SEC Reporting & FASB Forum

By Mark Dudoit November 21, 2024
Johnson Global Advisory (“JGA”) is pleased to announce Joe Lynch, Shareholder and Managing Director, will speak on a panel at the 40th Annual SEC Reporting & FASB Forum. This panel will summarize the activities of the PCAOB including: Gain insight on the amendment to PCAOB Rule 3502 Governing Contributory Liability Understand the amendments addressing aspects of audit procedures that involve technology-assisted analysis of information in electronic form Recite new requirements for lead auditor’s use of other auditors Enumerate the new requirements of QC 1000, “A Firm’s System of Quality Control” Recall the guidance of the new auditing standard “General Responsibilities of the Auditor in Conducting an Audit” Anticipate the New Standard, “The Auditor’s Use of Confirmation” Learn about the proposal to replace existing auditing standard related to an auditor’s use of substantive analytical procedures Understand the PCAOB’s proposals on public reporting of standardized firm and engagement metrics and the PCAOB framework for collecting information from audit firms Anticipate the Proposed New Standard on Amendments to PCAOB Auditing Standards related to a Company’s Noncompliance with Laws and Regulations Gain insight on the PCAOB’s 2024 Inspection Priorities Learn about other Standard-Setting and Research Projects Click here to register and learn more About Johnson Global Advisory Johnson Global partners with leadership of public accounting firms, driving change to achieve the highest level of audit quality. Led by former PCAOB and SEC staff, JGA professionals are passionate and practical in their support to firms in their audit quality journey. We accelerate the opportunities to improve quality through policies, practices, and controls throughout the firm. This innovative approach harnesses technology to transform audit quality. Our team is designed to maintain a close pulse on regulatory environments around the world and incorporates solutions which navigates those standards. JGA is committed to helping the profession in amplifying quality worldwide. Visit www.johnson-global.com to learn more about Johnson Global.

Enhancing Auditor Independence: Key Themes from PCAOB Recent Spotlight

October 3, 2024
In September 2024, the PCAOB released a spotlight on auditor independence, highlighting critical observations from inspections (the “Spotlight”). As we react to these findings at JGA, we emphasize the importance of understanding these key themes and translating them into actionable solutions for our clients. 1. Audit Committee Pre-Approval of Services A persistent issue remains regarding the pre-approval of audit and non-audit services by audit committees. Too often, we see audit teams commence work prior to the date necessary engagement letters signed by the audit committee. This practice not only undermines compliance but also risks auditor independence. Actionable Insight: To mitigate this risk, firms should ensure that no work begins until the audit committee has pre-approved the engagement. Implementing an all-inclusive engagement letter that details all services—including consent and comfort letters, as well as quarterly reviews —will streamline the process and enhance compliance. 2. Independence Representations and Compliance Testing The Spotlight indicates an increase in the issuance of comment forms related to independence representations, particularly concerning personal independence compliance testing. A notable concern is the cutoff risk for new hires; for instance, if an independence representation is conducted annually in June, a new hire added in September may not be confirmed as independent. Actionable Insight: Firms should adopt a more frequent compliance representation and testing schedule—ideally quarterly or semi-annually—and ensure that new hires are included in these independence confirmations. This practice can help maintain independence throughout the audit engagement. Another best practice is to obtain independence representation from each new hire prior to commencing any work. Sometimes, we observe engagement partners stumble to respond on how they ensure all team members are independent of the issuer. Some firms require documenting individual team members independence reaffirmations within the issuer audit file while other firms rely on firm wide independence reaffirmations. In latter case, JGA recommends engagement partners should document that they checked that i) each team members’ independence representations had no exceptions and properly filed in the firm wide repository and ii) restricted list include this issuer. 3. Monitoring Restricted Entity Lists The spotlight highlights that smaller firms often circulate their restricted entity lists annually, which can lead to cutoff risks with new clients. This underscores the importance of continuous updates to the restricted list. Actionable Insight: Firms should verify independence based on an updated restricted entity list at the time of any new client engagement. Regular updates and confirmations of independence for new clients are essential to mitigate risks. Also, best practice is to obtain independence representations for each prospective audit client during client acceptance procedures. This practice along with new hire practice mentioned above would substantially bridge the gap between periodic firm wide independence reconfirmation processes. 4. Independence Policies The Spotlight notes that many smaller firms lack detailed written policies for monitoring independence. This gap can lead to inconsistencies in compliance and potential independence violations. Actionable Insight: JGA recommends that all firms, especially smaller ones, develop comprehensive written policies that detail how they monitor independence. This should include procedures for individual engagement independence certifications, ensuring all engagement team members have signed off on the firm-wide independence representation. The policy should outline regular independence testing procedures, including the nature, timing, frequency, and scope of these tests. This should encompass self-assessments of investment portfolio reviews for all partners, as well as independent testing of these reviews by an external consultant or HR personnel, including a sample of other audit staff. Policy should also provide guidance to all personnel on what to do in case of self-identified independence violations. Sometimes in attempt to self-cure the violation personnel may unintentionally exacerbate the issue. So, emphasize on promptly reporting independence violations over trying to self-cure them is very important. 5. Indemnification Clauses Indemnification clauses were particularly noted in foreign firms’ engagements, which can complicate compliance with U.S. requirements. It is crucial for firms to avoid creating conflicting terms across different engagement letters. Actionable Insight: Firms should use separate engagement letter templates for public company audits that strictly adhere to U.S. requirements. If an audit involves local statutory purposes, maintaining the most restrictive requirements across all engagements for the same client is advisable to ensure compliance. We note that most of the time it is not practicable to separate number of hours spent on local statutory audit while doing PCAOB audit. So, we strongly advise to remove any language that may be construed as indemnification of auditor liability from all engagements with SEC issuer audit clients. 6. Inclusion of Contractors in Independence Monitoring The oversight of contractors in the audit process can lead to lapses in independence compliance. The Spotlight suggests that many firms may not fully account for these individuals. Actionable Insight: Firms must obtain annual independence representations from all contractors before they commence work. Such independence representations should cover all period the contractors perform their work. This proactive measure will help ensure that independence is maintained throughout the audit process. Conclusion This spotlight on auditor independence serves as a crucial reminder of the ongoing challenges and the need for vigilance in compliance. At JGA, we are committed to bridging the gap between regulatory expectations and practical solutions. By implementing these actionable insights, firms can enhance their quality control systems, ensure compliance with respective standards and rules, and ultimately foster greater investor confidence. For personalized guidance on how to address these issues in your practice, reach out to your JGA Audit Quality Expert, or contact: Jackson Johnson, CPA President & Founding Shareholder jjohnson@jgacpa.com Farkhod Ikramov, CPA Director fikramov@jgacpa.com

QC 1000: JGA's Reaction and Implications for Our Clients

September 18, 2024
The SEC’s recent approval of PCAOB’s QC 1000 standard marks a significant shift for accounting firms. QC 1000 aims to enhance the quality control (QC) systems of registered firms, with scalability based on firm size and complexity. The response from the industry, including our team at JGA, highlights both the challenges and opportunities that this change will present. This Alert outlines JGA's reaction to QC 1000 and discusses what it means for our clients. JGA commented on the proposal; you can read our position on the proposal here . During the SEC Open Commission Meeting on September 9, 2024, several notable points were raised regarding QC 1000. JGA’s review of the meeting and our team’s subsequent discussions focused on key risks with this change, such as the implementation challenges and effort, but also noted some positives regarding the potential for improved audit quality and opportunities to improve processes and managements insights. Our Main Takeaways Implementation Challenges QC 1000 requires all registered firms to design a system for compliance, even if they do not perform audits of issuers or broker-dealers. This is a significant concern, as firms may need to design systems for hypothetical scenarios, leading to confusion and unnecessary costs. Around 60% of firms will need to design frameworks they may not use. The standard imposes a higher level of rigor compared to existing QC standards, and firms may face difficulties aligning their systems with the new prescriptive requirements. Hester Peirce, one of the SEC Commissioners, cited these challenges as reasons for her opposition, echoing concerns from many smaller firms. Considerations Regarding Effort The design-only requirement (without immediate operational implementation) introduces additional costs for firms, particularly in smaller firms or those that do not handle issuer audits. Paul Munter, SEC’s Chief Accountant, acknowledged that firms could face increased costs, particularly those related to additional personnel, training, and system design. Scalability and Continuous Improvement On the positive side, JGA sees QC 1000 as a framework that, while complex, offers scalability based on firm size. This presents an opportunity for firms to improve audit quality continuously, which is likely to enhance their standing in the marketplace. While some firms might not feel immediate benefits, especially those focusing on non-issuer audits, the overall emphasis on audit quality in capital markets aligns with the long-term interests of many firms. Confidentiality Concerns The content of the new QC forms required under QC 1000 may raise concerns about confidentiality. While some protections are in place, firms must remain cautious about the sensitivity of the information included in these forms. What This Means for Our Clients For our clients—primarily accounting firms that must adopt QC 1000—the implications are multifaceted. Increased Compliance Burden: Clients will need to overhaul or redesign their QC systems, which will incur both time and financial investments. The 60% of firms that Commissioner Peirce mentioned, which are only hypothetically impacted by the standard, must still dedicate resources to comply, even if their actual use of QC 1000 remains limited. Cost of Implementation: Smaller firms will likely face disproportionately high costs as they align their systems with QC 1000's rigorous requirements. JGA recommends that clients assess their current QC systems and consider phased approaches to implementation where feasible. Partnering with external consultants or firms with QC expertise may help mitigate some of these costs. Training and Education Needs: Significant training will be necessary to ensure that teams understand and comply with QC 1000’s requirements. JGA encourages clients to begin training key personnel now, particularly those involved in quality control and compliance, to ensure a smooth transition. Scalability and Competitive Advantage: For firms able to navigate the transition successfully, there is the potential for a competitive advantage in the market. The emphasis on continuous improvement in audit quality could position firms as leaders in audit services, attracting clients who prioritize regulatory compliance and high-quality audits. Future Regulatory Scrutiny: The new standard may invite closer scrutiny from regulatory bodies like the PCAOB, particularly as it relates to the design of QC systems. Firms should expect more frequent inspections, and the robustness of their QC systems may become a key focus. Client Communication: JGA advises that firms begin communicating with their clients about the upcoming changes and the steps they are taking to ensure compliance. Transparency in this process will help maintain trust and demonstrate proactive management of regulatory changes. Conclusion QC 1000 represents both a challenge and an opportunity for our clients in the accounting sector. While the increased costs and implementation challenges are concerning, the scalability and focus on audit quality could yield long-term benefits. JGA recommends that firms take a strategic, proactive approach to compliance, balancing the immediate burdens with the potential to improve service quality and client satisfaction. As the landscape evolves, we will continue to monitor developments and provide guidance to ensure our clients remain compliant and competitive in this changing regulatory environment. Please reach out to your JGA audit quality expert, or contact: Joe Lynch, CPA, CITP Managing Director & Shareholder jlynch@jgacpa.com Shanett Edwards-Morton, CPA Director sedwards-morton@jgacpa.com

PCAOB Broker-Dealer Inspection Report Shares Results of 2023 Inspections and Good Practices to Address Audit Scenarios

By Tanieke Samuel, JGA Director and Don Melody, JGA Director August 14, 2024
On July 25, 2024, the PCAOB released the Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers (PCAOB Release No. 2024-009) which provides (i) information about its 2023 inspections approach, (ii) a summary of the 2023 inspections observations, (iii) a description of good practices that may be effective to address those scenarios; and (iv) reminders for firms of the requirements of certain PCAOB standards. The PCAOB observed higher deficiency rates in examination, review, and audit engagements, which it described as a cause for significant concern . The PCAOB report overall noted at least one deficiency was observed in 70% of the 103 audit engagements reviewed, which marked an increase from the 58% deficiency rate observed in 2022. As has been the trend we've seen over the last couple of years, when supporting clients going through inspection. We, at JGA, have seen the rigor of the inspection process increase, particularly in the areas of revenue, journal entry testing and increasingly, audit committee communications and independence-related matters. The PCAOB’s report outlined an increase in the deficiency rate that was primarily driven by the increase in the number of inspections performed of firms that have not been previously inspected and the increase in the deficiency rate in audit engagements observed at the largest audit firms reviewed. From our perspective, firms that have not been previously inspected are typically smaller practitioners and they may not be aware or prepared for the rigor of an inspection. The PCAOB identified an increase in the deficiency rate in examination engagements of compliance reports. Some deficiencies noted, among others, were around the lack of obtaining a sufficient understanding of the financial responsibility rules and planning the examination engagement by obtaining a sufficient understanding of broker-dealer processes. We have observed this statement expressed over the years and it is the root cause of many inspection findings. We have also seen this issue surface when providing in-flight reviews of audits for our clients. When we see this issue in our practice monitoring engagements, we encourage firms to provide their audit professionals with training around identifying, evaluating and testing relevant controls at their clients. The PCAOB report outlines that revenue deficiencies increased to 48% from 34% in 2022. As seen in previous years, as it relates to the audits of broker-dealer financial statements, the PCAOB noted the highest deficiency rate around firms’ responses to the risk of material misstatement for revenue. The PCAOB identified deficiencies around testing the accuracy of the amount of revenue recorded, including accuracy of inputs that determine revenue, across all revenue sources indicated in the annual report. Our clients have the most success in avoiding these issues by spending the time up front during the risk assessment process and performing detailed walkthroughs of the revenue cycle. The annual report also identified various other areas of deficiencies noted in the 2023 inspection cycle. One area to note is that for the first time, auditor independence was presented separately in the report and the PCAOB noted instances of deficiencies around non-compliance with PCAOB Rule 3526. This could be an indication of the increased focus by the PCAOB on independence-related matters. The PCAOB also observed an increase in deficiencies related to auditor communications with audit committees. Additionally, the report highlighted deficiencies identified around the monitoring of firms’ accounting and audit practice and indicated that some firms did not perform annual internal inspections. Through our work, we’ve noticed a direct correlation between inspection deficiency rates, and a loosely defined or poorly defined internal inspection program. As the expectations haven’t changed around this, we encourage firms to take a look at their internal inspection programs to ensure they specifically cover BD audits and have tailored procedures specific to the risks in a BD audit. Similar to previous reports, for certain areas, the PCAOB has also provided good practices and reminders as illustrative examples that firms may find effective in addressing various scenarios. These include, but were not limited to, good practices related to evaluating service organization reports and the scope of services covered and reliance on evidence in SOC 1 reports. JGA has provided objective, independent feedback to firms, in real-time as engagement teams perform audit procedures around SOC 1 report evaluation and reliance. In addition, we have found that in-depth training sessions to firms on how to evaluate reports on service organization controls have ensured that all engagement team understand the risks around SOC 1 evaluation, especially in areas related to significant risks and what regulators are looking for in an adequate evaluation. We encourage firms to thoroughly read the annual report and explore ways in which the good practices outlined in the report can be used in their audits going forward.

PCAOB Observations and JGA's Perspective on GenAI

By Geoff Dingle, JGA Managing Director and Stephanie Mickens, JGA Director July 31, 2024
The recent PCAOB spotlight on the integration of GenAI into audits and financial reporting highlights several key observations. GenAI integration is primarily in the early stages, with larger global network firms leading in deployment, mainly for administrative tasks and research activities. There is significant ongoing investment in GenAI tools, often through third-party partnerships, to assist in summarizing accounting policies and performing risk assessments. Data privacy and security are also major concerns, with some firms implementing safeguards to protect confidential information. The PCAOB emphasizes that human involvement remains crucial, with GenAI augmenting but not replacing human auditors. Supervision and review processes ensure accountability for GenAI-assisted work. However, risks related to the reliability of GenAI outputs, and the auditability of source data are noted, with firms developing specific instructions to improve consistency and accuracy. Among preparers, GenAI is used to draft internal documents and assist in repetitive processes, with human supervision ensuring the accuracy and reliability of these outputs. At JGA, our perspective based on our interactions with our clients aligns with the PCAOB's observations while offering critical insights. We have heard from our peers and concur that the current use of GenAI enhances efficiency in tasks such as data extraction, document review, workflow automation, and compliance monitoring. JGA supports the investment in GenAI, highlighting the use of machine learning to predict areas where engagement teams are likely to encounter issues based on historical data allowing for quality control measures. Expert systems are also being utilized to suggest whether to accept a new client based on similar cases and outcomes from other engagements. Emphasizing the need for specific controls, JGA concurs with the importance of data privacy and security to ensure data integrity, address biases, and ensure accuracy. Additionally, as firms prepare to implement the new QM standards into their QC process, it is important that firms recognize that the use of GenAI should be included in its risk assessment evaluation. While supporting the crucial role of human judgment, we agree with the importance of careful supervision of AI outputs to maintain high audit quality and compliance with regulatory requirements. Acknowledging the risks associated with GenAI, we encourage firms to implement transparent and explainable AI models to mitigate biases and inaccuracies. Ultimately, auditors should continue to evaluate and conclude on the relevance and reliability of data used in the conduct of the audit. Finally, we agree that GenAI should not be seen as a tool that minimizes or removes the auditor's responsibility for providing reasonable assurance on financial statements. GenAI should not be seen as a tool that minimizes or takes away the responsibilities of the partner signing the audit opinion - at the end of the day, the engagement partner still has the ultimate responsibility that the audit opinion provides reasonable assurance that the financial statements are fairly presented. In conclusion, JGA underlines a cautious yet optimistic approach to integrating GenAI in audits, emphasizing robust controls, human oversight, and continuous investment to enhance audit quality and compliance. The extent and use of GenAI is going to continue to grow all around the globe in every industry and profession. And this is true for the auditing profession as well. Leadership of firms must continue to embrace the continued use of GenAI but do so making sure they are identifying and evaluating risks related to the use of GenAI. For further insights on using technology in your audits, read our recent JGA Advisor article on JGA Team Perspectives: System of Quality Management – Using Technology in Your Practice and Audits . Also, feel free to reach out to us with questions at any time.

JGA Team Perspectives: Failure to Prepare is Preparing to Fail

By Jung Lee, JGA Director and Jackson Johnson, JGA President, Shareholder July 17, 2024
The PCAOB continues to emphasize the importance of quality control (QC) systems and intends to continue to focus on this area in its future inspections. Proposed PCAOB quality control standard QC 1000, A Firm’s System of Quality Control and Other Amendments to PCAOB Standards, Rules, and Forms , would replace current PCAOB quality control standards in their entirety. QC 1000 would require registered firms to implement and operate QC systems to execute policies and procedures developed to address quality risks, monitor operation of the policies and procedures, and take remedial actions when the policies and procedures are not operating effectively. It includes a requirement for firms to perform root cause analysis (RCA) of all quality control deficiencies and design and implement timely remediation actions. Firms should consider both internal and external inspection findings as part of monitoring. In addition, the IAASB and AICPA have adopted quality management standards, so firms are required to implement new processes to ensure their internal quality controls comply with the new requirements. Jung Lee, JGA Director, works with audit firms worldwide to improve their audit quality and navigate audit and QC regulatory requirements. “In general, the number of comments and enforcement actions from the PCAOB have increased significantly in the last three years, and this trend is not only at the PCAOB, but also other local audit regulators worldwide. Audit deficiencies are costly, time-consuming, and will increase regulatory scrutiny in future inspections,” Lee said. “There has been a general uptick in the level of enforcement activity, and regulators point to QC failures in the monitoring process as a contributing factor.” In April 2024, the PCAOB Staff issued a Spotlight: Root Cause Analysis—An Effective Practice to Drive Audit Quality . The PCAOB notes that RCA has been shown to be an effective practice to drive audit quality; rather than simply detecting and remediating audit deficiencies, by “focusing more on assessing underlying root causes of a deficiency…the deficiency can be effectively addressed and ultimately eliminated.” “The Spotlight shares observations from PCAOB inspections and how firms’ RCA has helped them address repeat or persistent inspection findings,” Lee stated. See more in JGA’s Alert, PCAOB Staff Report Shares Observations on How Root Cause Analysis Can Drive Audit Quality .” Continued Preparedness Planning With respect to their system of quality management, firms need to prepare to initially adopt QC standards and then must continue to evaluate them to remain in compliance year-after-year. The steps a firm should take are cyclical, starting with initial risk assessment and gap analysis, RCA and remediation, annual evaluation and testing of the SQM, and ongoing monitoring. Practice monitoring, a component of SQM – which includes pre/post issuance reviews -- ensures that a firm’s system of quality control provides reasonable assurance that the firm and its personnel comply with professional standards and the reports issued by the firm are appropriate. “We work with firms on remediation after PCAOB inspections and pre-issuance reviews,” said Jackson Johnson, JGA President and Shareholder. “In post inspection services, we assist firms with root cause analysis of identified audit deficiencies. RCA is the underpinning of a sound QC system, and proper root cause analysis helps ensure that deficiencies are remedied.” Remediation After Inspection Frequent areas of concern noted in RCA (the first step in remediation) include lack of proper firm methodology and training, technical knowledge and competence, personnel management, engagement considerations, and supervision and review (including due care). There are often multiple root causes contributing to one deficiency, so it is important for firms to continue to dig in and ask “why.” Remediation of all identified deficiencies will likely require firms to create new QC processes. Root cause of inspection deficiencies often relates to training. “The PCAOB normally recommends a very tailored, precise training related to the area of audit deficiency noted,” Lee said. “An example is the need for a specific training on testing for proof of delivery as part of performance obligations, but firms often offer a general training on revenue recognition under ASC 606. We can help clients obtain customized, tailored training solutions, both internal and external to the firm.” To supplement training, JGA has found that practice aids and templates help firms to ensure audit quality. “An example of a practice aid is a template for journal entry testing with considerations noted in AS 2401, paragraph 61, addressing issues auditors should watch out for when reviewing the criteria used for identifying journal entries as part of fraud procedures. We can review the methodology included in client-prepared templates or create them for clients. The PCAOB asks for templates as a form of remediation of deficiencies,” Lee said. “We help firms with practice monitoring including pre- or post-issuance reviews,” Lee added. “This way, someone outside of the firm’s engagement team or National Office can monitor the performance at both the firm SQC and engagement levels.” Pre-issuance Reviews Having an objective review of an audit before the audit opinion is signed and the audit report is issued (sometimes called an “in-flight review”) is a preventative control that allows firms to get ahead of deficiencies before an inappropriate opinion is issued. “Nothing is more important than a good quality audit, and we work with firms in lock step to help them prevent or minimize deficiencies,” Johnson said. “In this way, there is a more immediate impact on audit quality, because firms can make changes in real time during the current audit rather than waiting until the next audit to see if the issue is fixed.” “We are effectively performing real-time inspections and identifying deficiencies the PCAOB may find. JGA staff were former leaders of PCAOB inspection teams, so we look at audit engagements the same way the PCAOB staff does,” Lee adds. Crucial areas the PCAOB focuses on are planning, audit procedures, and completion. JGA walks with firms in each of these and considers what can go wrong in each. “An example of in-flight for accounts receivable will entail how the firm selected the items to confirm, including the use of sampling and whether it was a stratified sample. In addition, we look at frequent areas of PCAOB findings, including revenue recognition and accounting estimates,” Lee said. “We help firms apply both a preventative and detective approach to identify and remediate their audit quality concerns, which helps them gain insight into their system of quality control and how they perform their audit engagements,” Johnson said. “This not only helps them navigate the requirements of the new quality control standards but also will help them with the PCAOB inspection process and regulatory compliance overall.”
More Posts
Share by: