In September 2024, the PCAOB released a spotlight on auditor independence, highlighting critical observations from inspections (the “Spotlight”). As we react to these findings at JGA, we emphasize the importance of understanding these key themes and translating them into actionable solutions for our clients. 1. Audit Committee Pre-Approval of Services A persistent issue remains regarding the pre-approval of audit and non-audit services by audit committees. Too often, we see audit teams commence work prior to the date necessary engagement letters signed by the audit committee. This practice not only undermines compliance but also risks auditor independence. Actionable Insight: To mitigate this risk, firms should ensure that no work begins until the audit committee has pre-approved the engagement. Implementing an all-inclusive engagement letter that details all services—including consent and comfort letters, as well as quarterly reviews —will streamline the process and enhance compliance. 2. Independence Representations and Compliance Testing The Spotlight indicates an increase in the issuance of comment forms related to independence representations, particularly concerning personal independence compliance testing. A notable concern is the cutoff risk for new hires; for instance, if an independence representation is conducted annually in June, a new hire added in September may not be confirmed as independent. Actionable Insight: Firms should adopt a more frequent compliance representation and testing schedule—ideally quarterly or semi-annually—and ensure that new hires are included in these independence confirmations. This practice can help maintain independence throughout the audit engagement. Another best practice is to obtain independence representation from each new hire prior to commencing any work. Sometimes, we observe engagement partners stumble to respond on how they ensure all team members are independent of the issuer. Some firms require documenting individual team members independence reaffirmations within the issuer audit file while other firms rely on firm wide independence reaffirmations. In latter case, JGA recommends engagement partners should document that they checked that i) each team members’ independence representations had no exceptions and properly filed in the firm wide repository and ii) restricted list include this issuer. 3. Monitoring Restricted Entity Lists The spotlight highlights that smaller firms often circulate their restricted entity lists annually, which can lead to cutoff risks with new clients. This underscores the importance of continuous updates to the restricted list. Actionable Insight: Firms should verify independence based on an updated restricted entity list at the time of any new client engagement. Regular updates and confirmations of independence for new clients are essential to mitigate risks. Also, best practice is to obtain independence representations for each prospective audit client during client acceptance procedures. This practice along with new hire practice mentioned above would substantially bridge the gap between periodic firm wide independence reconfirmation processes. 4. Independence Policies The Spotlight notes that many smaller firms lack detailed written policies for monitoring independence. This gap can lead to inconsistencies in compliance and potential independence violations. Actionable Insight: JGA recommends that all firms, especially smaller ones, develop comprehensive written policies that detail how they monitor independence. This should include procedures for individual engagement independence certifications, ensuring all engagement team members have signed off on the firm-wide independence representation. The policy should outline regular independence testing procedures, including the nature, timing, frequency, and scope of these tests. This should encompass self-assessments of investment portfolio reviews for all partners, as well as independent testing of these reviews by an external consultant or HR personnel, including a sample of other audit staff. Policy should also provide guidance to all personnel on what to do in case of self-identified independence violations. Sometimes in attempt to self-cure the violation personnel may unintentionally exacerbate the issue. So, emphasize on promptly reporting independence violations over trying to self-cure them is very important. 5. Indemnification Clauses Indemnification clauses were particularly noted in foreign firms’ engagements, which can complicate compliance with U.S. requirements. It is crucial for firms to avoid creating conflicting terms across different engagement letters. Actionable Insight: Firms should use separate engagement letter templates for public company audits that strictly adhere to U.S. requirements. If an audit involves local statutory purposes, maintaining the most restrictive requirements across all engagements for the same client is advisable to ensure compliance. We note that most of the time it is not practicable to separate number of hours spent on local statutory audit while doing PCAOB audit. So, we strongly advise to remove any language that may be construed as indemnification of auditor liability from all engagements with SEC issuer audit clients. 6. Inclusion of Contractors in Independence Monitoring The oversight of contractors in the audit process can lead to lapses in independence compliance. The Spotlight suggests that many firms may not fully account for these individuals. Actionable Insight: Firms must obtain annual independence representations from all contractors before they commence work. Such independence representations should cover all period the contractors perform their work. This proactive measure will help ensure that independence is maintained throughout the audit process. Conclusion This spotlight on auditor independence serves as a crucial reminder of the ongoing challenges and the need for vigilance in compliance. At JGA, we are committed to bridging the gap between regulatory expectations and practical solutions. By implementing these actionable insights, firms can enhance their quality control systems, ensure compliance with respective standards and rules, and ultimately foster greater investor confidence. For personalized guidance on how to address these issues in your practice, reach out to your JGA Audit Quality Expert, or contact: Jackson Johnson, CPA President & Founding Shareholder jjohnson@jgacpa.com Farkhod Ikramov, CPA Director fikramov@jgacpa.com

The SEC’s recent approval of PCAOB’s QC 1000 standard marks a significant shift for accounting firms. QC 1000 aims to enhance the quality control (QC) systems of registered firms, with scalability based on firm size and complexity. The response from the industry, including our team at JGA, highlights both the challenges and opportunities that this change will present. This Alert outlines JGA's reaction to QC 1000 and discusses what it means for our clients. JGA commented on the proposal; you can read our position on the proposal here . During the SEC Open Commission Meeting on September 9, 2024, several notable points were raised regarding QC 1000. JGA’s review of the meeting and our team’s subsequent discussions focused on key risks with this change, such as the implementation challenges and effort, but also noted some positives regarding the potential for improved audit quality and opportunities to improve processes and managements insights. Our Main Takeaways Implementation Challenges QC 1000 requires all registered firms to design a system for compliance, even if they do not perform audits of issuers or broker-dealers. This is a significant concern, as firms may need to design systems for hypothetical scenarios, leading to confusion and unnecessary costs. Around 60% of firms will need to design frameworks they may not use. The standard imposes a higher level of rigor compared to existing QC standards, and firms may face difficulties aligning their systems with the new prescriptive requirements. Hester Peirce, one of the SEC Commissioners, cited these challenges as reasons for her opposition, echoing concerns from many smaller firms. Considerations Regarding Effort The design-only requirement (without immediate operational implementation) introduces additional costs for firms, particularly in smaller firms or those that do not handle issuer audits. Paul Munter, SEC’s Chief Accountant, acknowledged that firms could face increased costs, particularly those related to additional personnel, training, and system design. Scalability and Continuous Improvement On the positive side, JGA sees QC 1000 as a framework that, while complex, offers scalability based on firm size. This presents an opportunity for firms to improve audit quality continuously, which is likely to enhance their standing in the marketplace. While some firms might not feel immediate benefits, especially those focusing on non-issuer audits, the overall emphasis on audit quality in capital markets aligns with the long-term interests of many firms. Confidentiality Concerns The content of the new QC forms required under QC 1000 may raise concerns about confidentiality. While some protections are in place, firms must remain cautious about the sensitivity of the information included in these forms. What This Means for Our Clients For our clients—primarily accounting firms that must adopt QC 1000—the implications are multifaceted. Increased Compliance Burden: Clients will need to overhaul or redesign their QC systems, which will incur both time and financial investments. The 60% of firms that Commissioner Peirce mentioned, which are only hypothetically impacted by the standard, must still dedicate resources to comply, even if their actual use of QC 1000 remains limited. Cost of Implementation: Smaller firms will likely face disproportionately high costs as they align their systems with QC 1000's rigorous requirements. JGA recommends that clients assess their current QC systems and consider phased approaches to implementation where feasible. Partnering with external consultants or firms with QC expertise may help mitigate some of these costs. Training and Education Needs: Significant training will be necessary to ensure that teams understand and comply with QC 1000’s requirements. JGA encourages clients to begin training key personnel now, particularly those involved in quality control and compliance, to ensure a smooth transition. Scalability and Competitive Advantage: For firms able to navigate the transition successfully, there is the potential for a competitive advantage in the market. The emphasis on continuous improvement in audit quality could position firms as leaders in audit services, attracting clients who prioritize regulatory compliance and high-quality audits. Future Regulatory Scrutiny: The new standard may invite closer scrutiny from regulatory bodies like the PCAOB, particularly as it relates to the design of QC systems. Firms should expect more frequent inspections, and the robustness of their QC systems may become a key focus. Client Communication: JGA advises that firms begin communicating with their clients about the upcoming changes and the steps they are taking to ensure compliance. Transparency in this process will help maintain trust and demonstrate proactive management of regulatory changes. Conclusion QC 1000 represents both a challenge and an opportunity for our clients in the accounting sector. While the increased costs and implementation challenges are concerning, the scalability and focus on audit quality could yield long-term benefits. JGA recommends that firms take a strategic, proactive approach to compliance, balancing the immediate burdens with the potential to improve service quality and client satisfaction. As the landscape evolves, we will continue to monitor developments and provide guidance to ensure our clients remain compliant and competitive in this changing regulatory environment. Please reach out to your JGA audit quality expert, or contact: Joe Lynch, CPA, CITP Managing Director & Shareholder jlynch@jgacpa.com Shanett Edwards-Morton, CPA Director sedwards-morton@jgacpa.com

On July 25, 2024, the PCAOB released the Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers (PCAOB Release No. 2024-009) which provides (i) information about its 2023 inspections approach, (ii) a summary of the 2023 inspections observations, (iii) a description of good practices that may be effective to address those scenarios; and (iv) reminders for firms of the requirements of certain PCAOB standards. The PCAOB observed higher deficiency rates in examination, review, and audit engagements, which it described as a cause for significant concern . The PCAOB report overall noted at least one deficiency was observed in 70% of the 103 audit engagements reviewed, which marked an increase from the 58% deficiency rate observed in 2022. As has been the trend we've seen over the last couple of years, when supporting clients going through inspection. We, at JGA, have seen the rigor of the inspection process increase, particularly in the areas of revenue, journal entry testing and increasingly, audit committee communications and independence-related matters. The PCAOB’s report outlined an increase in the deficiency rate that was primarily driven by the increase in the number of inspections performed of firms that have not been previously inspected and the increase in the deficiency rate in audit engagements observed at the largest audit firms reviewed. From our perspective, firms that have not been previously inspected are typically smaller practitioners and they may not be aware or prepared for the rigor of an inspection. The PCAOB identified an increase in the deficiency rate in examination engagements of compliance reports. Some deficiencies noted, among others, were around the lack of obtaining a sufficient understanding of the financial responsibility rules and planning the examination engagement by obtaining a sufficient understanding of broker-dealer processes. We have observed this statement expressed over the years and it is the root cause of many inspection findings. We have also seen this issue surface when providing in-flight reviews of audits for our clients. When we see this issue in our practice monitoring engagements, we encourage firms to provide their audit professionals with training around identifying, evaluating and testing relevant controls at their clients. The PCAOB report outlines that revenue deficiencies increased to 48% from 34% in 2022. As seen in previous years, as it relates to the audits of broker-dealer financial statements, the PCAOB noted the highest deficiency rate around firms’ responses to the risk of material misstatement for revenue. The PCAOB identified deficiencies around testing the accuracy of the amount of revenue recorded, including accuracy of inputs that determine revenue, across all revenue sources indicated in the annual report. Our clients have the most success in avoiding these issues by spending the time up front during the risk assessment process and performing detailed walkthroughs of the revenue cycle. The annual report also identified various other areas of deficiencies noted in the 2023 inspection cycle. One area to note is that for the first time, auditor independence was presented separately in the report and the PCAOB noted instances of deficiencies around non-compliance with PCAOB Rule 3526. This could be an indication of the increased focus by the PCAOB on independence-related matters. The PCAOB also observed an increase in deficiencies related to auditor communications with audit committees. Additionally, the report highlighted deficiencies identified around the monitoring of firms’ accounting and audit practice and indicated that some firms did not perform annual internal inspections. Through our work, we’ve noticed a direct correlation between inspection deficiency rates, and a loosely defined or poorly defined internal inspection program. As the expectations haven’t changed around this, we encourage firms to take a look at their internal inspection programs to ensure they specifically cover BD audits and have tailored procedures specific to the risks in a BD audit. Similar to previous reports, for certain areas, the PCAOB has also provided good practices and reminders as illustrative examples that firms may find effective in addressing various scenarios. These include, but were not limited to, good practices related to evaluating service organization reports and the scope of services covered and reliance on evidence in SOC 1 reports. JGA has provided objective, independent feedback to firms, in real-time as engagement teams perform audit procedures around SOC 1 report evaluation and reliance. In addition, we have found that in-depth training sessions to firms on how to evaluate reports on service organization controls have ensured that all engagement team understand the risks around SOC 1 evaluation, especially in areas related to significant risks and what regulators are looking for in an adequate evaluation. We encourage firms to thoroughly read the annual report and explore ways in which the good practices outlined in the report can be used in their audits going forward.

Updated 7.3.2024 The SEC recently announced that it is extending the deadline for comments on QC 1000 to July 16, 2024 . JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here . Previous updates on QC 1000 5.13.2024 On May 13, 2024 the PCAOB held an Open Board Meeting - PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control . The PCAOB considered adopting a new auditing standard – AS 1000, General Responsibilities of the Auditor in Conducting an Audit as well as QC 1000, A Firm’s System of Quality Control. JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here . PCAOB Updates PCAOB Solidifies Foundation of Every Audit With Adoption of New Standard on General Responsibilities of the Auditor PCAOB Adopts New Quality Control Standard With a Risk-Based Approach Designed to Drive Continuous Improvement in Audit Quality

Editor’s note: This article is part of a series to highlight the unique experience that JGA professionals possess and deliver to our clients. The implementation of systems of quality management is a recent focus area of standard-setters and has become a high priority for firms of all sizes. International Standard on Quality Management (ISQM) 1 requires all firms that perform engagements under the IAASB’s international standards to have systems of quality management designed and implemented by December 15, 2022. The AICPA’s Statement on Quality Management Standards (SQMS) No. 1 requires systems of quality management to be designed and implemented by December 15, 2025, with required evaluation of the system within one year following that date. On May 13, the PCAOB approved QC 1000, A Firm’s System of Quality Control and Other Amendments to PCAOB Standards, Rules and Forms, which would replace current PCAOB quality control standards in their entirety. The standard is undergoing review by the SEC. It will apply to all PCAOB-registered firms and will be effective December 15, 2025. It will require firms to identify their specific risks and design a quality control system that includes policies and procedures to guard against those risks, with mandatory annual reporting by the firms. To manage the implementation journey, every firm should develop a roadmap that incorporates existing policies, processes and procedures as well as the need for additional or newly designed policies, processes and procedures. Throughout the remainder of this article, Mark Whittenberg and Shanett Edwards-Morton share their thoughts and recommendations on how technology should be incorporated within the firm’s system of quality management, in order to drive, monitor and maintain audit quality. This includes technology that is used to support engagement teams as well as technology used in the firm’s operations. Technology for Audits and Quality Management While compliance is often the driver when implementing quality control standards , there is strategic value for firms to look at their internal processes for getting audits done and the technology tools and software they use and make improvements that can benefit overall quality management. There is already a rapid change in use of technology in audits, and clients are expecting firms to use technology to enhance efficiency and provide more meaningful insights. Firms should have a plan to incorporate technology into both their engagements and their system of quality management. “Outside the Big 4, firms used to have a handful of software tools they used for audits, but now there is increased investment and rapid development of new applications and more advanced technology,” Whittenberg said. “Firms that don’t use technology for their audits will be at a competitive disadvantage, and it takes time and resources to implement technological changes.” Technology and the System of Quality Management In evaluating technologies and automated tools (i.e., technology resources) related to a firm’s system of quality management (SQM), it is important to consider the overall SQM framework, including the risk assessment process component, the monitoring and remediation process component, and the other components (governance and leadership, relevant ethical requirements, acceptance and continuance, engagement performance, resources, information and communication). Categories of technology resources include those: Related to the design, implementation, and operation of the firm’s SQM – for example to: monitor personnel independence and ethics violations, track personnel time and assess workload, retain and maintain engagement related documentation, and record the firm’s considerations around client acceptance and continuance; Used by engagement teams in performing the engagement – for example: audit software and automated tools used on an engagement to prepare and compile documentation, and tools and software for firm methodology and policies; and Used to ensure effective operation of IT applications – for example: operating systems and databases, hardware, and logical access. When seeking technology solutions for quality management, it is important to first identify the pain points and needs. “Vendor demonstrations at conferences are catchy, but firms frequently buy the software and then say, ‘Now what?’ if they do not have a use case, have not thought about how to apply it to their clients and firm’s specific needs, or do not have the necessary data available,” Whittenberg said. “Firms may have technology that supports their SQM, but they also must have technology tools to help them manage their workflows and components in order to evaluate their overall SQM,” Edwards-Morton said. “It is critical that firms ensure technology is addressed during each step of the SQM implementation process, and that the right technology is deployed for the risks identified.” Firms may attempt to use existing audit software tools that were not designed for this evaluation and for ongoing monitoring and remediation. Firm Operational Monitoring Tools Technologies can drive consistency in firm operations, which impacts quality management. “Firms often use a lot of manual monitoring of their operations, but as they see other firms adopting technology in this area, they are looking into applications, so they do not get left behind,” Edwards-Morton said. Common examples are firms using Excel spreadsheets or Word checklists for engagement acceptance and continuance procedures, independence compliance, and training and tracking CPE. “Technology can look at firm data in more depth and in less time, identify conflicts and risks, and generate evidence that responsive actions were performed, and effectiveness was tested, which is required by the standards,” Whittenberg said. A number of vendors provide operational monitoring tools in areas of risk assessment, ethics and independence, and human resource management and scheduling. Solutions are available to address specific problems and are easier to integrate today. “Cloud-based software permits firms to ramp up quickly without a lot of configuration and to interface with firm software and connect different systems to obtain better insights and monitoring,” Whittenberg said. The new standards require an analysis of the root cause of QC deficiencies t which can be difficult to perform when the data is contained in multiple databases. Cloud-based software can manage data and provide connections to issues that are spread across the firm but contribute to quality risks. Engagement Team Specific Monitoring Tools These are the tools used to perform certain audit procedures, including project management, data analytics, audit documentation, and other solution-specific tools. “These tools are where firms get the biggest bang for their buck, and they are important for client-facing activities,” Whittenberg said. Use of technology in this area can impact team engagement performance and quality. Examples include DataSnipper, that can read financial statements or SOC reports, identify key information auditors need, and auditors can review the information then copy and paste it into audit workpapers. Best Practices in Implementing Technology Tools and Software There are different stages in a software audit tool maturity model, ranging from basic audit documentation software to advanced tools for data analytics and visualization. It is important for firms to assess where they are and have a plan in place. Not all firms need the most advanced solutions, but it is important to anticipate both current and future needs. Firms should start with a use case that identifies the problems to be solved and the software or other solutions that may address their needs. In developing software tools, we recommend a multistep approach that begins with taking a software inventory of tools in use and assessing the engagement team process and the completeness and accuracy of data inputs and outputs. Future tool planning identifies desired future capabilities, the people and processes, training, and the rollout plan. There are a number of risks to consider, including data completeness and accuracy, change management during development and in production, access, and IT general control weaknesses that can impact operating effectiveness. The biggest challenges in integrating technology are lack of buy-in and support from firm leadership, commitment to a long-term investment in technology, resistance to change from auditors, and managing skill gaps. Artificial Intelligence There is a lot of optimism about the potential use of AI for audits, in areas like risk identification and predictive analytics, automating manual tasks, analyzing and testing complete volumes of data, identifying anomalies, and documentation. Also, there are potential applications for firm monitoring and quality management, including, among others, acceptance and continuance, independence and conflicts of interest, and scheduling and resource optimization. “There is a lot of promising software out there, but most firms are not fully using it yet,” Whittenberg said. “Machine learning will get smarter as it continues to ingest data, but it’s not there yet at a large scale, and Chat GPT is producing information that is not yet usable.” As AI evolves, firms should look at their competencies, risks, and proposed solutions and consider whether their required investment will help them improve their audit quality and engagement monitoring. “As firms think about the new quality management standards’ requirements, many may be overwhelmed, especially the smaller firms," Whittenberg said. “They must have a plan to incorporate technology into both their engagements and their SQMs, because their competitors are doing it.“ Firms moving into compliance with the new quality standards (ISQM 1, SQMS 1, and QC 1000) is a significant change. To manage these considerations, every audit firm should have an implementation plan to look at their internal processes for getting audits done. If you have any questions regarding these standards and preparation for compliance, please feel free to contact us.

On May 3, 2024, the SEC charged audit firm BF Borgers CPA PC and Benjamin F. Borgers (collectively, “Borgers”) with fraud affecting more than 1,500 SEC filings. According to the SEC’s Order , of the 369 BF Borgers clients whose public filings from January 2021 through June 2023 incorporated BF Borgers’ audits and reviews, at least 75% of the filings incorporated BF Borgers’s audits and reviews did not comply with PCAOB standards. Because a significant number of issuers have been impacted by the Order, the SEC’s Division of Corporation Finance released a statement on the topic (the “CF Release”). According to the CF Release, issuers that have engaged Borgers to audit or review financial information to be included in any Exchange Act filings to be made on or after the date of the Order will need to engage a new qualified, independent, PCAOB-registered public accountant. Further, the CF Release provides that: Form 10-K and Form 20-F filings on or after the date of the Order may not include audit reports from Borgers; and Form 10-Q filings on or after the date of the Order may not present financial information reviewed by BF Borgers. Accordingly, affected entities will be required to engage a new qualified, independent, PCAOB-registered public accountant to perform the current annual audit and quarterly reviews, as well as perform re-audits and rereviews of all relevant impacted periods. The CF Release also stated that “Exchange Act reports that were filed before the date of the Order do not necessarily need to be amended solely because of the Commission’s entry of the Order. However, issuers should consider whether their filings may need to be amended to address any reporting deficiencies arising from the BF Borgers engagement.” This document provides some helpful information for auditors who are considering or have recently accepted an audit engagement with an affected entity. Specifically, it discusses topics such as interim reviews, client acceptance and communications with the predecessor auditor. Interim Reviews The successor auditor may conduct the review of the current year interim financial information and the rereview of the prior year corresponding interim period, provided the firm also simultaneously proceeds with the annual audit and reaudits of the latest year (or years, depending on the client’s filing situation, i.e. based on the number of comparative periods presented). Auditors can find the requirements relating to reviews of quarterly financial statements in AS 4105 , Reviews of Interim Financial Information . According to that standard, an auditor may conduct a review of the interim financial information of an SEC registrant if the entity's latest annual financial statements have been or are being audited . (AS 4105.05) Because successor auditors will begin the reaudit of the prior year financial statements immediately following their engagement, auditors are permitted to proceed with the review of the clients’ quarterly financial statements for inclusion in the company’s Form 10-Q filing with the SEC. There are certain specific requirements auditors should be aware of when conducting initial reviews of interim financial statements relating to obtaining knowledge about internal controls and communicating with the predecessor auditor. Those requirements can be found at AS 4105.12 and .13. We encourage auditors to read and understand the requirements of AS 4105 before committing to engaging new clients. Client Acceptance As indicated in the CF Release, any prior period financial statements that had previously been audited by Borgers will need to be reaudited by the newly engaged auditor for inclusion in the issuers next Form 10-K or Form 20-F. Prior to starting an initial audit, the successor auditor will also be required to perform procedures regarding acceptance of the client relationship and the specific audit engagement; and communicate with the predecessor auditor as described in AS 2101.18. It is advisable that any firm should follow their client acceptance procedures with rigor. Prior to acceptance, firms should read the SEC Order carefully and consider the variety of risks involved with each prospective client, especially the heightened risk that a material misstatement may exist on prior year financial statements. Firms will also need to extend their acceptance procedures to cover all periods subject to reaudit. A few special considerations to highlight: Determine the auditing procedures necessary (and the ability) to obtain sufficient appropriate audit evidence regarding opening balances and consider the obstacles that may be involved. Perform background checks of management and the board of directors and understand the reasons for departures and changes from the date of the opening balances (and possibly beyond) to the present. Review all SEC comment letters and responses for all periods under audit and reaudit. For perspective clients with inventory, special consideration will need to be given as to how to obtain appropriate audit evidence because of the inability to perform physical inventory observation procedures in the prior periods. Inquire about the prospective clients’ books, records, internal controls and IT systems to understand the ability to obtain reliable information timely for all periods under audit. Assess whether the firm has the skills, knowledge and experience to take on a new client, and if the firm is considering taking on multiple issuers, whether they have the internal resources to perform the audits with the appropriate level of audit quality. Communications with the Predecessor Auditor PCAOB standards at AS 2610 require the successor auditor to communicate with and make a variety of inquiries with the predecessor auditor prior to accepting the engagement and that acceptance cannot be final until the communications received from the predecessor have been evaluated. Inquiry of the predecessor auditor is a necessary procedure because the predecessor auditor may be able to provide information that will assist the successor auditor in determining whether to accept the engagement. In addition, the successor auditor should request and review the working papers of the predecessor auditor for all periods that will be subject to reaudit. When possible misstatements are discovered during the audits or reaudits, the successor auditor will also be required to communicate with the predecessor auditor. According to PCAOB standards, in an initial review of interim financial information the auditor should perform procedures that will enable him or her to obtain sufficient knowledge of the entity’s business and its internal control. The standard goes on to describe steps the auditor should take, which includes making certain inquiries of the predecessor auditor and reviewing the predecessor auditors’ workpapers (including both the audit and quarterly review workpapers). The standard also states that, “if the predecessor accountant does not respond to the successor accountant's inquiries or does not allow the successor accountant to review the predecessor accountant's documentation, the successor accountant should use alternative procedures to obtain knowledge of the matters discussed in [that] paragraph.” Given the number of affected entities described in the Order, it is unclear whether Borgers will reply to successor auditor inquiries and how timely the responses will be. Thus, auditors considering accepting these engagements will need to be prepared to perform alternate procedures to address the possible gaps during the acceptance process. In summary, even though the facts and circumstances described in this SEC Order are unique, successor auditors are still required to perform the PCAOB standards’ requirements as described above.

Updated 5.13.2024 On May 13, 2024 the PCAOB held an Open Board Meeting - PCAOB to Consider Adopting New Standards on General Responsibilities of the Auditor in Conducting an Audit, Quality Control . The PCAOB considered adopting a new auditing standard – AS 1000, General Responsibilities of the Auditor in Conducting an Audit as well as QC 1000, A Firm’s System of Quality Control. JGA provided comments to the PCAOB on the proposed QC 1000 standard. To read our comments please click here . The PCAOB proposed standard QC 1000, A Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules and Forms, is available here . The new standard is available for viewing here .  PCAOB Updates PCAOB Solidifies Foundation of Every Audit With Adoption of New Standard on General Responsibilities of the Auditor PCAOB Adopts New Quality Control Standard With a Risk-Based Approach Designed to Drive Continuous Improvement in Audit Quality

PCAOB Publishes Spotlight Related to Root Cause Analysis In April 2024, the PCAOB released a Spotlight Root Cause Analysis – An Effective Practice to Drive Audit Quality which continues the Board’s goal of sharing its observations from its inspection and remediation activities, but this time related to Root Cause Analysis (RCA). RCA should not be a new concept to audit firms. In 2020, we published RCA: Seems like EVERYBODY is talking about Root Cause Analysis , where we shared the importance of performing an effective RCA to be able to understand what are the underlying causes of deficiencies which occur at your firm. We wanted to highlight a few important aspects coming through in this April 2024 Spotlight. The Spotlight rightly stated that RCA should be a multifaceted approach . There are a number of different tools, techniques, processes, and philosophies that firms can undertake to perform a RCA. In addition, there may not always only be one factor that is causing a deficiency – it could be a variety of factors such as lack of technical competence, failure of resource allocation at firm level, etc. The Spotlight also identified characteristics of a well-designed RCA process , which are important to highlight as follows: Have a dedicated team with RCA experience perform the RCA as they are more objective and have the requisite background. In helping our clients with RCA, we find by bringing in our objectivity, our PCAOB standards experience coupled with our RCA experience, engagement teams are more willing to be open and honest with their opinions of where they see potential root causes that resulted in deficiencies. Firms use a variety of methods and techniques to gather data which include review of workpapers, interviews with engagement teams immediately after the deficiencies are identified, and review of engagement metrics. All this information combined paints an informative picture of what caused the deficiencies. Firms should not only focus on looking at engagements that had negative quality outcomes, but also focus on looking at engagements which had positive outcomes arising from inspections or the firm’s internal monitoring. By identifying what worked well with some engagement teams, firms can then use that information to drive change with other engagement teams. Lastly, firms should be aware that the task of identifying root causes and implementing a new action to remediate this deficiency does not mean that the job is done. Firms should monitor these remedial actions to determine whether the actions that they undertook are in fact solving the problem. In conclusion, there is no time like the present to strengthen your RCA process . Remediating deficiencies (by providing training, developing new tools and templates, changing processes, etc.) is a time consuming and costly undertaking…you want to make sure that the action you are investing in, is actually going to remedy the problem. In addition, the PCAOB’s standard setting agenda includes a proposal for the new quality control standard that, if adopted, would require firms to perform RCA of its control deficiencies. Our recommendation is to start implementing your RCA process now so that you can refine and modify your RCA process.