AI and the Pursuit of Audit Quality: A Regulatory Perspective

Date:: Sep. 16, 2025
Speaker:: Christina Ho, Board Member
Event:: The MindBridge Vision 2025
Location:: Virtual

Remarks as prepared for delivery

Thank you for that kind introduction.

I am delighted to be speaking at this conference. In particular, this is a conference about the power of AI in defining the future of finance and audit, which is a topic I am very passionate about. I want to first make clear that the views I express today are my own and do not necessarily reflect the views of the Public Company Accounting Oversight Board (PCAOB), other PCAOB Board Members, or PCAOB staff.

Dawn of a New PCAOB Era in Promoting Innovation and Driving Change

I believe that the PCAOB is at the dawn of a new era – an era where the PCAOB will “pick up the mantle” and take a newfound and long overdue leadership role in promoting innovation and driving change in public company and broker-dealer auditing through the PCAOB’s standard setting program.

This new era kicked off last month when the PCAOB Board, under the leadership of Acting Chair George Botic, authorized the public release of the PCAOB’s Technology Innovation Alliance Working Group’s May 30, 2024, “Future State Deliverable.” I am grateful to the PCAOB Board and the Securities and Exchange Commission for supporting the release of the Future State Deliverable, which you can find on the PCAOB website.

By way of background, in November 2022, the PCAOB announced the formation of the Technology Innovation Alliance Working Group or “TIA” whose official activities concluded in 2024. The TIA membership consisted of ten external professionals with expertise in emerging technologies, including technologies used by financial statement preparers and auditors. The PCAOB tasked the TIA with making recommendations to the PCAOB Board on how the PCAOB’s existing or future oversight programs might address the use of emerging technologies by auditors and preparers – which is why we call these recommendations the “Future State Deliverable.” Although this deliverable was publicly released 15 months after its completion, the recommendations are still highly relevant despite the rapid advancement of technology, especially GenAI. The TIA Future State Deliverable contains four strategic ideas or pillars to promote the use of technology in audit.

The first pillar is titled “Promoting Structured Data Creation and Dissemination in Public Company Audits.” It recommends standardizing the audit documentation structure so that it can be used in AI and data analytics to facilitate discovery, information identification, analyses of trends, and efficiency. One of the possible next steps recommended is to develop a proof-of-concept audit documentation taxonomy in one or more selected audit areas and test its utility with relevant stakeholders. The benefits of standardized audit documentation structure could be far reaching because it forms a critical component of the infrastructure for a continuous audit technology ecosystem. Consequently, it can accelerate the adoption and accessibility of AI technology including agentic AI auditing for auditors of all sizes and regulators. In addition, a standardized structure can enable more efficient internal monitoring by the firms as well as PCAOB inspections. Based on publicly available data, the U.S. Big Four firms audit about 80% of the market capitalization of public companies listed on U.S. exchanges; non-Big Four U.S. Annual and Triennial firms, combined, audit less than 2% of the total market capitalization of U.S. listed public companies; and the remaining market capitalization of approximately 18% is audited by non-U.S. Triennial firms. Currently, PCAOB has approximately 430 FTEs in the Firm Inspections Group.¹ In 2024, PCAOB inspected 255 audit engagements conducted by Big Four firms and 179 by the ten non-Big Four Annual firms. For Triennial firm inspections, PCAOB inspected 74 U.S. Triennial firms and 70 non-U.S. Triennial firms.² If you are looking at these data, it is clear that the PCAOB is not efficiently allocating its inspection resources to maximize investor protection. The standardized audit documentation structure would enable a more efficient and risk-based inspection approach.

The second pillar is titled “Using AI in Audit.” It recommends that the PCAOB consider developing risk management guidance containing principles and frameworks to help audit firms responsibly use AI in auditing. Regulatory transparency and clarity incentivize auditors to leverage technology effectively and therefore promote audit quality.

The third pillar is titled “Regulatory Innovation Capacity Building: Facilitate Ongoing Innovation in Audit Quality.” It recommends that the PCAOB establish an “Innovation Lab” that would, for example, engage in structured experimentation and information sharing among the PCAOB, audit firms, preparers, and technologists. As a threshold matter, the PCAOB’s standard setting approach has historically been technology neutral where our standards have neither discouraged nor encouraged the use of existing or nascent technologies. That approach might have been appropriate in the past when technological innovation moved at a much slower pace. But today with technological innovation in just AI alone moving at break-neck speed, a technology-neutral approach is akin to being an anchor that weighs down innovation. I believe the PCAOB needs to promote innovation and instead of being an anchor, the PCAOB should be an engine that catalyzes innovation in public company auditing with the end goal being improved audit quality.

Let me give you a hypothetical example involving the PCAOB’s inspection program. Let’s say an audit firm uses an AI tool to test 100% of journal entries, as opposed to taking the traditional, manual sampling approach. One scenario is that PCAOB inspectors recognize 100% testing as an improvement over the manual sampling approach, because it provides more audit coverage. The second scenario is that the lack of clear PCAOB standards and guidance on what constitutes an acceptable AI-based audit and how compliance is to be assessed results in inspectors seeking unreasonable levels of detail from the audit firm about its AI model and the associated procedures performed. By requiring the audit firm to “turn over every rock,” the firm decides to return to manual sampling because manual sampling is less risky from a PCAOB compliance standpoint. So, I ask you, does going from 100% testing to a sampling approach advance investor protection? I believe the answer is a clear “no.” Under this hypothetical example is the PCAOB an anchor weighing down innovation or is it an engine supporting and catalyzing innovation? I believe the answer again is clear.

This is where the TIA’s Innovation Lab recommendation comes into play. An Innovation Lab could serve as a catalyst for improved audit quality by helping to both formulate and test technology-driven standards before adoption through a new standard setting approach, based on a paper I co-authored with three forward thinking academics titled “A Blueprint for Agile Audit Standard Setting in a Fast-Moving World.”³ This paper contains an agile standard setting blueprint that I believe the PCAOB should explore when it comes to technology-driven standards, at a minimum. I will discuss this agile standard setting blueprint in some detail later.

In sum, the benefits of an Innovation Lab are that it would promote both technology experimentation and the timely formulation of technology-driven standards, without the risk of changing existing standards prior to gaining a robust understanding of the risks, if any, that technology-driven standards could pose to audit quality.

And before I delve into a description of the agile standard setting approach that I mentioned, I want to quickly summarize the fourth and final pillar of the TIA Future State Deliverable.

The fourth pillar is titled “Encourage Technology Literacy in Auditor Skillsets.” It recommends that the PCAOB encourage institutions of higher education to include in their accounting curricula AI and advanced principles of data analytics. It also recommends that the PCAOB encourage research on the impact of auditor technology literacy on audit quality. With the rapid advancements in technology, the auditing profession needs its practitioners to be technology literate to drive audit quality.

The PCAOB Should Explore a New “Agile” Standard Setting Approach

Back to my idea on how the PCAOB should explore modifying its standard setting approach, particularly with regard to technology-driven standards, I want to first describe the PCAOB’s historic standard setting approach. To my knowledge, the PCAOB has consistently followed linear “notice-and-comment” procedures where the PCAOB alone writes the proposed standard. Once the PCAOB Board approves a proposed standard, the PCAOB solicits public comments; considers the comments received; and after considering the comments adopts a final standard. The notice-and-comment process is tried and true, but I question whether it alone will always be the most effective way to proceed when it comes to technology-driven standards. Recent developments in technology demand a more adaptive regulatory response, which the PCAOB must recognize in its standard-setting approach. Specifically, the PCAOB cannot afford to allow ambiguous standards to impede innovation in public company auditing, especially when innovation can significantly improve audit quality and enhance investor protection.

By using an “agile” framework, we could break away from treating each standard as a large, singular project, and instead take a nimbler approach by breaking complex topics into smaller, manageable modules. Formal sprint cycles would structure this work using fixed periods of time to produce specific outputs, such as draft sections of standards or draft staff guidance. These sprints would conclude with internal PCAOB staff reviews, followed by Innovation Lab pilots where such standards could be tested with volunteer firms and other stakeholders before going through the notice-and-comment process.

The paper I co-authored references stakeholder input being continuous through recurring working groups that provide feedback for each specific project before the proposal stage, which would integrate diverse perspectives from the beginning. By conducting pilot tests with diverse stakeholders such as audit firms, preparers, technologists, and investors, the PCAOB is more likely to adapt (and ultimately adopt) standards that catalyze innovation, improve audit quality, and protect investors.

There is an existing methodology for continuous stakeholder engagement that is used infrequently called “negotiated rulemaking.” While the paper does not specifically reference “negotiated rulemaking,” I believe adapting some “negotiated rulemaking” processes to agile standard setting would be consistent with the paper’s agile standard setting blueprint. As a threshold matter, the Congressional Research Service issued an April 12, 2021, report titled “Negotiated Rulemaking: In Brief” that provides a good explanation of “negotiated rulemaking” and its use by federal agencies.⁴

Negotiated rulemaking brings to the standard setting table a group of balanced and diverse external stakeholders with subject matter expertise, representing, for example, audit firms, preparers, investors, and technologists, to provide feedback throughout each standard setting project. The goal of negotiated rulemaking is to reach consensus on the text of the proposed standard, with notice-and-comment following thereafter. By investing PCAOB and stakeholder resources on the front-end, such resources could be conserved at the back end and ultimately result in a better standard that benefits all stakeholders.

In conclusion, while the auditing profession is rising to the challenge in its use of innovative technologies, the PCAOB must emerge out of the shadows and issue standards and guidance that accelerate audit firm adoption of such technologies to improve audit quality for the benefit of investors in the U.S. capital markets. This is consistent with SEC Chair Atkins’ vision for the SEC, where he stressed this past May the importance of the SEC getting back to its roots of promoting, rather than stifling innovation.⁵ In that vein, doing nothing is not a viable option for the PCAOB, because what makes the U.S. capital markets the largest and most liquid capital markets in the world is not only highly innovative companies but also a well-established regulatory system that works to protect against market manipulation and promote market efficiency, integrity, and investor protection. The PCAOB must do its part and rise to the challenge.

Thank you MindBridge for inviting me and I thank all of you for hearing my views. I look forward to your questions and thoughts.

¹ https://pcaobus.org/news-events/speeches/speech-detail/pcaob-chair-williams-statement-on-the-2025-budget

² https://pcaobus.org/oversight/inspections/firm-inspection-reports?effectivedateyear=2024

³ https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5372900

⁴ https://www.congress.gov/crs-product/R46756#:~:text=Source%3A%20CRS.,of%20representational%20and%20balanced%20interests.

⁵ https://www.sec.gov/newsroom/speeches-statements/atkins-prepared-remarks-sec-speaks-051925