Chair Williams’ Statement on New Quality Control Standard

Remarks as prepared for delivery

When the PCAOB issued the proposed quality control (QC) standard for comment, I called it a “watershed moment,” and I am proud to see us take the next step today toward better protecting investors.

Firms’ QC systems lay the very foundation for how they approach audits.

When QC systems operate ineffectively, investors are put at risk. But, when QC systems operate effectively, quality audits performed in accordance with applicable professional and legal requirements are likely to follow – leaving investors better protected.

Of course, to be effective, our QC standard must be fit for purpose in today’s world. And like far too many standards we are working to update, the current QC standards are largely the same as when the PCAOB opened its doors over 20 years ago.

Today, we hope to take another significant step toward changing that.

The new standard requires all registered firms to identify their specific risks and design a QC system that includes policies and procedures to guard against those risks.

It strikes a balance by introducing a risk-based approach that can be applied by firms of varying sizes and complexity, while also imposing requirements to ensure each QC system is designed, implemented, and operated with an appropriate level of rigor.

Then it sets up a feedback loop – one powered by ongoing monitoring and remediation – that is designed to drive continuous improvement.

It will ensure accountability by requiring an annual evaluation on QC system effectiveness, and annual reporting to the PCAOB, by firms that perform or have responsibilities with respect to engagements under PCAOB standards.

That reporting must be personally certified by both the individual assigned ultimate responsibility and accountability for the firm’s QC system as a whole and the individual assigned operational responsibility and accountability for the QC system.

Simply designing elaborate processes on paper won’t be enough. Firm leadership will have a personal stake in delivering results and additional incentives to fix problems quickly.

Beyond the risk assessment, monitoring, and accountability processes, additional enhancements to today’s standards include the following:

  • Requiring firms to have policies and procedures to address situations when they become aware of information after accepting or continuing an engagement that could have caused them to decline such engagement had that information been known prior to acceptance or continuance;
  • For firms that belong to a network providing resources or services that aid in the operation of their QC systems and the execution of their engagements, specific objectives addressing how such resources or services are developed and maintained;
  • Requiring firms to provide annual training to their personnel, including training on applicable professional and legal requirements, to enable such personnel to fulfill their assigned QC and engagement roles in accordance with applicable professional and legal requirements and their policies and procedures; and
  • For firms that communicate firm-level or engagement-level information with respect to their audit practice, personnel, or engagements to external parties, an objective specifying that such information is accurate and not misleading.

There also are enhancements explicit to firms that annually audit more than 100 issuers. For example, these firms are required to incorporate an external oversight function for the QC system composed of one or more persons referred to as the “External QC Function” or “EQCF.” The EQCF’s responsibilities include evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system. As another example, this same group of firms would also be required to perform monitoring procedures on in-process engagements.

Ultimately, the new requirements provide firms with the direction necessary to improve their QC systems. At the same time, the requirements increase accountability of firms’ leadership for designing, implementing, and operating effective QC systems that protect investors.

Because QC systems are fundamental to conducting quality audits, these new requirements directly align with our mission to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.

Of course, as always, the public comment period was essential to crafting this standard. I want to thank everyone who provided input.

I would also like to thank the several individuals within the PCAOB who are responsible for bringing this project to us. Specifically, I would like to thank in the Office of the Chief Auditor, Barbara Vanich, Jessica Watts, Karen Wiedemann, David Ellam, Linnette Klinedinst, Schuyler Simms, Ekaterina Dizna, and Carla Anderson; in the Office of Economic and Risk Analysis, Martin Schmalz, Nick Galunic, and Dylan Rassier; and in the Office of the General Counsel, Connor Raso, Drew Dropkin, and Jennifer Williams.

I would like to thank my fellow Board Members and their staff for their contributions. I would also like to recognize the support provided by staff from the Division of Registration and Inspections, the Division of Enforcement and Investigations, and the Office of Communications and Engagement. 

Finally, I would like to thank the Securities and Exchange Commission’s (SEC) staff, including the staff of the SEC’s Office of the Chief Accountant for their support and assistance.