Statement in Support of the Adoption of QC 1000, A Firm’s System of Quality Control

Remarks as prepared for delivery

Good morning and thank you again, Chair Williams.

I am pleased to support the adoption of QC 1000, A Firm’s System of Quality Control.

By separating quality control from other auditing standards as a specific area of focus, the Sarbanes-Oxley Act acknowledged that a robust system of quality control is critical to audit quality.

This standard represents a milestone which will significantly change the requirements for the quality control system under which public company audits are performed. These changes have been designed to strengthen the systems supporting a registered firm’s audits, ultimately protecting investors and supporting the public interest.

As I have thought about QC 1000, I found it helpful to consider this standard within our larger standard setting agenda. The PCAOB’s actions to modernize standards include initiatives to address matters internal to a registered firm, such as the standard before us today, as well as initiatives to provide transparency to investors and other external stakeholders, such as our proposal for Firm and Engagement Metrics. The benefits of the proposal for Firm and Engagement Metrics would be more visible to stakeholders, but the benefits of QC 1000 are also tangible, since it requires registered firms to design, and implement where required, a comprehensive system of quality control to respond to their specific risks. These changes directly correlate to audit quality. While different standards have different focuses, they work in tandem to advance the PCAOB’s goal of promoting transparency and trust within the audit profession.

I want to highlight the following three areas of the standard that I believe are particularly helpful in supporting audit quality. These areas are the refinement of the External Quality Control Function (EQCF), expanded requirements to maintain a program for collecting and addressing complaints and allegations, and an emphasis on the culture of firms that perform audits for public companies.

EQCF – Providing Enhanced Oversight 

QC 1000 establishes the role of an EQCF to add oversight of a firm’s governance structure for firms that issue audit reports for more than 100 issuers in a calendar year. This role was part of the proposal, and this standard further clarifies the role. The EQCF includes the following key aspects:

• First, the standard mandates that the responsibilities of the EQCF include evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its quality control system. Other specific responsibilities are not mandated; firms have the flexibility to tailor the role to respond to the nature and circumstances of the firm.
• Second, the standard requires that the individual or individuals serving as EQCF have the experience, competence, authority, and time necessary to enable it to carry out its responsibilities.
• Third, consistent with the concept of the feedback loop presented in the standard, a firm must consider the results of the EQCF’s evaluation in its ongoing monitoring of the quality control system.

Lastly, as the release states, there are no limitations or prohibitions on firms from disclosing any information about the results of the evaluations or the practices, methods, procedures, or results of the EQCF.

Speak Up Provision and Its Implication on Culture

A second aspect of the standard which is helpful in protecting audit quality are the provisions to support a strong “speak up” culture. The standard requires a program for collecting and addressing complaints and allegations for all firms that must operate a quality control system. In addition, firms must protect those who make complaints or allegations from retaliation.

I look forward to observing how firms design and implement controls to ensure they are cultivating environments where individuals feel comfortable speaking their minds, sharing their ideas, and raising concerns without fear of negative consequences. Given the importance of firm culture to audit quality, I view this as substantially more than a compliance exercise.

Firm Culture

A speak up culture leads me into the standard’s approach towards a firm’s broader culture.

Historically, the PCAOB has primarily emphasized and evaluated a firm’s “Tone at the Top” – how the commitment and messaging of a firm’s leadership fosters an environment that encourages and supports audit quality. However, firm culture is far more expansive than governance, leadership, and tone at the top. A solid tone at the top does not always trickle down to the professional staff performing audits. A firm’s entire culture can be undermined by the culture in a particular region or office based on local behaviors. From creating unrealistic time budgets to cheating on exams, individual actions can have oversized implications on the performance of audits.

A firm’s culture has a significant influence on quality. That is why I am pleased this standard specifically emphasizes the importance of culture on the system of quality control through its inclusion as an additional risk consideration. Specifically, the standard requires firms to obtain an understanding of the conditions, events, and activities that may adversely affect the achievement of its quality objectives. This step requires an understanding of the culture of the firm, and the extent to which a culture of integrity and a commitment to audit quality is promoted within the firm and embraced by firm personnel across all levels. Through this requirement, the PCAOB is sending a strong message that culture is critical to the system of quality control and is not limited to the tone at the top.

Amendments to AS 2901, Responding to Engagement Deficiencies After Issuance of the Auditor’s Report

Lastly, I would like to spend a moment on the amendments to AS 2901, Responding to Engagement Deficiencies After Issuance of the Auditor’s Report. These changes broaden the scope of AS 2901 to incorporate the requirement for action on engagement deficiencies for both financial statement audits and internal control over financial reporting audits, unless it is probable that the auditor’s report is not being relied upon.

Under this amendment, remedial action is required for all engagement deficiencies, both those that affect the auditor’s opinion and those that do not. In addition, the amendment indicates that an engagement deficiency represents a quality control observation that must be considered in the operating effectiveness of the firm’s quality control system.

I encourage firms that receive PCAOB inspection findings to evaluate the implications this amendment will have on the system of quality control after it becomes effective.

Conclusion

The road to this adoption began well in advance of the Concept Release in December 2019. So much has changed in the profession since then, including the Great Resignation, the continuing evolution of technology, the rise and fall of special purpose acquisition companies (or SPACs), the consolidation trend of smaller firms, the increased frequency of private equity investment in accounting firms, and the performance of audits in a remote environment. And, we cannot predict what changes the future holds.

With the framework established by QC 1000 in place to design, monitor, evaluate, and adapt, the quality control systems of today’s registered firms will be prepared to respond to the challenges of tomorrow.

Bringing this standard to adoption took years of effort from many. I want to extend my sincere gratitude to the individuals and firms that took the time to provide comment letters; this final standard was enhanced by your feedback. Internally, we could not have reached this point without the extraordinary efforts of staff from throughout the organization. I extend my gratitude to Barb Vanich, Jessica Watts, Linnette Klinedinst, Karen Wiedemann, David Ellam, and Schuyler Simms from the Office of the Chief Auditor; Martin Schmalz and Dylan Rassier from the Office of Economic and Risk Analysis; Connor Raso, Drew Dropkin, and Jennifer Williams from the Office of the General Counsel; and Saba Qamar and Cory Hansen from the Office of the Investor Advocate. I thank you all for your dedication to this transformative standard. I also thank my fellow Board Members, whose perspectives informed my own evaluation of this standard.