The State of Audit Quality and Regulatory Approaches to Achieving High Quality Audits

There is no doubt that audit regulation has made a big difference in incentivizing firms to improve audit quality.[*]

And although we've seen significant improvements in audit quality over the past few years, the firms still have much work to do to continue to improve results and to make high audit quality sustainable.

There are different approaches to assessing audit quality, with a current focus on the nature and rate of audit deficiencies found during inspections. As firms remediate issues causing past deficiencies, they also need to increase efforts to improve their systems of quality control to prevent deficiencies from happening in the first place. This latter focus may also necessitate a change in focus on inspections to include more focus on a firm's quality control system, in addition to inspecting individual audit engagements.

Audit regulators have taken a range of approaches to driving high quality audits, and we need to continue to collaborate and share information on the benefits and risks associated with these approaches.

Inspection Findings

In PCAOB inspections, we've seen the percentage of inspected audits with Part I deficiencies among the largest U.S. firms decline over the past few years, along with the severity of the findings overall.

We are, however, starting to see some of these firms "plateau" in terms of reducing the number of findings in Part I of their inspection reports. This plateau may call for a renewed focus on firms' quality assurance systems from the top down.

For the U.S. firms that the PCAOB inspected triennially – the smaller firms – about half of those firms had no audit deficiencies reported in Part I of their inspection reports for the 2016 cycle.

We have seen mixed progress among the non-U.S. members of the largest global networks. As PCAOB Board member Lew Ferguson has just described, there are signs of progress, but much work remains to be done to achieve consistency in inspection findings across these networks. In fact, PCAOB has identified significant risk across the non-U.S. affiliates of the global firms.

The most frequently identified audit deficiencies in PCAOB inspections continue to persist in similar areas across firms:

  • assessing and responding to risks of material misstatement
  • auditing internal control over financial reporting
  • auditing accounting estimates, including fair value measurements

Audit firms generally have dedicated significant resources toward responding to PCAOB findings through remediating deficiencies and improving related issues in their quality control systems. To varying degrees across the large firms and some network member firms, we've seen improvements in tone at the top, coaching and support to audit teams, training, and monitoring of quality.

In addition to remediating known deficiencies and related quality control issues, firms need to focus on the preventive aspects of their quality control systems – building quality into the audit process in addition to using detective monitoring techniques.

Firms need to strengthen their focus on both systemic and engagement-specific elements, such as project management and monitoring, staff supervision, and tone throughout the organization, including at the audit team level. Simply put — firms of all sizes and locations need to dedicate additional resources to proactively ensure consistent audit quality and prevent audit deficiencies from occurring in the first place.

Evolving Inspection Approaches and Related Activities to Promote Audit Quality

PCAOB continues to evolve its inspections approach. Inspectors regularly refine their risk-based approach to selecting engagements to address evolving risks, including firm-specific risks. And they have begun to use random selections and other statistical methods of projecting findings across a firm's audits.[1] I expect that PCAOB's approach to inspections will continue to evolve, especially as firms continue to invest in their quality control systems.

Across the globe, audit regulators continue to develop and evolve their inspections approaches and programs based on factors most relevant to them. I recognize that the International Forum of Independent Audit Regulators (IFIAR) encourages a risk-based inspection approach, which most regulators have incorporated.

Some regulators are building upon the foundation of a risk-based approach to inspecting individual engagement files to focus on broader audit firm quality assurance.

For example:

  • The Netherlands AFM announced in 2015 that it would emphasize in its oversight activities the need for quality improvement programs at auditing firms to strengthen their quality control systems, and created a dashboard evaluating the system improvements designed by each large firm. In June of this year, the AFM announced the results of its initial assessment using a firm-specific "dashboard" of elements of quality.
  • In the CPAB's recent report on its inspections of the Big Four firms, the CPAB announced that it is also enhancing its focus on oversight of firm quality control systems that it began to emphasize last year. As the CPAB announced in its report: "To better identify and understand impediments to improving firm quality systems and consistency in how audits are performed, we plan to evolve our inspection approach in 2018 to incorporate additional operational reviews of the effectiveness of firm structure, accountabilities, quality processes, and culture."
  •  In March of this year, the U.K. FRC announced the results of its thematic review of audit firm quality control systems at the six largest firms. (The FRC began thematic reviews in 2013 to complement its inspections of individual engagements.) The report identifies both findings and good practices.

In addition, some regulators are also leveraging other techniques to complement their engagement inspections. For example:

  • The Singapore ACRA issued its Audit Quality Indicators (AQI) framework in 2015, along with guidance to both audit committees and audit firms to guide their use of AQIs to drive audit quality. Since then, ACRA has held seminars and other outreach to audit committees to encourage stronger oversight of the audit function.
  • The Australian Securities and Investment Commission (ASIC) works closely with audit committees to provide guidance and dialogue on the importance of audit quality to complement ASIC's inspection program. This includes giving guidance on areas of focus for audit committees in their relationship with the company's auditor. In addition, like in other countries, ASIC requires auditors to issue a public "transparency report" on audit quality. Certain audit firm reports must contain not only a description of the firm's internal quality control system but also a statement of the effectiveness of that system.

These are just a few examples of how inspections regimes are evolving and being integrated with other regulatory tools to drive high quality auditing.

In the U.S., I am happy to see significant advances in the development and use of AQIs since the Board issued its "Concept Release on Audit Quality Indicators" on July 1, 2015.[2] The release discussed the content and possible uses of AQIs related to: (1) audit inputs, such as people and resources dedicated to the audit; (2) audit processes, including incentives, independence, and monitoring, and; (3) audit results, such as the quality of financial reporting, including the frequency of restatements and fraud, and trends in inspection findings and enforcement proceedings.

Firms and audit committees are experimenting with AQIs at the engagement and audit firm level. At the November 29-30 PCAOB Standing Advisory Group (SAG) meeting, we held a robust discussion on AQIs, including how they are being used by audit firms and audit committee members, along with related findings in the academic literature.[3]

Many of the potential AQIs related to audit inputs and audit processes are relevant to promoting appropriate professional skepticism throughout all phases of the audit process, which is fundamental for high quality auditing.

High quality standards also drive audit quality. The topic of firm quality control standards has gained renewed focus on PCAOB's standard-setting agenda as a research project.[4] The staff is exploring whether there is a need for changes to PCAOB quality control standards — including improvements related to assignment and documentation of firm supervisory responsibilities — that would prompt firms to improve their quality control systems and more proactively identify and address emerging risks and deficiencies, thereby enhancing audit quality.

The PCAOB Office of the Chief Auditor is coordinating closely with the International Auditing and Assurance Standards Board (IAASB) in its projects to examine whether changes are needed to the International Standards on Quality Control.


Investors and the capital markets generally benefit from collaboration by independent audit regulators and other stakeholders in the financial reporting system.

The approach to audit quality oversight by a number of major regulators is evolving to include an increasing focus on audit firm quality control systems. This evolution is healthy and necessary, and audit regulators should collaborate closely to explore the various approaches to learn what may work best for their jurisdictions.

IFIAR serves a critical function in disseminating knowledge on the approaches, techniques, and impact of audit regulation around the globe. Meetings such as this one also provide opportunities to share insights and debate over important policy matters that influence audit quality.

[*]The views I express are my own and should not be attributed to the PCAOB as a whole or any other Board member or staff.

[1] Jeanette M. Franzel, PCAOB Board member, Innovative & Robust Auditing Profession to Serve Investors and the Public Interest, May 4, 2017.

[2] PCAOB Release No. 2015-005, available at

[3] See AQI Briefing Paper and SAG webcast recording, available at (Nov. 29, 2017, 1:30 p.m. session).

[4] PCAOB, Office of the Chief Auditor, Standard-Setting Update, Sep. 30, 2017.