Earlier this year, the PCAOB put out a Request for Public Comment regarding their strategic priorities moving forward amidst leadership changes and shifting governmental sentiment. Accordingly, as a firm closely involved in the Public Accounting Oversight Board’s matters, CPAClub included the following in a letter addressed to the new chairman, Demetrios (Jim) Logothetis.
We strongly support the direction signaled in your March 31, 2026 statement, particularly the recognition that a firm’s system of quality control is the bedrock of audit quality and that PCAOB inspections should evolve to focus on those systems, with engagement-level reviews serving as validation of the system rather than as the primary lens of oversight. Our comments below respond to each of the seven questions in PCAOB Release No. 2026- 001, with the greatest emphasis on QC 1000 implementation, inspections, and standard setting. Two themes run throughout our response. First, QC 1000 should remain the central organizing framework for the PCAOB’s firm-level oversight, refined only where requirements are not clearly tied to audit quality. Second, qualified, external service providers can play a valuable, independent role in firms’ systems of quality management, and the Board’s standards and inspection program should encourage, not constrain, that role.
1. Strategic Priorities for Registration, Inspections, and Enforcement
We recommend that the Board orient registration, inspections, and enforcement around a firm’s system of quality management as the central regulatory framework over the next two to five years. In practice, this would involve: (i) reorienting inspections and enforcement toward evaluating a firm’s overall system of quality management, with engagement reviews serving primarily to validate or challenge conclusions regarding the system’s design and operating effectiveness; (ii) calibrating inspection scope and enforcement priorities based on firm-specific risk profiles rather than applying a one-size-fits-all approach; (iii) once QC 1000 becomes effective on December 15, 2026, holding firms accountable for implementing the standard with the rigor and discipline it requires, recognizing that the Board’s decision to defer the original effective date from December 15, 2025 to December 15, 2026 has already provided firms with a meaningful implementation and transition period, and that continued leniency toward firms that have not adequately implemented QC 1000 risks undermining the standard’s credibility and intended impact; and (iv) prioritizing enforcement resources toward systemic quality control deficiencies rather than isolated engagement-level matters that a firm’s monitoring and remediation processes are specifically designed to identify, evaluate, and address.
2. Changes to the Inspections Program in Light of QC 1000
We strongly endorse the Chairman’s articulation that the PCAOB will leverage automation and AI and focus inspections on the bedrock of audit quality (firms’ systems of quality management), with engagement-level reviews serving as validation of those systems rather than as the core emphasis. The implementation of QC 1000 is the right moment to operationalize that pivot. We recommend the following:
a) Make a firm’s system of quality management the inspection organizing principle.
Inspections should be structured around a firm’s identified quality objectives, quality risks, and quality responses under QC 1000. Inspection teams should evaluate whether a firm’s risk assessment is reasonable, whether the responses are appropriately designed and operating, and whether a firm’s monitoring and remediation processes are effective. Engagement file reviews should be planned and reported as evidence about the system, with explicit links between engagement-level observations and the QC system component(s) implicated.
This approach is conceptually similar to the manner in which auditors test the operating effectiveness of a company’s internal controls in order to rely on those controls and, in turn, reduce the extent of substantive testing. The same principle could be applied to PCAOB inspections. Where the Board has tested the design and operating effectiveness of a firm’s system of quality management and concluded that the system is operating effectively, the number of engagements selected for inspection could be correspondingly reduced.
Conversely, where the system is determined to be deficient, the Board should expand engagement-level sampling and apply greater engagement-level scrutiny. Calibrating engagement-level inspection scope to the assessed strength of a firm’s quality management system would also create a transparent and principled incentive for firms to invest in the infrastructure, processes, and monitoring activities that support audit quality. Historically, many firms have underinvested in these areas despite the foundational role they play in consistently delivering high-quality audits.
b) Permit firms to select their own annual evaluation date aligned with their practice calendar.
QC 1000 currently establishes a mandatory annual evaluation date of September 30. We respectfully disagree with imposing a single fixed evaluation date across all firms. Public accounting firms operate on different practice calendars, and busy seasons vary depending on the industries and fiscal year-ends of the clients they serve. While a September 30 evaluation date may align well for some firms, it creates meaningful operational challenges for others, particularly firms whose peak workloads occur near that date or whose global network counterparts evaluate under ISQM 1 using different reporting cycles.
A more practical approach, and one more consistent with ISQM 1 and SQMS 1, would be to permit firms to select an annual evaluation date that aligns with their own practice calendar, provided the date is applied consistently from year to year and appropriately communicated to the Board. This would also enable firms to align their evaluation dates with their AICPA peer review dates, supporting greater convergence and simplified operations. Such an approach would not diminish the rigor of the evaluation process. Rather, it would allow firm leadership and the personnel responsible for the system of quality management to perform the evaluation at a point in the year when they can devote the focused time and attention the process requires. The Board’s inspection planning, fieldwork, and reporting cycles could then be coordinated with each firm’s selected evaluation date so that inspection results more effectively inform, and are informed by, the firm’s own monitoring, evaluation, and remediation activities.
c) Recognize and credit firm monitoring and remediation.
Where a firm’s own monitoring activities have already identified, evaluated, and remediated a deficiency, the inspection report should reflect that the system worked as intended. Treating self-identified, properly remediated matters as evidence of an effective system, rather than as additional deficiencies, incentivizes the very behavior QC 1000 is designed to produce.
d) Use a firm’s annual QC 1000 evaluation to inform inspection cadence and intensity.
Just as the scope of engagement-level procedures within an inspection can scale based on the strength of a firm’s system of quality management, the cadence and intensity of inspections themselves should also become more risk-based. The PCAOB’s current inspection model largely relies on fixed inspection cycles determined by the number of issuer audit reports issued by a firm, with annually inspected firms reviewed each year and other firms generally inspected once every three years. QC 1000’s requirement for an annual firm evaluation provides the Board with a significantly more meaningful input that should allow it to move beyond a primarily volume-based inspection framework. We recommend that the Board calibrate inspection cadence and intensity based on: (i) the conclusions reached in a firm’s most recent QC 1000 evaluation; (ii) a firm’s demonstrated ability to identify, escalate, and remediate its own quality control and engagement-level deficiencies; and (iii) a firm’s overall risk profile.
Where a firm consistently demonstrates effective monitoring and remediation processes, limited deficiencies that are self-identified, and timely corrective action, it is not clear that an automatic fixed inspection cycle necessarily represents the most efficient or effective regulatory response. Conversely, firms with significant unremediated deficiencies, ineffective monitoring activities, or recurring findings should be subject to more frequent and more intensive inspections regardless of where they otherwise fall within a predetermined cycle.
A fixed-cadence inspection model can also unintentionally encourage firms to over prepare during inspection years while devoting comparatively less attention to quality management between inspections. A framework in which inspection cadence and intensity respond directly to a firm’s actual quality management outcomes would create a stronger and more continuous incentive for firms to invest in, operate, and improve their systems of quality management throughout the year.
This approach could be particularly impactful for triennially inspected and smaller firms, which today are generally subject to a uniform inspection cycle that may not always align with their actual quality management performance or risk profile. Firms within that population that demonstrate strong systems of quality management could be subject to more proportionate, system-focused inspections, while firms with weaker systems could appropriately face more frequent or more intensive oversight commensurate with their risk.
e) Use technology and analytics to scope and conduct inspections.
We support the deployment of analytics and AI-assisted tools to identify higher-risk areas, standardize evidence collection, and improve consistency across inspection teams. Greater consistency in how evidence is requested, reviewed, and evaluated will improve fairness and predictability for firms and improve comparability for stakeholders.
3. Useful Inspection Information and Enhanced Reporting
Inspection reports should be re-designed around a firm’s system of quality management. We recommend that reports include the following at the firm-system level:
- An overview of a firm’s practice and the structure of its system of quality management, including identified quality objectives, principal quality risks, and the responses sufficient for a reader to understand the system being evaluated.
- The PCAOB’s conclusion on the design and operating effectiveness of a firm’s system of quality management, with deficiencies categorized by QC 1000 component (governance and leadership; ethics and independence; acceptance and continuance; engagement performance; resources; information and communication; the monitoring and remediation process), and, where applicable, with separate reporting on the firm’s External Quality Control Function (EQCF).
- A clear distinction between (i) deficiencies in the design or operating effectiveness of the system, (ii) deficiencies that a firm’s own monitoring identified and remediated, and (iii) engagement-level observations that did or did not signal a system-level concern.
- Trended firm-level performance over time and an audit-committee-oriented summary that translates results into the questions audit committees most need to answer.
- Aggregated, profession-wide reporting that complements firm-specific reports, including thematic observations and common QC 1000 implementation challenges.
4. Standard-Setting Projects the PCAOB Should Pursue
We support the Board’s plan to issue a supplemental request for comment on certain provisions of QC 1000 and to refresh its standard-setting agenda based on stakeholder input.
Our recommended priorities are below.
a) Stay the course on QC 1000 implementation; avoid further delay or substantive rollback.
We strongly encourage the Board to maintain the December 15, 2026 effective date for QC 1000 and to resist calls for further delay or substantive rollback of the standard at this stage. The remaining implementation window is already relatively short, and many firms have invested significant time, financial resources, and personnel toward implementing QC 1000 in a thoughtful and principles-based manner. Further delay or material revision at this point would disadvantage firms that approached implementation proactively and in good faith, while creating a competitive imbalance in favor of firms that deferred meaningful investment and preparation.
The rationale for maintaining the current course extends beyond audit firms themselves. Software providers, technology vendors, and content publishers have collectively invested substantial resources in developing QC 1000-aligned systems, methodologies, tooling, and training programs. Significant revisions to the standard at this stage would likely require additional development and implementation cycles across the broader ecosystem, increasing costs and creating unnecessary uncertainty for firms currently transitioning to new platforms, workflows, and monitoring processes.
It is also important to recognize that QC 1000 already trails the IAASB’s ISQM 1 framework by several years and effectively follows the AICPA’s SQMS 1 by approximately one year. The U.S. public company audit quality management framework should not fall further behind comparable frameworks governing adjacent audit populations, particularly given the global and cross-jurisdictional nature of many PCAOB-registered firms and their affiliated networks. If, after evaluating implementation experience to date, the Board determines that limited relief is appropriate, we respectfully suggest that such relief be narrowly tailored to firms that are registered with the PCAOB but do not actually perform engagements under PCAOB standards and are therefore subject only to the design-related aspects of the standard. Targeted relief for this limited population would address legitimate cost-benefit concerns without disrupting the implementation efforts of firms actively performing issuer audits and already investing heavily in QC 1000 readiness.
b) Affirm the value of the External Quality Control Function (EQCF).
We support the EQCF requirement and encourage the Board to retain it. In our experience working with firms, the EQCF brings something firms have historically lacked: structured, independent, outside perspective on the design and operation of the firm’s system of quality management. That outside perspective is precisely what investors, audit committees, and the Board should expect from a robust QC system. The EQCF reinforces a firm’s own governance, challenges internal blind spots, and creates an additional layer of accountability for firm leadership. It is a meaningful enhancement relative to the international framework, and it advances the investor-protection mission.
c) Encourage the use of qualified, external service providers in firms’ quality control functions, particularly for firms below the EQCF threshold.
The independent perspective that the EQCF requirement is intended to introduce is valuable across the broader population of PCAOB-registered firms, not solely for firms above the 100-issuer threshold. Paragraph .28 currently applies only to firms that issued audit reports for more than 100 issuers during the prior calendar year. Firms of that scale generally possess the infrastructure and internal quality control resources necessary to absorb the EQCF role alongside broader established QC functions. By contrast, the vast majority of PCAOB-registered firms fall below that threshold, and it is within this broader population that QC 1000 implementation is likely to be most challenging and where the Board’s investor protection objectives may be most vulnerable to underdeveloped or under-resourced systems of quality management.
Although QC 1000 contemplates the use of external resources in certain contexts, additional interpretive guidance regarding the role of qualified external service providers would be valuable, particularly for smaller and mid-sized firms that may not maintain the internal quality management infrastructure commonly found within larger firms. Many firms below the EQCF threshold do not maintain dedicated quality management personnel, formal national quality functions, or the depth of internal QC infrastructure commonly found at larger firms. As a result, these firms often lack access to the type of structured and independent quality management perspective that paragraph .28 seeks to achieve for larger firms.
Qualified external service providers, including firms specializing in audit quality, quality management, inspections, and regulatory readiness, are uniquely positioned to help bridge that gap by providing independent perspective, specialized expertise, cross-firm insight, and scalable implementation support that many firms cannot reasonably maintain internally. We therefore encourage the Board to continue supporting the use of qualified external providers in quality management roles across the registered firm population, particularly for firms below the EQCF threshold.
More importantly, we encourage the Board to consider developing a voluntary public resource or directory to help firms identify qualified external quality management service providers, similar in concept to the AICPA peer reviewer database. Many smaller and mid-sized firms simply do not know where to turn for credible QC and quality management support as they transition into more formal and operationally rigorous systems under QC In practice, this creates a fragmented environment in which firms may rely on informal referrals, inconsistent resources, or providers with varying levels of relevant experience. Without endorsing or certifying any specific provider, the Board could consider establishing minimum qualification considerations, competency criteria, or eligibility requirements for inclusion in such a directory, focused on relevant QC, inspection, regulatory, or quality management experience. A resource of this nature could improve implementation consistency, expand access to experienced quality management professionals, and further support the investor-protection objectives underlying QC 1000.
d) Other agenda priorities.
Beyond QC 1000, we encourage the Board to prioritize standard-setting in areas where the audit environment is changing most rapidly: the auditor’s use of technology and AI, audit data analytics, and fraud. In each case, we encourage the Board to coordinate closely with the International Auditing and Assurance Standards Board (IAASB) to minimize unnecessary divergence from international standards.
5. Greater Alignment with Other Auditing Standards
We support meaningful alignment with international auditing and quality management standards, including ISQM 1, as a strategic priority. Where divergence is justified by a documented audit-quality or investor-protection rationale (as we believe is the case with the EQCF), the Board should retain it. Where divergence cannot be tied to a clear audit-quality benefit, the Board should be willing to align. Going forward, we encourage the Board to adopt convergence as a stated principle of standard-setting and to engage formally and frequently with the IAASB, the International Forum of Independent Audit Regulators (IFIAR), and the AICPA.
6. Use of Technology, Including AI
Technology, and in particular AI, can materially enhance the PCAOB’s oversight model and benefit firms, the Board, and investors alike. We encourage the Board to pursue three directions: (i) technology-enabled oversight, including the use of analytics and AI to scope inspections, drive consistency across inspection teams, and analyze structured QC system data submitted by firms; (ii) modernized firm reporting, moving from document-centric submissions to structured, machine-readable data so that the Board can analyze QC system trends across the population of registered firms in something approaching real time; and (iii) principles-based guidance on the auditor’s use of AI tools in the conduct of audits, including guidance on when and how AI-enabled monitoring tools may serve as legitimate quality responses under QC 1000. The Board should apply the same investor-protection and risk-based discipline to its own use of AI that it expects of registered firms.
7. Enhanced Transparency with Stakeholders
We commend the Board for soliciting stakeholder input early in the strategic planning process. To build on that foundation, we recommend the Board: (i) publish substantive QC 1000 interpretive guidance, FAQs, and exemplary practices on a recurring cadence; (ii) locate authoritative interpretation in the Office of the Chief Auditor rather than allowing interpretation to be effectively created by inspections or enforcement; (iii) publish ongoing dashboards on inspection metrics, themes, and remediation outcomes alongside firm-specific reports; (iv) publish data on registrations, deregistrations, and EQCF appointments so that the Board, the SEC, and the public can monitor the structural effects of QC 1000 over time; and (v) report annually on the Board’s progress against its strategic plan with measurable outcomes for each priority.
Closing
We appreciate the Board’s commitment to early stakeholder engagement and its willingness to evolve oversight in step with the audit environment. We strongly support a PCAOB that is principles-based and globally aligned, that focuses oversight at the firm-system level where audit quality is built and sustained, that uses technology to do its work better and more efficiently, and that recognizes the constructive role qualified, external service providers can play in firms’ systems of quality management.
CPAClub’s Response to PCAOB Release No. 2026-001, Request for Public Comment on the PCAOB’s Strategic Priorities
Earlier this year, the PCAOB put out a Request for Public Comment regarding their strategic priorities moving forward amidst leadership changes and shifting governmental sentiment. Accordingly, as a firm closely involved in the Public Accounting Oversight Board’s matters, CPAClub included the following in a letter addressed to the new chairman, Demetrios (Jim) Logothetis.
We strongly support the direction signaled in your March 31, 2026 statement, particularly the recognition that a firm’s system of quality control is the bedrock of audit quality and that PCAOB inspections should evolve to focus on those systems, with engagement-level reviews serving as validation of the system rather than as the primary lens of oversight. Our comments below respond to each of the seven questions in PCAOB Release No. 2026- 001, with the greatest emphasis on QC 1000 implementation, inspections, and standard setting. Two themes run throughout our response. First, QC 1000 should remain the central organizing framework for the PCAOB’s firm-level oversight, refined only where requirements are not clearly tied to audit quality. Second, qualified, external service providers can play a valuable, independent role in firms’ systems of quality management, and the Board’s standards and inspection program should encourage, not constrain, that role.
1. Strategic Priorities for Registration, Inspections, and Enforcement
We recommend that the Board orient registration, inspections, and enforcement around a firm’s system of quality management as the central regulatory framework over the next two to five years. In practice, this would involve: (i) reorienting inspections and enforcement toward evaluating a firm’s overall system of quality management, with engagement reviews serving primarily to validate or challenge conclusions regarding the system’s design and operating effectiveness; (ii) calibrating inspection scope and enforcement priorities based on firm-specific risk profiles rather than applying a one-size-fits-all approach; (iii) once QC 1000 becomes effective on December 15, 2026, holding firms accountable for implementing the standard with the rigor and discipline it requires, recognizing that the Board’s decision to defer the original effective date from December 15, 2025 to December 15, 2026 has already provided firms with a meaningful implementation and transition period, and that continued leniency toward firms that have not adequately implemented QC 1000 risks undermining the standard’s credibility and intended impact; and (iv) prioritizing enforcement resources toward systemic quality control deficiencies rather than isolated engagement-level matters that a firm’s monitoring and remediation processes are specifically designed to identify, evaluate, and address.
2. Changes to the Inspections Program in Light of QC 1000
We strongly endorse the Chairman’s articulation that the PCAOB will leverage automation and AI and focus inspections on the bedrock of audit quality (firms’ systems of quality management), with engagement-level reviews serving as validation of those systems rather than as the core emphasis. The implementation of QC 1000 is the right moment to operationalize that pivot. We recommend the following:
a) Make a firm’s system of quality management the inspection organizing principle.
Inspections should be structured around a firm’s identified quality objectives, quality risks, and quality responses under QC 1000. Inspection teams should evaluate whether a firm’s risk assessment is reasonable, whether the responses are appropriately designed and operating, and whether a firm’s monitoring and remediation processes are effective. Engagement file reviews should be planned and reported as evidence about the system, with explicit links between engagement-level observations and the QC system component(s) implicated.
This approach is conceptually similar to the manner in which auditors test the operating effectiveness of a company’s internal controls in order to rely on those controls and, in turn, reduce the extent of substantive testing. The same principle could be applied to PCAOB inspections. Where the Board has tested the design and operating effectiveness of a firm’s system of quality management and concluded that the system is operating effectively, the number of engagements selected for inspection could be correspondingly reduced.
Conversely, where the system is determined to be deficient, the Board should expand engagement-level sampling and apply greater engagement-level scrutiny. Calibrating engagement-level inspection scope to the assessed strength of a firm’s quality management system would also create a transparent and principled incentive for firms to invest in the infrastructure, processes, and monitoring activities that support audit quality. Historically, many firms have underinvested in these areas despite the foundational role they play in consistently delivering high-quality audits.
b) Permit firms to select their own annual evaluation date aligned with their practice calendar.
QC 1000 currently establishes a mandatory annual evaluation date of September 30. We respectfully disagree with imposing a single fixed evaluation date across all firms. Public accounting firms operate on different practice calendars, and busy seasons vary depending on the industries and fiscal year-ends of the clients they serve. While a September 30 evaluation date may align well for some firms, it creates meaningful operational challenges for others, particularly firms whose peak workloads occur near that date or whose global network counterparts evaluate under ISQM 1 using different reporting cycles.
A more practical approach, and one more consistent with ISQM 1 and SQMS 1, would be to permit firms to select an annual evaluation date that aligns with their own practice calendar, provided the date is applied consistently from year to year and appropriately communicated to the Board. This would also enable firms to align their evaluation dates with their AICPA peer review dates, supporting greater convergence and simplified operations. Such an approach would not diminish the rigor of the evaluation process. Rather, it would allow firm leadership and the personnel responsible for the system of quality management to perform the evaluation at a point in the year when they can devote the focused time and attention the process requires. The Board’s inspection planning, fieldwork, and reporting cycles could then be coordinated with each firm’s selected evaluation date so that inspection results more effectively inform, and are informed by, the firm’s own monitoring, evaluation, and remediation activities.
c) Recognize and credit firm monitoring and remediation.
Where a firm’s own monitoring activities have already identified, evaluated, and remediated a deficiency, the inspection report should reflect that the system worked as intended. Treating self-identified, properly remediated matters as evidence of an effective system, rather than as additional deficiencies, incentivizes the very behavior QC 1000 is designed to produce.
d) Use a firm’s annual QC 1000 evaluation to inform inspection cadence and intensity.
Just as the scope of engagement-level procedures within an inspection can scale based on the strength of a firm’s system of quality management, the cadence and intensity of inspections themselves should also become more risk-based. The PCAOB’s current inspection model largely relies on fixed inspection cycles determined by the number of issuer audit reports issued by a firm, with annually inspected firms reviewed each year and other firms generally inspected once every three years. QC 1000’s requirement for an annual firm evaluation provides the Board with a significantly more meaningful input that should allow it to move beyond a primarily volume-based inspection framework. We recommend that the Board calibrate inspection cadence and intensity based on: (i) the conclusions reached in a firm’s most recent QC 1000 evaluation; (ii) a firm’s demonstrated ability to identify, escalate, and remediate its own quality control and engagement-level deficiencies; and (iii) a firm’s overall risk profile.
Where a firm consistently demonstrates effective monitoring and remediation processes, limited deficiencies that are self-identified, and timely corrective action, it is not clear that an automatic fixed inspection cycle necessarily represents the most efficient or effective regulatory response. Conversely, firms with significant unremediated deficiencies, ineffective monitoring activities, or recurring findings should be subject to more frequent and more intensive inspections regardless of where they otherwise fall within a predetermined cycle.
A fixed-cadence inspection model can also unintentionally encourage firms to over prepare during inspection years while devoting comparatively less attention to quality management between inspections. A framework in which inspection cadence and intensity respond directly to a firm’s actual quality management outcomes would create a stronger and more continuous incentive for firms to invest in, operate, and improve their systems of quality management throughout the year.
This approach could be particularly impactful for triennially inspected and smaller firms, which today are generally subject to a uniform inspection cycle that may not always align with their actual quality management performance or risk profile. Firms within that population that demonstrate strong systems of quality management could be subject to more proportionate, system-focused inspections, while firms with weaker systems could appropriately face more frequent or more intensive oversight commensurate with their risk.
e) Use technology and analytics to scope and conduct inspections.
We support the deployment of analytics and AI-assisted tools to identify higher-risk areas, standardize evidence collection, and improve consistency across inspection teams. Greater consistency in how evidence is requested, reviewed, and evaluated will improve fairness and predictability for firms and improve comparability for stakeholders.
3. Useful Inspection Information and Enhanced Reporting
Inspection reports should be re-designed around a firm’s system of quality management. We recommend that reports include the following at the firm-system level:
4. Standard-Setting Projects the PCAOB Should Pursue
We support the Board’s plan to issue a supplemental request for comment on certain provisions of QC 1000 and to refresh its standard-setting agenda based on stakeholder input.
Our recommended priorities are below.
a) Stay the course on QC 1000 implementation; avoid further delay or substantive rollback.
We strongly encourage the Board to maintain the December 15, 2026 effective date for QC 1000 and to resist calls for further delay or substantive rollback of the standard at this stage. The remaining implementation window is already relatively short, and many firms have invested significant time, financial resources, and personnel toward implementing QC 1000 in a thoughtful and principles-based manner. Further delay or material revision at this point would disadvantage firms that approached implementation proactively and in good faith, while creating a competitive imbalance in favor of firms that deferred meaningful investment and preparation.
The rationale for maintaining the current course extends beyond audit firms themselves. Software providers, technology vendors, and content publishers have collectively invested substantial resources in developing QC 1000-aligned systems, methodologies, tooling, and training programs. Significant revisions to the standard at this stage would likely require additional development and implementation cycles across the broader ecosystem, increasing costs and creating unnecessary uncertainty for firms currently transitioning to new platforms, workflows, and monitoring processes.
It is also important to recognize that QC 1000 already trails the IAASB’s ISQM 1 framework by several years and effectively follows the AICPA’s SQMS 1 by approximately one year. The U.S. public company audit quality management framework should not fall further behind comparable frameworks governing adjacent audit populations, particularly given the global and cross-jurisdictional nature of many PCAOB-registered firms and their affiliated networks. If, after evaluating implementation experience to date, the Board determines that limited relief is appropriate, we respectfully suggest that such relief be narrowly tailored to firms that are registered with the PCAOB but do not actually perform engagements under PCAOB standards and are therefore subject only to the design-related aspects of the standard. Targeted relief for this limited population would address legitimate cost-benefit concerns without disrupting the implementation efforts of firms actively performing issuer audits and already investing heavily in QC 1000 readiness.
b) Affirm the value of the External Quality Control Function (EQCF).
We support the EQCF requirement and encourage the Board to retain it. In our experience working with firms, the EQCF brings something firms have historically lacked: structured, independent, outside perspective on the design and operation of the firm’s system of quality management. That outside perspective is precisely what investors, audit committees, and the Board should expect from a robust QC system. The EQCF reinforces a firm’s own governance, challenges internal blind spots, and creates an additional layer of accountability for firm leadership. It is a meaningful enhancement relative to the international framework, and it advances the investor-protection mission.
c) Encourage the use of qualified, external service providers in firms’ quality control functions, particularly for firms below the EQCF threshold.
The independent perspective that the EQCF requirement is intended to introduce is valuable across the broader population of PCAOB-registered firms, not solely for firms above the 100-issuer threshold. Paragraph .28 currently applies only to firms that issued audit reports for more than 100 issuers during the prior calendar year. Firms of that scale generally possess the infrastructure and internal quality control resources necessary to absorb the EQCF role alongside broader established QC functions. By contrast, the vast majority of PCAOB-registered firms fall below that threshold, and it is within this broader population that QC 1000 implementation is likely to be most challenging and where the Board’s investor protection objectives may be most vulnerable to underdeveloped or under-resourced systems of quality management.
Although QC 1000 contemplates the use of external resources in certain contexts, additional interpretive guidance regarding the role of qualified external service providers would be valuable, particularly for smaller and mid-sized firms that may not maintain the internal quality management infrastructure commonly found within larger firms. Many firms below the EQCF threshold do not maintain dedicated quality management personnel, formal national quality functions, or the depth of internal QC infrastructure commonly found at larger firms. As a result, these firms often lack access to the type of structured and independent quality management perspective that paragraph .28 seeks to achieve for larger firms.
Qualified external service providers, including firms specializing in audit quality, quality management, inspections, and regulatory readiness, are uniquely positioned to help bridge that gap by providing independent perspective, specialized expertise, cross-firm insight, and scalable implementation support that many firms cannot reasonably maintain internally. We therefore encourage the Board to continue supporting the use of qualified external providers in quality management roles across the registered firm population, particularly for firms below the EQCF threshold.
More importantly, we encourage the Board to consider developing a voluntary public resource or directory to help firms identify qualified external quality management service providers, similar in concept to the AICPA peer reviewer database. Many smaller and mid-sized firms simply do not know where to turn for credible QC and quality management support as they transition into more formal and operationally rigorous systems under QC In practice, this creates a fragmented environment in which firms may rely on informal referrals, inconsistent resources, or providers with varying levels of relevant experience. Without endorsing or certifying any specific provider, the Board could consider establishing minimum qualification considerations, competency criteria, or eligibility requirements for inclusion in such a directory, focused on relevant QC, inspection, regulatory, or quality management experience. A resource of this nature could improve implementation consistency, expand access to experienced quality management professionals, and further support the investor-protection objectives underlying QC 1000.
d) Other agenda priorities.
Beyond QC 1000, we encourage the Board to prioritize standard-setting in areas where the audit environment is changing most rapidly: the auditor’s use of technology and AI, audit data analytics, and fraud. In each case, we encourage the Board to coordinate closely with the International Auditing and Assurance Standards Board (IAASB) to minimize unnecessary divergence from international standards.
5. Greater Alignment with Other Auditing Standards
We support meaningful alignment with international auditing and quality management standards, including ISQM 1, as a strategic priority. Where divergence is justified by a documented audit-quality or investor-protection rationale (as we believe is the case with the EQCF), the Board should retain it. Where divergence cannot be tied to a clear audit-quality benefit, the Board should be willing to align. Going forward, we encourage the Board to adopt convergence as a stated principle of standard-setting and to engage formally and frequently with the IAASB, the International Forum of Independent Audit Regulators (IFIAR), and the AICPA.
6. Use of Technology, Including AI
Technology, and in particular AI, can materially enhance the PCAOB’s oversight model and benefit firms, the Board, and investors alike. We encourage the Board to pursue three directions: (i) technology-enabled oversight, including the use of analytics and AI to scope inspections, drive consistency across inspection teams, and analyze structured QC system data submitted by firms; (ii) modernized firm reporting, moving from document-centric submissions to structured, machine-readable data so that the Board can analyze QC system trends across the population of registered firms in something approaching real time; and (iii) principles-based guidance on the auditor’s use of AI tools in the conduct of audits, including guidance on when and how AI-enabled monitoring tools may serve as legitimate quality responses under QC 1000. The Board should apply the same investor-protection and risk-based discipline to its own use of AI that it expects of registered firms.
7. Enhanced Transparency with Stakeholders
We commend the Board for soliciting stakeholder input early in the strategic planning process. To build on that foundation, we recommend the Board: (i) publish substantive QC 1000 interpretive guidance, FAQs, and exemplary practices on a recurring cadence; (ii) locate authoritative interpretation in the Office of the Chief Auditor rather than allowing interpretation to be effectively created by inspections or enforcement; (iii) publish ongoing dashboards on inspection metrics, themes, and remediation outcomes alongside firm-specific reports; (iv) publish data on registrations, deregistrations, and EQCF appointments so that the Board, the SEC, and the public can monitor the structural effects of QC 1000 over time; and (v) report annually on the Board’s progress against its strategic plan with measurable outcomes for each priority.
Closing
We appreciate the Board’s commitment to early stakeholder engagement and its willingness to evolve oversight in step with the audit environment. We strongly support a PCAOB that is principles-based and globally aligned, that focuses oversight at the firm-system level where audit quality is built and sustained, that uses technology to do its work better and more efficiently, and that recognizes the constructive role qualified, external service providers can play in firms’ systems of quality management.
CPAClub helps firms move forward. Through our award-winning subscription model, firms gain flexible access to experienced accounting and advisory professionals who help expand capacity, strengthen audit quality, navigate regulatory change, and drive transformation.
Founded and led by one of Accounting Today’s Top 100 Most Influential People in Accounting and CPA Practice Advisor’s 20 Under 40 Top Influencers, CPAClub has been recognized as the CalCPA Firm of the Year and a Top New Product by Accounting Today. Learn more at cpaclub.cpa.
Subscribe to receive the latest thought leadership posts to your inbox.
Related Thought Leadership
The Value Model: Why Billable Hours Aren’t Enough
Wiped Out: The Wave of CPA Retirements & Turnover
5 Reasons External Auditing Is a Smart Career Choice