The Securities and Exchange Commission (SEC) approved a new quality control standard for the Public Company Accounting Oversight Board’s (PCAOB).
The new standard — QC 1000, A Firm’s System of Quality Control — requires all registered public accounting firms to identify specific risks to their practice and design a quality control system that guards against those risks.
The new quality control standard focuses on an audit firm’s accountability and continuous improvement of its audit practice. It will also require an annual evaluation of the firm’s QC system and related reporting to the PCAOB, certified by key firm personnel.
Further, firms that annually issue audit reports for more than 100 issuers must establish an external quality control function (EQCF). This external quality control effort must be composed of one or more people who can exercise independent judgment related to the firm’s QC system.
“An auditing firm is ultimately a professional services firm, and it needs to ensure the quality of the services it provides,” SEC Chair Gary Gensler said. “I am pleased to approve this standard because it will improve the quality control systems of auditors, and thus better protect investors.”
The current PCAOB quality control standards were developed almost 30 years ago by the American Institute of Certified Public Accountants. That was before the accounting fraud scandals of the early 2000s that led to the creation of the PCAOB pursuant to the Sarbanes-Oxley Act of 2002.
QC 1000 addresses changes in the audit practice environment since that time. Leveraging what the PCAOB has learned through two decades of experience in its inspections and enforcement programs. This includes, for example, the increasing participation of other firms and other outside resources in firm engagements, the role of firm networks, and the evolving use of technology.
“Effective QC systems provide critical investor protections by driving continuous improvement in firms’ audit quality in support of the issuance of informative, accurate, and independent audit reports,” Paul Munter, the SEC’s chief accountant, said. “QC 1000 is an integrated risk-based QC standard that strikes an appropriate balance that can be applied by firms of varying sizes and complexities along with a set of mandates tailored to the size of the firms’ audit practices, which should assure that QC systems are designed, implemented, and operated with an appropriate level of rigor.”
PCAOB Chair Erica Williams voiced her support for the new quality control standard.
“When a firm’s QC system operates effectively, quality audits follow. And when QC systems operate ineffectively, investors are put at risk,” Williams said. “Our new QC standard takes an integrated, risk-based approach that can be applied by firms of varying sizes and complexity. When put into practice, it will improve investor protection.”
Williams added that the new standard represents a major step forward for the board’s goal to modernize standards.
QC 1000 and the related amendments to other PCAOB standards, rules, and forms will take effect on Dec. 15, 2025.