The SEC just approved new accounting standards set by its auditor watchdog agency, the Public Company Accounting Oversight Board (PCAOB) as part of an effort to address concerns about a prevalence of poor quality audits.

The five-person Commission voted 3-2, with the Republican members objecting to what they said was a hasty drafting process and what they foresee as unnecessary burdens likely to fall on smaller audit firms.

The Quality Control (QC) Amendments, dubbed QC 1000, require PCAOB-registered audit firms to design a quality control system subject to prescribed quality objectives and processes. Firms will have flexibility to tailor the design of the required processes to their specific risks and needs. The PCAOB adopted these amendments this May.

Standards lagging behind

The Sarbanes-Oxley Act requires the PCAOB to establish, and modify, standards. This law required the Board to establish expert advisory boards to make recommendations on QC standards. When registering with the PCAOB, auditing firms are required to include a statement on QC policies. And when inspecting audit firms, the PCAOB is required to evaluate QC systems.

Congress enacted the provisions in 2002 to address accounting fraud and systemic misconduct in financial reporting by several public companies and the failure of several audit firms to fulfill their role as gatekeepers in surveilling for such conduct.

The QC standards used today were developed decades ago, and the SEC said the PCAOB was justified in modernizing and enhancing them because the auditing environment has changed significantly since that time, with the standards lagging behind.

QC 1000

The amended standard is called QC 1000, A Firm’s System of Quality Control, and the SEC describes it as one that “establishes an integrated, risk-based quality control standard that will require all registered public accounting firms to identify specific risks to their practice and design a quality control system that includes appropriate responses to guard against those risks.”

“Ironically, with respect to a standard that focuses on quality control, the Commission has failed to perform the external quality control function which Congress entrusted to us.”

Hester Peirce, SEC Commissioner, dissenting

Registered firms that perform engagements under PCAOB standards will be required to implement and operate the QC system. The new quality control standard focuses on an audit firm’s accountability and continuous improvement of its audit practice and will require an annual evaluation of the firm’s QC system and related reporting to the PCAOB, certified by key firm personnel.

In addition, firms that annually issue audit reports for more than 100 issuers will be required to establish an external quality control function (EQCF) composed of one or more persons who can exercise independent judgement related to the firm’s QC system.

The focus of the amended quality controls is to continuously monitor risks to audit quality and hold audit firm leadership accountable if the firm falls short of its requirements.

Lawsuit threats and SEC dissents

The US Chamber of Commerce threatened to sue if the SEC went ahead with approving the PCAOB’s standards without addressing its concerns about the EQCF, something that would apply to the larger accounting firms that audit more than 100 public companies. The Chamber also said the SEC’s cost-benefit analysis falls far short of what is legally required in this instance, especially without providing one that is available for public comment.

The Center for Audit Quality also expressed specific concerns and questions about QC 1000 in July, particularly the new EQCF component, which it believes requires further consideration by the PCAOB before a final quality control standard can be approved by the SEC.

Echoing the Chamber’s concerns, SEC Commissioner Mark Uyeda said the SEC should have allowed for more time so market participants could express their views.

Uyeda focused on the PCAOB’s August letter on the EQCF requirement, which the Board had created in an attempt to respond to commenters’ concerns on the first draft of the amendments. The letter explained the EQCF requirement in a way that was significantly more expansive than PCAOB’s QC standard adopting release, he said, so the SEC should have extended the process “to allow for a thoughtful consideration of the standard, particularly the EQCF requirement,” he said. These comment letters are an important part of the process for considering whether to approve or disapprove the updated QC standard.

“This could have resulted in a better standard that would benefit the PCAOB, audit firms, audit clients, and most importantly, investors,” Uyeda said.

In her dissent, Commissioner Hester Peirce emphasized how getting this QC standard right required more time for additional pointed questions, comment, and possible revisions. She said the PCAOB, with the Commission’s assent, cut the process short and issued a standard that still needs work.

“Ironically, with respect to a standard that focuses on quality control, the Commission has failed to perform the external quality control function which Congress entrusted to us,” Peirce said.

Chief Munter and gatekeepers

Speaking about QC 1000, Paul Munter, the SEC’s Chief Accountant, said in the agency’s press release: “QC 1000 is an integrated risk-based QC standard that strikes an appropriate balance that can be applied by firms of varying sizes and complexities, along with a set of mandates tailored to the size of the firms’ audit practices, which should assure that QC systems are designed, implemented, and operated with an appropriate level of rigor.”

The SEC has noted how much investors rely on audit firms to serve a critical function regarding financial reporting and how quality controls and audit standards are necessary to maintain their important gatekeeping role. Munter has made this point in his speeches, and Gurbir Grewal, Director of its Enforcement Division, has singled out accountants and attorneys with a focus on gatekeeper accountability as well.