This newsletter includes a comprehensive overview of current business issues, risk considerations, and recent regulatory developments to keep audit committees in the know.
Current Business Issues and Risk Considerations
CAQ: Audit Committee Practices Report
Common Threads Across Audit Committees
The fourth edition of the Center for Audit Quality’s Audit Committee Practices Report* found that the top three priorities for audit committees are: cybersecurity, enterprise risk management, and finance and internal audit talent
Questions for Audit Committees to Consider:
- Cybersecurity:
- How are new technologies affecting the threat landscape?
- How are new employees trained to mitigate the risk associated with phishing and other attacks?
- How have third parties been considered as it relates to cybersecurity?
- ERM:
- Are we aware of emerging risks and have we asked management how they are being considered in the ERM program?
- What is management’s process for updating their risk assessment outside of their usual cycle?
- Are the board’s backgrounds sufficiently diverse to offer varied perspectives, enhance risk identification, and improve the oversight and support of management?
- Finance and Internal Audit Talent:
- Do we have strong relationships with both the finance and internal audit leaders?
- Is there a succession plan for key finance and internal team members? Do we have the bench strength and leadership style of the finance and internal audit teams?
- Do we receive periodic updates on key talent metrics, including involuntary turnover of high performers?
- Did we consider the sufficiency of resource allocation to finance and internal audit functions such that appropriate investments can be made in long-term system and process improvements to support the company and high-quality corporate reporting?
- Do we understand how technology advancements may affect talent and confirm that management has plans in place to manage the risk this imposes?
- Do we understand the IIA’s new Global Internal Audit Standards?
*This report is based on a survey of 237 respondents, primarily from U.S. public companies with a market cap over $2 billion.
Audit Committee Pre-Approval of Services
- In 2024, the PCAOB highlighted some considerations for audit committees on their oversight responsibilities regarding their auditor’s independence.
- Some of those considerations included:
- Consider whether any services provided by the audit firm may impair the audit firm’s independence in advance.
- Be aware that certain financial relationships between the company and the independent auditor are prohibited.
- Consider whether the public company’s policies and procedures require that all audit and non-audit services are brought before the audit committee for pre-approval.
- Do not approve engagements that remunerate an independent auditor on a contingent fee or a commission basis, as such remuneration is considered to impair the auditor’s independence.
- Consider whether their auditor has implemented processes to identify prohibited relationships.
- Discuss the following with the audit firm:
- Processes the audit firm uses to ensure complete disclosure of all relationships with the public company and its affiliates.
- Relationships the audit firm may have with officers, board members, and significant shareholders.
- Consider whether pre-approval policies and procedures are sufficiently detailed as to the particular services to be provided so a well-reasoned assessment of the impact of the service on the auditor’s independence can be made.
- Consider whether existing policies and procedures proactively alert auditors to proposed or pending merger and acquisition activity that could have an impact on auditor independence.
Reporting & Disclosure Considerations
PCAOB Activities Update
PCAOB Forum For Auditors of Small Issuers and Broker-Dealers
During a March 2025 PCAOB forum for auditors of small issuers and broker-dealers, PCAOB Board member Christina Ho's address highlighted her support for the PCAOB and listed areas (below) in which she believes the PCAOB must take a more focused and measured approach to ensure adequate investor protection and a robust, resilient, and competitive public company auditing profession – one that is attractive to smaller firms and to students at institutions of higher education.
Standard setting that:
- Provides clear and direct linkages to improving audit quality.
- Is at a pace and volume that doesn’t place tremendous financial and resource strain on smaller firms.
- Focuses on technology – including AI – that includes pilot testing.
Inspections that:
- Clearly identify deficiencies that have a significant impact on investors and distinguish between, for example, severe deficiencies and those that reflect a disagreement on a firm’s exercise of judgment.
Enforcement activity that:
- Focuses on violations that are material and most significant to investors.
View Board Member Ho’s full speech here.
PCAOB Withdraws Proposed Rules on Firm Reporting and Firm and Engagement Metrics
On February 11th, the SEC published a release indicating that the PCAOB had withdrawn the rules it finalized in November 2024 related to firm reporting and firm and engagement metrics.
The SEC received feedback from a variety of stakeholders during its extended consultation period. Many of these stakeholders shared concerns that were like those raised by BDO in our comment letter to the PCAOB during the proposal stage.
The PCAOB has not indicated potential next steps with respect to the rules, if any, including whether they may be revisited considering the feedback to the SEC.
PCAOB Announces Updated Advisory Group Members
In March, the Public Company Accounting Oversight Board (PCAOB) announced the appointment of members of its two advisory groups - Investor Advisory Group (IAG) and the Standards and Emerging Issues Advisory Group (SEIAG). Advisory group members are appointed for two-year terms.
IAG:
- The IAG was established to provide the PCAOB with investors’ perspectives on the PCAOB’s agenda. The IAG furthers the PCAOB’s mission to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports.
- 8 new members were added to the group and 8 members continued.
SEIAG:
- The SEIAG was established to advise on existing standards, proposed standards, potential new standards, and on other matters, such as emerging issues, that are of significance to the PCAOB’s work to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports.
- 13 new members were added to the group and 11 members continued.
For a complete listing of members, please click here to read the press release.
PCAOB Updates Standard-Setting Projects
Recently Completed or Effective Standard-setting Projects
| Project | Effective Date | Date of Board Adoption | Date of SEC Approval |
|---|---|---|---|
| Other Auditors | Effective for audits of fiscal years ending on or after December 15, 2024. | June 2022 | August 12, 2022 |
| Confirmation | Effective for audits of fiscal years ending on or after June 15, 2025. | September 2023 | December 1, 2023 |
| Quality Control | Effective on December 15, 2025. The first evaluation period is for the period beginning on the effective date of the standard (i.e., December 15, 2025) and ending on September 30, 2026. The firm’s first evaluation must be reported to the PCAOB on Form QC no later than November 30, 2026. | May 2024 | September 9, 2024 |
| Amendments Related to Aspects of Designing and Performing Audit Procedures that Involve Technology-Assisted Analysis of Information in Electronic Form | Effective for audits of financial statements for fiscal years beginning on or after December 15, 2025. | June 2024 | August 20, 2024 |
| General Responsibilities of the Auditor in Conducting an Audit (AS 1000) | Effective for audits of fiscal years beginning on or after, December 15, 2024, except for the 14-day documentation completion date. | May 2024 | August 20, 2024 |
| Firm and Engagement Metrics | Subject to approval by the SEC, the final rules and reporting forms would take effect on October 1, 2027 with a phased implementation period as follows: Firm-level metrics reporting:
Engagement-level metrics reporting 35 days after issuance of the auditor’s report:
| November 2024 | Withdrawn |
Short-Term Standard-Setting Projects
| Project | Effective Date | Date of Board Adoption | Date of SEC Approval |
|---|---|---|---|
| Attestation Standards Update | Consider the requirements in the interim attestation standards in connection with the PCAOB’s interim standards project. | Proposal | 2025 |
| Going Concern | Consider the auditor’s evaluation and reporting of a company’s ability to continue as a going concern in response to changes in financial reporting, the auditing environment, and stakeholder needs, including by considering how AS 2415, Consideration of an Entity's Ability to Continue as a Going Concern, should be revised. | Proposal | 2025 |
| Substantive Analytical Procedures | Consider changes to an auditor’s use of substantive analytical procedures to better align with the auditor’s risk assessment and to address the increasing use of technology tools in performing these procedures, including whether to revise AS 2305, Substantive Analytical Procedures. | Adoption | 2025 |
| Noncompliance with Laws and Regulations | Consider changes to an auditor’s consideration of possible noncompliance with laws and regulations including how AS 2405, Illegal Acts by Clients, should be revised to integrate a scalable, risk-based approach that takes into account recent developments in corporate governance and internal control practices. | Adoption | 2025 |
| Inventory | Consider updates to AS 2510, Auditing Inventories, in connection with the Interim Standards project to reflect changes in the auditing environment. | Proposal | 2025 |
| Auditor Reporting in Specified Circumstances | Consider updates to AS 3105, Departures from Unqualified Opinions and Other Reporting Circumstances, and other interim standards in the AS 3300 series. | Proposal | 2025 |
| Access Short-Term Standard-Setting Projects | |||
Mid-Term Standard Setting Projects
| Project | Project Description |
|---|---|
| Use of a Service Organization | Consider how AS 2601, Consideration of an Entity’s Use of a Service Organization, should be amended to reflect changes in how companies use services of third parties that are relevant to the company’s own internal control over financial reporting and developments in practice. |
| Fraud | Consider how AS 2401, Consideration of Fraud in a Financial Statement Audit, should be revised to better align an auditor’s responsibilities for addressing intentional acts that result in material misstatements in financial statements with the auditor’s risk assessment, including addressing matters that may arise from developments in the use of technology. |
| Interim Ethics and Independence Standards | In connection with the PCAOB’s interim standards project, consider whether existing obligations of PCAOB registered firms and their associated persons should be enhanced and updated to better promote compliance through improved ethical behavior and independence. |
| Internal Audit | Consider updates to AS 2605, Consideration of the Internal Audit Function, in connection with the Interim Standards project to reflect changes in the auditing and reporting environment. |
| Interim Standards | Consider whether the remaining “interim” standards, as adopted upon the establishment of the Board, should be amended, replaced, or eliminated, as appropriate. As part of this analysis, evaluate which standards are necessary to retain and, of those, which should be retained with minimal updates, and which require more significant changes. Separate projects, including requests for comment on potential standards to eliminate, will be added to the standard-setting agenda as the staff completes its analysis. |
| Interim Financial Information Reviews | Consider updates to AS 4105, Reviews of Interim Financial Information, in connection with the Interim Standards project to reflect changes in the auditing and reporting environment. |
| Subsequent Events and Other Matters Arising After the Date of the Auditor’s Report | Consider updates to interim standards that address auditor responsibilities related to (i) certain events occurring between the balance sheet and the auditor’s report date and (ii) certain matters arising after the auditor’s report date, such as subsequently discovered facts and reissuance of the auditor’s report. This project considers updating AS 2801, Subsequent Events, AS 2905, Subsequent Discovery of Facts Existing at the Date of the Auditor’s Report, and certain other interim standards. |
| Access Mid-Term Standard-Setting Projects | |
Research Projects
| Project | Project Description |
|---|---|
| Data and Technology | Assess whether there is a need for guidance, changes to PCAOB standards, or other regulatory actions considering the increased use of technology-based tools by auditors and preparers. This includes evaluating the role technology innovation plays in driving audit quality. Research from this project may give rise to individual standard-setting projects and may also inform the scope or nature of other projects that are included on the standard-setting agenda. |
| Communication of Critical Audit Matters | The project seeks to understand why there continues to be a decrease in the average number of critical audit matters (CAM) reported in the auditor’s report over time and whether there is a need for guidance, changes to PCAOB standards, or other regulatory action to improve such reporting, including the information that is provided as part of the CAM reporting. The staff continues to conduct research, including taking into account recent insights shared by the Investor Advisory Group. |
| Access Research Projects | |
Rulemaking Projects
| Project | Project Description | Next Board Action | Date of SEC Approval |
|---|---|---|---|
| Contributory Liability | Consider changes to the Board’s ethics rule, PCAOB Rule 3502, Responsibility Not to Knowingly or Recklessly Contribute to Violations. | Adopted June 2024 | August 20, 2024 |
| Registration | Consider changes to enhance the PCAOB’s registration program. | Adopted November 2024 | January 2, 2025 |
| Firm Reporting | Consider changes to audit firm reporting requirements including periodic reporting requirements, special reporting requirements, and other enhancements to the audit firm reporting framework. | Adopted November 2024 | Withdrawn |
| Access Rulemaking Projects | |||