The PCAOB (Public Company Accounting Oversight Board) was created by the Sarbanes-Oxley Act of 2002 in response to major accounting scandals. It establishes and enforces auditing and quality control standards for firms that audit public companies.
PCAOB Overview
Mission
- Protect investors through oversight of public company auditors
- Promote informative, accurate, and independent audit reports
- Establish standards for auditing, attestation, quality control, and ethics
Authority
- Registers audit firms
- Inspects registered firms
- Investigates and disciplines firms and individuals
- Sets auditing standards for public company audits
Key PCAOB Standards
Auditing Standards (AS)
| Standard | Topic |
|---|---|
| AS 1101 | Audit Risk |
| AS 1201 | Supervision of the Audit |
| AS 1215 | Audit Documentation |
| AS 1301 | Communications with Audit Committees |
| AS 2101 | Audit Planning |
| AS 2110 | Identifying and Assessing Risks |
| AS 2201 | Internal Control over Financial Reporting |
| AS 2301 | The Auditor's Responses to Risks |
| AS 2401 | Consideration of Fraud |
| AS 2501-2810 | Substantive procedures by area |
| AS 3101 | The Auditor's Report (including CAMs) |
Quality Control Standards (QC)
- QC 1000 (effective 2025): A Firm's System of Quality Control
- Requires firms to establish comprehensive quality management systems
PCAOB vs. AICPA Standards
| Aspect | PCAOB | AICPA |
|---|---|---|
| Applies to | Public companies | Private companies |
| Integrated audit | Required (controls + financial statements) | Optional |
| Critical audit matters | Required | Key audit matters (optional) |
| Independence | Stricter rules | Less restrictive |
| Inspection | PCAOB inspections | Peer review |
PCAOB Inspections
The PCAOB inspects registered firms:
- Annual: Firms auditing 100+ issuers
- Triennial: Firms auditing fewer than 100 issuers
- Inspectors review selected engagements in detail
- Findings reported publicly (Part I) and confidentially (Part II)
Recent Developments
The PCAOB has been increasingly active in:
- Expanding quality control requirements
- Enhancing fraud detection standards
- Improving auditor reporting (critical audit matters)
- Increasing inspection frequency and rigor
- Addressing emerging risks (crypto, ESG, AI)