What is the PCAOB? Auditing Standards & Inspection Reports

What is the PCAOB?

PCAOB History

The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry. Before the PCAOB, the industry was self-monitoring, which seemed to have failed in practice.

Before explaining more about the PCAOB, it is important to highlight their mission and vision statement in their own words:

Mission: “The PCAOB is a nonprofit corporation established by Congress to protect investors and the public interest by promoting informative, accurate, and independent audit reports and to oversee the audits of public companies and broker-dealers.”

Vision: “The PCAOB seeks to be a model regulatory organization. Using innovative and cost-effective tools, the PCAOB aims to improve audit quality, reduce the risks of auditing failures in the U.S. public securities market and promote public trust in both the financial reporting process and auditing profession.” (Source)


PCAOB vs. AICPA (American Institute of Certified Public Accountants)

Although they are closely linked, there are some distinct differences between the AICPA and the PCAOB. The PCAOB is an oversight board, and the AICPA is a professional member association for accountants. The PCAOB monitors accountants, while the AICPA is made up of accountants. The AICPA has created standards which guide accounting professionals and the PCAOB have adopted some of these standards to apply to public accounting firms. Also, the PCAOB specifically deals with public accounting firms and the audits of public companies while the AICPA members perform a variety of audit and attestation services for all types of companies. Read more about the AICPA here.

Who is the PCAOB?

The PCAOB consists of five board members appointed by the SEC to serve full time for five-year terms. Two must be Certified Public Accountants. Currently, there are only four board members, as one seat is vacant. Supporting these board members is a staff of over 800 with departments including Economic and Risk Analysis, Registration and Inspections, and Enforcement and Investigations. So what exactly do all these people do?

What does the PCAOB do? Four Key Activities

1) PCAOB Registration

First, they register public accounting firms. In order to monitor, the PCAOB needs to know who the firms are. Currently, there are just under 2,000 firms registered.

2) PCAOB Auditing Standards

Next, the board dictates the auditing standards the registered firms must use – in order to monitor the accounting firms, standards need to be in place to measure them. Prior to the PCAOB, standards were set by the AICPA. The PCAOB had largely adopted the AICPA’s auditing standards, added its own and just reorganized the standards to bring them together in a single, integrated numbering system, which became effective on December 31, 2016. A full listing with links of all the standards is available on the PCAOB’s website.

PCAOB Independence Rules and the Professional Code of Conduct. One set of rules that is worth highlighting is the AICPA Professional Code of Conduct (Code). The PCAOB Audit Standards refer to this code in their Independence standards. The Code document includes the integrity, objectivity, and ethical standards that CPA practitioners should adhere to in order to best serve the public.

The CPA’s first duty or responsibility is to the public, not to the client, and the code works to guard against the presumption of loss of independence. It outlines examples of relationships and activities which could threaten perceived independence, like financial interests in the audit client or close relationships with key positions at an audit client. The Code explains that the actions a firm takes to eliminate or reduce threats to independence should be documented so firms can demonstrate their efforts to remain independent. The AICPA’s Professional Code of Conduct can be found here.

PCAOB Inspection Reports

3) PCAOB Inspection Reports

Measuring against the standards mentioned above, the PCAOB performs inspections to evaluate firms’ compliance. The PCAOB annually inspects firms that audit more than 100 public companies, and firms that audit fewer public companies are inspected at least once every three years. The PCAOB issued a statement that the 2016 inspections will focus on these areas of higher risk: internal control over financial reporting, assessing and responding to risks of material misstatement, and accounting estimates.

The PCAOB selects audit engagements to review, using a risk-based approach, and examines the audit engagement workpapers. The goal of these inspections is to determine if there are faults in how the accounting firm audit procedures and documentation and if there are weaknesses in quality controls. If the PCAOB determines that there was not sufficient evidence to support the auditor’s opinion, audit deficiencies are reported in the inspection report and published on the PCAOB website.

The 2016 inspection reports have been published and the top categories of audit deficiencies are as follows:

  • Testing internal control over financial reporting (AS 5)
  • Assessing and responding to risk (AS 8 through AS 15)
  • Auditing accounting estimates, including fair value measurements (AU 342 and AU 328)
  • Performing audit sampling (AU 350)

GAAP Dynamics has published an interesting article summarizing the 2016 inspection reports.

4) Enforcement

Finally, as a result of the inspections, if the board determines a serious violation has occurred, an enforcement hearing could be conducted. The PCAOB can impose sanctions and fines to firms or individual auditors. In 2016, the PCAOB prioritized improper audit documentation, specifically in regards to altering documentation to obstruct an inspection or investigation. Notably, the PCAOB imposed an $8 million fine on a Brazilian firm associated with Delloite for these documentation violations. Law 360 has published a great article summarizing the enforcement proceedings of 2016: PCAOB enforcement in 2016.


In conclusion, through the registering, standard setting, inspection, and enforcing, the main goals of the PCAOB are to monitor the audit firms, in order to restore and maintain investors and the public’s trust in the field, which took a big hit with the aforementioned accounting scandals. The PCAOB also aims to promote high professional standards and improve the quality of the audit services offered by the registered firms.

If you are interested in learning about the services provided by Linford & Co, please click the following links: SOC 1, SOC 2HIPAA audits, Royalty Audits, FedRAMP.

4 thoughts on “What is the PCAOB? Auditing Standards & Inspection Reports

  1. Are audit firms required to share the PCAOB report with the client or can a client ask the audit firm to share the report?

  2. The PCAOB issues reports with two parts. One part is public and can be access here. The other part is private. Anyone can ask the firm for the private PCAOB report they received, but the firm is not likely to distribute that report to those outside the firm.

  3. What is the difference between an AU standard and an AS standard? Is there an index of both? I can find an index of AS numbered 1000 and higher but not for AU.

  4. The American Institute of Certified Public Accountants (AICPA) issues Statements on Auditing Standards with the AU prefix that can be found here. The Public Company Accounting Oversight Board (PCAOB) issues General Auditing Standards with the AS prefix that can be found here. Audits of companies that are SEC registrants use both standards. Audits of non-SEC registrants use AU.

Leave a Reply

Your email address will not be published. Required fields are marked *