Statement

SEC as EQCF: Statement on Public Company Accounting Oversight Board; Notice of Filing of Proposed Rules on a Firm’s System of Quality Control and Related Amendments to PCAOB Standards

Commissioner Hester M. Peirce
Washington D.C.

Auditors play a critical role in maintaining healthy capital markets. Comprehensive, dynamic quality control systems help audit firms fulfill their mission. Troublingly high audit deficiency rates, though likely attributable to multiple causes, suggest that the five-year-long effort by the Public Company Accounting Oversight Board (“PCAOB” or “Board”) to revamp its outdated quality control standards was warranted.[1] Getting the quality control standard right, however, would have required more time for additional pointed questions, comment, reflection, and revision. The PCAOB, now with the Commission’s assent, cut the process short and put out QC 1000, a standard that still needs work. Accordingly, I am unable to support it.

Ironically, with respect to a standard that focuses on quality control, the Commission has failed to perform the external quality control function which Congress entrusted to us. Congress established the PCAOB, a nonprofit corporation, “to oversee the audit of public companies that are subject to the securities laws, and related matters, in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports . . . .”[2] Congress directed the PCAOB to establish audit standards, including quality control standards.[3] For these standards to become effective, Congress required Commission approval under the same process that we use in considering whether to approve self-regulatory organizations’ rules.[4] That process affords the Commission the discretion to institute proceedings to consider whether to approve a rule.[5] Because one Board member dissented and numerous commenters expressed serious concerns with the PCAOB’s final standard, we should have instituted proceedings to afford us, the PCAOB, and the public more time to think about this standard. Instead, wishing away any difficulties, we are rushing an approval order out the door.

The standard will pose many significant implementation challenges, but several concerns particularly stand out. First, even though many registered firms do not perform audits of issuers or broker-dealers, all registered firms must design a quality control system that complies with QC 1000. Firms, as part of the current registration process, file a quality control statement.[6] The comprehensive and prescriptive QC 1000, however, requires much more, which is the basis for concerns about the design-only requirement, which requires firms—regardless of whether they will use them—to design quality control systems.[7] For the up to sixty percent of registered firms that are not performing issuer or broker-dealer audits,[8] designing a quality control system that satisfies QC 1000 will be difficult, costly, and pointless. Difficult because a firm that is not auditing issuers or broker-dealers—or planning to do so in the near-term—will be designing a hypothetical system.[9] Costly because QC 1000 is more rigorous and prescriptive than other quality control standards these firms might be using.[10] Pointless because QC 1000’s design exercise is tailored specifically for audits of issuers and broker-dealers, meaning it is hypothetical and of little benefit to investors for firms not doing these audits.[11] Even a firm that might want to take on issuer or broker-dealer audits eventually might want to wait to design a quality control system closer to the time it begins considering whether to take on engagements since a generic quality control system may—despite that firm’s best effort—be inapt for the task at hand. Neither the Commission nor the PCAOB is bothered by the likelihood that firms may deregister rather than comply with the design requirement in QC 1000.[12] The Commission and the PCAOB both wave away questions about whether the Board has legal authority to adopt a design-only requirement that applies to firms that do not perform audits of issuers or broker-dealers.[13]

Second, despite the Board’s frequent emphasis that QC 1000 strikes the right balance between prescription and principles-based obligations and that its expectations are clear, the standard leaves lots of room for second-guessing through inspections and enforcement. The standard has many prescriptive elements that are not risk-based, such as requiring all identified engagement deficiencies to be remediated. Throughout the proposing release, the Board suggests that prescribed elements will satisfy QC 1000 expectations, only to add an immediate “however” that pulls the props out from under this clarity.[14] The Board’s pithy description of the fluid nature of the quality objective selection process—the standard “set[s] forth a floor rather than a ceiling”— could be applied to just about every aspect of QC 1000.[15] A firm’s quality control system should be tailored to its unique risks and circumstances, but, as written, the standard will pose many implementation challenges and perhaps scare people away from taking leadership roles because the scope of their liability under such a far-reaching and ambiguous standard is unclear.[16]

Third, the Board did not take adequate account of how QC 1000 will interact with other quality control standards from other standard setters. Firms might have to maintain multiple quality control systems or juggle inconsistencies across the different standards.[17] A firm’s quality control system, for example, might be effective under another quality control standard but not QC 1000.[18] To address competitive concerns, the Board could have allowed small firms to design and operate their quality control systems under either QC 1000 or one of the other standards.[19] As one commenter explained, “implementing yet an additional (or in many cases, a third) new standard intending to address the same objectives will distract limited firm resources away from continuous audit quality improvement” and could cause firms to “spend more time differentiating between and ensuring compliance over the multiple standards across multiple jurisdictions.”[20] In a bit of having one’s regulatory cake and eating it too,[21] while the Board deems these other QC standards insufficiently similar in coverage and prescription to allow them to substitute for QC 1000, the similarities are more than sufficient when calculating implementation costs,[22] and even compliance dates.[23]

Fourth, because the requirement that large audit firms establish an external quality control function (“EQCF”) differed materially from what was proposed, many questions remain unanswered.[24] The responsibilities of the EQCF must include, at a minimum, “evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system.”[25] What does this role entail in practice? What procedures must the EQCF follow to reach and document its review? When must that review take place? What if its judgments differ from the firm’s judgments? Does this role’s specificity, which differs from the proposal, require some or all large firms to set up a new audit quality oversight function, or are the functions they already have in place sufficient? If this function is new, who would be likely to perform such a function? What type of liability might the EQCF face?[26] Does the answer differ depending on whether the person is an auditor? Does the EQCF requirement broaden the PCAOB’s reach to parties over which it has no legal jurisdiction? Will EQCFs be subject to firm discipline? Will the firms have to share confidential information with the EQCF, and what are the legal implications of doing so? Given the likely expense of the requirement as adopted, should the threshold for application of the requirement be higher—perhaps applying only to firms that audit more than 500 issuers, as some commenters suggested? The PCAOB submitted a lengthy comment letter to the file, which attempted to address some of these questions,[27] but the post-standard commentary of the Board is not the way to address fundamental questions about a role that was first fleshed out in the Board’s adopting release.

As I noted at the start, quality control is important, and I am glad the PCAOB is focused on it. Much of the Board’s work is good and the PCAOB staff dedicated commendable effort to this critical project, but this standard is not ready for prime time. We need more public input, which would have required the Board to repropose or us to take the step of instituting proceedings. I appreciate all the work that the staff at the Commission has done over the past several months. A lot of midnight oil has been burned. Thank you especially to the staff in the Offices of Chief Accountant and General Counsel and the Division of Economic and Risk Analysis. I do have some questions:

  1. For OGC: The Commission’s Order describes “the statements in the PCAOB [August 2024] response letter as being on par with statements made by the Board in the Adopting Release about the scope and application of the QC 1000 requirements.” Are they binding on the PCAOB? Are they binding on PCAOB registered firms? If statements in the letter conflict with the PCAOB’s adopting release, which controls?
  2. Is requiring audit firms that do not audit issuers or broker-dealers to design quality control systems that comply with the new standards a backdoor way to expand the PCAOB’s jurisdiction beyond the audits of issuers and broker-dealers?
  3. According to the PCAOB, “approximately 51% of firms have not performed an engagement under PCAOB standards for an issuer or broker-dealer in the past five years.”[28] How does the PCAOB plan to enforce compliance with QC 1000 for firms in general and, more specifically, for firms that do not audit issuers or broker-dealers?
  4. Some commenters looked back to SOX 404 implementation, which was notoriously costly for auditors and issuers, for a sense of what QC 1000 implementation might require. The PCAOB noted the potential relevance of the SOX 404 experience to QC 1000: “Section 404 is similar to QC 1000 in that Section 404 was a policy shock that led large public companies to improve their internal control practices. In addition, while QC 1000 is not an internal control framework per se, it does reflect similar principles as COSO, the industry standard control framework that was widely relied upon to implement Section 404.”[29] Should we expect the same kinds of problems and expenses for auditors and issuers that we saw with the introduction of SOX 404? What steps is the PCAOB taking to mitigate the risk that SOX-404-like problems arise?
  5. Will the information provided to the PCAOB on Form QC have confidentiality protections even though it is provided outside of the inspections process and thus not subject to SOX § 105(b)(5)(A)?[30] If not, what adverse consequences might flow from this information being available to the public?
  6. The Commission’s Order states that “1,194 of the 1,554 (i.e., 77%) firms registered with the PCAOB are unlikely to incur significant incremental costs under QC 1000.”[31] That 23% of firms will incur significant incremental costs is striking. Why didn’t the PCAOB afford these firms additional time for compliance?
  7. For DERA: The PCAOB acknowledges that QC 1000 could cause firms to exit, raise costs for audit clients, deter mergers and acquisitions, and exacerbate the talent crisis in the audit profession, but finds silver linings in each of those clouds. The Board’s reasoning at times seems strained. For example, with respect to the increased demand on firm personnel, the Board explains that: “To meet increased demand for staff resources, some firms may choose to hire additional experienced staff. It is possible that the labor demand shock could result in increased wages and potentially higher audit fees, which could be exacerbated by the concentration of large firms in the audit market. Higher wages could in turn help firms attract and retain a skilled workforce or encourage qualified individuals to take essential roles at firms.”[32] How plausible is that scenario?
  8. Given that the Commission often imposes PCAOB-registered-auditor requirements on auditors who serve entities other than public companies or broker-dealers, how has the staff taken into account the increased costs for these entities resulting from the heightened quality control standard?[33]
  9. Why does the standard set a fixed annual evaluation date of September 30? Why not, as one commenter suggested, allow firms to select a date that, for example, “align[s] their quality control period with their fiscal year end to emphasize the role of quality in a partner’s performance and compensation”?[34]
  10. Although more than twenty years have passed since the Board adopted its interim QC standards, audit firms have not sat idle. As the Board relays, “[m]any firms have implemented a number of changes to their QC systems to remediate their QC deficiencies. Changes brought about through remediation are wide-ranging and can touch upon all major elements of the current QC standards.”[35] The Board then goes on to list a long list of substantive changes and trends associated with industry-led QC improvements.[36] Given this progress, what do you anticipate will be the largest changes to firms’ quality control systems arising from this standard?

[1] See, e.g., PCAOB Staff Update on 2023 Inspection Activities at 4 (Aug. 2024) (“In our 2023 issuer audit inspections, aggregate deficiency rates have continued to increase across all inspection programs, and 46% of the engagements reviewed in 2023 had at least one Part I.A deficiency, excluding broker-dealer audit inspections.”) (footnote omitted), https://assets.pcaobus.org/pcaob-dev/docs/default-source/documents/staff-update-2023-inspection-activities-spotlight.pdf?sfvrsn=2afb0f25_2.

[2] Sarbanes-Oxley § 101(a) [15 U.S.C. 7211(a)].

[3] Sarbanes-Oxley § 101(c)(2) [15 U.S.C. 7211(c)(2)] and Sarbanes-Oxley § 103(a)(1) [15 U.S.C. 7213(a)(1)].

[4] Sarbanes-Oxley § 107(b)(2) [15 U.S.C. 7217(b)(2)].

[5] Securities Exchange Act § 19(b) [15 U.S.C. 78s(b)].

[6] Sarbanes-Oxley § 102(b)(2)(D) of Sarbanes-Oxley [15 U.S.C. 7212(b)(2)(D)].

[7] For a detailed discussion of the concerns about the design-only requirement, see Statement of Board Member Christina Ho, https://pcaobus.org/news-events/speeches/speech-detail/statement-on-the-qc-1000-adoption---demise-to-audit-competition. (“Ho Statement”)

[8] See PCAOB Adopting Release at n. 480 and accompanying text.

[9] See PCAOB Adopting Release at 59 (“acknowledg[ing] that there could be challenges associated with implementing and operating a QC system based on hypothetical risks,” but deeming it “important for registered firms to design a QC system based on the quality risks the firm likely would face if it were to perform engagements”).

[10] See PCAOB Adopting Release at 60 (“QC 1000 includes requirements that do not appear in other QC standards or that are more prescriptive or more specifically tailored to our legal and regulatory environment than the provisions of ISQM 1 or SQMS 1. Because of these key differences, we do not believe that a QC system design based on ISQM 1 or SQMS 1, as suggested by some commenters, would be sufficient.”). See also Comment Letter from PWC at 5 (July 1, 2024) (“This remains a significant concern to several member firms in our network that are inactive, and the economic analysis continues to insufficiently consider the likely significant costs of designing a system of QC in accordance with QC 1000 on a hypothetical basis as the adopting release states that up to 60% of firms may not currently be required to comply with applicable professional and legal requirements with respect to any of their engagements. These costs will either need to be absorbed by that firm or passed along to clients in a way that could price that firm out of the local market, thus reducing choice of potential auditors.”) (internal citations omitted), pcaob202402-487371-1391314.pdf (sec.gov) (“PWC Letter”); Comment Letter from BDO at 4 (“We also believe that at least for PCAOB registered firms within a global network that do not have active issuer audit practices, the requirement that they have at the ready a design-only system of quality control that complies with the requirements of the standard is unduly burdensome, costly, and contrary to the long-term interests of investors. We are concerned that this mandate may drive some PCAOB registered public accounting firms from the market, thereby potentially limiting competition on a global basis.”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-487551-1391694.pdf. (“BDO Letter”)

[11] See, e.g., Comment Letter from KPMG at 4 (Feb. 1, 2023) (“In the Release, the Board acknowledges that, without engagements, implementation and operation of a QC system would be largely hypothetical and the associated risks to investor protection are minimal.”), Letterhead for 345 Park Ave. (match to paper version) (pcaobus.org). (“KPMG Letter”)

[12] See, e.g., Commission Order at 24 (“Other firms that would have been subject to the design-only requirement may indeed choose to deregister. Such deregistration may, nevertheless, not have an adverse competitive effect if such firms were only intending to continue to compete for work that does not require PCAOB registration, such as participating in an audit pursuant to PCAOB standards at a level below that of a ‘substantial role,’ as their registration status would not impact their eligibility for this work.”), https://www.sec.gov/files/rules/pcaob/2024/34-100968.pdf; PCAOB Adopting Release at 61 (“Firms participating in a PCAOB engagement below the level of a substantial role do not require registration with the PCAOB. If such a firm does not lead and does not plan to lead engagements or play a substantial role in engagements pursuant to PCAOB standards, then we believe that the firm should assess whether the costs of complying with the design requirement are commensurate with their perceived benefit of being registered with the PCAOB.”).

[13] See Ho Statement at n. 2 and accompanying text (explaining that “important statutory text contained in not only SOX section 103(a)(2)(B) but also SOX section 103(a)(1), . . . contains a limiting principle on the application of our Quality Control and other standards. While SOX section 103(a)(2)(B) does apply to ‘every’ registered public accounting firm, it appliesonlywith respect to the issuance of audit reports,’” and that “[t]he term ‘audit report’ is defined in SOX section 110(2), in pertinent part, as a document prepared following an audit performed for purposes of compliance by an issuer, broker, or dealer with the requirements of the securities laws”) (emphasis in Board Member Ho’s statement).

[14] See, e.g., PCAOB Adopting Release at 42 (“We believe that, for many firms, the quality objectives specified in the standard are likely to be comprehensive, and we do not expect in our current environment that additional quality objectives would generally be necessary. However, we also recognize that the nature and circumstances of a firm and its engagements will vary and the environment may change. Accordingly, firms are required to establish additional quality objectives, if necessary.”) (emphasis added); PCAOB Adopting Release at 107 (“[T]he specified quality response requiring mandatory training may address some of the quality risks related to certain quality objectives in the resources component (e.g., hiring, developing, and retaining firm personnel). However, mandatory training alone will not be sufficient to address all the quality risks that may be identified for that quality objective and will have to be combined with additional firm developed quality responses.”) (internal citations omitted; emphasis added).

[15] Id. See also PCAOB Adopting Release at 63-64 (“The inclusion of specified quality responses in the standard should not be interpreted to suggest that we believe all firms have the same or similar quality risks overall; the specific risks addressed by specified quality responses are likely a small subset of the overall population of quality risks identified by a firm, and we expect potentially wide variation in the full set of risks faced by different firms.”).

[16] The Board says that “to achieve an appropriate tone at the top, . . . it is not enough for firm leadership to ‘talk the talk.’ They also have to ‘walk the walk.’” PCAOB Adopting Release at 111. True enough, but in light of the ramped up liability firm leadership will face under QC 1000, will firms be able to find suitable individuals willing to take that first step into the minefield? As the Board explains, individuals’ liability is very much in view: “Under QC 1000, the individuals who are assigned specific responsibilities with respect to the QC system could be charged with violations if they fail to comply with those enumerated responsibilities, as well as for contributing to firm violations or failing reasonably to supervise. . . . Those individuals must exercise due professional care (see paragraph .10), and their failure to properly discharge their duties—for example, to establish or direct the establishment of certain QC-system reporting lines (see paragraph .14b), to certify the firm’s Form QC report to the PCAOB (see paragraphs .14d and .15b), or to timely communicate certain information to others (see paragraphs .16b and .17b)— would constitute violations of QC 1000. So while current QC standards generally require either a primary violation by the firm to trigger an individual’s potential liability under Rule 3502 or a primary violation by another associated person to trigger a supervisory person’s potential liability under Section 105(c)(6) of Sarbanes-Oxley, QC 1000 creates a framework in which an individual’s failure to discharge prescribed responsibilities could give rise to individual liability without regard to whether primary violations were committed by another. That is not to say, however, that the individuals filling the roles specified in paragraphs .11 and .12 of QC 1000 no longer can be charged with contributing to violations by the firm or for failing to reasonably supervise an associated person who commits certain violations.” PCAOB Adopting Release at 85. For key roles, including being “ultimately responsible and accountable for the QC system as a whole,” the board insists on having one person bear the responsibility. QC 1000.11. See also QC 1000.12 (noting that specified roles “cannot be shared, but rather must be assigned to only one individual”).

[17] PCAOB Adopting Release at 38 (“We acknowledge certain differences between QC 1000 and the quality management standards set by other standard setters, in particular areas where QC 1000 establishes additional or more stringent requirements. However, we believe that quality responses developed by firms under QC 1000 can be considered by firms for the purposes of other quality management standards to which they are subject, reducing the need for two or more separate QC systems.”).

[18] See, e.g., Comment Letter from the Pennsylvania Institute of CPAs at 2 (June 24, 2024) (explaining that “firms [could] potentially hav[e] differing conclusions on the quality control systems depending on which standards they are using”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-484611-1386634.pdf. (“PIC Letter”)

[19] See, e.g., Comment Letter from E&Y at 8 (Feb. 1, 2023) (“We support the view of the Board to require all PCAOB registered firms that have not and do not plan to perform engagements pursuant to PCAOB standards to design a quality control system because we recognize the importance of quality controls. However, as stated in our cover letter, we recommend that the QC requirements for those firms that have not and do not plan to perform engagements pursuant to PCAOB standards could also be satisfied by full compliance, including design, implementation and operation, with another recognized QC framework, such as ISQM 1 or SQMS 1. We believe such an alternative would address the investor protection risk while also scaling implementation costs for firms that are otherwise subject to the design, implementation and operation requirements of another recognized QC standard and have a low likelihood of performing engagements under PCAOB standards in the near term.”), Comment Letter: PCAOB Proposal on a Firm’s System of Quality Control and Other Proposed Amendments to PCAOB Standards, Rules, and Forms (pcaobus.org); KPMG Letter at 4 (“We recommend the final QC 1000 standard allows firms that have not and do not plan to perform engagements pursuant to PCAOB standards the flexibility to choose to design a QC system in accordance with QC 1000 or one of the Other QC Standards such as ISQM 1. A requirement to design a QC system in accordance with QC 1000 for firms that have not and do not plan to perform engagements pursuant to PCAOB standards may not provide the firm or investors with a benefit that outweighs the cost of designing a QC system that may never be implemented and operated.”).

[20] Comment Letter from Johnson Global at 2 (June 26, 2024) (“In fact, based on work with firms worldwide that have already implemented ISQM 1, we share their concerns that implementing yet an additional (or in many cases, a third) new standard intending to address the same objectives will distract limited firm resources away from continuous audit quality improvement. Instead, these resources will spend more time differentiating between and ensuring compliance over the multiple standards across multiple jurisdictions”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-485211-1388194.pdf.

[21] Comment Letter from PCAOB at 26 (Aug. 16, 2024) (“The PCAOB does not believe that any of the approaches suggested by commenters instead of the design requirement would be appropriate. QC 1000 includes requirements that do not appear in other QC standards or that are more prescriptive or more specifically tailored to the U.S. legal and regulatory environment than the provisions of ISQM 1 or SQMS 1. Because of these key differences, the PCAOB does not believe that a QC system design based on ISQM 1 or SQMS 1, as suggested by some commenters, would be an adequate substitute.”), https://assets.pcaobus.org/pcaob-dev/docs/default-source/rulemaking/docket046/pcaob-board-letter-to-sec-regarding-rule-filing-2024-02.pdf?sfvrsn=cd8cde04_1. (“PCAOB Letter”)

[22] Id. at 23 (“In particular, the economic analysis acknowledges that some provisions of the standard will impose burdens on firms and that these burdens may disproportionately affect smaller firms. As discussed in the economic analysis, most firms in the market for public company audits, including smaller registered firms, are subject to other QC standards, such as the AICPA’s new quality control standard, SQMS 1, or the international quality control standard, ISQM 1. Such firms will be able to leverage the investments they make to comply with the requirements of these other standards when meeting the requirements of QC 1000. Costs faced by these firms will be incremental to comply with aspects of the QC 1000 standard that differ from or go beyond those in other standards.”).

[23] Id. at 27 (“Under the Proposal, QC 1000 would take effect on December 15, 2025. By comparison, the analogous international standard, ISQM 1, became effective on December 15, 2022, and the analogous AICPA standard, SQMS 1, will take effect on the same day as the Proposal. Given the commonalities noted above between QC 1000 and these other standards, the PCAOB believes the December 15, 2025 effective date strikes a reasonable balance”).

[24] See, e.g., PWC Letter at 3 (“As an example, the shift from an ‘oversight function of the audit practice’ to an ‘oversight function for the QC system’ represents a significant change, notwithstanding the reference to ‘independent judgment with respect to matters related to the QC system.’ Such significant change after the proposal effectively deprives us of an opportunity for public input into the revised requirement.”); Comment Letter from E&Y at 1 (Aug. 26, 2024) (“While we support the quality objectives adopted in the final standard, we unfortunately have concerns about the requirement for certain firms to have an external quality control function [] that was included in the adopting release. We believe this requirement is not a logical outgrowth of the Board’s 2022 proposed standard and did not benefit from stakeholder input since it is a significant change from the proposal.”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-512055-1483282.pdf; Comment Letter from Grant Thornton at 2 (July 16, 2024) (“In our comment letter on the proposal, we emphasized that our AQAC met the spirit of the proposed requirements, but we asked for additional clarification to understand whether the existing structure fully aligned with the Board’s intended purpose. The additional requirements provided in the Final Standard, particularly regarding the necessary authority and review of all ‘significant judgments,’ introduces prescriptive elements not included in the original proposal, for which our AQAC does not meet the spirit of the Final Standard. The new prescriptive elements could have significant implications on the implementation of the EQCF role.”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-490843-1409266.pdf (emphasis in the original).

[25] QC 1000.28.

[26] See, e.g., PWC Letter at 4 (“Further, the adopting release raises the possibility that individuals filling this role could be subject to liability under Section 105(c)(6) of SOX. That prospect would severely limit the pool of candidates who would be willing to accept this role.”)

[27] See generally PCAOB Letter.

[28] PCAOB Adopting Release at n. 480.

[29] PCAOB Adopting Release at 351-52.

[30] See, e.g., BDO Letter at 4 (“Finally, similar to concerns raised in our response to the proposed standard, we are concerned with whether the current statutory and regulatory framework and the PCAOB’s processes and controls will provide adequate confidentiality protections relating to information required on Form QC. Information provided to the PCAOB through inspection procedures is protected under the confidentiality provision of Section 105(b)(5)(A) of the Sarbanes-Oxley Act; however, such confidentiality protections do not appear to apply to information contemplated by QC 1000 to the extent provided through the PCAOB’s special reporting process such as Form QC.”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-487551-1391694.pdf.

[31] Commission Order at 57.

[32] PCAOB Adopting Release at 361.

[33] See, e.g., Comment Letter from the Chamber of Commerce at 2 (July 15, 2024) (“In addition to the potential for increasing concentration and reducing competition in the smaller firm market for issuer and broker-dealer audit engagements, as discussed below, the QC 1000 has broader implications for the SEC. The SEC has both promulgated and proposed rules requiring the use of PCAOB registered and inspected audit firms by other than issuers and broker-dealers. The SEC needs to consider the consequences of QC 1000 for these segments of the market and the ability of non-issuers/non-broker-dealers to engage the requisite audit firms and comply with the rules the SEC imposes on their organizations.”), https://www.sec.gov/comments/pcaob-2024-02/pcaob202402-490483-1408586.pdf, (internal citation omitted).

[34] See, e.g., PIC Letter at 3 (“We further note that specifying the quality control date would override many firms’ efforts to align quality with compensation. Specifically, many firms align their quality control period with their fiscal year end to emphasize the role of quality in a partner’s performance and compensation. With this in mind, requiring firms to change their quality control period would be costly and would not necessarily improve audit quality”).

[35] PCAOB Adopting Release at 324 (internal citation omitted).

[36] PCAOB Adopting Release at 324-325.

Last Reviewed or Updated: Sept. 9, 2024