CPE Webcasts

On Demand

Join Newsletter

CPE Webcasts

On Demand

Join Newsletter

Contact Us
PCAOB Sanctions
Over the past 15 months, the PCAOB has sanctioned multiple CPA firms for quality control violations, citing failures in professional skepticism, audit evidence, and compliance with reporting requirements. Notably, PwC Greece was fined $3 million for disregarding contradictory audit evidence, and KPMG China faced penalties for insufficient audit documentation. These cases underscore the critical role of strong quality control systems in maintaining compliance. With new standards like SQMS No. 1 and QC 1000 set to take effect, firms must proactively enhance their quality management frameworks to mitigate risk and uphold auditing integrity.
September 15, 2024
Publications
Read on VSCPA

In the past 15 months, the Public Company Accounting Oversight Board (PCAOB) has leveraged many sanctions against CPA firms — most due to quality control violations. Specifically, the impact of insufficient quality management resulted in firms failing to follow PCAOB standards, such as:

  • Lack of due care and professional skepticism.
  • Insufficient audit evidence.
  • Poor documentation.
  • Failing to file forms.
  • Failing to communicate with the audit committee.

Lack of due care & professional skepticism

Ten PCAOB press releases cited a lack of due care and professional skepticism as a reason for sanctioning. In one example, the PCAOB fined PwC Greece $3 million for the Aegean Marine Petroleum Network audit engagement. The PCAOB found the partner and engagement team failed to respond with due professional care and professional skepticism to inconsistent audit evidence they uncovered about four of Aegean’s customers.

To make matters worse, the engagement team was aware that a client executive with significant control over the company had previously been convicted of fuel smuggling crimes involving virtual invoicing. Due to concerns about the integrity and ethics of management, the partner and engagement team assessed a significant risk of material misstatement due to fraud. However, despite this identified risk, they disregarded inconsistencies from contradictory audit evidence about the unusual transactions with four customers. 

Exercising professional skepticism on audit engagements is not optional. Professional skepticism is an attitude that includes a questioning mind and critical assessment of audit evidence. The auditor uses the knowledge, skill, and ability required in the public accounting profession to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. When the auditor encounters any vague, implausible, or contradictory evidence from the client, the auditor should not be satisfied with less than persuasive evidence. When the Aegean engagement team at PwC Greece examined contradictory evidence, they should have questioned it further and obtained more persuasive audit evidence instead of ignoring it.

Insufficient audit evidence

Twelve PCAOB releases cited insufficient audit evidence as the culprit for sanctions. For example, on March 20, 2024, the PCAOB sanctioned three partners of KPMG China for various violations. Their client, Tarena International, restated its 2017 financial statements in 2019 due to intentional revenue inflation and improper charges against accounts receivable. After the PCAOB completed its investigation, the engagement failed to obtain sufficient appropriate audit evidence to support Tarena’s reported revenue. Additionally, the engagement team placed reliance on the company’s internal controls despite having knowledge of unresolved deficiencies in their IT controls. 

The partners on the engagement team also failed to exercise due care and professional skepticism and failed to obtain sufficient appropriate audit evidence to support the client’s net accounts receivable. Specifically, they failed to evaluate the reasonableness of allowance for doubtful accounts. 

In these sanctions, firms failed to comply with AS 1105: Audit Evidence. Under AS 1105, the auditor must plan and perform audit procedures to obtain sufficient appropriate audit evidence to provide a reasonable basis for his or her opinion. Sufficiency is the measure of the quantity of evidence, and appropriateness is the measure of the quality of audit evidence, i.e., its relevance and reliability. 

Similarly, for engagements being conducted in accordance with the AICPA’s SAS, auditors must adhere to the requirements of AU-C Section 500: Audit Evidence. The objective of the auditor is to evaluate information to be used as audit evidence, including the results of audit procedures, to inform the auditor’s overall conclusion about whether sufficient appropriate audit evidence has been obtained. The auditor should evaluate information to be used as audit evidence by taking into account the relevance and reliability of information, including its source, and whether such information corroborates or contradicts assertions in the financial statements. The auditor’s evaluation of the information to be used as audit evidence should include evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes and obtaining audit evidence about the accuracy and completeness of information. 

Documentation

There were also numerous issues relating to documentation in recent PCAOB sanctions. The violations ranged from failing to assemble for retention a complete and final set of audit documentation in a timely manner, improperly adding late information to the workpapers, inappropriately altering documentation, and failing to adequately document work on engagements. 

Strong documentation is essential to every audit engagement. Audit documentation serves as the evidence to support the auditor’s opinion on the financial statements. It also provides evidence that the audit was properly planned and performed in accordance with Generally Accepted Auditing Standards (GAAS). Auditors should operate with the mindset that if the work is not properly documented, it’s the equivalent of work not being performed in the first place. 

Failing to file forms

Interestingly, over the past 15 months, 11 of the PCAOB’s press releases were sanctions relating to firms failing to file forms in either a timely or accurate manner. The most problematic form was the PCAOB Form AP, Auditor Reporting of Certain Audit Participants. Registered audit firms are required to submit Form AP to disclose the names of engagement partners and other accounting firms that participated in their audits of public companies. The PCAOB adopted the rule to improve transparency regarding the engagement partner and other accounting firms that took part in the audit. 

There were also instances of failure to file Form 2, Annual Report Form, and Form 3, Special Report Form. Each year, a registered firm must provide basic information about the firm and its audit practice over the most recent 12-month period by filing a Form 2 with the Board by June 30. Registered public accounting firms must also report certain events in a special report filed no later than 30 days after the occurrence of the reportable event. 

Failing to communicate with audit committee

According to the PCAOB’s press releases, the basis for at least six sanctions was the failure to communicate with audit committees. AS 1301: Communications with Audit Committees, requires the auditor to communicate with the company’s audit committee regarding certain matters related to the conduct of the audit and to obtain certain information from the committee relevant to the audit. 

Similarly, for firms conducting audits in accordance with the AICPA’s Statements on Auditing Standards (SAS), auditors must adhere to the requirements of AU-C Section 260: The Auditor’s Communication with Those Charged with Governance. The auditor must communicate clearly with those charged with governance the responsibilities of the auditor regarding the financial statement audit and an overview of the planned scope and timing of the audit; obtain information relevant to the audit from those charged with governance; provide timely observations arising from the audit that are significant and relevant to their responsibility to oversee the financial reporting process; and promote effective two-way communication between the auditor and those charged with governance. If the auditor fails to do so, they are not in compliance with AU-C Section 260.

The root cause

The PCAOB sanctions stem primarily from quality control violations, resulting in difficulties for firms in maintaining professional skepticism, obtaining adequate audit evidence, and filing forms on time. The overwhelming majority of the issues described above are directly attributed to quality control violations.

According to PCAOB Chair Erica Y. Williams, “A firm’s system of quality control provides the foundation for property performed audits.” Common violations include failure to obtain engagement quality reviews, inadequate policies and procedures to ensure work meets professional standards, and deficiencies in the design and implementation of quality control systems. Firms also failed to establish effective policies for ensuring engagement personnel’s work meets standards and that their quality control systems are suitably designed and applied.

Firms can proactively manage issues by adopting robust quality control systems, which have become even more crucial given the evolving business landscape and heightened regulatory expectations. The AICPA’s new Quality Management Standards, including Statements on Quality Management Standards No. 1 and No. 2, along with Statements on Auditing Standards No. 146 and SSARS 26, are a shift toward a risk-based approach, emphasizing leadership responsibility and scalability. SQMS No. 1 emphasizes the firm’s risk assessment process, governance and leadership, ethical requirements, acceptance and continuance, engagement performance, resources, information and communication, and monitoring and remediation, providing a tailored and integrated system for achieving objectives.

SQMS No. 2 specifically addresses the appointment and eligibility of engagement quality reviewers (EQRs) and the performance of engagement quality reviews, allowing flexibility based on the level of significant judgments in engagements. SAS 146 emphasizes auditors’ responsibilities for quality management, highlighting professional skepticism, enhanced documentation, and robust communication, with the engagement partner assuming overall responsibility. SSARS 26 aligns with SQMS, emphasizing technology integration, continuous information flow, proactive monitoring, and EQR requirements. Compliance with SQMS is mandatory by Dec. 15, 2025, with evaluation after one year, aiming to enhance firm leadership, accountability, and governance through effective risk management practices.

Additionally, the PCAOB adopted a new quality control (QC) standard, QC 1000, which the Board believes will lead registered firms to significantly improve their quality control systems. QC 1000 requires registered firms to design their QC systems to comply with the proposed standard, including establishing specific quality objectives outlined in the standard, identifying and assessing quality risks to the achievement of those objectives, and developing policies and procedures to address such risks. As the new quality management standards will require a lot of time and effort to successfully adopt, firms should get a head start on implementation.

Connect With Us

Contact Us
Join Newsletter
galasso learning solutions logo

Disrupting the CPE industry by providing high quality, engaging, and up-to-date content that does more than check boxes, but provides a meaningful learning experience for CPAs.

About Us

Services

Who We Serve

Terms & Conditions | NASBA Policies

 

© 2025 Galasso Learning Solutions - All rights reserved
Have a Question?
Jaclyn Veno CPA | Auditing Level Training | CPE

Melisa Galasso, CPA, CSP, CPTD

Melisa F. Galasso is the founder and CEO of Galasso Learning Solutions LLC. A CPA with nearly 20 years of experience in the accounting profession, Melisa designs and facilitates courses in advanced technical accounting and auditing topics, including not-for-profit and governmental accounting.

Her passion is providing high-quality CPE that is meaningful, creates efficiencies and improves quality, and positively impacts ROI. She also supports essential professional development, audit level training, and train the trainer efforts.

Melisa is a Certified Speaking Professional, a Certified Professional in Talent Development (CPTD), and has earned the Association for Talent Development Master Trainer™ designation. Her passion for instructional design and adult learning techniques is one of the differentiators that set her apart from other CPE providers.

She also serves on the FASB’s Not-for-Profit Advisory Committee (NAC), AICPA Council, and the AICPA’s Women’s Initiative Executive Committee (WIEC). She also serves as a Subject Matter Expert for the Center for Plain English Accounting. She previously served on the AICPA’s Technical Issues Committee (TIC), the VSCPA’s Board of Directors, and is a past Chair of the NCACPA’s A&A committee. In addition, Melisa is the author of Money Matters for Nonprofits: How Board Members Can Harness the Power of Financial Statements by Understanding Basic Accounting which is available on Amazon or anywhere you purchase books online.

Melisa received a Top 50 Women in Accounting Award in 2021 by Ignition, is a 2020 Enterprising Women of the Year Award recipient, and was honored as a “40 under 40” by CPA Practice Advisor in 2017, 2018, and 2019. She was also named the 2019 Rising Star by her regional NAWBO chapter, received the Don Farmer award for achievement in technical content instruction, and earned several other awards for public speaking and technical training.