PCAOB will require firms to share a new set of metrics

By Bryan Strickland

November 22, 2024

September 4, 2025

California issues draft guidance for climate risk disclosure

September 3, 2025

New: Digital assets practice aid addresses auditing of lending, borrowing

August 29, 2025

PCAOB postpones effective date for new quality control system

Audit firms will be required to report a new set of firm and engagement metrics to the PCAOB as well as additional information during annual and special reporting, after a pair of board actions Thursday.

The AICPA issued a statement in response to the firm metrics requirements, saying that the potential consequences of the requirements “are a significant risk.”

PCAOB Chair Erica Williams said in a news release that the new requirements “will make PCAOB oversight more effective and equip investors, audit committees, and others with clear, consistent, and actionable data related to audit firms and the engagements they perform.”

Firm and engagement metrics

PCAOB-registered public accounting firms that audit one or more issuers that qualify as an accelerated filer or large accelerated filer will be required to publicly report specified metrics relating to such audits and their audit practices. Of the 11 metrics included in the PCAOB proposal in April, eight made it into the new requirements:

Partner and manager involvement
Workload
Training hours for audit personnel
Experience of audit personnel
Industry experience
Retention of audit personnel (firm-level only)
Allocation of audit hours
Restatement history (firm-level only)

“We’re glad the PCAOB took some comments to heart by extending implementation dates, particularly for smaller firms, and lowering the number of required metrics,” the AICPA statement said. “But the potential consequences of the remaining requirements – reduced competition and market diversity in the public audit space – are a significant risk. We hope the SEC will give these unintended outcomes the weight they deserve before giving final approval to the requirements.”

The AICPA statement said the “rules will place a significant burden on small and midsized audit firms and could lead some to exit public company auditing altogether.”

The statement cited a recent survey of large firms showing that 51% with audit practices said they would rethink engaging in public company audits if the requirements were approved.

According to the PCAOB, firm-level metrics will be required annually on new Form FM, and engagement-level metrics on a revised Form AP. Limited narrative disclosures will be allowed but not required to provide context and explanation for the metrics.

Pending SEC approval, the earliest effective date of the firm-level metrics will be Oct. 1, 2027, with the first reporting as of Sept. 30, 2028, and engagement-level metrics for the audits of companies with fiscal years beginning on or after Oct. 1, 2027.

The requirements will take effect for firms that audit more than 100 issuers first, with the requirements taking effect for other firms the following year.

Firm reporting

The PCAOB amended the current reporting requirements, with phased-in effective dates, on its Annual Report Form (Form 2) and Special Reporting Form (Form 3) in several areas:

Financial information: All registered firms will report additional fee information, with the largest firms submitting financial statements confidentially to the PCAOB.
Governance information: Firms will be required to report additional information regarding their leadership, legal structure, ownership, and other governance information, including reporting on certain key quality control operational and oversight roles.
Network relationships: Firms will be required to report a more-detailed description of any network arrangement to which a registered firm is subject.
Special reporting: For annually inspected firms, the amendment adds a confidential special reporting requirement for events material to a firm’s organization, operations, liquidity, or financial resources, such that they affect the provision of audit services.
Cybersecurity: Registered firms will be required to promptly report – confidentially – significant cybersecurity events; and report – periodically and publicly – a brief description of policies and procedures for identifying and managing cyber risks.

In addition, a new form will require any firm registered with the PCAOB prior to Dec. 15, 2025 – the effective date of the PCAOB’s new quality control standard – to submit an updated statement of the firm’s quality control policies and procedures pursuant to the standard.

Also on Thursday, the board approved its 2025 budget, subject to SEC approval. The $399.7 million budget will fund 945 positions; the 2024 budget was $384.7 million and funded 946 positions.

PCAOB delays action on NOCLAR

Earlier this month, an updated summary of the PCAOB’s standard-setting and rulemaking agendas still listed 2024 as the anticipated timing for the adoption of amendments to an auditor’s responsibilities related to a company’s noncompliance with laws and regulations.

Now, the date has been changed to 2025, with the next board action “TBD.”

The proposed amendments to NOCLAR were issued June 6, 2023, eliciting a level of response that prompted the PCAOB to host a daylong virtual roundtable in March. The PCAOB recently reminded auditors of their current NOCLAR responsibilities in a staff report, Auditor Responsibilities for Detecting, Evaluating, and Making Communications About Illegal Acts.

— To comment on this article or to suggest an idea for another article, contact Bryan Strickland at Bryan.Strickland@aicpa-cima.com.