In May 2024, the Public Company Accounting Oversight Board (PCAOB) released QC 1000, A Firm’s System of Quality Control. This standard goes into effect in December 2025, so we're providing an overview of what you need to know about this new quality standard.
What is QC 1000?
Quality Control Standard 1000 is an integrated, scalable, risk-based standard that focuses on accountability and continuous improvement for all PCAOB-registered firms. The standard applies to firms that perform audits of public companies or SEC-registered brokers and dealers.
When does it go into effect?
All registered firms will be required to design a compliance QC system, including those that do not currently perform engagements under PCAOB standards by December 15, 2025. Early adoption of the quality standard is permitted. However, an initial internal evaluation of the quality control system (discussed below) is to be performed as of September 30, 2026, with initial reporting of the results of the internal evaluation to the PCAOB by November 30, 2026.
Overview of QC 1000
QC 1000 outlines eight key components for a firm's quality control system:
- The firm's risk assessment process
- Governance and leadership
- Ethics and independence
- Acceptance and continuance of engagements
- Engagement performance
- Resources
- Information and communication
- The monitoring and remediation process
The newly required risk assessment process focuses on managing quality risks. Quality risks are those (based on professional judgment) where there is a reasonable possibility of the risk occurring, and individually, or in combination with other risks, adversely affecting the achievement of one or more quality objectives.
Firms should then design and implement responses to address the quality risks. In addition to requirements relating to the components of the QC system, this new standard includes requirements related to:
- Roles and responsibilities
- Evaluation of and reporting on the QC system
- Documentation of the QC system
Download our FREE ebook Excel automation for accountants
With step-by-step tutorials and real world examples, learn valuable automation functions in Excel that save time, improve accuracy, and and enhance your skills!
Annual internal evaluation requirement
The PCAOB added a rigorous annual evaluation as of September 30th of the firm’s quality control system and reporting to the PCAOB by November 30th on a new Form QC, certified by key firm personnel, to conclude that the quality control system is one of the following:
- Effective with no unremediated QC deficiencies
- Effective except for one or more unremediated QC deficiencies that are not major QC deficiencies
- Not effective (one or more major QC deficiencies exists).
An unremediated QC deficiency is one for which remedial actions that completely address the QC deficiency have not been fully implemented, tested, and found effective.
External Oversight Function Requirement
Within QC 1000 is an external oversight function requirement which states that firms that audit more than 100 issuers annually are required to establish an external oversight function for the quality control (QC) system, Referred to as an External QC Function (EQCF).
The EQCF may be composed of one or more persons who can exercise independent judgment related to the firm’s QC system, but it may not include principals or employees of the firm and or those who have a relationship with the firm that would interfere with independent judgment being exercised.
Responsibilities of the EQCF include, at a minimum, evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system. This EQCF is like having an Engagement Quality Review (EQR) to evaluate significant judgments made by the engagement team and the related conclusions reached when issuing audit and attest reports. The results of the EQCF’s evaluation are not required to be publicly disclosed.
Implementing QC 1000: Next steps
Assign responsibilities appropriately
This standard sets forth the requirements for designing, implementing, and operating a Quality Control (QC) system. QC 1000 designates the firm’s principal executive officer as ultimately responsible and accountable for the QC system as a whole. The firm must also assign other roles and responsibilities, including one individual who is operationally responsible and accountable for the QC system on a day-to-day basis.
Focus on the risk-based framework
Proactively identify and assess quality risks that could hinder the achievement of quality objectives. Develop and put into place policies and procedures to address the identified quality risks and reduce to an appropriately low level the risk that the quality objectives will not be achieved.
Focus on accountability and continuous improvement
Recognize that implementing QC 1000 may require changes to existing policies and procedures. Promptly address any identified deficiencies to ensure compliance.
Learn more about QC 1000 with CPE courses
It's important you have a solid understanding of QC 1000 as this is a significant change for auditors. Becker can help you learn what you need to know with CPE courses, including:
- QC 1000: Reporting and Documentation
- QC 1000: Engagement Quality and Engagement Performance
- QC 1000: Risk Assessment Process
Unlock unlimited CPE with a Prime Subscription
Becker makes it easy to meet your CPE requirements, gain new skills, and stay aware of critical updates and changes in the industry!
With Prime, you can access over 1,700 courses for a full year and earn unlimited CPE credits.
