jiesenSign in

PCAOB Auditing Standards

The auditing standards governing audits of public companies and other SEC registrants, issued by the Public Company Accounting Oversight Board.

PCAOB8 min readLast reviewed: 2026-01Official source
PCAOB Auditing Standards

Scope

The Public Company Accounting Oversight Board (PCAOB) is the federal oversight body for audits of public companies and other SEC registrants. Established by the Sarbanes-Oxley Act of 2002 in the wake of the Enron and WorldCom failures, PCAOB sets the auditing, attestation, quality control, and independence standards that registered public accounting firms must follow when auditing SEC registrants.

PCAOB standards apply to:

  • Audits of US-listed public companies
  • Audits of broker-dealers registered with the SEC
  • Audits of certain other SEC registrants (e.g., investment companies)

For audits of private companies, the AICPA's Auditing Standards Board (ASB) governs through the AU-C series. Some private-company audits voluntarily follow PCAOB standards when the entity anticipates an IPO.

Standard structure

PCAOB standards are organized into series:

  • AS 1000 series — General Auditing Standards (auditor responsibilities, communications, audit documentation)
  • AS 2000 series — Audit Procedures (risk assessment, internal control, evidence, sampling, fair value, related parties, going concern, subsequent events)
  • AS 3000 series — Auditor Reporting (the auditor's report and critical audit matters)
  • AS 4000 series — Matters Subsequent to the Auditor's Report
  • AS 5000 series — Other Matters Associated with Audits
  • AS 6000 series — Other Auditing Topics
  • AS 7000 series — Quality Control (a single standard, QC 1000)

Key standards by frequency of reference

AS 1201 — Supervision of the Audit Engagement. Engagement partner responsibilities for direction, supervision, and review of the work of engagement team members. Heightened scrutiny after a string of PCAOB inspection findings on supervision failures.

AS 1215 — Audit Documentation. Workpaper requirements. The "experienced auditor test" — workpapers must enable an experienced auditor with no prior connection to the engagement to understand the nature, timing, and extent of audit procedures and the evidence obtained. This is the standard PCAOB inspectors apply when they re-perform the audit on review.

AS 2110 — Identifying and Assessing Risks of Material Misstatement. The risk assessment standard. Replaces the older "audit risk model" with an integrated approach to understanding the entity, its environment, and ICFR.

AS 2201 — An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements. The ICFR audit standard. Applies to accelerated and large accelerated filers under SOX 404(b). The auditor's ICFR opinion is issued as a separate report.

AS 2301 — The Auditor's Responses to the Risks of Material Misstatement. How the auditor designs and performs procedures responsive to identified risks. The "further audit procedures" framework.

AS 2410 — Related Parties. Procedures specific to related party transactions, financial relationships, and significant unusual transactions. Heightened focus after the Wirecard, Luckin Coffee, and other related-party fraud failures.

AS 2415 — Consideration of an Entity's Ability to Continue as a Going Concern. Going concern evaluation, the "substantial doubt" threshold, and the disclosure requirements when substantial doubt exists.

AS 2820 — Evaluating Consistency of Financial Statements. The auditor's evaluation of accounting changes and error corrections.

AS 3101 — The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. Includes the requirement to communicate critical audit matters (CAMs) — matters arising from the audit that involved especially challenging, subjective, or complex auditor judgment.

Critical Audit Matters (CAMs)

The 2017 amendment to AS 3101 requires the auditor to communicate CAMs in the audit report. A CAM is a matter that was communicated or required to be communicated to the audit committee, related to material accounts or disclosures, and involved especially challenging, subjective, or complex auditor judgment. Common CAM topics: revenue recognition (especially under ASC 606), goodwill impairment, business combinations (ASC 805 valuations), income tax positions (ASC 740 uncertain positions), and credit losses (ASC 326).

CAMs are not a separate opinion; the underlying opinion remains unqualified. CAMs disclose where the auditor's judgment was most heavily exercised. For preparers, the CAM disclosure is worth reading on peer filings — it tells you where the auditor pushed hardest.

Inspection regime

PCAOB inspects registered firms on a regular cycle:

  • Annually for firms that audit more than 100 public company clients
  • Triennially for firms that audit between 1 and 100 public company clients

Inspection findings are published in firm-specific inspection reports. Part I findings (significant audit deficiencies) are public; Part II findings (quality control criticisms) are public if not remediated within 12 months. For preparers, the inspection reports of your audit firm are useful — they tell you where PCAOB has been finding issues, which is where your auditor will be most rigorous in the next audit cycle.

Common pitfalls

  • Underestimating documentation requirements. The "experienced auditor test" in AS 1215 is real. Workpapers that make sense to the team that did the work but not to a fresh reviewer fail the standard. PCAOB inspection findings consistently include documentation deficiencies.
  • Missing related-party identification. AS 2410 requires affirmative identification procedures, not just relying on management's representation. Failures here have driven multiple high-profile restatements.
  • Treating CAMs as boilerplate. CAM disclosure that's identical year-over-year, or identical across audit firms for the same industry, signals that the auditor isn't actually engaging with the judgment areas in the specific client. PCAOB has called this out in inspection commentary.
  • Confusing PCAOB and AICPA standards. PCAOB AS numbering is not the same as AICPA AU-C numbering. AS 2201 (PCAOB ICFR audit) is not AU-C 940 (AICPA private-company audit of internal control). They're related but distinct.

Operator note

For finance leaders inheriting an SEC registrant for the first time, the practical step-change from private-company audit (AICPA) to public-company audit (PCAOB) is documentation discipline and ICFR. The audit fee roughly doubles. The auditor's hours triple. The expectations on management's SOX program escalate sharply. Plan for a 6–12 month buildup before your first 10-K under PCAOB scrutiny.

Access

PCAOB standards are freely available at pcaobus.org. The standards are searchable by AS number and topic. Inspection reports are also published on the PCAOB site by firm.

Related references

  • COSO Frameworks (the control framework used in AS 2201 ICFR audits)
  • AICPA Standards (the private-company auditing counterpart)
  • SEC Reporting (the disclosure framework PCAOB audits attest to)
This summary is an operator's working reference. For authoritative guidance, consult the official source at https://pcaobus.org/oversight/standards. Updated: 2026-01.