Major updates regarding Sarbanes-Oxley (SOX) and the Public Company Accounting Oversight Board (PCAOB) in 2025 include a one-year postponement of a new quality control standard (QC 1000), a House committee’s proposal to abolish the PCAOB, increased scrutiny of technology like AI in audits, and significant enforcement actions.
PCAOB and SOX updates for 2025 – Postponement of new quality control standard
- On August 28, 2025, the PCAOB announced a one-year delay for its new quality control standard, QC 1000, and related rules.
- The effective date for QC 1000, which requires firms to design comprehensive quality management systems, has been moved from December 15, 2025, to December 15, 2026.
- The standard requires firms to identify risks to audit quality and create policies to counter them, including risks related to new technology.
Proposal to abolish the PCAOB
- On May 1, 2025, the House Financial Services Committee advanced draft legislation that would abolish the PCAOB and transfer its oversight functions to the Securities and Exchange Commission (SEC).
- This proposal would also end the independent funding of the PCAOB via the “accounting support fee,” redirecting unspent funds to the U.S. Treasury. Supporters of the bill have also raised concerns about PCAOB overreach and cost efficiency.
- While the proposal is still in the legislative process and faces opposition, its advancement signifies potential dramatic changes to how public company audits are regulated.
Inspection priorities and technology focus
- The PCAOB’s 2025 inspection priorities highlight the increased use of technology, including generative AI, in audits.
- Inspectors are focusing on audit areas that present a higher risk, such as firms applying new standards and the implementation of AI-driven audit tools.
- Other priority areas include specialized accounting sectors like financial services and information technology, as well as companies with heightened “going concern” risks.
Enforcement and accountability
- The PCAOB has announced several enforcement actions in 2025, including penalties against multiple firms and former partners for violating rules and standards.
- In March 2025, nine firms in KPMG’s global network were sanctioned for quality control violations.
- In June 2025, the PCAOB fined the Dutch affiliates of Deloitte, EY, and PwC $8.5 million for widespread exam cheating.
- A PCAOB board member raised concerns in May 2025 that the board’s enforcement has disproportionately focused on minor violations instead of material ones that significantly harm investors.
SOX compliance trends
- The landscape of SOX compliance in 2025 emphasizes greater data transparency, continuous monitoring, and the use of technology for internal controls.
- AI is increasingly being adopted for tasks like automated controls and anomaly detection, which are then subject to auditor review.
- The scope of SOX compliance has expanded to include areas like cybersecurity and ESG (Environmental, Social, and Governance) metrics.
