Audit Committee Insights | September 2025

The end of summer is here, Q3 is closing, and busy season is looming. How has time gone by so fast? Just as quickly as time is passing, developments in the accounting and auditing profession are unfolding. We’ve been busy tracking the activity in Washington, advocating on behalf of the public company auditing profession, and keeping up to date with the latest resources to assist audit committees. We’re here to keep you up to speed. Read on to learn about what’s new. ​​​​

We welcome input; please let us know what you think. Subscribe here so that you never miss an update from the CAQ.

PCAOB Postpones the Effective Date of QC 1000 ​​​​​​ 

On August 28, 2025, the PCAOB postponed QC 1000, A Firm’s System of Quality Control until December 15, 2026.

A firm’s system of quality control is foundational to audit quality and an effective quality control system is important to strengthening auditing practices and continuously improving audit quality. However, the CAQ expressed concerns over the rapidly approaching effective implementation date and recommended a deferral in its letter to the PCAOB. We are pleased to see the PCAOB has decided to postpone the effective date in response to the feedback received, pending SEC approval. Comment letters to the SEC are due September 24, 2025.

This deferral isn’t a cop out for audit firms – far from it; rather, it gives firms adequate time to prepare for and implement QC 1000.

PCAOB Releases Technology Innovation Alliance Working Group Study and Recommendations for Audit Technology Advancements

As we continue to think forward to the future of audit quality, it’s great to see that the PCAOB just put out the findings from the Technology Innovation Alliance (TIA) working group’s 2023 study on the use of emerging technologies and their potential impact on audit quality and the 2024 recommendations on how the PCAOB’s oversight programs could address the use of emerging technologies.

The study provides an overview of the current state of technology in auditing and financial reporting and also discusses the challenges related to technology adoption for auditors and preparers. The related report recommends the PCAOB consider four areas of action to promote the adoption of technology to improve the quality of public company audits including:

1. Promoting structured data creation and dissemination in public company audits by standardizing audit documentation taxonomy and coordinating with the SEC on the use of digital signatures by the auditor.
2. Using artificial intelligence (AI) in the audit by learning more about how AI can function in auditing and developing risk management guidance containing principles and frameworks to help audit firms evaluate and govern the responsible use of AI in auditing.
3. Regulatory innovation capacity building and facilitating ongoing innovation in audit quality by creating opportunities for structured experimentation and information sharing among the PCAOB, audit firms, and technologists.
4. Encouraging technology literacy in auditor skillsets through encouraging higher education institutions to include advanced principles of data analytics, computer science, and artificial intelligence in their accounting curricula and emphasizing the need for human judgement and professional skepticism.

You may be thinking: these recommendations were finalized in 2024, are they still applicable today? PCAOB Board Member Christina Ho says yes and we agree. While it’s been 15 months since these recommendations were presented to the Board, Ho maintains their relevance even with the unprecedented recent advancements in technology.

GENIUS Act Becomes Law: New Requirements for Payment Stablecoin Issuers

Speaking of unprecedented recent technological advancements, the digital asset landscape is evolving quickly, and Washington is responding. Congress passed the Guiding and Establishing National Innovation for U.S. Stablecoins Act (the GENIUS Act). It was signed into law on July 18, 2025. Global Law Firm DLA Piper provides an overview of the act, which introduces a comprehensive framework for the regulation of payment stablecoins, otherwise known as digital assets used as a means of payment or settlement, among a slew of robust compliance requirements.

One especially noteworthy requirement for audit committees to consider: the monthly examination requirement. Payment stablecoin issuers are now required to publish monthly disclosures detailing reserve composition, redemption policies, and applicable fees. Each report is required to be examined by a PCAOB-registered public accounting firm and certified by the issuer’s CEO or CFO.

Read more about the requirements laid out in the GENIUS Act here.​​​​​

Working On Your Fluency in Artificial Intelligence? The Latest AI Questions You Should Be Considering

The digital assets landscape isn’t the only one that is quickly evolving… how is your AI fluency coming along? Both NACD and Tapestry emphasize the need for boards and audit committees to develop some fluency in AI to keep pace with the evolving AI risk landscape. Tapestry’s new report, which highlights the takeaways from six in-person AI focused meetings of its US audit committee networks, poses these reflection questions for audit committees to consider keeping AI advancements, integration, and fluency at the forefront:

1. How does your company currently use AI? Which business functions are implementing AI tools? Which use cases have delivered the most value so far?
2. Who is responsible for AI oversight in your company? What about at the board level? What role does the audit committee play in overseeing AI?
3. What steps is your company taking to ensure data quality, privacy, and governance as AI adoption grows? Are internal data-governance programs in place? How is unstructured data being addressed?
4. How are audit committee agendas evolving with AI? Is AI a standing topic?
5. How are your board and committees staying informed about AI developments? What steps are being taken to build AI fluency at the board level (e.g., training, advisory support)?
6. How are your external auditors using AI in their work? What new AI-related tools are they introducing, and how is your company managing the associated data risks?
7. How is your company preparing for the evolving regulatory landscape around AI?
8. What are the biggest risks your company sees with AI adoption, and how are they being mitigated? Where do they sit in the broader risk framework?
9. What oversight mechanisms exist for reviewing and approving AI use cases? Is there a formal governance body or review process for new AI applications?
10. How is your board thinking about emerging AI-related roles and talent needs?
11. Is your company creating space for safe experimentation with AI? How are you balancing innovation with control?

BDO and NACD echo the need to reflect on these types of questions, with NACD highlighting this need particularly in light of the current administration’s newest AI action plan which fundamentally reshapes the federal government’s approach to AI. The new plan features 90 federal actions that encourage the development of open-access AI models, create training programs to help workers land AI jobs, invest in research initiatives, and combat false, AI-generated content.

As both the business and regulatory environments rapidly evolve with respect to AI, it is paramount for audit committees to increase their AI fluency and continue to ask the right questions.​​​​​​

The Role of the Audit Committee is Evolving: What You Need to Know

Just as AI is rapidly evolving, so are expectations and role of the audit committees. Despite the increasing prevalence of AI, NACD noted that only approximately 25% of boards have incorporated AI oversight responsibilities into board committee charters. NACD suggests effective AI governance will require board committees to expand their responsibilities. What does this mean for audit committees? The report provides guidance on how each standing committee can contribute to and support the board’s AI oversight.

Explore the full resource here.

Deloitte interviewed audit committee chairs to explore the evolving expectations and responsibilities of audit committee chairs specifically. The new report, The Audit Committee Chair of the Future, outlines four key areas that audit committee chairs say they are expected to address to effectively lead audit committees in a dynamic environment, along with tips to navigate them:

1. Anticipating and navigating emerging risks: Audit committees are no longer primarily focused on financial reporting and compliance with accounting and auditing standards with some audit committee chairs saying they are expected to provide oversight of risks related to cybersecurity, data privacy, and sustainability. With risks in each of these areas consistently emerging, this necessitates audit committee chairs to remain vigilant, adaptable, and agile.
2. Evolving from technical experts to strategic leaders: Many audit committee chairs stressed the importance of having broader business expertise, not just financial expertise, both for chairs and committee members. Specific attributes committee members should exhibit include:
   • Intellectual agility and adaptability
   • Leadership and interpersonal skills
   • Global, industry, and strategic perspective
   • Commitment to continual learning
   • Varied board service
3. Cultivating continual learning and curiosity: Audit committee chairs play a key role in establishing a culture of continuous learning and intellectual curiosity within the committee. Audit committee members cannot rely solely on their existing expertise, especially in a dynamic environment, and should continually refresh their knowledge and stay current with industry trends.
4. Modernizing committee processes for agility: Committee structure and processes may need to be reevaluated as the demands on audit committees grow. Audit committee chairs should consider reexamining the following when determining whether the existing structure and processes remain efficient and effective:
   • Meeting cadence
   • Committee composition and considerations for the potential need for specialists
   • Coordination with other committees
   • Use of technology in committee operations
   • Volume and complexity of meeting materials

*NEW* CAQ’s Audit Committee Council Spotlight: Tony Anderson, Audit Committee Chair Marsh McLennan

​​​​​​As the role of the audit committee chair is evolving, we sat down with Tony Anderson, Chair of the CAQ’s Audit Committee Council, to shed light on his career and journey to the audit committee. Read on to learn about Tony’s journey.

How did you get started in accounting? What was your first and last job?

Starting in high school, I worked at A&P Food Stores for seven years to pay my way through college. After graduation, I joined Ernst & Ernst in Chicago. I had no idea what I was getting into and knew nothing about public accounting, but I chose Ernst & Ernst because of the people. I specialized in the insurance industry right away, which was unusual at the time. I worked with some great clients and loved it. There were always opportunities to leave, but I really liked the people I worked with—they became close friends.

My last full-time “day” job was as Vice Chair and Regional Managing Partner at EY. I retired in 2012 and began my board career.

What was the first corporate board that you joined? How did you get on that board?

I have been fortunate to serve on several boards over the last 15 years. My first board was with AAR Corp. in Chicago. I knew a few of their board members, as well as the CEO, and after I retired, I was invited to join. Similarly, my other board service has come through relationships built with board members during my time at EY and through my community involvement.

What do you enjoy most about serving on the audit committee? How is it different from other board committees?

The audit committee deals with a wide variety of issues. AI is a recent example—committees have to go deep into these matters and are often on the front line. It’s the perfect place to be. I spend a lot of time with my boards, the CEO, the finance and internal audit teams, and others. When I attend meetings, I make a point of arriving early to engage with the team. I genuinely enjoy it.

I’ve also made a point of working on different committees—not just the audit committee—and have built a strong foundation in governance. For example, serving on the nominating and corporate governance committee has given me valuable perspective on the capabilities needed for effective board service.

What else do you do outside of board service?

Outside of spending time with my family, I’m happiest on the golf course. I started playing when I was 28 because a client loved the game. Over time, I fell in love with it too. Golf has been very good to me. I’ve had the opportunity to give back by serving on the Executive Committee of the USGA. I’ve found that golf is a great way to connect with other business leaders and experts. My advice is to find something you truly enjoy and figure out how to make it work for you (or learn to play golf).

What trends or risks do you think audit committees will need to focus on in the next few years?

AI is going to be the biggest change we all experience. In addition, it is enormously important for boards to engage with the company and understand its culture. How well do you understand the culture of the company? How have you experienced it? I believe culture is the “secret sauce” that can help mitigate risk.

In addition to his role as audit committee chair of Marsh McLennan, Tony serves on the Business Responsibility Committee. He joined the CAQ’s Audit Committee Council in 2020 and has served as chair since January 2025.

ICYMI: CAQ Public Policy Technical Alert (PPTA), July/August 2025

Each month, the PPTA highlights and examines the regulatory, standard-setting, legislative, and broader financial reporting developments impacting the public company audit profession. The CAQ’s July and August 2025 Alerts included these featured articles.

On the Road: SEC Crypto Task Force to Host a Series of Roundtables Across the U.S.

The SEC announced that its Crypto Task Force will host a series of roundtables across the country to provide opportunities for additional stakeholders to meet with Commissioner Hester Peirce, who leads the Crypto Task Force. Commissioner Peirce and members of the Crypto Task Force will visit cities across the United States, and they are particularly interested in hearing from representatives of crypto-related projects that have 10 or fewer employees and are less than two years old. In addition, SEC Chairman Paul Atkins recently delivered remarks titled, “American Leadership in the Digital Finance Revolution,” which outlines the SEC’s new initiative, Project Crypto.

AICPA Seeks Comment on Proposed Update to Auditors’ Responsibilities Related to Fraud

The AICPA announced it is seeking public comment on a proposed standard updating auditors’ responsibilities related to fraud. The proposed Statement on Auditing Standards (SAS), The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, contains a number of changes, including the establishment of required procedures for when an auditor has identified fraud or suspected fraud. The proposed SAS also reminds auditors to maintain professional skepticism throughout the audit. Comments about the exposure draft are due by October 3, 2025.

Responsible AI Implementation Checklist (with ISO/IEC 42001 Alignment)

The AICPA shared a checklist for implementing artificial intelligence (AI) responsibly. The checklist covers governance, AI lifecycle management, security, ethics, documentation and audit readiness, transparency, and ISO/IEC 42001 alignment for trusted use.

Do you remember…?

December 31st may be more significant in the audit world, but in the music world the month of September, September 21st to be exact, has its own special meaning. The band Earth, Wind, and Fire (EWF) debuted their hit song “September” in 1978, and it continues to be a staple, with streaming spikes on September 21st in past years. We’ll see how the song does on September 21st this year. In the meantime, here are some other fun facts about the hit:

• The track was originally recorded in September of 1978 and released in November. The track shot up to number one on the Billboard Hot R&B Songs chart, while also grabbing number eight on the Hot 100 and number three on the UK Singles chart.
• EWF guitarist Al McKay wrote the chord progression. McKay, originally from New Orleans, left EWF and now has his own group, The Al McKay Allstars.
• Lyricist Allee Willis worked on the composition for a month or so and wasn’t certain that Verdine White’s “ba-dee-ya” hook would work. But it did. Said Willis: “learned my greatest lesson ever in songwriting from him, which was never let the lyric get in the way of the groove.” Willis died in 2019 and also co-wrote “Boogie Wonderland,” “The Neutron Dance” for the Pointer Sisters and the theme for “Friends.”
• The group created the song “December” in 2014 for the holiday season, riffing off the classic September lyrics: “Do you remember/the 21st night of September?”
• The song continues to be introduced to new generations as it’s been included on the soundtrack for Night of the Museum (2006); re-created by EWF, Anna Kendrick, and Justin Timberlake for the movie Trolls (2016); and featured in several smaller films in the last decade.

Now we know what song will be stuck in your head for the rest of the month!

Questions and comments about Audit Committee Insights can be addressed to Vanessa Teitelbaum, Senior Director, Professional Practice (vteitelbaum@thecaq.org).

This newsletter is intended as general information and should not be relied upon as being definitive or all-inclusive. The CAQ encourages readers to refer to applicable rules, standards, guidance, and other resources in their entirety. All entities should carefully evaluate which requirements apply to their respective organizations.