Published by Shah Teelani & Associates | PCAOB-Registered Audit Firm | Reg. No. 7161
The PCAOB inspection process is one of the most consequential regulatory mechanisms in US public company financial reporting. Yet most CFOs, audit committee members, and financial reporting teams do not fully understand what it involves. That gap carries real consequences. Inspection results affect your auditor’s standing, your firm’s credibility, and — in serious deficiency cases — the reliability of your audit opinion itself.
The PCAOB inspects registered audit firms to assess compliance with the Sarbanes-Oxley Act, SEC rules, Board rules, and professional standards. Every inspection covers how the firm performs audits, issues audit reports, and manages related quality matters for US public companies and broker-dealers.
The stated goal is direct: drive improvement in audit quality by preventing, detecting, and deterring audit deficiencies — and overseeing how firms fix the ones that are found.
At Shah Teelani & Associates, we operate as a PCAOB-registered firm. Consequently, we understand this process from the inside. This blog walks through every stage — what triggers an inspection, how it unfolds, what inspectors look for, and what the outcomes mean for your organization.
How Frequently Does the PCAOB Inspect Registered Firms
Inspection frequency depends on firm size and activity. The PCAOB inspects annually firms that issue audit reports for 100 or more issuers. Firms issuing reports for fewer than 100 issuers face inspection at least once every three years.
However, frequency alone does not define risk. Research shows that as few as 2% of engagements at annually inspected US firms face selection in any given year. With more than 4,000 publicly traded companies audited annually, engagement selection criteria matter enormously.
Therefore, no registered firm should treat inspection readiness as a periodic task. The possibility of selection exists throughout the entire inspection cycle — not just in the weeks before an anticipated review.
How the PCAOB Selects Engagements for Review
This is the question every audit firm and every public company wants answered. The PCAOB does not inspect every engagement. It selects a portion of each firm’s portfolio using two methods.
The PCAOB selects audits using both risk-based and random methods. Most selections target audits that present a heightened risk of material misstatement. Risk factors include economic trends, industry developments, market capitalization changes, audit firm and partner history, and prior inspection findings. The remaining audits are selected randomly to preserve unpredictability. The inspected firm has no opportunity to limit or influence the PCAOB’s selections.
Moreover, inspectors concentrate on areas of greater complexity, higher significance, and recurring deficiency patterns. They generally select recently completed audits. However, they may reach back to prior years if no recent audits are available.
Additionally, the PCAOB monitors triggering events — such as CFO turnover — and may review SEC filings to determine whether the associated audit warrants closer attention.
The practical implication is direct. Any engagement involving significant estimates, digital assets, going concern, revenue recognition, complex transactions, or related party matters carries higher selection risk. Consequently, every such engagement must be documented and executed as if inspection is certain — not hypothetical.
Stage One — The Notification Letter
The PCAOB begins the inspection process with a formal notification letter to the registered firm. This letter identifies the inspection period, poses institutional questions, and requests documentation covering firm-level matters. The firm typically has four weeks to respond.
At this stage, the PCAOB asks about quality control systems, independence policies, consultation processes, training programs, and the firm’s broader engagement portfolio. Specific audit selections do not appear yet. Therefore, the notification stage requires a comprehensive firm-level response before any individual engagement comes under review.
Stage Two — Engagement Selection Notification
After the firm responds to the initial letter, the PCAOB moves to engagement-specific review. Two to three weeks before inspection week begins, the PCAOB notifies the firm of the specific issuers selected. It simultaneously requests workpaper access and engagement-level documentation for each selected audit.
This is when the inspection becomes concrete for individual engagement teams. Firms should designate a single project manager to handle all PCAOB communication until inspection week begins. At that point, the inspection team communicates directly with each engagement team. The project manager continues to handle administrative coordination throughout.
Furthermore, firms should hold internal planning meetings to assign responsibilities across engagement teams and the national office. The week before inspection begins is stressful. Engagement teams should review their audit files carefully and re-familiarize themselves with every significant judgment documented in the file.
Stage Three — Inspection Week
Inspection week is the most intensive stage. The PCAOB team arrives at the firm and reviews selected engagement workpapers in detail. They also conduct direct interviews with engagement personnel across each focus area.
For integrated audits, the first meetings are often led by the engagement team and consist of walking through the relevant processes and controls for the selected focus area. Once the process is fully understood, the PCAOB then moves on to posing specific questions about the controls and substantive testing.
The inspection team typically includes a team leader, financial statement inspectors assigned to specific focus areas, and one IT audit inspector. Inspectors evaluate a consistent set of areas across every engagement:
- Revenue recognition procedures and supporting evidence
- Significant accounting estimates and management assumptions
- Internal control over financial reporting testing
- Going concern evaluations and independent support
- Journal entry testing
- Related party transaction procedures
- Professional skepticism documentation
- Critical Audit Matter determination and communication
- Engagement quality review procedures
- Independence compliance
The central question inspectors ask about every workpaper is the same. Does this file allow an experienced auditor — one with no prior connection to the engagement — to understand what was done, why it was done, what evidence was obtained, and how the conclusion was reached? If not, a potential deficiency exists. This applies even where the underlying work was actually performed correctly.
Stage Four — Comment Forms and Firm Response
If inspectors identify a potential deficiency, they discuss the matter with the firm and may review additional audit documentation. If they still believe a deficiency exists after that discussion, they issue a written comment form describing the issue. The firm then provides a written response to each comment form.
The PCAOB issues comment forms a few weeks after fieldwork ends. Each form summarizes the identified deficiency and the supporting facts. Firms have 10 business days to respond in writing.
This stage is critical. The firm’s response becomes part of the formal record. Moreover, the quality and substance of that response directly influences how the finding is characterized in the final inspection report. A well-constructed, evidence-supported response can change the outcome. A weak or incomplete one rarely does.
Stage Five — The Inspection Report
After the comment form exchange, the PCAOB issues a formal inspection report. Report finalization is faster than it once was. However, it still takes more than six months in complex cases. Simpler inspections with few findings move more quickly.
The inspection report contains two sections with very different disclosure consequences.
Part I — Public Findings
Part I findings appear publicly on the PCAOB’s website. They divide into two subcategories.
Part I.A findings are the most serious. They mean the auditor did not obtain sufficient evidence to support the audit opinion on the financial statements, ICFR, or both. These findings directly challenge the validity of the audit opinion. Common Part I.A findings in integrated audits involve control testing, estimate procedures, and reliance on service auditor reports.
Part I.B findings cover compliance issues that do not compromise the audit opinion directly. Nevertheless, they may trigger enforcement referrals. Examples include incorrect opinion language, independence violations, incomplete audit committee communication, and late or incomplete Form AP filings.
Part II — Quality Control Findings
Part II findings relate to the firm’s quality control system. These findings stay nonpublic initially. However, firms have 12 months to demonstrate adequate remediation to the PCAOB. If remediation fails, the PCAOB makes these findings public under Rule 4009(d). Consequently, what begins as a private quality control matter can become a publicly disclosed regulatory finding.
Stage Six — Remediation and Follow-Up
The inspection process does not end with the report. Firms with Part II findings must demonstrate remediation within 12 months. The PCAOB then reviews subsequent audits in previously deficient areas to confirm improvement.
Therefore, inspection findings create a forward-looking obligation — not just a historical record. Deficiencies that firms fail to address credibly become the subject of renewed scrutiny in the next inspection cycle. Persistent or serious deficiencies may ultimately reach the Division of Enforcement and Investigations.
How Long Does the Entire Process Take
The full PCAOB inspection process takes more than two years from initial notification to final remediation determination. In complex cases, it can extend to four years. Comment forms may take weeks or months to issue after inspection week ends. Report issuance adds additional months on top of that.
This timeline carries important implications. A deficiency identified today remains in active regulatory review well into future reporting cycles. Therefore, the most effective response to inspection risk is not managing the inspection itself. It is building and maintaining audit quality standards that make deficiency findings unlikely in the first place.
What the PCAOB Is Modernizing in 2026
The PCAOB inspection program is actively evolving. On May 28, 2026, the Board announced the formation of the Inspections Modernization Council — a new advisory body bringing outside expertise into the work of reshaping how PCAOB inspections operate. The Council’s work runs through September 30, 2026, and includes in-person meetings in Washington, D.C., in July and August.
PCAOB Chairman Demetrios Logothetis stated that the PCAOB is taking steps to ensure its inspection program is fit for the next 25 years and that the program has contributed to meaningful improvements in audit quality since the Board’s creation more than two decades ago.
Moreover, preliminary inspection results show that audit quality at the largest firms continues to improve, with Part I.A deficiency rates declining from the prior year. Nevertheless, improvement at the largest firms does not reduce inspection obligations for smaller registered firms. Every engagement file must meet the same standard — regardless of firm size.
What This Means for Public Companies
The PCAOB inspection process targets registered audit firms. However, it affects public companies directly. Here is why it matters for your organization.
Auditor selection. Every firm’s inspection history is publicly available at pcaobus.org. Part I.A deficiency rates, recurring finding patterns, and remediation outcomes are all accessible. Audit committees should review this information as part of every auditor evaluation and selection decision.
Audit opinion reliability. Significant Part I.A deficiencies raise direct questions about the reliability of the related financial statements. Some organizations respond to repeated deficiency patterns by changing auditors. This is a legitimate and sometimes necessary governance action.
Preparation on your side. Your financial reporting practices directly influence the quality of your audit engagement. Issuers who provide organized documentation, well-supported accounting positions, and clearly documented internal controls help auditors produce inspection-ready work. That protects everyone in the reporting chain.
Specifically, audit-ready issuers arrive with:
- Organized supporting schedules ready at fieldwork start
- Documented accounting positions with clear standard citations
- Evidence-backed estimates with full assumption support
- ICFR documentation aligned to AS 2201 requirements
- Transparent disclosures that anticipate auditor questions
The Bottom Line
The PCAOB inspection process is not background regulatory activity. It is a federal oversight mechanism with public disclosure consequences, enforcement referral authority, and direct implications for the credibility of public company audit opinions.
Understanding how it works — from engagement selection through remediation — is part of governing your organization’s financial reporting with the rigor that investors and regulators expect in 2026.
Shah Teelani & Associates (PCAOB Reg. No. 7161) builds inspection readiness into every engagement. We work with US-listed and OTC public companies that take audit quality seriously and understand what a PCAOB-standard engagement requires at every stage.
If your organization is approaching a PCAOB audit engagement in 2026, we welcome the conversation.
Shah Teelani & Associates PCAOB-Registered Audit Firm | Reg. No. 7161 Ahmedabad | Dubai | United States
