Published by Shah Teelani & Associates | PCAOB-Registered Audit Firm | Reg. No. 7161
Ethics in auditing and professional responsibility are not abstract values. Under PCAOB standards, they carry specific regulatory requirements, enforceable obligations, and — in 2026 — a strengthened accountability framework that holds individual auditors personally responsible for their conduct.
For public company CFOs, audit committees, and financial reporting teams, understanding what ethics and professional responsibility actually require under PCAOB standards matters. It shapes how your auditor approaches the engagement, how individual audit team members exercise judgment, and what consequences arise when those obligations fail.
The general principles and responsibilities addressed by PCAOB foundational standards include reasonable assurance, due professional care, professional skepticism, independence, competence, and professional judgment. Together, these principles form the ethical backbone of every PCAOB audit engagement.
At Shah Teelani & Associates, we treat these obligations as operational standards — built into how we plan, execute, and review every engagement. Consequently, this blog explains what ethics in auditing and professional responsibility specifically require under PCAOB standards — and what has changed in 2026.
Why Ethics in Auditing Carry Regulatory Force
In many professions, ethics are aspirational guidelines. In PCAOB auditing, they are enforceable rules with specific regulatory consequences.
Registered public accounting firms and their associated persons must comply with PCAOB ethics and independence rules and standards. These rules have been adopted by the PCAOB and approved by the Securities and Exchange Commission.
This means ethics violations are not merely reputational concerns. They trigger the same inspection, enforcement, and sanction mechanisms as audit execution failures. Censures, monetary penalties, suspension from auditing public companies, and permanent revocation of registration all apply to ethics violations — not just technical audit deficiencies.
Moreover, the PCAOB’s enforcement focus explicitly includes ethics and professional responsibility. PCAOB staff focuses enforcement work on significant audit violations, failures relating to auditor independence, and matters threatening the Board’s oversight integrity. When violations are found, the PCAOB may impose sanctions including censures, monetary penalties, and limitations on a firm’s or an individual’s ability to audit public companies or broker-dealers.
Therefore, ethics in auditing is not a soft concept. It is a hard regulatory obligation with hard consequences.
The Core Ethical Obligations Under PCAOB Standards
PCAOB ethics requirements cover four foundational areas. Each applies to both the registered firm and every associated person who participates in an audit engagement.
Integrity
Integrity requires auditors to be honest and candid in all professional dealings. It prohibits knowing or reckless misrepresentation of facts. It also prohibits subordinating professional judgment to pressure — from management, from clients, or from within the firm itself.
In the performance of any professional service, a member must maintain objectivity and integrity, must be free of conflicts of interest, and must not knowingly misrepresent facts or subordinate their judgment to others.
Subordination of judgment is one of the most serious integrity failures in auditing. It occurs when an auditor agrees with a management position they do not genuinely believe is correct — not because the evidence supports it, but because of client pressure, fee relationships, or a desire to avoid conflict. The PCAOB treats this as a fundamental ethical breach, not simply an audit quality issue.
Objectivity
Objectivity requires auditors to approach every professional service with impartiality and intellectual honesty. Being impartial, being intellectually honest, and being free of conflicts of interest are core requirements of objectivity. A conflict of interest arises when a firm or any of its associated persons has a relationship with another person, entity, or service that may reasonably be thought to bear on their ability to exercise objective and impartial judgment.
Furthermore, where a conflict of interest exists, the firm must evaluate whether it can still perform its responsibilities with objectivity. In general, if the firm believes it and its associated persons can perform their respective responsibilities with objectivity, and the relationship is disclosed to and approval obtained from the audit committee, the conflict may be manageable. However, undisclosed conflicts of interest represent a serious ethical violation — regardless of whether they actually influenced the audit outcome.
Due Professional Care
Due professional care requires auditors to plan and perform the audit with the skill and diligence a reasonably competent auditor would apply. This standard is not aspirational. It sets a baseline of competence and diligence that the PCAOB enforces through inspections and — where violated — through formal proceedings.
AS 1000 reinforces the auditor’s duty to protect investors through the preparation and issuance of informative, accurate, and independent audit reports. The engagement partner is responsible for ensuring the audit is properly planned and performed to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud.
Due professional care encompasses more than competence. It includes adequate supervision of engagement team members, appropriate escalation of significant issues, meaningful engagement quality review, and documentation that demonstrates the professional care exercised throughout the engagement.
Professional Skepticism
Professional skepticism is both an ethical requirement and an execution standard. Auditors must approach every engagement with a questioning mind. They must critically assess audit evidence. Moreover, they must actively consider whether contradictory evidence exists — not simply gather evidence that confirms management’s position.
The exercise of due professional care, professional skepticism, and professional judgment when performing audits represents a foundational obligation of auditors to protect investors through the preparation and issuance of informative, accurate, and independent audit reports.
PCAOB inspection findings consistently identify professional skepticism failures — where auditors accepted management representations without independent corroboration, failed to challenge assumptions in significant estimates, or documented agreement with management rather than a genuine and critical evaluation of the evidence. These failures are simultaneously audit quality deficiencies and ethics violations.
EI 1000: The New PCAOB Ethics Standard Effective December 2026
The PCAOB is replacing its longstanding interim ethics standard — ET Section 102, Integrity and Objectivity — with a new, modernized standard. The related amendments rescind the interim ethics and independence standard ET 102, Integrity and Objectivity, and replace it with a new standard, EI 1000, Integrity and Objectivity, to better align ethics requirements with the scope, approach, and terminology of QC 1000.
EI 1000, Integrity and Objectivity, takes effect on December 15, 2026. This is not a minor technical update. It represents a deliberate modernization of the ethics framework to align with the PCAOB’s updated quality control structure under QC 1000.
EI 1000 addresses four core integrity and objectivity requirements. Each applies to every audit engagement performed under PCAOB standards:
- Being honest and candid — not knowingly or recklessly misrepresenting facts
- Being impartial — approaching all professional services without bias
- Being intellectually honest — forming and expressing conclusions that reflect genuine professional judgment
- Being free of conflicts of interest — identifying, evaluating, and disclosing any relationship that may impair objectivity
Furthermore, EI 1000 addresses notification obligations. Where integrity or objectivity concerns arise, associated persons must evaluate their responsibilities to notify relevant parties — including regulatory authorities and audit committees — and assess whether continuing the professional relationship remains appropriate.
Rule 3502: Individual Accountability at the Negligence Standard
One of the most significant recent changes to PCAOB professional responsibility is the amendment to Rule 3502. This change directly affects how the PCAOB holds individual auditors — not just firms — accountable for ethics and professional conduct failures.
For decades under PCAOB and predecessor auditing standards, auditors have been required to exercise reasonable care any time they perform an audit, and the failure to do so constitutes negligence. Previously, however, Rule 3502 allowed the PCAOB to hold associated persons liable for contributing to a registered firm’s violation only when they did so recklessly — which represents a greater departure from the standard of care than negligence.
The PCAOB amended Rule 3502 to lower the liability threshold from recklessness to negligence. The updated rule changes Rule 3502’s liability standard from recklessness to negligence, aligning it with the same standard of reasonable care auditors are already required to exercise anytime they execute their professional duties.
The practical consequence is significant. SEC Chief Accountant Paul Munter stated that the amendment to Rule 3502 is critical because moving the contributory liability standard from recklessness to negligence aligns the rule with other negligence-based professional conduct standards — including the standard for SEC sanctions — that have long governed the accounting profession, and aligns it with the same standard of reasonable care auditors are required to exercise when performing their professional duties.
Therefore, individual auditors can no longer rely on the argument that a violation was not reckless to avoid personal accountability. Negligence alone — a failure to exercise the reasonable care the profession requires — now suffices for PCAOB enforcement action against associated persons.
AS 1000: General Responsibilities of the Auditor
PCAOB AS 1000, General Responsibilities of the Auditor in Conducting an Audit, consolidates and modernizes the foundational standards governing auditor conduct. AS 1000 lays the foundation for an objective and independent audit, reinforcing the auditor’s role in safeguarding the integrity of financial reporting. The standard explicitly details the responsibilities of the engagement partner, emphasizing their role in overseeing the audit engagement.
AS 1000 addresses several professional responsibility requirements directly relevant to ethics in auditing:
- The engagement partner bears personal responsibility for ensuring the audit is properly planned and performed
- Significant findings and issues must be evaluated and conclusions must be appropriately supported
- AS 1000 accelerates the documentation completion date, reducing the maximum period for the auditor to assemble a complete and final set of audit documentation from 45 days to 14 days after the report release date
This documentation acceleration is itself an ethics-related requirement. Completing and finalizing audit documentation promptly after report issuance prevents retroactive adjustment of workpapers — a practice that has appeared in past enforcement cases and that the PCAOB treats as a serious professional responsibility violation.
Confidentiality as a Professional Obligation
Professional responsibility in auditing extends beyond the engagement itself. Auditors obtain access to sensitive, non-public information about their clients — financial results, strategic plans, litigation matters, and operational vulnerabilities. The ethical obligation to maintain confidentiality is absolute.
This means audit firm personnel must not share client information with third parties, use confidential information for personal benefit, or disclose engagement findings in any context outside their professional responsibilities. Violations of client confidentiality represent both an ethics breach and potential legal liability.
Confidentiality does not, however, conflict with PCAOB oversight. Registered firms must cooperate fully with PCAOB inspections and investigations. Impeding or obstructing PCAOB oversight is itself an ethics violation — one the PCAOB enforces actively as part of its integrity mandate.
Professional Competence: Knowing the Limits of Your Expertise
Due professional care requires not just skill in the areas where an auditor is competent — it also requires recognizing where specialist expertise is needed and obtaining it.
In audits involving complex financial instruments, significant accounting estimates, digital assets, business combinations, or specialized industry structures, engagement teams must assess whether they have the necessary knowledge and experience to evaluate the relevant accounting and disclosure requirements. Where they do not, PCAOB standards require engagement of appropriately qualified specialists.
Competence failures — where engagement teams opine on areas outside their expertise without seeking specialist support — represent both a professional responsibility violation and a direct driver of audit deficiencies. PCAOB inspection findings in areas involving significant estimates and complex accounting areas frequently trace back to insufficient engagement team competence for the specific area under review.
Quality Control as an Ethics Infrastructure
Under QC 1000 — effective December 15, 2026 — the PCAOB requires every registered firm to design and operate a comprehensive quality control system. The firm’s principal executive officer is ultimately responsible and accountable for the QC system, including its design, implementation, operation, and annual evaluation.
This places quality control squarely within the ethics and professional responsibility framework. A firm that designs an inadequate QC system — or operates one that fails to detect and respond to independence violations, documentation failures, or professional skepticism deficiencies — has not just a technical compliance problem. It has an ethics infrastructure failure at the firm leadership level.
Furthermore, QC 1000 adds new requirements for firms to report specific quality control findings to the PCAOB, meaning they must have systems in place to collect, track, and report relevant data. Firms need to make sure that professionals throughout the organization understand escalation procedures, documentation expectations, and who must be notified when potential quality issues arise.
This creates an explicit ethical obligation for firm leadership — not just for individual engagement team members — to build, maintain, and actively oversee a culture of audit quality.
What This Means for Public Company Audit Committees
Ethics in auditing and professional responsibility are not solely the audit firm’s concern. Audit committees bear direct governance responsibility for the ethical conduct of the engagement they oversee.
Specifically, audit committees should:
- Evaluate firm culture — ask how the firm promotes ethics and professional responsibility at every level, not just among senior partners
- Review enforcement history — check whether the firm or any engagement partner has prior PCAOB enforcement orders related to ethics or professional responsibility
- Monitor subordination risks — assess whether the engagement team responds to management pressure with appropriate professional skepticism or tends toward accommodation
- Confirm QC 1000 readiness — as of December 15, 2026, ask your auditor how their quality control system has been updated to meet EI 1000 and QC 1000 requirements
- Understand Rule 3502 implications — individual auditors now face personal accountability at the negligence standard; confirm your engagement team understands this obligation and applies it in practice
These are governance actions that protect both investors and the organization. An audit team that operates with genuine ethical commitment produces more reliable conclusions, more defensible documentation, and a stronger foundation for the audit opinion your financial statements depend upon.
The Bottom Line
Ethics in auditing and professional responsibility form the foundation beneath every technical standard the PCAOB enforces. Risk assessment, documentation, professional skepticism, and ICFR testing all depend on the ethical commitment of the people performing and reviewing them.
In 2026, with EI 1000 taking effect, Rule 3502 now holding individual auditors accountable at the negligence standard, and QC 1000 embedding ethics oversight into firm-level quality control systems, the PCAOB has strengthened its ethics framework more significantly than at any point since Sarbanes-Oxley.
Shah Teelani & Associates (PCAOB Reg. No. 7161) builds integrity, objectivity, due professional care, and professional skepticism into every engagement — as operating standards, not compliance declarations.
If your organization requires a PCAOB-registered auditor committed to these standards, we welcome the conversation.
Shah Teelani & Associates PCAOB-Registered Audit Firm | Reg. No. 7161 Ahmedabad | Dubai | United States
