Description

PCAOB's QC 1000 (A Firm's System of Quality Control) takes effect. Audit firms must design, implement, and operate a quality control system compliant with QC 1000. Firms auditing 100+ issuers must establish an External Quality Control Function (EQCF). This affects cybersecurity disclosures through SOX IT audit quality.

Requirements

Design quality control system per QC 1000
Implement quality control system across all audit engagements
Establish EQCF if auditing 100+ issuers
Prepare for first reporting period (Dec 2026 - Sep 2027)
Document quality control policies and procedures

Applicable To

PCAOB-registered audit firmsSEC-registered public companies undergoing audits

Penalty Information

⚠PCAOB disciplinary actions including censure, fines, and suspension of registration.

292

days remaining

December 15, 2026

Share:X in @

Framework

SOC 2

System and Organization Controls 2

Related SOC 2 Deadlines

SOC 2 Type II Audit Period Start
January 1, 2026
SOC 2 Quarterly Access Review - Q1
March 31, 2026
SOC 2 Quarterly Access Review - Q2
June 30, 2026
SOC 2 Quarterly Access Review - Q3
September 30, 2026

PCAOB QC 1000 - Quality Control Standard Takes Effect