Accounting Regulation Archives

A compliance startup allegedly sold hundreds of companies fake SOC 2 reports complete with made-up auditor conclusions and board meeting notes that never happened. In Florida, legislators nearly abolished the state’s Board of Accountancy entirely. And AI companies now run ads that sound exactly like QuickBooks marketing copy.

These are just some of the topics Blake Oliver and David Leary tackled in their latest episode of The Accounting Podcast. The hosts dug into stories that show the systems meant to ensure trust in accounting face threats from multiple angles.

The (Alleged) SOC 2 Scandal

“This is wild,” Blake said, thanking a listener for sending him a detailed investigation about Delve, a VC-backed compliance startup. The company allegedly created fake SOC 2 reports at scale, using what the hosts described as a disturbing playbook.

According to a Substack series Blake reviewed, Delve’s platform pre-populated everything from policies to evidence and even independent auditor conclusions. The company then allegedly routed these pre-written reports through audit firms that simply rubber-stamped them.

“These are allegations. I have not independently verified any of this,” Blake was careful to note. “This is a very in-depth Substack report by an anonymous poster. So we should take this with a grain of salt.”

But the details were alarming. The investigation claimed to find board meetings that never happened, security simulations that were never performed, and trust pages showing controls as “implemented” before any actual work was done. Companies had written policies claiming they had mobile device management, VPNs, and intrusion detection systems, even though they had none of these.

The author analyzed 322 public Delve trust pages and found that 321 showed the exact same SOC 2 control set, which seems odd for supposedly customized compliance programs.

“The logo you get is an AICPA logo, right? You’re getting a stamp of approval from the AICPA,” David said, cutting to the heart of the problem. “Is the AICPA checking on all these badges that are on company websites?”

Blake explained how easy it would be to game the system. “All you have to do is find a firm willing to sign off without actually doing the work,” he said, comparing it to the BF Borgers case in Colorado, where a CPA firm was caught signing off on audits it never performed.

“This is the problem with assurance,” Blake continued. “If you have a few bad actors willing to just sign off, sign off, sign off, they can make a lot of money. And how do they get caught? And if they get caught, what happens?”

Florida Almost Killed Its Board of Accountancy

While fake compliance reports threaten the profession from within, Florida’s legislature almost destroyed a key piece of regulatory infrastructure from the outside.

House Bill 607 would have eliminated the Florida Board of Accountancy along with other professional licensing boards as part of a sweeping deregulation push. The Florida Institute of CPAs called it “the most serious threat to the profession in decades.”

“How do you regulate the CPA in Florida?” Blake asked, explaining the stakes. Without a Board of Accountancy, there’s no enforcement mechanism, no oversight, and no one to investigate bad actors.

The bill moved quickly through two committees before being stopped. But victory came at a cost. To focus on defeating the bill, FICPA had to table its own effort to create alternative pathways to CPA licensure that would have allowed candidates to qualify with 120 credit hours instead of 150.

The irony wasn’t lost on the hosts. Florida was the first state to implement the 150-hour rule. Now, while about 30 states have approved alternative pathways, efforts to defend against total deregulation have sidelined reforms.

“We want to streamline licensure, but we don’t want it to go away,” Blake said. “We’ve got folks who want too much regulation, and then we’ve got folks who want no regulation. There’s got to be a middle ground here.”

David predicted this won’t be the last such attempt. “I imagine we’re probably going to see more pushes for this because people are going to want the big, huge AI companies to have their AI do CPA work without a license in the way.”

When AI Ads Look Like QuickBooks Ads

Speaking of AI companies, David discovered something unsettling through a targeted LinkedIn ad. Anthropic is marketing “Claude for Finance” using language that sounds exactly like traditional accounting software.

The ad promised to handle recurring financial workflows, organize receipts into clean spreadsheets, build quarterly revenue models, and cross-reference documents for month-end close.

“Third-party app developers and accountants and CPAs that use Claude essentially trained the model so they could just take everybody out of the middle,” David explained. He compared it to how the iPhone camera evolved. At first, you needed third-party apps for filters and editing. Now it’s all built in.

The hosts also discussed a Wall Street Journal article about how regular people are already using AI for tax work. Examples ranged from using Copilot to model Roth conversions to having AI explain confusing IRS notices. One person used Gemini to value charitable donations for their tax return.

“The takeaway is they’re avoiding getting an accountant or a tax professional,” David said bluntly.

But the technology isn’t perfect. One user found that Grok gave wrong answers about capital gains tax until he rephrased his question. A retired tax preparer tested ChatGPT on an IRS volunteer certification exam, and ChatGPT failed.

This leads to what David called the “fact check tax,” a term from Anthropic’s own survey. “An assistant that sounds sure but is often wrong forces you to treat everything as suspect. Instead of freeing attention, AI creates a permanent fact-check tax.”

The Bigger Picture

These stories paint a picture of a profession under pressure from multiple directions. Fake compliance reports undermine the attestation model. Deregulation efforts threaten the licensing framework. AI platforms are positioning themselves as replacements rather than tools.

As Blake noted about AI, “It’s going to be really hard for Intuit and Xero to keep up unless they’re just plugging into ChatGPT or into Claude. How can their own AI chatbots keep up with what these companies are doing, and how fast they’re developing?”

For accounting professionals, these are challenges that require attention and action. Listen to the full episode of The Accounting Podcast to hear Blake and David discuss these stories and more.

When Senator Elizabeth Warren publicly accused PCAOB Board Member Christina Ho of “downplaying atrocious findings” about audit quality, it got me thinking: Do these alarming statistics about audit deficiencies really tell the full story?

The numbers definitely grab attention: Audit deficiency rates rose from 29% in 2020 to 46% in 2023. These figures from the Public Company Accounting Oversight Board (PCAOB) suggest that nearly half of all audits reviewed contained deficiencies so severe that “the audit firm had not obtained sufficient appropriate audit evidence to support its opinion.” At face value, these statistics paint a troubling picture of the accounting profession.

In a conversation on the Earmark Podcast, I asked Christina to help me understand these numbers. Christina explained the gap between headline statistics and meaningful measures of audit quality.

Understanding the PCAOB’s Role

Before getting into deficiency rates, it’s essential to understand what the PCAOB does. Christina explains, “The PCAOB is responsible for making sure auditors who check the publicly traded companies’ financial disclosures are doing their job well.”

The PCAOB fulfills this mission by registering audit firms, inspecting their work, and enforcing standards through sanctions when necessary. The inspection program represents the largest part of the PCAOB’s operations, with different firms facing different inspection frequencies:

The “Global Network Firms” (Big Four plus Grant Thornton and BDO) are inspected annually, with about 50 audits reviewed for each of the largest firms.
Firms with more than 100 public company clients are inspected annually, with about 10% of their audits reviewed.
Firms with fewer than 100 public company clients are inspected every three years.

The Misleading Mathematics of Deficiency Rates

When the PCAOB announced that 46% of audits reviewed in 2023 contained significant deficiencies, it received considerable attention. In our discussion, Christina pointed out several critical issues with how these numbers are presented and interpreted.

First, these audits aren’t randomly selected. The PCAOB uses a “risk-based approach” that deliberately targets audits they believe are likely to have problems.

This selection bias fundamentally changes how the statistics should be interpreted. Christina pointed out, “We really can’t extrapolate the deficiency rate to the entire population of all audits because we did not take a statistical sample.”

Even more revealing is what these deficiencies actually mean. Despite the alarming definition, the PCAOB’s own reports include a critical disclaimer that Christina highlighted: “It does not necessarily mean that the issuer’s financial statements are materially misstated.”

In fact, less than 5% of these so-called deficient audits resulted in incorrect audit opinions—the outcome that would truly matter to investors. This stark contrast between the headline figure (46%) and the rate of consequential errors (under 5%) reveals how statistics without proper context can give the wrong impression.

Another significant issue is the PCAOB’s failure to differentiate between levels of deficiency severity. “Our deficiencies… we put everything in the same bucket,” Ho explained. “And in reality, not everything is the same in terms of impact and materiality.”

Unlike internal control evaluations, which distinguish between material weaknesses, significant deficiencies, and minor deficiencies, the PCAOB’s inspection reports do not make such distinctions. This makes it nearly impossible for investors to understand which deficiencies truly matter.

The Disproportionate Burden on Smaller Firms

Christina argued that the current inspection approach unfairly burdens mid-sized audit firms. While the largest firms have a smaller percentage of their audits inspected, firms just above the 100-client threshold face much more scrutiny.

“I personally think that our inspection program is disproportionately burdensome on these firms,” Christina said. This burden is so significant that some firms are intentionally reducing their client base: “They are trying to get rid of their audit clients to get under 100” to qualify for inspections every three years instead of annually.

This creates a troubling situation where firms avoid growth to escape regulatory burden. “I just don’t think it’s good for a very important part of an ecosystem to try to not grow,” Christina said. “We need to make sure we have resilience in the audit marketplace.”

The impact extends beyond individual firms to affect market competition and, ultimately, the capital markets themselves. When mid-sized firms deliberately avoid growth, it concentrates the market among the largest firms—limiting options, especially for smaller public companies.

The Political Fallout

Christina experienced firsthand how deficiency statistics can become political weapons when Senators Elizabeth Warren and Sheldon Whitehouse publicly accused her of “downplaying atrocious findings” after she questioned these metrics in a speech.

“I was very upset about being accused of lying,” Christina told me. “I thought it was very hypocritical of the senators, especially Senator Warren, to essentially bully me because I had a different view from her.”

Rather than reaching out for discussion, the senators sent a letter to the PCAOB Chair, which Christina said left her without “a proper avenue to respond.” This prompted Christina to respond via LinkedIn, where she received significant support from accounting professionals.

This incident highlights how statistics without context can be weaponized in ways far beyond academic disagreements about methodology.

The Search for Better Measures of Audit Quality

Given the problems with the PCAOB’s deficiency rate figures, how should audit quality be measured? Christina suggested several approaches that might be more meaningful:

Look at trends rather than isolated annual statistics. Christina said, “The best way to look at the deficiency rate is not by each year. The best way to look at that data is to be looking at a trend.”
Focus on restatements. Christina said, “Restatements is a much better metric…because that really measures the true impact to investors.” Restatement rates have declined over the past decade, suggesting improvement rather than deterioration in audit quality.
Consider greater transparency. When asked if revealing the names of companies whose audits contained deficiencies would be beneficial, Christina was open to the idea, though she acknowledged the need for broader stakeholder input.
Develop severity ratings. Creating a framework distinguishing between technical violations and substantive errors would provide context for interpreting deficiency findings.

Christina noted that measuring audit quality has been challenging because “audit quality is not quantitatively easily measurable.” And yet, the PCAOB’s approach to deficiencies is to treat all issues identically—regardless of severity or impact.

The PCAOB has been exploring “audit quality indicators” for approximately 15 years but has yet to develop more meaningful metrics. This lack of meaningful data makes it difficult to evaluate the effectiveness of the PCAOB’s oversight or the true state of audit quality.

Has Audit Quality Improved?

Christina believes the PCAOB has helped improve audit quality over the past two decades despite the challenges in measurement. When asked about evidence for improvement, she pointed to declining restatement rates and feedback from audit committee chairs and controllers who report improvements in audit and financial reporting quality.

“If you look at the data on the number of restatements and you look at the last ten, twenty years… restatement has been on the decline,” Christina said. “If you look at the AICPA/CAQ study that they released last year… if you talk to [audit committees], they feel that the audit quality has been improving.”

This more nuanced perspective indicates that, despite the worrying headlines about deficiency rates, the overall reliability of financial reporting might be improving.

Looking Ahead: The Future of Audit Oversight

As artificial intelligence and other technologies transform audits, Christina argues for “a more agile approach” to quality measurement—one that can adapt to technological change and focus on outcomes rather than inputs.

After talking with Christina, it’s clear to me that to move forward, we need to find a balance between regulatory oversight, an understanding of how audits work, and what affects the reliability of financial statements. If we don’t, the profession will get bogged down by misleading metrics that only check compliance boxes rather than enhancing what counts: protecting investors through trustworthy financial reporting.

Want to hear the entire conversation with Christina Ho about PCAOB deficiency rates, audit quality measurements, and her experience with political criticism? Listen to the complete episode of the Earmark Podcast.

Fake Auditor Conclusions, Fabricated Board Minutes, and the Growing Cracks in Accounting’s Trust Infrastructure