The Anti-Fraud Collaboration (AFC), a group consisting of the Center for Audit Quality, the Financial Executives International, the Institute of Internal Auditors, the National Association of Corporate Directors, and the Association of Certified Fraud Examiners, has released A Comprehensive Analysis of PCAOB and SEC Enforcement Actions: Key Themes and Lessons Learned. The objective of the AFC study is “to shed light on what future enforcement priorities might look like and provide key observations for issuers, auditors, and other stakeholder groups on how to strengthen their compliance and anti-fraud programs and practices in an environment of uncertain and challenging market conditions, and regulatory and political developments.”  AFC believes that its analysis will be “valuable to members of the financial reporting ecosystem (boards of directors, audit committees, financial management, internal auditors, and external auditors) as well as regulators, anti-fraud professionals, investors, customers, extended enterprises, service organizations, and other stakeholders.”

AFC’s report, prepared with the assistance of law firm King & Spalding and consulting firm Ankura, analyzes 148 PCAOB settled disciplinary orders and 255 SEC accounting and auditing enforcement actions brought between January 1, 2021, and December 31, 2024. Based on this review, AFC identifies four key enforcement trends and regulatory insights related to the financial reporting environment:

• Revenue recognition continues to be a focus area for regulators due to its significance to investors and susceptibility to fraud.  The SEC has consistently demonstrated a commitment to holding public company executives accountable for their role in perpetrating revenue recognition schemes.

• There has been an increasing trend for PCAOB enforcement actions to arise from inconsistent accounting practices after merger and acquisition activity.  In contrast, SEC enforcement actions arising from post-M&A accounting issues have decreased.

• Both the PCAOB and SEC have brought enforcement actions against audit firms and auditors based on matters related to professional integrity. Both agencies have imposed heavy monetary fines in these types of cases.

• The PCAOB and SEC have increased the use of sweeps to bring compliance-oriented enforcement actions.  The AFC defines a sweep as a coordinated effort “to investigate multiple targets regarding a specific area of concern or violation.”  Sweeps have been employed for such matters as audit committee communication violations and violations of PCAOB disclosure and filing requirements.

Overview of PCAOB and SEC Enforcement Actions

By most of the measures AFC tracked, SEC and PCAOB financial reporting enforcement increased between 2021 and 2024. For example, in 2021, the SEC and PCAOB brought a combined 67 actions involving financial reporting or auditor-related issues. In 2024, the combined total was 99 such actions – almost a 50 percent increase.  The PCAOB accounted for most of this growth – total PCAOB enforcement actions rose from 19 in 2021 to 48 in 2024.

While PCAOB enforcement actions increased steadily over the four years AFC studied, the SEC’s record was lumpier.  In 2021, the SEC alleged 21 financial reporting violations--eleven cases in which it charged revenue recognition violations, nine cases in which it charged financial reporting disclosure violations, and one case involving an impairment issue.  In 2022, total SEC actions rose to 43 (24 revenue recognition charges, 14 disclosure violations, four impairment cases, and one non-GAAP reporting violation).  But, in 2024, SEC financial reporting cases were back to nearly the same level as in 2021 – 23 total cases (revenue recognition -- 11, disclosure – 10, and impairment – 2). (In these figures, a single enforcement action may include more than one violation category.)

The PCAOB can only bring cases against audit firms and individuals associated with those firms.  In contrast, the SEC can charge public companies and their executives, as well as audit firms and auditors. AFC’s analysis shows that the SEC has used its authority to charge executives in financial reporting cases aggressively.  Between 2021 and 2024, the SEC charged a total of 159 executives in these types of actions.  It also charged 137 public companies, 24 accounting firms, and 51 individual auditors.  Regarding company officials, AFC observes: 

“In SEC enforcement actions, violations often involve someone at a company (e.g., management) directing misconduct, being aware of misconduct but not doing anything to resolve it, or being unaware of misconduct they should have known about. * . For example, if the Chief Executive Officer (CEO) of a company directs its employees to engage in misconduct that results in an enforcement action, the CEO is likely to be charged individually or along with the issuer. Separately, Chief Financial Officers (CFOs) often appear to have a crucial role in enforcement actions as well because they are responsible for certifying the company’s financial statements: that is, if they are aware of any potential misconduct or should have been aware of it, they may also be found liable.”

Revenue Recognition and Executive Accountability

Actions involving revenue recognition violations were a major part of the SEC and PCAOB enforcement agendas during the years AFC reviewed.  Of the 148 settled PCAOB disciplinary orders between January 1, 2021, and December 31, 2024, approximately 27 percent of respondents allegedly violated auditing standards related to improper accounting for revenue and related accounts. Of the 255 SEC enforcement cases involving public companies, executives, audit firms, and auditors during the period, approximately 33 percent of the actions against auditors involved revenue recognition.

Consistent with its general focus on individual culpability in financial reporting cases, the SEC frequently held executives accountable for their role in revenue recognition violations.  During the review period, more than 50 enforcement actions involved executive liability for revenue recognition schemes.

Merger and Acquisition Activity

During the past four years, PCAOB cases arising from post-M&A accounting practices (e.g., goodwill, intangibles, and business combinations) have increased.  In contrast, after peaking in 2022, SEC M&A-related financial reporting cases declined. 

Between January 1, 2021, and December 31, 2024, the PCAOB published 16 settled orders related to violations involving audit procedures over M&A activity (2021 – 4 cases, 2022 – 2 cases, 2023 – 4 cases, 2024 – 6 cases).  Twelve of the cases are related to acquisition accounting and four to goodwill/intangible valuations. AFC states: “These orders demonstrate that the PCAOB is increasingly focused on inadequate audit of management’s accounting for an acquisition or other strategic transaction, and/or insufficient audit procedures with a lack of audit evidence to support valuations.”

From 2021 to 2024, the SEC brought 43 financial reporting cases arising from M&A activity (2021 – 9 cases, 2022 – 18 cases, 2023 – 11 cases, 2024 – 5 cases). These cases addressed such matters as internal control deficiencies and improper goodwill valuations uncovered after an M&A transaction and false or misleading statements in connection with business combinations.

Integrity and Answer Sharing Cases

Both the PCAOB and SEC brought a series of enforcement actions against audit firms and auditors in matters related to inappropriate answer sharing on internal training or other exams.  These professional integrity-related matters resulted in substantial fines.  For example, in 2022, the SEC imposed a $100 million fine against the U.S. member of a global network firm based on allegations that audit professionals had cheated on the ethics section of the CPA exam and on continuing professional education courses required for maintaining their CPA licenses.  AFC observes: “Both regulatory agencies’ enforcement actions underscore their commitment to focusing on audit firms’ overall culture and quality control systems when auditors and audit firms do not meet regulatory expectations. By addressing misconduct that extends beyond the scope of audit work, these agencies have emphasized the expectation that auditors consistently uphold the highest standards of integrity.”

Sweeps and Other Compliance Matters

The PCAOB and SEC have increased their use of sweeps – “coordinated efforts by regulatory agencies to investigate multiple targets regarding a specific area of concern or violation, to bring compliance-oriented enforcement actions.”  For example, the PCAOB has employed sweeps to detect and prosecute audit firm failures to make required audit committee communications.  During the review period, actions charging violations of the PCAOB’s audit committee communications requirements increased each year from two in 2021 to 15 in 2024.

With the change in SEC leadership and impending changes at the PCAOB, sweeps may become rarer.  AFC predicts that “the regulatory environment will revert to relying on the inspection processes in addressing cases of noncompliance that do not directly affect financial reporting.”

Other Matters on the Horizon

AFC also discusses four matters that could impact financial reporting enforcement in the future:

• Continued rise in the merger and acquisition of accounting firms. Private equity investment in small and mid-sized accounting firms is becoming commonplace. “[A]udit firms looking to con-solidate through mergers or acquisitions in the coming years should continue to focus on applying appropriate safeguards to ensure audit quality is not negatively affected through this process.”

• New and updated auditing standards. The PCAOB has “exponentially updated its standards” since 2021. Some of these changes significantly affect audit firms on a business and an engage-ment team level.  For example, the Board’s new quality control standard, QC 1000, expands both firm and individual responsibilities for quality control and supervision. The PCAOB also lowered the standard for individual liability for contributing to a violation from recklessness to negligence.

• Imposition of new tariffs.  New tariffs are causing significant market volatility, and companies may respond by seeking to reduce costs, including by changes in their supply chain or logistics agreements.  Such measures heighten audit risk.

• Legal challenges. There are ongoing challenges to the nature and scope of the SEC’s and the PCAOB’s enforcement authority.  The resolution of these matters may affect future enforcement responses to accounting and auditing violations.

Audit Committee Takeaways

AFC’s analysis provides insight into how the SEC and PCAOB approached their financial reporting enforcement responsibilities during the past four years.  However, within the last few months, both SEC and PCAOB leadership have changed.  (See SEC Begins to Shakeup the PCAOB in this Update and Paul Atkins Takes the Wheel at the SEC, May 2025 Update). 

As the Update observed in SEC Accounting and Auditing Enforcement Slumped in 2024, While PCAOB Enforcement Hit a New High, March-April 2025 Update, audit committees should not assume that a more business-friendly regulatory climate and a less aggressive enforcement philosophy at the SEC and PCAOB will result in reduced scrutiny of public company financial reporting.  Despite year-to-year fluctuations, accounting and auditing enforcement are perennial SEC priorities. That focus may increase under the new SEC administration, since a back-to-basics approach to enforcement is likely to result in more, not fewer, accounting and financial disclosure cases.  The same may be true of PCAOB actions against auditors, although the future direction of PCAOB enforcement is harder to predict because of uncertainty concerning both who will be leading the Board and because of the constitutional questions that overhang the PCAOB’s enforcement program.

A significant finding of the AFC study is the emphasis that the regulators place on individual culpability in financial reporting cases. The theme of individual responsibility tends to be constant across SEC administrations.  The risk that restatements, internal control material weaknesses, and other accounting-related problems will result in SEC enforcement action against the individuals involved, along with or instead of the reporting company, is likely to remain elevated.