The Audit Quality Crisis Nobody Is Measuring
The profession measures hours, turnaround, and cost down to the decimal. The one thing it can't put a number on is the quality of the work itself, and that gap is about to matter more than it ever has.
Over the past several months, we have sat down with more than forty firms that deliver audits and assessments, including boutiques, mid-market shops, and a few of the big names. We asked all of them a version of the same question: how do you know an engagement was a quality one? Every firm could tell me, instantly, how many hours it took, how fast it closed, and what it cost to deliver, but not one could give me a true measure of the quality of the audit itself.
I don't mean whether it survived peer review two years later, or whether the client renewed. I mean a signal, at the level of the individual engagement, that the work met the firm's own standard, and that number simply does not exist. In this profession, quality is asserted far more often than it is measured.
That is the crisis, and it is not that auditors are doing bad work, because the good ones are doing excellent work. The real problem is that no one can prove it, defend it, or hold it steady, since the thing everyone claims to care about most is the one thing no one puts a number on.
How compliance shortcuts broke trust in audit quality
For the better part of a decade, the buying order flipped. Companies that used to talk to their auditor first started with a compliance platform instead, drawn by the promise of a shortcut: get certified fast, get it cheap. The auditor got pushed to the back of the line, and assurance was commoditized into a price. When you shove skilled work into a cost bucket, quality is the first thing that quietly gives.
The reckoning was predictable, and it arrived the moment a fast-growing, venture-backed compliance-automation provider was accused of routing clients through rubber-stamped audits and was dropped by its startup accelerator as the allegations spread. Clients started calling their auditors to ask whether they should be worried, and the uncomfortable truth was that, without any way to measure the quality of an engagement, most firms couldn't actually prove they weren't part of the same problem.
Trust used to be a reputation you earned over years. It's becoming an artifact you have to produce on demand.
What we actually mean by "audit quality"
I want to be careful here, because "audit quality" is a phrase that can land as an insult. Tell a seasoned auditor you are going to help them do a quality audit, and the honest reaction is that the only kind they do is a quality one, which is fair.
So this isn't about whether your best people are good. It's about consistency and repeatability: the same rigor, the same judgment, and the same adherence to standards on the four-hundredth engagement as on the fourth, no matter who is staffed on it. That is what we mean by quality of delivery, and it is genuinely hard to hold steady as a firm scales. It is also impossible to defend to anyone, whether a client, a peer reviewer, or a regulator, if you cannot see it while it is happening.
Right now, you can't, because quality gets judged in the rearview mirror. Peer review happens years after the fact, on a small sample, by people who weren't in the room. It is necessary work, but it is an autopsy rather than a vital sign, and there is no shared, objective read on quality at the moment the work is produced.
Why this stops being optional
If you have been able to get by on reputation, three forces are converging that will make "trust us, it's quality" untenable.
1. The standard itself changed. The AICPA's new quality management standard (SQMS No. 1) is effective for engagements beginning on or after December 15, 2025, with every firm's first formal evaluation of its quality management system due by December 15, 2026. In the profession's own framing, this is the shift from "quality by tradition" to "quality by design," which means firms now have to define what quality means for them and demonstrate how they achieve it.
2. The people aren't coming. First-time CPA exam candidates fell by roughly a third between 2016 and 2021, accounting graduates have declined for years, and roughly 340,000 accountants and auditors have left the profession in recent years, leaving an aging workforce behind them. More than eight in ten finance leaders say they can't find qualified talent, so quality can no longer depend on a few veterans who "just know." It has to be built into the system instead.
3. The tools optimized for the wrong thing. The platforms that took over the market were built for speed and cost, for the company getting ready rather than the auditor doing the work. They made compliance cheaper, but they never made the audit better.
The tax nobody puts on the invoice
Here's what the quality conversation almost always misses. The real threat to quality is not careless auditors; it is engagement overhead, the work around the work, and it is far bigger than paperwork. It is everything an auditor has to push through before reaching the judgment that only they can provide, and most of it never shows up on the invoice, in the budget, or in anyone's definition of quality.
Where the overhead actually lives:
The swivel chair. A single engagement is spread across the client's compliance tool, email, a chat thread, a spreadsheet, and someone's memory, so just staying oriented, knowing where the work even is, becomes its own job.
Working in a tool you don't own. Much of the evidence sits inside the client's GRC platform, so the auditor is doing independent work inside a system they don't control and may not fully trust, which makes independence harder to defend, not easier.
The handoff lag. You often don't find out you're on deck until you happen to check your inbox, so the work sits, the clock keeps running, and the delay is nobody's fault and everybody's problem.
Review comments in the wind. A reviewer leaves notes in a thread, a document, or a message, and they get actioned late or not at all, because there's no single place the comments live and no clean way to see which ones are still open.
Waiting on the client. The evidence chase never really ends: reminders, re-requests, and following up on a static request list, all while the deadline doesn't move an inch.
Shifting hands. Busy season hits, someone gets overloaded, an engagement reshuffles mid-stream, and something slips between the two people who each assumed the other had it.
None of these is dramatic on its own, and each is only a small tax, but together they compound. One auditor we work with told us they were carrying more than 35 separate touches on a single engagement, and every one of those touches is a place where a detail can slip, a standard can drift, or a review note can die unaddressed. That is how quality actually erodes, not in one visible failure but in the quiet accumulation, and because none of it is measured, no one sees the drift until peer review does.
Making quality visible
The answer is not another point tool, which would only add a sixth place for the work to live, and it isn't another efficiency pitch, since efficiency is table stakes now and a burned-out promise that says nothing about whether the work is any good. The answer is to pull the whole engagement into one place, on the auditor's side of the table: scoping, workpapers, evidence, testing, review, and reporting, along with the coordination around them, so that the work stops scattering in the first place.
That means connecting to the tools a firm already uses rather than replacing them, pulling evidence in from the compliance platforms and pushing it out to the systems they already run on, so that auditors work where they already know how to work, keep their independence, and stop re-keying. It also means making the state of the engagement visible: who is on deck, what is waiting on the client, which review comments are still open, and where every control stands. When the overhead stops hiding, the drift shows up while you can still fix it.
All of this is built process-first, with AI as an accelerant and never a replacement for judgment, so that the auditor keeps the judgment while the system carries the weight. Done right, the technology becomes invisible infrastructure, protecting the time, the consistency, and the standards that good judgment depends on, so that the work around the work stops eroding the work that matters.
The firms that win the next decade won't be the ones that claim quality the loudest. They'll be the ones that can show it.
They will be able to show it engagement by engagement, on demand, to whoever asks, whether a client, a peer reviewer, or a regulator. In a market still recovering from rubber-stamped assurance, that is the entire game. The profession has always measured everything about an engagement except the one thing it exists to deliver, and it is time to close that gap.
Quick questions on the three forces
Does SQMS No. 1 actually apply to my firm? If your firm performs engagements under AICPA standards, whether audits, reviews, or attestation work like SOC examinations, then yes. A system of quality management has to be designed and implemented by December 15, 2025, and the requirement holds whether you are a hundred-person firm or a sole practitioner. The scale of the system flexes to your size and complexity; the obligation does not.
What do I actually have to do before December 2026? Design and implement a risk-based system of quality management, then evaluate it. You identify your firm's quality objectives, assess the risks to meeting them, and design responses across governance, ethics, client acceptance, engagement performance, resources, and monitoring. Your first formal evaluation of that system is due by December 15, 2026, and it has to be documented well enough to show someone, not just asserted.
How is "quality by design" different from the QC we already do for peer review? The old model was largely a set of policies you could point to. The new one is a living system you have to run, monitor, and prove is working, tuned to your firm's actual risks rather than a generic checklist. Quality stops being something you demonstrate every few years at peer review and becomes something you manage continuously.
If we can't hire, how are we supposed to raise quality at the same time? You can't solve it by adding people, because the people aren't there to add. The durable answer is to systematize the parts that don't require judgment, the coordination, the tracking, the chasing, so your experienced auditors spend their hours on the work that actually needs them. Quality that depends on a few veterans remembering everything doesn't survive their retirement.
Don't our compliance and GRC tools already handle this? They handle a different problem. Those platforms were built to help the company get ready, faster and cheaper, not to help the auditor do the work or prove its quality. They've made compliance cheaper without making the audit better. Closing the quality gap takes something built for the auditor's side of the table, not the clients.
A note from Chris
This is the first in a series I'm writing on audit quality: what it actually means, why so little of it gets measured, and why the firms that can show it, not just claim it, will win the next decade.
If it resonated, or if you think I've got a piece of it wrong, I'd like to hear it. Tell me where the overhead hides in your own practice. I read every reply.
Audora, the company I lead, is my attempt, along with our co-founders, at an answer to this. But that's a conversation for another day. For now, I just want more of us to treat quality as something you can see, not something you assert.
— Chris · chris.watson@goaudora.com
Chris Watson is the CEO of Audora. He spent 25+ years in cybersecurity and audit, including at EY and Accenture, and writes on audit quality, trust, and the future of the audit profession.

