The Watchdog Took a Nap
SOXINTERNAL AUDITCOMPLIANCE
The Number
Everything changed in November 2024. Not a political statement, but facts are facts.
Since then, PCAOB and SEC enforcement actions against auditors dropped 33% in 2025. Monetary sanctions fell 66% to $17.9 million. That's 39 total actions, down from 58 in 2024. The SEC brought exactly two enforcement actions against auditors all year. Two.
One came before Gary Gensler walked out the door on January 20. The Trump administration's contribution to auditor enforcement in all of 2025 was, by that count: one action.
And here's the real kicker: the PCAOB's 2026 budget includes a 15% reduction in its enforcement division. They're not just pulling back, they're attempting to make it permanent.
How We Got Here
PCAOB Chair Erica Williams resigned mid-2025. The SEC appointed four new board members on January 30, 2026, including new chair Jim Logothetis. The board that starts 2026 looks nothing like the one that finished 2024.
The new regime's stated philosophy: "back to basics," focus on real fraud, actual investor harm. Less regulatory overreach. Fewer parking tickets.
I get it. I even agree with some of it. The prior regime wasn't perfect. About 27% of earlier enforcement orders targeted what one dissenting board member called "traffic tickets", violations that generated only 6% of total penalties. If you're hammering partners on paperwork while actual fraud walks, you have an enforcement problem, just a different kind.
But here's where it gets uncomfortable.
The Confluence Problem
We're simultaneously watching: auditor enforcement collapse, the PCAOB get repopulated by political appointees, AI agents embed into financial reporting processes with little to no governance standards, the accounting talent pipeline is dry, and passive index funds insulate corporate management from market consequences for governance failures.
Any one of these is a concern. All of them at once is what risk professionals call a "governance vacuum." The traditional checks on corporate financial integrity are weakening simultaneously, and nobody at the top of the food chain seems particularly bothered.
In 2025, quality control issues appeared in nearly two-thirds of PCAOB enforcement actions. Independence violations, the kind that used to matter, showed up in only 8% of cases, down from 19% historically. That's not refocusing. That's repositioning.
The Counterargument (It Has Merit)
The deregulatory case isn't without force. PCAOB Rule 3502 makes individual auditors personally liable for penalties with no reimbursement from their firm or insurance. If that's driving experienced partners out of public company auditing, aggressive enforcement is literally making audit quality worse by scaring off the people who know what they're doing.
The SEC's new Cross-Border Task Force also isn't nothing. Non-U.S. respondents accounted for 93% of total monetary sanctions in 2025 even with the decline. If you're going to focus, focus where the money and the harm are. That's reasonable.
What It Means for You
For CAEs: the external pressure that used to justify your budget just got softer (for now). The "PCAOB is coming and they're serious" argument loses significant force when the PCAOB just cut its own enforcement budget 15%. The CFO who already thought audit was overhead now has one more reason to think that.
SOX was born from governance failures that accumulated during a prior era of regulatory optimism. The late 1990s were also a time of deregulatory enthusiasm and the general sentiment that markets would sort themselves out. We know how that ended.
I'm not predicting Enron 2.0. I'm observing reality as it is, not what I want it to be. The conditions which enable large-scale governance failures are trending in the same direction simultaneously. History suggests the storm is coming and that should bother more people than it currently does.
Brian Kuenzi is a leader in the finance and technology space. Brian's experience spans SOX and Audit leadership, finance transformation, process automation, and business operations across both consulting and in-house leadership roles. You can learn more about Brian on LinkedIn.
These are the opinions of the editors of Internal Audit Next and/or the writer who authored this article. Any use of this copyrighted material without permission of Internal Audit Next - including training for AI Models - is prohibited. Copyright 2026.