Ghost Registries & Oversight Inflation: Rethinking Audit Regulation
NFRA outreach programme (Image NFRA Social on X)
Inactive firms, market concentration, and enforcement-heavy models expose structural gaps in global audit oversight
By P. SESH KUMAR
New Delhi, April 22, 2026 — A seemingly innocuous disclosure in the US Public Company Accounting Oversight Board’s (PCAOB) 2025 Annual Report-that nearly sixty percent of registered firms do not conduct audits-has exposed a deeper structural malaise within global audit regulation. What appears as a numerical curiosity is, in truth, a symptom of a widening disconnect between regulatory architecture and market reality. Across jurisdictions, audit oversight has expanded dramatically in scope, intensity, and ambition since the early 2000s. Yet the underlying audit market has neither deepened nor diversified in proportion.
Instead, it has become increasingly polarized-marked by dormant registrants at one end and concentrated audit power at the other. This narrative attempts to examine this paradox through a comparative lens, analysing the evolution and current challenges of audit regulation in the United States (US), the United Kingdom (UK), and India.
It situates India’s National Financial Reporting Authority (NFRA) within this global context, arguing that its emerging tensions-procedural, structural, and philosophical-are not aberrations but reflections of a broader global pattern. Can we say that modern audit regulation suffers from “oversight inflation,” where regulatory reach exceeds economic substance, likely leading to inefficiency, performative compliance, and fragile audit ecosystems? The note concludes by proposing a shift toward activity-based, risk-driven, and structurally balanced audit oversight.
The Moment of Disquiet: When Numbers Speak Louder Than Narratives
Every regulatory system has its moment of unintended revelation-a moment when a routine disclosure reveals more than any policy statement ever could. For the PCAOB, that moment arrived quietly, buried in the statistical annex of its 2025 Annual Report.
Out of roughly 1,444 registered audit firms, 863 did not perform a single issuer audit, broker-dealer audit, or even a “substantial role” audit during the year. This is not a marginal aberration. It is a majority condition.
To understand the significance of this, one must recall what PCAOB registration represents. It is not a ceremonial listing. It is the gateway to auditing public companies in the United States-the very core of investor protection. Registration implies readiness, capability, and accountability.
And yet, the majority of registered firms are not auditing. This is not merely inefficiency. It is conceptual dissonance.
The Origins: Sarbanes-Oxley and the Birth of Assertive Oversight
The PCAOB did not emerge in a vacuum. It was the institutional embodiment of a crisis of confidence. The collapse of Enron and the implosion of Arthur Anderse shattered the myth of self-regulation. The Sarbanes-Oxley Act of 2002 replaced professional oversight with statutory authority, transforming audit regulation from a collegial discipline into a formal system of surveillance and enforcement.
At its core, Sarbanes-Oxley rested on a simple premise: that trust in financial reporting could only be restored if auditors themselves were subject to independent scrutiny.
The architecture was ambitious. Registration would create accountability. Inspections would ensure quality. Enforcement would deter misconduct. Transparency would restore confidence.
But embedded within this architecture was a critical assumption-that the population of regulated firms would correspond closely to the population of active auditors. That assumption has steadily eroded.
Registration Without Activity: The Economics of Strategic Compliance
The existence of inactive registered firms is not an accident. It is the predictable outcome of a system that regulates potentiality rather than activity.
Firms register for reasons that have little to do with current audit engagements. Some anticipate future opportunities. Others are part of global audit networks and seek to maintain eligibility for cross-border assignments. Still others respond to reputational incentives-registration signals legitimacy, even if unused.
Over time, registration becomes a strategic asset rather than an operational necessity.
The result is a regulatory register populated by what may be called “ghost auditors”-entities that exist within the regulatory framework but do not participate in the economic activity that justifies their inclusion.
Recognizing this, the PCAOB has attempted corrective action. Amendments now allow for the automatic withdrawal of firms that fail to meet reporting or fee obligations for two consecutive years. Yet this is a pruning exercise, not a structural reform.
The deeper question remains unanswered: why does the system generate such firms in the first place?
NFRA’s New Gambit: Auditor-Audit Dialogue or Judicial Backpedal?
Oversight Inflation: When Regulation Outgrows Reality
The phenomenon observed in the PCAOB registry is part of a broader trend-one that may be described as oversight inflation.
Regulatory systems, particularly in the post-crisis era, have expanded their reach in response to public demand for accountability. Each crisis has led to new rules, broader definitions, and wider coverage.
But while regulation has expanded, the audit market has not expanded in proportion. Instead, it has become more concentrated, more complex, and in some respects more fragile.
This mismatch creates systemic distortions.
Regulators expend resources overseeing entities that do not contribute to audit outcomes. Market signals become blurred. Compliance becomes procedural rather than substantive. And the focus shifts from the quality of audits to the completeness of registers.
In effect, the system begins to measure its own activity rather than the effectiveness of audits.
The Persistence of Audit Failure: IFIAR’s Quiet Warning
If inactive firms represent one dimension of the problem, audit quality represents another.
The International Forum of Independent Audit Regulators (IFIAR), through its annual surveys, has consistently highlighted high levels of deficiencies in inspected audits across jurisdictions. These findings cut across regulatory systems, suggesting that the problem is not local but systemic.
Even among the firms that actively conduct audits, quality remains uneven.
This creates a paradox of troubling proportions. The regulatory system is expanding, yet the core objective-reliable, high-quality audits-is not being consistently achieved.
It is as though the system has become preoccupied with its own architecture, losing sight of its foundational purpose.
The United Kingdom: Concentration as Destiny
The United Kingdom (UK) presents a contrasting but equally revealing case. Here, the issue is not inactive firms but excessive concentration.
The Big Four firms dominate the audit landscape, particularly for large listed entities. Efforts to diversify the market have struggled against structural barriers-scale requirements, liability exposure, and reputational risk.
The Financial Reporting Council (FRC), long criticized for its perceived leniency, is being replaced by the proposed Audit Reporting and Governance Authority (ARGA), which promises stronger enforcement and greater independence. The UK’s audit regulatory framework has undergone a decisive rethink following sustained criticism of the FRC for perceived leniency and lack of effective enforcement in the wake of major corporate failures such as Carillion and BHS.
The government-commissioned Kingman Review concluded that the FRC lacked the necessary statutory footing, independence, and enforcement teeth, describing it as “not fit for purpose” and recommending its replacement by a stronger regulator. In response, the UK Government proposed the creation of ARGA as a new statutory body with enhanced powers, clearer objectives, and greater accountability to Parliament, designed to oversee audit, corporate reporting, and governance with significantly stronger enforcement capability. The reform agenda, articulated in the Government’s White Paper on restoring trust in audit and corporate governance, explicitly seeks to move from a consensual, profession-led model toward a more assertive, public-interest regulator equipped to intervene earlier, sanction more effectively, and command greater market confidence.
Yet the underlying problem persists.
Mid-tier firms find it difficult to scale up. Regulatory requirements, designed to ensure quality, also raise entry barriers. As a result, the market remains concentrated, and systemic risk remains embedded.
Thus, while the US grapples with an excess of inactive firms, the UK grapples with a scarcity of viable alternatives.
Both reflect the same structural imbalance-regulation and market structure evolving in different directions.
India’s NFRA: The Rise of the Enforcer
India’s National Financial Reporting Authority (NFRA) represents a third variation of this global pattern.
Established under the Companies Act and operationalized after the IL&FS crisis, NFRA was conceived as a decisive break from self-regulation. It was meant to be independent, assertive, and capable of enforcing accountability in a manner that the Institute of Chartered Accountants of India (ICAI) was perceived to have failed to do.
NFRA’s powers are substantial. It can investigate, impose significant monetary penalties, and debar auditors for extended periods. Recent legislative proposals go further, contemplating enhanced enforcement mechanisms, including penal consequences for non-compliance.
On paper, NFRA is one of the most powerful audit regulators in the world. But power, as experience shows, is not the same as equilibrium.
The NFRA-ICAI Tension: A Struggle for Jurisdiction and Philosophy
At the heart of India’s audit regulation lies a fundamental tension between NFRA and ICAI.
ICAI represents the traditional model of professional self-regulation. NFRA represents statutory oversight. The coexistence of these two models creates ambiguity-not merely in jurisdiction but in philosophy.
NFRA’s assertive stance has led to high-profile enforcement actions, including significant penalties against audit firms and partners. These actions have been welcomed by some as long overdue. Yet they have also raised concerns regarding proportionality, due process, and institutional balance.
The Delhi High Court, in examining NFRA’s procedures, has highlighted issues relating to the combination of investigative and adjudicatory functions within the same body. This raises fundamental questions about natural justice-questions that are not unique to India but resonate with debates surrounding regulatory design globally.
The challenge for India is not merely to strengthen oversight but to ensure that oversight is credible, fair, and sustainable.
The Risk of Over-Enforcement: Chilling the Audit Market
NFRA’s assertiveness, while understandable, carries risks.
An enforcement-heavy approach can deter mid-tier firms from expanding their audit practice. The fear of regulatory action, combined with high compliance costs, may discourage participation.
This, in turn, can lead to increased concentration-mirroring the UK’s experience.
Thus, India faces a delicate balancing act. It must ensure accountability without stifling participation. It must enforce standards without narrowing the audit ecosystem.
The Common Thread: A System Out of Balance
Across the US, the UK, and India, a common thread emerges.
Audit regulation has become more expansive, more complex, and more assertive. Yet the audit market has not evolved in a manner that supports this expansion.
The result is a system out of balance. In the US, the imbalance manifests as inactive registrants. In the UK, it manifests as concentration.
In India, it manifests as institutional tension and enforcement asymmetry. Different symptoms, same underlying condition.
Reimagining Audit Oversight: From Registry to Reality
If the current trajectory continues, audit regulation risks becoming an elaborate system of procedural compliance-impressive in form but limited in substance. The need of the hour is not incremental reform but conceptual rethinking. The focus must shift from registration to activity.
Regulation has to move from who is registered to who is actually auditing. The regulator should maintain a live audit activity register-updated quarterly-capturing which firms are signing audit reports, the size of those engagements, and their sectoral exposure; firms that remain inactive beyond a defined period (say, two years) should automatically exit the high-intensity regulatory net and shift to a light-touch category or be removed altogether.
Supervision should be explicitly risk-scored and publicly structured, not broadly applied. Each audit engagement and firm should be assigned a dynamic risk rating based on factors such as size of client, systemic importance, past inspection findings, complexity of transactions, and industry risk. Inspection cycles, depth of review, and enforcement attention should then be directly tied to this score-meaning that the top 15–20% high-risk engagements receive disproportionately higher scrutiny, while low-risk segments are subject to periodic but limited review.
Market structure cannot be left to evolve passively. Regulators should actively open access for mid-tier firms by mandating joint audits or shared audits for large listed entities above a certain threshold, creating a structured pathway for capability building. At the same time, liability frameworks and compliance costs for mid-sized firms should be rationalized so that participation in large audits is commercially viable rather than prohibitively risky.
Institutional credibility hinges on visible fairness. In jurisdictions like India, the regulator should formally separate investigation from adjudication through independent benches or panels, with clearly defined timelines, disclosure standards, and appellate mechanisms. This is not merely a legal refinement-it directly affects how willing firms are to engage with the regulatory system without fear of arbitrary outcomes.
Finally, oversight must become data-driven and near real-time. Regulators should build integrated digital platforms where audit firms file engagement data, key audit metrics, and red-flag indicators periodically, allowing early detection of risk patterns. Instead of relying on static annual filings and retrospective inspections, this would enable continuous monitoring, targeted intervention, and faster corrective action-turning regulation from a backward-looking exercise into a forward-looking control system.
NFRA Enforcement Crisis: Why Audit Watchdog Is a Paper Tiger
Beyond the Illusion of Control
While PCAOB, FRC and NFRA may be doing some of this-but not in a fully aligned, outcome-driven way yet. Each of these regulators has moved in that direction, but gaps remain between intent, design, and actual impact.
Let us take PCAOB. It already follows a risk-based inspection model, focusing more frequently on large firms and high-risk engagements. It also collects detailed engagement-level data and publishes inspection findings. However, the system still relies heavily on a broad registration framework, which is why you see the anomaly of a large number of inactive firms remaining within its regulatory perimeter. The recent move to automatically remove inactive firms is a step toward aligning regulation with actual audit activity-but it is corrective, not foundational. Real-time monitoring of engagements is still limited; oversight remains largely periodic and retrospective, not continuous.
The FRC-and its proposed successor Audit, Reporting and Governance Authority (ARGA) has also adopted risk-based reviews and thematic inspections, especially for large public interest entities. It has been more proactive in identifying systemic issues and publishing thematic insights. However, its central challenge lies elsewhere: market structure. Despite regulatory awareness, as briefly mentioned, the UK has struggled to meaningfully expand the role of mid-tier firms. Even proposed tools like managed shared audits have faced resistance and slow implementation. So while the regulator recognises the issue, the translation into tangible market diversification has been uneven.
India’s National Financial Reporting Authority presents a different picture. NFRA has taken a strong enforcement-led approach, focusing on high-impact cases and imposing significant penalties. In that sense, it is already targeting “where it matters most.” But it does not yet operate a fully developed risk-scoring or engagement-level supervision system comparable to PCAOB’s inspection framework. Its oversight is still largely case-driven and post-facto, rather than based on systematic or continuous monitoring of audit activity. More importantly, institutional design issues-particularly the combination of investigation and adjudication within the same body-continue to raise concerns about process credibility. On the market structure front, NFRA has not yet played an active role in developing mid-tier audit capacity, leaving concentration risks unaddressed.
Across all three, the pattern is consistent. The building blocks of modern regulation are present-risk-based inspections, enhanced disclosures, stronger enforcement powers-but they operate within systems that are still partly legacy-driven. Registration remains broad, monitoring is not fully real-time, and market-shaping interventions are cautious or incomplete.
So the issue is not absence of reform. It is partial transition.
These regulators have moved away from purely formal oversight, but they have not yet fully transitioned to activity-linked, data-driven, structurally balanced regulation. Until that shift is completed, the system will continue to exhibit the same paradoxes-over-regulation in some areas, under-effectiveness in others.
The expansion of audit regulation over the past two decades has created a powerful illusion-that more rules, more oversight, and more enforcement automatically translate into better audits.
The evidence suggests otherwise.
A system that registers firms that do not audit, concentrates audit activity in a few hands, and struggles with persistent quality issues cannot be said to have fully achieved its purpose.
The challenge, therefore, is not to regulate more. It is to regulate meaningfully. The statistic from the PCAOB is not an anomaly. It is a signal. It tells us that the architecture of audit regulation needs recalibration—not at the margins, but at its core.
(This is an opinion piece. Views expressed are the author’s own.)
Follow The Raisina Hills on WhatsApp, Instagram, YouTube, Facebook, and LinkedIn
About The Author
