The transition from a rules-based auditing standard (AS2) to a principles-based auditing standard (AS5) provides a context to assess how such a change impacts audit outcomes. Under a rules-based auditing standard, audit processes are relatively uniform, unscaleable and include significant redundancy. Under a principles-based auditing standard, audit effort can be directed to where risk is greatest; audits are scalable and can be customized. We find that the post-SOX shedding of risky clients by the Big 4 meant that non-Big 4 clients were more likely than Big 4 clients to disclose material internal control weaknesses (MICWs) when assured under AS2. This gap narrowed significantly following the transition to AS5, when risk-based customized audits were possible which benefited Big 4 firms to a greater extent than non-Big 4 firms.