If a public company's auditors find irregularities they work with the company's management to resolve them. If, eventually, the auditors decide there are irreconcilable differences, they will resign, and provide reasons for their resignation in the resignation letter to the company. At that point, it is up to the company to decide whether or not those findings are significant enough that they need to be released to the public. The SEC will consider any auditor resignation for cause to be significant enough that it has to be disclosed, but that doesn't mean that companies will actually do it, as you can see by a bunch of enforcement actions relating to exactly that:
The SEC quote is about requiring auditors to meet their professional standards. Those standards require them to follow certain processes, things like needing to see evidence for certain things, and not both preparing the books and auditing them, and require that they not issue letters they don't actually agree with. Those standards do not require informing the public or regulators about problems they find.
There's certainly something to be said for having some codified professional standards for infosec professionals, but if public or regulator notice is something you think is important to be in those standards you shouldn't model them off of the standards for auditors, because auditors have no such professional responsibility.
https://www.investor.gov/introduction-investing/general-reso...
(search for "resign")
The SEC quote is about requiring auditors to meet their professional standards. Those standards require them to follow certain processes, things like needing to see evidence for certain things, and not both preparing the books and auditing them, and require that they not issue letters they don't actually agree with. Those standards do not require informing the public or regulators about problems they find.
There's certainly something to be said for having some codified professional standards for infosec professionals, but if public or regulator notice is something you think is important to be in those standards you shouldn't model them off of the standards for auditors, because auditors have no such professional responsibility.