A comparison of U.S. auditing standards with International Standards on Auditing.
Iternational Standards on Auditing (ISA) are targeted for convergence with existing auditing standards in the United States and other countries. Until convergence efforts are further along, however, there are five principal areas for which differences currently exist among U.S. generally accepted auditing standards (GAAS), Public Company Accounting Oversight Board (PCAOB) auditing standards, and ISAs.
ISAs are issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC), the successor organization to the International Auditing Practices Committee (IAPC). Similar to the manner in which the Auditing Standards Board (ASB) writes auditing and assurance standards under the auspices of the AICPA and the PCAOB issues standards that are approved by the SEC, the IAASB writes standards under the auspices of IFAC. Presently, more than 100 countries use or rely on ISAs.
In the United States, the ASB, which sets auditing standards for nonpublicly traded entities, has launched the Clarity Project in an effort to make U.S. GAAS easier to read, understand, and apply. The Clarity Project also includes the goal of working toward convergence of U.S. auditing standards with ISAs. This convergence project is attempting to make auditing standards coordinated, or comparable, throughout the world. At the time of this writing, the ASB's Clarity Project is still a work in progress.
The PCAOB, created by the Sarbanes-Oxley Act of 2002 (SOX) to oversee the auditors of public companies, considers the IAASB standards in developing its own proposed standards. Some critics of the PCAOB contend that it has failed to adequately take into account or promote the need for international convergence of auditing standards; however, the PCAOB recently undertook a major revision of its risk assessment standards. The PCAOB adopted a suite of eight auditing standards related to the auditor's assessment of, and response to, risk in an audit. The eight new risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010, and address audit procedures from the initial planning stages through the final evaluation of audit procedures and results (see pcaobus.org/News/Releases/Pages/08052010AuditingStandardsRiskAssessment.aspx). As a result, PCAOB auditing standards and ISAs have more similarities than ever before.
ISAs on the CPA Exam
Beginning in January 2011, the CPA exam began testing candidates on international standards. Content Specification Outlines (CSO) issued in May 2009 indicate that candidates taking the Auditing and Attestation (AUD) section of the CPA exam are now expected to demonstrate an awareness of--
* the IAASB and its role in establishing ISAs,
* the differences between U.S. auditing standards and international auditing standards, and
* the audit requirements under U.S. auditing standards that apply when performing audit procedures on a U.S. entity that supports an audit report based on ISAs or the auditing standards of another country.
There are five principal areas where differences exist among U.S. GAAS, PCAOB auditing standards, and ISAs. These significant differences are: documentation of audit procedures; going-concern considerations; assessing and reporting on internal control over financial reporting; risk assessment and responses to assessed risks; and the use of another auditor for part of an audit. In this article, much of the discussion of the differences between PCAOB auditing standards and ISAs is drawn from a study published by the European Commission (EC). An executive summary of this study, "Evaluation of the differences between International Standards on Auditing (ISA) and the standards of the US Public Company Accounting Oversight Board (PCAOB)" is available at ec.europa.eu/intemal_market/auditing/docs/ias/evalstudy2009/summary_en.pdf. The study was commissioned by the EC and solicited input from international technical partners from each of the Big Four audit firms.
Documentation of audit procedures. Conceptually, documentation requirements under U.S. auditing standards and ISAs differ: AICPA auditing standards and PCAOB auditing standards are relatively more prescriptive than ISAs, which are perceived as relying more on the professional judgment of the auditor. An example in the study prepared for the EC notes that PCAOB Auditing Standard (AS) 3 requires that an "engagement completion memo" be prepared; there is no such requirement under international auditing standards.
Retention periods of auditing workpapers also differ among the three sets of standards. The ASB requires that audit workpapers be retained for a period of at least five years, while the PCAOB mandates a retention period of at least seven years. ISA 230, Audit Documentation, requires audit firms "to establish policies and procedures for the retention of engagement documentation. The retention period for audit engagements ordinarily is no shorter than five years from the date of the auditor's report, or, if later, the date of the group auditor's report" (web.ifac.org/download/a011-2010-iaasb-handbook-isa-230.pdf).
Going-concern considerations. When considering whether an entity has the ability to continue as a going concern into the foreseeable future, the PCAOB auditing standards define the foreseeable future as the 12 months following the end of the fiscal period being audited. As noted in the study commissioned for the EC, when assessing going-concern considerations under ISAs, the foreseeable future is at least, but not limited to, 12 months.
At the time of this writing, FASB is considering releasing guidance on the going-concern-issue that would, among other things, increase management's responsibility for preparing financial statements as a going concern to consider information for at least, but not limited to, 12 months from the end of the reporting period. In addition, the ASB is still discussing whether an auditor's evaluation of an entity's ability to continue as a going concern "should be limited to a reasonable period of time, not to exceed one year beyond the date of the financial statements being audited, or should cover the same period as that used by management to make its assessment" (www.aicpa.org/InterestAreas/AccountingAndAuditing/Community/AuditingStandardsBoard/ASBMeetings/DownloadableDocuments/January%202010%20ASB%20Meeting/2010_01_ASB_Highlights.pdf). Accordingly, it should be noted that the ASB's redraft of "The Auditor's Consideration of the Entity's Ability to Continue as a Going Concern" as part of its Clarity Project has been delayed so that the proposed standard can be aligned with the going-concern guidance under consideration by FASB.
Internal control over financial reporting. When the U.S. Congress passed SOX, it required that management of U.S. public companies assess and report on internal controls over financial reporting. Management states its assertion about the effectiveness of its controls over financial reporting in a report that accompanies the audit report.
The PCAOB's AS 5 requires auditors of public companies to perform an examination of an entity's internal control over financial reporting that is integrated with an audit of its financial statements. In addition to issuing an opinion on the fairness of the financial statements, auditors of U.S. public companies must also express an opinion on the effectiveness of the entity's internal controls over financial reporting. While not required to do so, virtually all public companies (and their auditors) evaluate internal controls based on the criteria established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Neither the auditing standards issued by the ASB nor ISAs require an integrated audit that expresses as opinion on the effectiveness of the client's internal controls over financial reporting. Auditors following U.S. auditing standards, however, must obtain an understanding of the internal controls of the entity being audited in order to plan and perform the audit, including determining the nature, extent, and timing of substantive tests to be performed. International auditing standards require an auditor to test the internal controls of the organization being audited to ensure that they are adequate and functional.
Risk assessment. ISAs require specific risk assessment procedures in order to obtain a broad understanding of an entity and its environment, with the goal of identifying risks of material misstatement ISAs require that the auditor obtain an understanding of an entity's business risks, such as its operating risks and its strategic risks. Auditors following ISAs must also determine how their client responds to such risks as the auditor plans and conducts the audit. Moreover, under international standards, an auditor is required to make inquiries of the internal auditors of the organization being audited, with the objective of obtaining a better understanding of the entity's expertise in assessing risk. Auditors following international standards should take all information regarding risks, as well as the client's responses to these risks, into consideration when assessing the risk of material
Currently, auditors following auditing standards promulgated by the ASB are required to identify and assess risks of material misstatement based on an understanding of the entity and its environment, including the entity's internal control. This assessment and understanding can be aided by inquiries of the internal auditors of the entity being audited. The ASB's redraft of "The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements," as part of its Clarity Project, has been delayed so that the proposed standard can be aligned with the IAASB's revisions to its clarified standard on this issue.
As previously noted, the PCAOB recently completed a major revision of its risk assessment standards. Eight new auditing standards related to the auditor's assessment of, and response to, risk in an audit were adopted by the PCAOB. This suite of risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010. The new risk assessment standards address audit procedures from the initial planning stages through the final evaluation of audit procedures and results. Accordingly, PCAOB auditing standards and ISAs are now more similar than they are different when it comes to risk assessment and response. The eight new standards are--
* AS 8, Audit Risk
* AS 9, Audit Planning
* AS 10, Supervision of the Audit Engagement
* AS 11, Consideration of Materiality in Planning and Performing an Audit
* AS 12, Identifying and Assessing Risks of Material Misstatement
* AS 13, The Auditor's Responses to the Risks of Material Misstatement
* AS 14, Evaluating Audit Results
* AS 15, Audit Evidence.
A summary of the key provisions of the PCAOB's suite of eight risk standards is provided in Exhibit 1.
EXHIBIT 1 The PCAOB's Suite of Risk Assessment Standards AS Title Summary 8 Audit Risk Describes the components of audit risk and the auditor's responsibilities for reducing audit risk to an appropriately low level in order to obtain reasonable assurance that the financial statements are free of material misstatements. 9 Audit Planning Planning requirements include assessing matters that are important to the audit; the auditor must establish an appropriate audit strategy and audit plan. 10 Supervision of the Sets forth requirements for supervising the Audit Engagement work of engagement team members. 11 Consideration of Describes the auditor's responsibilities Materiality in for consideration of materiality in Planning and planning and performing an audit. Performing an Audit 12 Identifying and Establishes requirements regarding the Assessing Risks of process of identifying and assessing risks Material of material misstatement of the financial Misstatement statements; the risk assessment process includes information-gathering procedures to identify risks and an analysis of the identified risks. 13 The Auditor's The auditor must respond to the risks of Responses to the material misstatement in financial Risks of Material statements through the general conduct of Misstatement the audit and performing audit procedures regarding significant accounts and disclosures. 14 Evaluating Audit Establishes requirements regarding the Results auditor's evaluation of audit results and determination of whether the auditor has obtained sufficient appropriate audit evidence. The evaluation process includes evaluation of misstatements identified during the audit; the overall presentation of the financial statements, including disclosures; and the potential for management bias. 15 Audit Evidence Explains what constitutes audit evidence and establishes requirements for designing and performing audit procedures to obtain sufficient appropriate audit evidence to support the opinion expressed by the auditor. Source: PCAOB Adopts New Auditing Standards on Risk Assessment, pcaobus.org/News/Releases/Pages/ 08052010_AuditingStandardsRiskAssessment.aspx
The approach taken by the ASB is that it supports a separate fraud standard, Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, as opposed to the PCAOB's integrated strategy. The ASB contends that the focused approach gives the consideration of fraud more prominence than integrating it into risk assessment standards.
Use of another auditor. In some audits, the "principal" auditor may engage another audit firm to perform some portion of the audit. For example, another audit firm may be hired to audit a foreign subsidiary, complex investments, or some other component of the overall audit. Under standards issued by both the ASB and the PCAOB, the principal audit firm has the option of making no reference to the work performed by the other audit firm. Nevertheless, the principal auditor also has the option of issuing a "division of responsibility" audit report, referring to the work and reports of the other auditor in the audit report issued by the principal auditor. ISAs do not permit the primary auditor to make any reference to the work of another auditor.
A Global View
There is a growing global acceptance of International Financial Reporting Standards (IFRS), and much has been written about that topic. In the global economy, in addition to understanding international accounting standards, auditors also need to be aware of the influence of international auditing standards on U.S. auditing standards. ISAs represent transparent, high-quality auditing standards that have been gaining worldwide acceptance. This is evident in the United States, as the ASB's Clarity Project is converging U.S. GAAS with ISAs or establishing reasons for not doing so. Furthermore, the IAASB continues to make the case for acceptance of ISAs by market regulators in cross-border market offerings and reports of foreign issuers.
As summarized in Exhibit 2, there are currently five key areas in which differences exist among standards issued by the ASB, PCAOB auditing standards, and ISAs: 1) documentation of audit procedures; 2) going-concern considerations; 3) assessing and reporting on internal control over financial reporting; 4) risk assessment; and 5) the use of another auditor for part of an audit. Until ISAs are converged with U.S. auditing standards, it is important for auditing professionals to be aware of and understand these differences.
EXHIBIT 2 ISAs versus U.S. Auditing Standards: Key Comparisons Audit Issue Auditing PCAOB Auditing International Standards Board Standards Standards on (AICPA) Auditing (ISA) Documentation Specific, Specific, Relatively more of Audit prescriptive prescriptive reliance on Procedures guidance; minimum guidance; minimum professional five-year seven-year judgment; retention period retention period retention period for audit for audit for audit workpapers. workpapers. workpapers is ordinarily no shorter than five years from the date of the auditor's report. Going-Concern Evaluation period Foreseeable future Foreseeable Considerations should be limited defined as 12 future is at to a reasonable months. least, but not period of time, limited to, 12 not to exceed one months. year beyond the date of the financial statements being audited. Internal Auditors must An "integrated" The auditor Control over understand an audit must be tests controls Financial entity and its performed so that to determine Reporting environment, the auditor can whether they are including express an opinion adequate and internal on the functional. controls. effectiveness of There is no However, there is the client's requirement to no requirement to internal controls express an express an over financial opinion on the opinion on the reporting. effectiveness of effectiveness of the client's the client's internal internal controls controls over over financial financial reporting. reporting. Risk The ASB's Before the Specific risk Assessment approach is to issuance of the assessment support a risk assessment procedures are separate fraud standards, audit mandated in standard (SAS 99, procedures were order to obtain Consideration of not as specific as a broad Fraud in a those under ISAs. understanding of Financial New Auditing the entity and Statement Audit); Standards now its environment it contends that address specific in order to a separate audit procedures identify risks standard gives to be performed, of material the consideration from the initial misstatement. of fraud more planning stages of prominence than the audit through integrating it the evaluation of into risk audit results. assessment standards. Use of Another In a "division of In a "division of Not permitted. Auditor responsibility" responsibility" audit report, the audit report, the principal auditor principal auditor refers to the refers to the work work of another of another auditor. auditor.
Deborah L. Lindberg, DBA, CPA, is a professor of accounting and Deborah L. Seifert, PhD, CPA, CMA, is an assistant professor of accounting, both at Illinois State University, Normal, Ill.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||In Focus|
|Author:||Lindberg, Deborah L.; Seifert, Deborah L.|
|Publication:||The CPA Journal|
|Date:||Apr 1, 2011|
|Previous Article:||Questions about going concern.|
|Next Article:||Management integrity: the Lynchpin of a GAAS audit.|