Printer Friendly

A comparison of U.S. auditing standards with International Standards on Auditing.

Moving Toward Convergence

Iternational Standards on Auditing (ISA) are targeted for convergence with existing auditing standards in the United States and other countries. Until convergence efforts are further along, however, there are five principal areas for which differences currently exist among U.S. generally accepted auditing standards (GAAS), Public Company Accounting Oversight Board (PCAOB) auditing standards, and ISAs.

[ILLUSTRATION OMITTED]

[ILLUSTRATION OMITTED]

ISAs are issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC), the successor organization to the International Auditing Practices Committee (IAPC). Similar to the manner in which the Auditing Standards Board (ASB) writes auditing and assurance standards under the auspices of the AICPA and the PCAOB issues standards that are approved by the SEC, the IAASB writes standards under the auspices of IFAC. Presently, more than 100 countries use or rely on ISAs.

In the United States, the ASB, which sets auditing standards for nonpublicly traded entities, has launched the Clarity Project in an effort to make U.S. GAAS easier to read, understand, and apply. The Clarity Project also includes the goal of working toward convergence of U.S. auditing standards with ISAs. This convergence project is attempting to make auditing standards coordinated, or comparable, throughout the world. At the time of this writing, the ASB's Clarity Project is still a work in progress.

The PCAOB, created by the Sarbanes-Oxley Act of 2002 (SOX) to oversee the auditors of public companies, considers the IAASB standards in developing its own proposed standards. Some critics of the PCAOB contend that it has failed to adequately take into account or promote the need for international convergence of auditing standards; however, the PCAOB recently undertook a major revision of its risk assessment standards. The PCAOB adopted a suite of eight auditing standards related to the auditor's assessment of, and response to, risk in an audit. The eight new risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010, and address audit procedures from the initial planning stages through the final evaluation of audit procedures and results (see pcaobus.org/News/Releases/Pages/08052010AuditingStandardsRiskAssessment.aspx). As a result, PCAOB auditing standards and ISAs have more similarities than ever before.

ISAs on the CPA Exam

Beginning in January 2011, the CPA exam began testing candidates on international standards. Content Specification Outlines (CSO) issued in May 2009 indicate that candidates taking the Auditing and Attestation (AUD) section of the CPA exam are now expected to demonstrate an awareness of--

* the IAASB and its role in establishing ISAs,

* the differences between U.S. auditing standards and international auditing standards, and

* the audit requirements under U.S. auditing standards that apply when performing audit procedures on a U.S. entity that supports an audit report based on ISAs or the auditing standards of another country.

Key Differences

There are five principal areas where differences exist among U.S. GAAS, PCAOB auditing standards, and ISAs. These significant differences are: documentation of audit procedures; going-concern considerations; assessing and reporting on internal control over financial reporting; risk assessment and responses to assessed risks; and the use of another auditor for part of an audit. In this article, much of the discussion of the differences between PCAOB auditing standards and ISAs is drawn from a study published by the European Commission (EC). An executive summary of this study, "Evaluation of the differences between International Standards on Auditing (ISA) and the standards of the US Public Company Accounting Oversight Board (PCAOB)" is available at ec.europa.eu/intemal_market/auditing/docs/ias/evalstudy2009/summary_en.pdf. The study was commissioned by the EC and solicited input from international technical partners from each of the Big Four audit firms.

Documentation of audit procedures. Conceptually, documentation requirements under U.S. auditing standards and ISAs differ: AICPA auditing standards and PCAOB auditing standards are relatively more prescriptive than ISAs, which are perceived as relying more on the professional judgment of the auditor. An example in the study prepared for the EC notes that PCAOB Auditing Standard (AS) 3 requires that an "engagement completion memo" be prepared; there is no such requirement under international auditing standards.

Retention periods of auditing workpapers also differ among the three sets of standards. The ASB requires that audit workpapers be retained for a period of at least five years, while the PCAOB mandates a retention period of at least seven years. ISA 230, Audit Documentation, requires audit firms "to establish policies and procedures for the retention of engagement documentation. The retention period for audit engagements ordinarily is no shorter than five years from the date of the auditor's report, or, if later, the date of the group auditor's report" (web.ifac.org/download/a011-2010-iaasb-handbook-isa-230.pdf).

Going-concern considerations. When considering whether an entity has the ability to continue as a going concern into the foreseeable future, the PCAOB auditing standards define the foreseeable future as the 12 months following the end of the fiscal period being audited. As noted in the study commissioned for the EC, when assessing going-concern considerations under ISAs, the foreseeable future is at least, but not limited to, 12 months.

At the time of this writing, FASB is considering releasing guidance on the going-concern-issue that would, among other things, increase management's responsibility for preparing financial statements as a going concern to consider information for at least, but not limited to, 12 months from the end of the reporting period. In addition, the ASB is still discussing whether an auditor's evaluation of an entity's ability to continue as a going concern "should be limited to a reasonable period of time, not to exceed one year beyond the date of the financial statements being audited, or should cover the same period as that used by management to make its assessment" (www.aicpa.org/InterestAreas/AccountingAndAuditing/Community/AuditingStandardsBoard/ASBMeetings/DownloadableDocuments/January%202010%20ASB%20Meeting/2010_01_ASB_Highlights.pdf). Accordingly, it should be noted that the ASB's redraft of "The Auditor's Consideration of the Entity's Ability to Continue as a Going Concern" as part of its Clarity Project has been delayed so that the proposed standard can be aligned with the going-concern guidance under consideration by FASB.

Internal control over financial reporting. When the U.S. Congress passed SOX, it required that management of U.S. public companies assess and report on internal controls over financial reporting. Management states its assertion about the effectiveness of its controls over financial reporting in a report that accompanies the audit report.

The PCAOB's AS 5 requires auditors of public companies to perform an examination of an entity's internal control over financial reporting that is integrated with an audit of its financial statements. In addition to issuing an opinion on the fairness of the financial statements, auditors of U.S. public companies must also express an opinion on the effectiveness of the entity's internal controls over financial reporting. While not required to do so, virtually all public companies (and their auditors) evaluate internal controls based on the criteria established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Neither the auditing standards issued by the ASB nor ISAs require an integrated audit that expresses as opinion on the effectiveness of the client's internal controls over financial reporting. Auditors following U.S. auditing standards, however, must obtain an understanding of the internal controls of the entity being audited in order to plan and perform the audit, including determining the nature, extent, and timing of substantive tests to be performed. International auditing standards require an auditor to test the internal controls of the organization being audited to ensure that they are adequate and functional.

Risk assessment. ISAs require specific risk assessment procedures in order to obtain a broad understanding of an entity and its environment, with the goal of identifying risks of material misstatement ISAs require that the auditor obtain an understanding of an entity's business risks, such as its operating risks and its strategic risks. Auditors following ISAs must also determine how their client responds to such risks as the auditor plans and conducts the audit. Moreover, under international standards, an auditor is required to make inquiries of the internal auditors of the organization being audited, with the objective of obtaining a better understanding of the entity's expertise in assessing risk. Auditors following international standards should take all information regarding risks, as well as the client's responses to these risks, into consideration when assessing the risk of material

Currently, auditors following auditing standards promulgated by the ASB are required to identify and assess risks of material misstatement based on an understanding of the entity and its environment, including the entity's internal control. This assessment and understanding can be aided by inquiries of the internal auditors of the entity being audited. The ASB's redraft of "The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements," as part of its Clarity Project, has been delayed so that the proposed standard can be aligned with the IAASB's revisions to its clarified standard on this issue.

As previously noted, the PCAOB recently completed a major revision of its risk assessment standards. Eight new auditing standards related to the auditor's assessment of, and response to, risk in an audit were adopted by the PCAOB. This suite of risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010. The new risk assessment standards address audit procedures from the initial planning stages through the final evaluation of audit procedures and results. Accordingly, PCAOB auditing standards and ISAs are now more similar than they are different when it comes to risk assessment and response. The eight new standards are--

* AS 8, Audit Risk

* AS 9, Audit Planning

* AS 10, Supervision of the Audit Engagement

* AS 11, Consideration of Materiality in Planning and Performing an Audit

* AS 12, Identifying and Assessing Risks of Material Misstatement

* AS 13, The Auditor's Responses to the Risks of Material Misstatement

* AS 14, Evaluating Audit Results

* AS 15, Audit Evidence.

A summary of the key provisions of the PCAOB's suite of eight risk standards is provided in Exhibit 1.
EXHIBIT 1

The PCAOB's Suite of Risk Assessment Standards

AS  Title                Summary

8   Audit Risk           Describes the components of audit risk and
                         the auditor's responsibilities for reducing
                         audit risk to an appropriately low level in
                         order to obtain reasonable assurance that
                         the financial statements are free of
                         material misstatements.

9   Audit Planning       Planning requirements include assessing
                         matters that are important to the audit;
                         the auditor must establish an appropriate
                         audit strategy and audit plan.

10  Supervision of the   Sets forth requirements for supervising the
    Audit Engagement     work of engagement team members.

11  Consideration of     Describes the auditor's responsibilities
    Materiality in       for consideration of materiality in
    Planning and         planning and performing an audit.
    Performing an Audit

12  Identifying and      Establishes requirements regarding the
    Assessing Risks of   process of identifying and assessing risks
    Material             of material misstatement of the financial
    Misstatement         statements; the risk assessment process
                         includes information-gathering procedures
                         to identify risks and an analysis of the
                         identified risks.

13  The Auditor's        The auditor must respond to the risks of
    Responses to the     material misstatement in financial
    Risks of Material    statements through the general conduct of
    Misstatement         the audit and performing audit procedures
                         regarding significant accounts and
                         disclosures.

14  Evaluating Audit     Establishes requirements regarding the
    Results              auditor's evaluation of audit results and
                         determination of whether the auditor has
                         obtained sufficient appropriate audit
                         evidence. The evaluation process includes
                         evaluation of misstatements identified
                         during the audit; the overall presentation
                         of the financial statements, including
                         disclosures; and the potential for
                         management bias.

15  Audit Evidence       Explains what constitutes audit evidence
                         and establishes requirements for designing
                         and performing audit procedures to obtain
                         sufficient appropriate audit evidence to
                         support the opinion expressed by the
                         auditor.

Source: PCAOB Adopts New Auditing Standards on Risk Assessment,
pcaobus.org/News/Releases/Pages/
08052010_AuditingStandardsRiskAssessment.aspx


The approach taken by the ASB is that it supports a separate fraud standard, Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, as opposed to the PCAOB's integrated strategy. The ASB contends that the focused approach gives the consideration of fraud more prominence than integrating it into risk assessment standards.

Use of another auditor. In some audits, the "principal" auditor may engage another audit firm to perform some portion of the audit. For example, another audit firm may be hired to audit a foreign subsidiary, complex investments, or some other component of the overall audit. Under standards issued by both the ASB and the PCAOB, the principal audit firm has the option of making no reference to the work performed by the other audit firm. Nevertheless, the principal auditor also has the option of issuing a "division of responsibility" audit report, referring to the work and reports of the other auditor in the audit report issued by the principal auditor. ISAs do not permit the primary auditor to make any reference to the work of another auditor.

A Global View

There is a growing global acceptance of International Financial Reporting Standards (IFRS), and much has been written about that topic. In the global economy, in addition to understanding international accounting standards, auditors also need to be aware of the influence of international auditing standards on U.S. auditing standards. ISAs represent transparent, high-quality auditing standards that have been gaining worldwide acceptance. This is evident in the United States, as the ASB's Clarity Project is converging U.S. GAAS with ISAs or establishing reasons for not doing so. Furthermore, the IAASB continues to make the case for acceptance of ISAs by market regulators in cross-border market offerings and reports of foreign issuers.

As summarized in Exhibit 2, there are currently five key areas in which differences exist among standards issued by the ASB, PCAOB auditing standards, and ISAs: 1) documentation of audit procedures; 2) going-concern considerations; 3) assessing and reporting on internal control over financial reporting; 4) risk assessment; and 5) the use of another auditor for part of an audit. Until ISAs are converged with U.S. auditing standards, it is important for auditing professionals to be aware of and understand these differences.
EXHIBIT 2

ISAs versus U.S. Auditing Standards: Key Comparisons

Audit Issue     Auditing           PCAOB Auditing      International
                Standards Board    Standards           Standards on
                (AICPA)                                Auditing (ISA)

Documentation   Specific,          Specific,           Relatively more
of Audit        prescriptive       prescriptive        reliance on
Procedures      guidance; minimum  guidance; minimum   professional
                five-year          seven-year          judgment;
                retention period   retention period    retention period
                for audit          for audit           for audit
                workpapers.        workpapers.         workpapers is
                                                       ordinarily no
                                                       shorter than
                                                       five years from
                                                       the date of the
                                                       auditor's
                                                       report.

Going-Concern   Evaluation period  Foreseeable future  Foreseeable
Considerations  should be limited  defined as 12       future is at
                to a reasonable    months.             least, but not
                period of time,                        limited to, 12
                not to exceed one                      months.
                year beyond the
                date of the
                financial
                statements being
                audited.

Internal        Auditors must      An "integrated"     The auditor
Control over    understand an      audit must be       tests controls
Financial       entity and its     performed so that   to determine
Reporting       environment,       the auditor can     whether they are
                including          express an opinion  adequate and
                internal           on the              functional.
                controls.          effectiveness of    There is no
                However, there is  the client's        requirement to
                no requirement to  internal controls   express an
                express an         over financial      opinion on the
                opinion on the     reporting.          effectiveness of
                effectiveness of                       the client's
                the client's                           internal
                internal controls                      controls over
                over financial                         financial
                reporting.                             reporting.

Risk            The ASB's          Before the          Specific risk
Assessment      approach is to     issuance of the     assessment
                support a          risk assessment     procedures are
                separate fraud     standards, audit    mandated in
                standard (SAS 99,  procedures were     order to obtain
                Consideration of   not as specific as  a broad
                Fraud in a         those under ISAs.   understanding of
                Financial          New Auditing        the entity and
                Statement Audit);  Standards now       its environment
                it contends that   address specific    in order to
                a separate         audit procedures    identify risks
                standard gives     to be performed,    of material
                the consideration  from the initial    misstatement.
                of fraud more      planning stages of
                prominence than    the audit through
                integrating it     the evaluation of
                into risk          audit results.
                assessment
                standards.

Use of Another  In a "division of  In a "division of   Not permitted.
Auditor         responsibility"    responsibility"
                audit report, the  audit report, the
                principal auditor  principal auditor
                refers to the      refers to the work
                work of another    of another
                auditor.           auditor.


Deborah L. Lindberg, DBA, CPA, is a professor of accounting and Deborah L. Seifert, PhD, CPA, CMA, is an assistant professor of accounting, both at Illinois State University, Normal, Ill.
COPYRIGHT 2011 New York State Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2011 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:In Focus
Author:Lindberg, Deborah L.; Seifert, Deborah L.
Publication:The CPA Journal
Geographic Code:1USA
Date:Apr 1, 2011
Words:2754
Previous Article:Questions about going concern.
Next Article:Management integrity: the Lynchpin of a GAAS audit.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters