a global perspective of auditing standards

7/24/2019 A Global Perspective of Auditing Standards

1/19

2014 SmartPros Ltd. All rights reserved. Purchaser may print one (1) copy for his or her records.This course may not be modified or distributed in any way without prior written permission.

1

993011: A Global Perspective of Auditing Standards

Section 1: Introduction

1.1: Instructions

Course Requirements

This course consists of the following: learning objectives, glossary of key terms, index, text

and graphics to illustrate course subject matter, review questions and a final exam. To earn

CPE credit, you are required to read all materials, answer the review questions and pass theFinal Exam. Questions on the Final Exam will be based on content found in all portions of

the course text. After passing the Final Exam, you can access and print your Certificate of

Completion. You do not have to complete the course at one sitting. If you exit the coursebefore you finish, your current location will be remembered and when you return to thecourse, you can pick up from where you left off. You have one year from the time you enroll

in the course to complete it.

Additional Course Materials

The following supplemental course documents can be found under the Course Materialsmenu: course text, outline of major topics covered, details, and index. The course detailsinclude the course overview, learning objectives, field of study, prerequisites/advanced

preparation if any, and course level.

Course Navigation

To navigate throughout the course, you can use the "Section Locators" in the upper left

portion of the screen (below the course title) or the "Course Menu" in the lower left portion

of the screen to jump from one Section to another. Additionally, you may use the controls in

the lower right portion of the screen to navigate forward and backward within the course.Please note that this course has restricted navigation and you will not be allowed to proceed

beyond the furthest point in the course that you have reached. For additional informationabout course navigation, please refer to the "Navigation Glossary" under the Help menu.

1.2: Learning Objectives

After completing this course, the course participant should be able to:

Identify the four sources of external auditing standards.

Distinguish the circumstances within which each of the four sources of auditing

guidance applies.

Recognize the role of internal auditing in the context of global auditing standards.

Understand the purpose of the Clarity Projects.


2/19



2

1.3: Glossary

American Institute of Certified Public Accountants (AICPA)The AICPA is a U.S. professional organization responsible for establishing standards foraudits of non-issuers (private U.S. companies) and providing leadership for the CPA

profession (www.aicpa.org). It issues Statements on Auditing Standards (SAS).

Clarity ProjectSubstantial projects initiated by the AICPA and IAASB to harmonize their standards and

standardize the format.

U.S. Government Accountability Office (GAO)An independent and nonpartisan federal agency responsible for issuing standards for the

audits of governmental entities (www.gao.gov).

The Institute of Internal Auditors (IIA)

A professional organization that guides the practice of internal auditing through the issuanceof standards to ensure consistency and quality (https://global.theiia.org).

International Auditing and Assurance Standards Board (IAASB)

An independent standard-setting body for international auditing, assurance, and relatedstandards, which issues International Standards on Auditing (ISA).

IssuerA legal entity that registers and sells securities for sale to the public. An issuer must reportto the U.S. Securities and Exchange Commission.

Non-issuerA private company that is not required to report to the U.S. Securities and ExchangeCommission.

Public Company Accounting Oversight Board (PCAOB)This nonprofit corporation was established by Congress in 2003 to oversee the audits of

public companies (issuers). It issues Auditing Standards (AS) and reports to the U.S.

Securities and Exchange Commission (pcaobus.org).

Sarbanes-Oxley Act of 2002U.S. Congress passed Public Law 107-204, which created the Public Company Accounting

Oversight Board and charged it with issuing standards for the audits of issuers (entities thatmust report to the Securities and Exchange Commission).

The Single Audit ActU.S. legislation that prescribes entity-wide auditing requirements to assure that federal

monies were expended in accordance with intended agreements.

The Yellow BookStandards for the conduct of financial and performance audits and attestation engagements

for U.S. governmental entities issued by the U.S. Government Accountability Office. Alsoreferred to as Generally Accepted Government Auditing Standards (GAGAS).
http://www.gao.gov/http://www.gao.gov/http://www.gao.gov/https://global.theiia.org/https://global.theiia.org/https://global.theiia.org/http://www.gao.gov/


3/19



3

Section 2: Overview

2.1: Introduction

The purpose of this course is to offer a global perspective of the different sets of

professional auditing standards that exist today. Multiple sources of auditing guidance existfor external auditors, and the applicable source depends upon the client that is served. One

primary source exists for internal auditors on an international level. For purposes of thiscourse, an external auditor is hired to offer independent assurance about financial

information or other performance measures. An internal auditor is employed by the auditedentity to offer objective assurance about whether an entitys objectives are met.

The following topics are addressed:

A general overview of the auditing profession.

Four primary sources of external auditor guidance.

Overview of standards for internal auditors.

The interrelationship of external and internal auditing standards.

Historical underpinnings of extant practice.

2.2: Overview of the Auditing Profession

In July, 2002, U.S. Congress passed Public Law 107-204, popularly known as the Sarbanes-

Oxley Act of 2002 after its co-sponsors. Senator Paul Sarbanes (D-MD) and RepresentativeMichael G. Oxley (R-OH) championed the far-reaching legislation.

Notably the Sarbanes-Oxley Act created the Public Company Accounting Oversight Board(PCAOB), which is charged with the responsibility to regulate auditors of companies

registered with the U.S. Securities and Exchange Commission (SEC), called issuers. A

significant duty of the PCAOB is to promulgate auditing standards specifically designed forthe conduct of these audits. This historical legislation forever altered the landscape of theauditing profession in the U.S., and impacted the relationship to international auditing

standards.

Four sets of auditing standards exist that impact external auditors, and to some extent,internal auditors:

1. American Institute of Certified Public Accountants (AICPA)2. International Auditing and Assurance Standards Board (IIASB)

3. Public Company Accounting Oversight Board (PCAOB)

4. U.S. Government Accountability Office (GAO)

The AICPA, faced with a legislative-imposed altered focus, worked toward convergence with

IAASB so as to minimize conflict with PCAOB. The GAO meanwhile issued new standards in2011 that assert a separation from a specific standard-setting body to reduce confusion.

One source of guidance exists for internal auditors:

The Institute of Internal Auditors (IIA) - The IIA is the primary guide for the

international practice of internal auditing.


4/19



4

Figure 2.2depicts the global perspective of external and internal auditing standards. Aswill be discussed, the source of external auditing standards depends upon the nature of the

audited entity. However, internal auditing standards apply regardless of entity.

Figure 2.2. Sources of Auditing Standards

Externalauditing

standards

AICPA IIASB PCAOB GAO

Audited entityNon-

issuersNon-U.S.entities

IssuersGovernment

andnonprofit

Internal

auditing

standards

The IIA

The remaining units of this course are dedicated to offering an overview of the standardsapplicable for each of the four external auditing standard-setting bodies and the IIA.

Section 3: The American Institute of CPAs

3.1: Overview

The American Institute of CPAs (AICPA)Auditing Standards Board(ASB) is the designated

senior committee to promulgate standards for the conduct of audits for non-issuers calledStatements on Auditing Standards (SAS). In addition to auditing standards, the ASB alsoprovides guidance on the following for professional practice related to non-issuers:

Statements on Standards for Attestation Engagements (SSAE).

Statements on Quality Control Standards (SQCS).

The AICPA was founded in 1887 as a professional organization in the U.S. It has served as

the primary organization to enhance the accounting profession by establishing educationaland performance requirements for professional practices, including the creation and grading

of the Uniform CPA exam. Its commitment to quality elevated accounting to a profession,with the primary goal of serving the public interest. As of 2013, the AICPA boasted 370,000

members in 128 countries, which includes CPAs, student affiliates, and internationalassociate members (www.aicpa.org).

3.2: Statements on Auditing Standards (SAS)

Standards issued by the ASB apply to the performance conduct of audits for non-issuers. Anon-issuer is meets the following criteria:

An entity not defined as an issuer by the Sarbanes-Oxley Act.


5/19



5

An entity not obligated to follow PCAOB standards.

An international entity (see IIASB in Section 6).

Until the PCAOB was created, all auditors relied upon the ASB for guidance on all assuranceengagements. The watershed event (Sarbanes-Oxley) essentially transferred responsibilityfor standard-setting from the private sector to a quasi-public entity that reports to the

Securities and Exchange Commission. Thus the AICPA was faced with the daunting task offinding relevance in an environment of shrinking responsibility. It seized the opportunity in asignificant way by embarking upon the so-called Clarity Project.

The Clarity Project had several objectives:

Redraft extant standards to improve readability and comprehension.

Align standards with those issued by the IIASB (Section 6).

Bear in mind that when the Clarity Project was initiated, SAS had been promulgated,revised, superseded, or modified over a century of time. SAS No. 1, Codification of Auditing

Standards and Procedures, was issued in 1972. Its format was to prescribe AU sectionstocorrespond to each specific topic. As additional standards were issued, they were ascribed

to a numerical sequence (sections of SAS No. 1 were marked as superseded whenappropriate).

Thus it was a reasonable goal even in the absence of the political change imposed by thecreation of the PCAOB, to redraft the standards in more accessible language. The redrafted

SASs are formatted in a similar fashion:

An introductionstates the purpose and applicability of the standard.

An objectiveidentifies the context.

Terms introduced in the standard are defined.

The specific audit requirementsare outlined.

Explanatory material is separately included.

Additional conventions incorporated in the redrafted SAS included the use of bulleted lists,

and referencing to special situations such as audits based on entity complexity or for auditsof governmental entities.

3.3: AICPAs Clarity Project Overview

As a result of the Clarity Project, the redrafted SASs were reissued as SAS No. 122,

Statements on Auditing Standards:Clarification and Recodification. SAS No. 122, which is

effective for applicable audit of financial statements for periods ending on or after December

15, 2012, supersedes all SASs through SAS No. 121 with some exceptions:

SAS No. 51, Reporting on Financial Statements Prepared for Use in Other Countries.

SAS No. 59, The Auditors Consideration of an Entitys Ability to Continue as a GoingConcern (subsequently replaced with SAS No. 126 of the same title).

SAS No. 65, The Auditors Consideration of the Internal Audit Function in an Audit ofFinancial Statements.

SAS No. 87, Restricting the Use of an Auditors Report.

SAS No. 117, Compliance Audits.

SAS No. 118, Other Information in Documents Containing Audited FinancialStatements.


6/19



6

SAS No. 119, Supplementary Information in Relation to the Financial Statements as

a Whole.

SAS No. 120, Required Supplementary Information.

Along with the revised formatting of the redrafted standards, SAS No. 122 recodified thestructure to align with the codification system used by the IIASB, which accomplishes the

goal of converging the two sets of standards. It thus offers the first time that U.S.-basedstandards achieved harmony with an international auditing standard-setting body.

The revised AU codification scheme is presented in Figure 3.3.

Figure 3.3. Summary of ASB Clarified SAS Codification Scheme

Clarified

AUSectionSeries

Topic

200 General Principles and Responsibilities300-499 Risk Assessment and Response to Assessed Risks500 Audit Evidence

600 Using the Work of Others700 Audit Conclusions and Reporting800 Special Considerations900 Special Considerations in the United States

In essence, SAS No. 122 accomplishes what SAS No. 1 did in 1972: existing standards wererefitted to a new and more understandable structure. All subsequently issued SASs will

serve to update what is codified in SAS No. 122 (and SAS Nos. 117-120, 126, and 127,

which were issued in the updated clarified format).

As a special note, the term AU-Cis used for a brief period of time between the issuance ofSAS No. 122 and the time in 2015 when it becomes fully applicable to all engagements. The

reason is that the PCAOB continues to use the AU sections it adopted as interim standards

in 2003 (see Section 6), and the temporary adjustment will assist professionals inappreciating the distinction:

The clarified codification system no longer agrees with the one used by PCAOB.

The clarified codification system is in substantial agreement with the one used byIAASB.

In 2015 and beyond it is critical to observe the standard-setter when referencing AUsections specifically. This conflict will endure until such time as the PCAOB has extinguishedthe AU sections it inherited in 2003. However, references to AU-C are unique to AICPA.

SASs are not publicly available, but may be purchased directly from the AICPA(www.aicpa.org).
http://www.aicpa.org/http://www.aicpa.org/http://www.aicpa.org/http://www.aicpa.org/


7/19



7

3.4: Independence

The AICPA requires that auditors be independent in fact and in appearance, which is

required both by SAS and by its Code of Professional Conduct(the latter follows Rule 101and related interpretations).

The Codeapplies to AICPA members conducting audits for any client, as stated in Rule101.01:

In performing an attest engagement, a member should consult the rules of hisor her state board of accountancy, his or her state CPA society, the PublicCompany Accounting Oversight Board and the U.S. Securities and Exchange

Commission (SEC) if the member's report will be filed with the SEC, the U.S.

Department of Labor (DOL) if the member's report will be filed with the DOL,the Government Accountability Office (GAO) if law, regulation, agreement,

policy or contract requires the member's report to be filed under GAO

regulations, and any organization that issues or enforces standards ofindependence that would apply to the member's engagement. Such

organizations may have independence requirements or rulings that differ from(e.g., may be more restrictive than) those of the AICPA.

(Source:http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.aspx#et_1

01)

Section 4: Mid-Review Questions

Section 5: International Auditing and Assurance Standards Board

5.1: Overview

Auditors of non-U.S. entities subscribe to standards established by the International

Auditing and Assurance Standards Board (IAASB). The IAASB was officially named in 2002as derived from its predecessor, the International Auditing Practices Committee (IPAC),which was founded in 1978. Importantly, the IAASB is supported by the International

Federation of Accountants (IFAC), which works in cooperation with the International

Accounting Standards Board (IASB) in the promulgation of International Financial ReportingStandards (IFRS).

The IAASBs stated purposes are as follows:

Serve the public interest.

Set international auditing, assurance, and quality control standards. Assist with convergence of international and local auditing standards.

Facilitate consistent auditing practice internationally.

The IAASB is independent of governmental bodies and is perceived as a global leader in itsstandard-setting endeavors. The IAASB regularly hosts meetings of national standardsetters to this purpose, including the following countries:

Australia
http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.aspx#et_101http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.aspx#et_101http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.aspx#et_101http://www.aicpa.org/Research/Standards/CodeofConduct/Pages/et_101.aspx#et_101


8/19



8

Brazil

Canada

China

France

Germany

India

Japan New Zealand

South Africa

The Netherlands

United Kingdom

United States of America

As part of its reconstitution from IPAC to IAASB, a Clarity Project related to its auditingstandards was undertaken in 2004 and completed in 2009. The effective date was for audits

of financial statements for periods beginning on or after December 15, 2009.

In a manner similar to that followed by the AICPA (Section 3), the IAASB redrafted orsubstantively revised its auditing guidance in a standardized and codified system. The

project resulted in the issuance of clarified International Standards on Auditing (ISAs) thatconform to the following style:

The objectivesare stated.

The responsibilityto meet the objectives is established.

Ambiguityin the language and requirements is eliminated.

Improvedreadability.

The codification of the ISAs is aligned with that of the AICPA s SASs, and appears in Figure

5.1. Note that it differs from the SAS codification only in the 800-900 series.

Figure 5.1. Summary of IAASBs Clarified ISA Codification

SchemeISA

Codification

Series

Topic

200-299 General Principles and Responsibilities300-499 Risk Assessment and Response to Assessed Risks

500-599 Audit Evidence

600-699 Using the Work of Others700-799 Audit Conclusions and Reporting

800-899 Specialized Areas

At least 80 jurisdictions are either using ISAs, adapting ISAs, or are in the process of

formally considering ISAs as their national auditing standards. As example, The EuropeanUnion requires ISAs for statutory audits within its jurisdiction, a significant step towardglobal acceptance:

The Company Law Directive on statutory audit allows the Commission to

adopt international auditing standards for the application in EU. Audits ofannual accounts or consolidated accounts required under Community lawshall be carried out in accordance with these standards adopted by the

Commission.


9/19



9

Source:http://ec.europa.eu/internal_market/auditing/isa/index_en.htm.

In addition to ISAs, the IAASB also issues the following guidance for practicing accountants:

International Standards on Assurance Engagements (ISAEs).

International Standards on Related Services (ISRSs).

International Standards on Quality Control (ISQCs).

The IAASB is staffed by 17 volunteer members from around the world with a full-time

chairman. Any stakeholder may nominate an individual for consideration. The board is

comprised of practitioners in and out of public practice and at least three membersnominated by the public. Accordingly, the IFAC approves all appointments.

Individual ISAs are publicly available as PDF files at no charge at the following:http://www.ifac.org/auditing-assurance/publications-resources?publication-

type=203&source=30&issues=&language=87&x=51&y=9&sort=date

Note: Filter byHandbooks, Standards, and Pronouncements and choose preferredlanguage.

5.2: Code of Ethics for Professional Accountants

Individuals conducting audits in accordance with standards established by IAASB are

obligated to adhere to Code of Ethics for Professional Accountants, published by theInternational Ethics Standards Board for Accountants (IESBA). Section 290 of the Codespecifically addresses independence requirements for assurance engagements, includingaudits conducted in accordance with ISAs. Independence is required in two aspects:

1. Independence of mind, which requires an individual to act with integrity, objectivity, andprofessional skepticism when conducting an audit.

2.

Independence in appearance, which suggests that an auditors behavior should notcause a third party to question the individuals integrity, objectivity, or professionalskepticism.

The Codeis available at no charge at this link:http://www.ifac.org/sites/default/files/publications/files/2012-IESBA-Handbook.pdf

Section 6: Public Company Accounting Oversight Board

6.1: Overview

In April 2003, the Public Company Accounting Oversight Board (PCAOB) included andaccepted the existing auditing standards from the AICPA, which are codified in AU sections

(pcaobus.org). Over time, it has issued additional Auditing Standards (AS) to supersedemany of these inherited or so-called interimauditing standards. For a brief moment in

history, the standards of both the AICPA and PCAOB were identical. However, PCAOB

quickly altered the interim standards to have language conforming to the specific goal ofissuer audits, including wording in the standard audit report. A significant effort was spentto develop standards to address the Sarbanes-Oxley Section 404 requirement for the audit

of internal control effectiveness, something not required of non-issuers.
http://ec.europa.eu/internal_market/auditing/isa/index_en.htmhttp://ec.europa.eu/internal_market/auditing/isa/index_en.htmhttp://ec.europa.eu/internal_market/auditing/isa/index_en.htmhttp://www.ifac.org/auditing-assurance/publications-resources?publication-type=203&source=30&issues=&language=87&x=51&y=9&sort=datehttp://www.ifac.org/auditing-assurance/publications-resources?publication-type=203&source=30&issues=&language=87&x=51&y=9&sort=datehttp://www.ifac.org/auditing-assurance/publications-resources?publication-type=203&source=30&issues=&language=87&x=51&y=9&sort=datehttp://www.ifac.org/sites/default/files/publications/files/2012-IESBA-Handbook.pdfhttp://www.ifac.org/sites/default/files/publications/files/2012-IESBA-Handbook.pdfhttp://www.ifac.org/sites/default/files/publications/files/2012-IESBA-Handbook.pdfhttp://www.ifac.org/auditing-assurance/publications-resources?publication-type=203&source=30&issues=&language=87&x=51&y=9&sort=datehttp://www.ifac.org/auditing-assurance/publications-resources?publication-type=203&source=30&issues=&language=87&x=51&y=9&sort=datehttp://ec.europa.eu/internal_market/auditing/isa/index_en.htm


10/19



10

PCAOB auditing standards are applicable to auditors of entities registered with and reporting

to the U.S. Securities and Exchange Commission (SEC), even if that registration is not yeteffective as with initial public offerings under the U.S. Securities Act of 1933.The stated purposes of the PCOAB are as follows:

Oversee the audits of issuers to protect investor interests. Serve the public interest by ensuring informative, accurate, and independent audit

reports.

Establish standards for audits, quality control, ethics, independence, and other

appropriate reports for issuers.

Inspect registered public accounting firms.

Conduct investigations and disciplinary proceedings where justified.

The organization of the PCAOB is described by Title I of the Sarbanes-Oxley Act, Public

Company Accounting Oversight Board:

Shall be a nonprofit corporation (not a U.S. government agency).

Five members serve on the Board.

Only two of the five members of the Board may be CPAs. If a CPA is chairperson, then the individual must not have practiced as a CPA within

five prior years.

The term of service is five years, with two terms maximum.

The SEC has oversight and enforcement authority over the PCAOB, including approval ofnew Auditing Standards, appointment of membership to the Board, and budget. All actions

taken with respect to the PCAOB are publicly announced at www.sec.gov.

6.2: Auditing Standards Summary

PCAOB standards originate from two sources, which are referred to in audit reports as..the

standards of the Public Company Accounting Oversight Board (United States):

1. Auditing Standards(AS) adopted by the PCAOB and approved by the SEC.

2. Interim Standards(AU sections) all SASs in existence as of April 16, 2003 that have notto date been amended or superseded.

A depiction of the historical shift in auditing standards from the landmark legislation appearsin Figure 6.2.

Figure 6.2. Divergence of U.S. Auditing Standards

AICPAs SASNos. 1-95

November 2011

PCAOB interim standards(AU 110-901) to the extent

not amended or superseded byAuditing Standards

(AS).

AICPA Clarified Auditing Standards (SAS No. 122) re-

codified to conform to ISAs.

The interim standardsare set up in the original codification, which is no longer consistentwith the AICPA:


11/19



11

100-200 General Standards (guide individual auditors behavior)

300 Standards of Field Work (guide conduct of the audit)

400-500 Standards of Reporting (guide preparation of the audit report)

600-901 Guidance on specialized situations

6.3: Summary of PCAOB Auditing Standards

A detailed overview ofAuditing Standardsis beyond the scope of this course, but a briefsummary reveals how the PCAOB has parted company with the interim standards. The

PCAOB maintains an active agenda with the ultimate goal of supplanting the interim

standards with its ownAuditing Standards, a lofty ambition at this point in time. Thus apriority is to update those that impact the audits of issuers most specifically first.

AS No. 1, References in Auditors Reports to the Standards of the Public CompanyAccounting Oversight Board(May 24, 2004), was the first AS promulgated. The PCAOBsessential objectives were to do the following:

Adopt the AICPA SASs as interim standards.

Immediately update guidance for references in the auditors reports to the PCAOBstandards.

AS No. 3,Audit Documentation(August 25, 2004), establishes requirements for

documentation to prepare and retain that supports the auditors conclusions. .

AS No. 4, Reporting on Whether a Previously Reported Material Weakness Continues to

Exist(February 6, 2006),points to guidance for the unique aspects of reporting aboutinternal control over financial reporting.

AS No. 5,An Audit of Internal Control Over Financial Reporting That Is Integrated with An

Audit of Financial Statements(November 15, 2007), provides specific guidance on how to

address responsibility under Section 404 of the Sarbanes-Oxley Act. This updated guidance

superseded AS No. 2,An Audit of Internal Control Over Financial Reporting Performed inConjunction With an Audit of Financial Statements, as it incorporates lessons learned from

the first attempt to prescribe guidance about auditing internal control effectiveness.

AS No. 6, Evaluating Consistency of Financial Statements(November 15, 2008),superseded interim standards on the same topic.

AS No. 7, Engagement Quality Review (December 15, 2009), is new guidance for auditorsregarding the engagement quality reviewer. A partner or equivalent has obligations under

PCAOB to ensure the engagement met PCAOB standards.

Risk Assessment Suite Standards. The PCAOB issued AS No. 815(December 15,

2010) as an overarching set of guidance to consider, assess, and respond to the risk of

material misstatement (audit risk). This suite of standards superseded a significant portionof the interim standards associated with field work. A summary of the titles appears in

Figure 6.3.

AS No. 16, Communications with Audit Committees(December 15, 2012), supersedes

interim standards on the same topic.


12/19



12

Additional standards are on the PCAOB agenda, including the following topics:

Related parties.

Supplemental information in audited financial statements.

Confirmations.

The auditors reporting model.

Going concern.

Figure 6.3. PCAOB Risk Assessment Suite Standards

AuditingStandard

No.

Title

8 Audit Risk9 Audit Planning

10 Supervision of the Audit Engagement

11 Consideration of Materiality in Planning and Performing the Audit12 Identifying and Assessing Risks of Material Misstatement13 The Auditors Responses to the Risks of Material Misstatement14 Evaluating Audit Results

15 Audit Evidence

All PCAOB Auditing Standards (including interim standards) are publicly available at no cost:

http://pcaobus.org/Standards/Auditing/Pages/default.aspx.

6.4: Comparison of PCAOB and AICPA/IAASB Standards

The Sarbanes-Oxley Act clearly altered the landscape for the conduct of audits. In spite ofthe difference in codification schemes and standard names, the divergence with respect to

the conduct of an audit is not so daunting. Some of the more salient issues are summarized

next, although an extensive analysis is beyond the scope of this course.

The significant difference is that non-issuers or non-U.S. entities do not have therequirement for an audit of the effectiveness of internal control over financial

reporting. Thus the concept of the integrated audit is unique to PCAOB standards.

ISAs do not permit a principal auditor to make reference to the work of another

auditor, something that is permitted in the U.S.

PCAOB documentation standards are prescriptive in nature, while ISAs are based

more on professional judgment. AICPA standards also are fairly prescriptive innature.

Thus the essential burden borne by auditors of issuers relate to the nontrivial regulatoryrequirement for the integrated audit. Ultimately all auditors must use judgment in obtainingsufficient appropriate evidence to inform a judgment about the fair presentation of the

financial statements (or control effectiveness for issuers).

6.5: PCAOB Independence Standards

The PCAOB adopted independence rules in the AICPAs Code of Professional Conduct asinterim Ethics & Independence (ET) standards that were in effect on April 16, 2003. As with

the auditing standards, independence standards consist of two elements:
http://pcaobus.org/Standards/Auditing/Pages/default.aspxhttp://pcaobus.org/Standards/Auditing/Pages/default.aspxhttp://pcaobus.org/Standards/Auditing/Pages/default.aspx


13/19



13

1. ET 101, Independence, which is the portion of the interim standard that has not beenamended or superseded by the PCAOB. These rules are in harmony with those required

for auditors following SAS audits for non-issuers.

2. Rule 3520,Auditor Independence, which is updated guidance adopted by the PCAOB andapproved by the SEC.

The specific language of Rule 3520,Auditor Independence, is specific to the audits ofissuers:

A registered public accounting firm and its associated persons must be independent of

the firm's audit client throughout the audit and professional engagement period.

Note 1: Under Rule 3520, a registered public accounting firm or associated person'sindependence obligation with respect to an audit client that is an issuer encompasses

not only an obligation to satisfy the independence criteria set out in the rules andstandards of the PCAOB, but also an obligation to satisfy all other independence criteria

applicable to the engagement, including the independence criteria set out in the rules

and regulations of the Commission under the federal securities laws.

Note 2: Rule 3520 applies only to those associated persons of a registered public

accounting firm required to be independent of the firm's audit client by standards, rulesor regulations of the Commission or other applicable independence criteria.

(Source:http://pcaobus.org/Rules/PCAOBRules/Pages/Section_3.aspx#rule3520)

Section 7: U.S. Government Accountability Office

7.1: Overview

Auditing standards for the audits of governmental and nonprofit entities are complex, andmuch of the detail exceeds the scope of this overview. However, the primary sources of

guidance are identified to provide direction to identify the appropriate standards given

specific circumstances.

The U.S. Government Accountability Office (GAO) issues generally accepted government

auditing standards (GAGAS) for the following audits:

Government entities and entities that receive federal financial assistance.

State and local governments and nonprofit entities that receive federal awards as

required by the Single Audit Act.

OMB Circular No. A-133 requires GAGAS for compliance with is policies.

Jurisdictions may require GAGAS for audits of state and local governments.

Voluntarily used in the U.S. and other countries for audits of federal, state, and localgovernment programs or of government financial awards administered by nonprofitor nongovernmental entities.

GAGAS also is referred to as a Yellow Bookaudit, named so because the cover of the printversion of the standards is conspicuously bright yellow. However, GAGAS can be obtained inPDF format at no charge or a print copy may be purchased via the following link:

http://www.gao.gov/yellowbook.
http://pcaobus.org/Rules/PCAOBRules/Pages/Section_3.aspx#rule3520http://pcaobus.org/Rules/PCAOBRules/Pages/Section_3.aspx#rule3520http://pcaobus.org/Rules/PCAOBRules/Pages/Section_3.aspx#rule3520http://www.gao.gov/yellowbookhttp://www.gao.gov/yellowbookhttp://www.gao.gov/yellowbookhttp://pcaobus.org/Rules/PCAOBRules/Pages/Section_3.aspx#rule3520


14/19



14

Auditors who conduct Yellow Book audits may be employed by independent publicaccounting firms, state or local legislative auditors, or federal entities.

7.2: The Single Audit Act

The Single Audit Act of 1984 (amended in 1996) along with OMB Circular A-133,Audits of

States, Local Governments, and Non-Profit Organizations, prescribe entity-wide auditingrequirements to assure that federal assistance was expended in accordance with theprovisions of the support. The Act includes the entitys financial statements and federalawards. The applicability of the Single Audit Act is as non-Federal entities that expend

$500,000 or more annually of Federal awards are required to undergo an annual audit. Thegoal of the Act is to require a one audit of the entitys awards as opposed to the formerrequirement to audit each individual federally supported program.

Sources of information for the Single Audit Act are as follows:

Single Audit Act Amendments of 1996 (Public Law 104-156, July 5, 1996)

Single Audit Act of 1984 (Public Law 98-502)

The ultimate purpose of the Act is to create a consistent and uniform reporting standard for

all entities in receipt of federal financial assistance. All Federal agencies that conduct auditsare obligated to follow GAGAS.

7.3: The Yellow Book Overview

The Yellow Book includes standards for the conduct of financial audits, performance audits,and attestation engagements. The significant details are beyond the scope of this overview.

However, the organization of the standards and applicability are described. Note that theYellow Book incorporates SAS by reference, which means a government auditor follows SASplus the provisions outlined therein.

An outline of the Yellow Book is provided in Figure 7.3. A brief discussion of each chapter ispresented in the next slide for the purpose of providing acquaintance with this guidance.

Figure 7.3. The Yellow Book Outline of Topics

Chapter Title/Topic

1 Government Auditing: Foundation and Ethical Principles2 Standards for Use and Application of GAGAS

3 General Standards4 Standards for Financial Audits5 Standards for Attestation Engagements

6 Field Work Standards for Performance Audits

7 Reporting Standards for Performance AuditsSource:http://www.gao.gov/yellowbook
http://www.gao.gov/yellowbookhttp://www.gao.gov/yellowbookhttp://www.gao.gov/yellowbookhttp://www.gao.gov/yellowbook


15/19



15

7.4: Summary of Yellow Book by Chapter

Chapter 1: Government Auditing: Foundation and Ethical PrinciplesThe first chapter provides an overview of the importance of government audits, notably thatthey provide accountability of the performance of managers and officials in the discharge of

their duties to the following:

Legislators

Oversight bodies

Individuals charged with governance

Public

The overarching purpose of a government auditing is to inform these stakeholders to

improve allocation of resources, improve government programs and operations, andincrease transparency regarding the use of public monies. This chapter highlights the ethicalprinciples that guide a government auditor:

The public interest

Integrity

Objectivity

Proper use of information

Professional behavior

Chapter 1 also points to the individual auditors responsibility to adhere to applicable codesof conduct (for example, the AICPAsCode of Professional Conductapplies for AICPAmembers).

Chapter 2: Standards for Use and Application of GAGASChapter 2 provides an overview of the types of audits and attestation engagementsaddressed by the Yellow Book:

Financial audits: an opinion about conformity with an applicable financial reportingframework.

Attestation engagements: assurance engagements [all of the AICPAs Statements

on Standards for Attestation Engagements (SSAE) are incorporated by reference].

Performance audits: report of findings, conclusions, and suggestions about a

programs effectiveness, performance, and operations.

The GAO gives auditors the option of using AICPA, IAASB, or PCAOB standards inconjunction with Yellow Book audits.

Chapter 3: General StandardsThis chapter provides requirements for the conduct of any Yellow Book engagement as

described in its Chapter 2. The principal considerations include the following:

Independence of mind and in appearance

Professional judgment using reasonable care and professional skepticism

Competence of the audit team, including very specific requirements for continuingprofessional education

Quality control and assurance requirements for the audit organization


16/19



16

Chapter 4: Standards for Financial AuditsStandards for financial audits may be viewed asSAS plus Yellow Book. SAS are

incorporated by reference, so only the additional requirements are outlined in Chapter 4.These additional requirements pertain to these issues:

Auditor communication.

Previous audits and attestation engagements. Fraud, noncompliance with provisions of laws, regulations, contracts, and grant

agreements, and abuse.

Developing elements of a finding.

Audit documentation.

Chapter 5: Standards for Attestation Engagements

Standards for attestation engagements augment the AICPAs SSAEs, which are incorporatedin Chapter 5 by reference. The additional work required for an attestation engagement may

differ depending upon the nature of the service performed, but are along the same lines asthe additional requirements for financial audits. The three types of attestation services

include:

Examination (positive assurance) Review (negative or limited assurance)

Agreed-upon procedures

Chapter 6: Field Work Standards for Performance Audits

The field work requirements define an overall approach to assist an auditor in obtainingsufficient and appropriate evidence to express a conclusion. The framework identifies three

aspects as being critical:

1. Reasonable assurancegenerally refers to the judgment required to determine if

evidence is sufficient and appropriate for the conclusions reached.

2.

Significanceis akin to materiality in a financial audit, and drives the decisions aboutthe type and extent of audit work to be performed.

3. Audit riskis the possibility that the wrong conclusions are reached. For example,

inadequate audit processes or a fraudulent misrepresentation could occur.

The three critical aspects can best be managed with an appropriate audit plan and program,

which includes understanding and testing internal controls over the programs and relevantinformation systems.

Chapter 7: Reporting Standards for Performance Audits

Performance audits may cover a wide range of program type or activity, so specific guidance

about the preparation of the report is essential. Chapter 7 guides the auditor in the

preparation of the report, which is driven by its intended use and the users needs.

Section 8: Internal Auditing Standards

8.1: Overview

Internal auditing is an objective assurance function intended to improve operations and

accomplish managements objectives through a formal process of evaluating and improving


17/19



17

risk management, control, and governance. To ensure objectivity, internal auditors shouldreport directly to the board of directors or equivalent. The global organization that sets

standards for the practice of internal auditing is The Institute of Internal Auditors (IIA),based in the U.S. A variety of professional certifications are available for individualsengaged in internal auditing, notably:

Certified Internal Auditor (CIA), the globally recognized certification from the IIA. Certified Government Auditing Professional (CGAP) for auditors in the public sector

from the IIA.

Certified Information Systems Auditor (CISA), for those with specific technology

expertise (seewww.isaca.org).

The IIAs guidance is published in International Professional Practices Framework(IPPF),

available for purchase from theiia.org. The IPPF consists of two components:

1. Mandatory guidance.

2. Strongly recommended guidance.

8.2: IPPF Mandatory Guidance

Members are obligated to comply with the mandatory guidance, viewed as fundamental tothe practice of professional internal auditing. This guidance becomes effective after a formal

process of exposure draft and comment from stakeholders. The three mandatory elementsare described next.

The first required element is the definition of internal auditing:

Internal auditing is an independent, objective assurance and consulting

activity designed to add value and improve an organization's operations. Ithelps an organization accomplish its objectives by bringing a systematic,

disciplined approach to evaluate and improve the effectiveness of riskmanagement, control, and governance processes.

Source:https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspx

The second required component is the standards, which are principle based and provide a

beacon for proper practice. These standards include formal statements, interpretations, andglossary terms. The standards are arranged in the following categories:

Attribute standards

Performance standards

The attribute standards, among other things, prescribe how to recognize individualrequirements for qualification as an internal auditor and how to implement an appropriate

quality assurance and improvement program.

The performance standards guide that activities of the engagement, and include planning,

coordination, risk management, supervision, documentation, and communication of results.

A summary of the IPPF Standards appears in Figure 8.2.
http://www.isaca.org/http://www.isaca.org/http://www.isaca.org/https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttps://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttps://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttps://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttps://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttps://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of-Internal-Auditing.aspxhttp://www.isaca.org/


18/19



18

Figure 8.2. IPPF Assurance and Performance Standards

Standard No. Title

Attribute Standards

1000 Purpose, Authority, and Responsibility1100 Independence and Objectivity1130 Impairment to Independence or Objectivity

1200 Proficiency and Due Professional Care1300 Quality Assurance and Improvement Program

Performance Standards2000 Managing the Internal Audit Activity2100 Nature of Work2200 Engagement Planning

2300 Performing the Engagement2400 Communicating Results2500 Monitoring Progress2600 Communicating the Acceptance of Risks

Source:https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf

The third required element of the IPPF is the Code of Ethics, which identifies expectationsfor individual behavior. The Code consists of four principles to direct actions:

1. Integrity2. Objectivity

3. Confidentiality

4. Competency

In addition to the Principles, specific Rules exist within each that are prescriptive in nature.As an example, Rule 1.1, under the Principle of Integrity, states:

Internal auditors shall perform their work with honesty, diligence, andresponsibility.

8.3: IPPF Strongly Recommended Guidance

Three strongly recommended components exist:

1. Position Papers

2. Practice Advisories

3.

Practice Guides

1. Position Papersare published by the IIA on a variety of issues and are intended to

assist in dealing with risk, governance, and control issues. These are publicly availableat https://na.theiia.org/standards-guidance/recommended-guidance/Pages/Position-Papers.aspx.

2. Practice Advisoriespromote best practices in understanding and applying the IPPFMandatory Guidance (Definition of internal auditing, Code of Ethics, and Standards).
https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdfhttps://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdfhttps://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdfhttps://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdfhttps://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdfhttps://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf


19/19



19

These documents are available at no charge to IIA members, and may be purchasedfrom the IIA by nonmembers.

3. Practice Guidesoffer specific guidance for a range of internal audit functions. Thesedocuments are available at no charge to IIA members, and may be purchased from theIIA by nonmembers. Titles of available Practice Guides include the following:

Integrated Auditing.

Assessing Organizational Governance in the Private Sector.

Developing the Internal Audit Strategic Plan.

Coordinating Risk Management and Assurance.

Section 9: Summary

9.1: Summary

This course has offered a global perspective of auditing standards promulgated by the

following organizations:

AICPA

IAASB

PCAOB

GAO

IIA

The AICPA and IAASB completed so-called Clarity Projects to provide consistent andunderstandable language to their standards, which are essentially converged with minor

exception. However, these standards are not applicable to the audits of entities registeredwith the U.S. Securities and Exchange Commission. The PCAOB satisfies the Sarbanes-Oxley

Act of 2002 requirement to promulgate standards that address the audits of issuers, which

consists of additional guidance to assist in the completion of the integrated audit. The GAOissues standards for the conduct of government financial and performance audits (and

attestation engagements), which essentially augment extant relevant AICPA standards.

The IIA is the global leader in the profession of internal auditing, a function that underliesall external audit work. Regardless of entity type, internal auditing exists to ensure integrity

in financial reporting and operations. All standards encourage external auditors to work with

internal auditors to the extent they are objective and competent.

In spite of the presence of five major standard-setters, the themes of the auditing

standards are consistent:

Independence

Sufficient and appropriate evidence

Skepticism

Due professional care

Proper communication with stakeholders

Section 10: Final Review Questions

Section 11: Final Exam