Audit Standards Comparison

Abstract

Audit standards are standards that set codes of conduct and other requirements of auditors when they audit financial statements or other issues relating to the finances of a company. They also relate to performance audits and certain attestation engagements (GAO, 2007). The AICPA sets all generally accepted audit standards, which are commonly termed as GAAS. GAAS still forms the basis of other standards like the GAGAS and the PCAOB standards.

Whereas the GAAS, set by the US GAO, now primarily deals with audits of non-issuer public companies, the PCAOB standards address the concern of auditors auditing issuer & certified public companies. The Generally Accepted Government Auditing Standards or GAGAS (set by GAO) apply to government organizations or organizations availing government assistance and sets standards for auditing their functions, activities, programs, etc (GAO, 2008).

There are underlying similarities in the three standards in that they address the basic audit issues like ensuring transparency, accuracy, reliability, etc of financial statements, spell out standards for audit fieldwork and performances, as also mention the continuing educational requirements & qualifications needed of auditors & audit assistants. They also basically target the protection of the firm and its assets, its finances, etc. Also, the standards seek to minimize risks. All standards are based on the AICPA’s GAAS. But they are driven by different objectives. This means that some differences exist in their content, approach, criteria, and specifications. The PCAOB has overruled the say of the AICPA in matters of issuer companies and its hold, as controlled by the SEC, overall issuer company audits are paramount and its rules still evolving.

The Audit Standards GAAS, GAGAS & the PCAOB Standards-An Introduction

External audits of governmental & non-governmental entities, both profit & non-profit, may broadly be classified into Financial Audits, Performance Audits & Attestation Engagements. The audit standards comprise General Standards. They also include Reporting as well as Field Work Standards (GAO, Jul 2007). The particular standards set by the AICPA, the Generally Accepted Audit Standards also known as GAAS are issued as SAS (Statements on Audit Standards).

This is done by the Audit Standards Board or ASB which has been set up by the AICPA. These standards relate principally to the audit processes and procedures which are to be adopted by those public companies which do not issue shares (2008). However, the US GAO sets separate rules or standards for auditing government bodies. This includes an audit of their activities and programs, as also all their functions.

It also covers the audit of other concerns-whether non-profit or NGO-which have been provided aid by the government (GAO, 2008). The objective is to ensure proper use of funded assistance availed from government bodies/agencies. The standards are known as Generally Accepted Government Audit Standards or in abbreviated form as GAGAS (GAO, Jul 2008). However, when the PCAOB was set up (this is the oversight board for public company accounting), it concerned itself with auditing companies that issued shares and were registered with the SEC (2008).

Thus, the GAAS is now applied for auditing companies that do not issue any shares, although, as per the provisions of GAGAS, “GAAS are incorporated in GAGAS by reference, unless specifically excluded by GAO by formal announcement” (GAO, Jul 2007). GAGAS includes GAAS & applies to audit of government entities & assisted firms although it may be used with PCAOB standards based on the audit requirements & organization audited (GAO, Jan 2008).

Basic Objectives & Premises behind all Audit Standards

All audit standards are based on certain broad premises & government policy & are driven by specific objectives, and these may be enumerated as follows:

1. Audit standards serve as a regulatory tool and prescribe the process to be followed by auditors for auditing financial statements, internal control process, regulatory compliance & program or management performances; they may also govern attestation engagements
2. Audits of financial statements of an organization express an opinion on the fairness with which financial statements represent the status & changes in the financial position, operational results & cash flows
3. The principles of accountability & transparency are necessary components of any organizational policy, whether for a governmental or a non-governmental organization and for an organization for profit or for a non-profit concern. An audit aims to achieve this very end.
4. Resources, particularly pubic resources, must be efficiently, ethically, effectively, equitably & economically utilized. Audits review the state of affairs in the audited company & prescribe remedial steps to be taken in a time-bound manner by management and others concerned
5. Audits must provide objective, concise, independent & factual assessments of issues relating to organizations like finances & management performance. This needs specific qualities in an auditor, particularly that he conduct an independent, impartial & proper audit
6. Professionalism & quality of audit process across all kinds of audits is necessary for all standard audit processes to achieve desired results.
7. Performance audits focus on best practices that need to be adapted based on the review & systematic examination of evidence. Such audits also assess the effectiveness of program & internal control processes (GAO, Jul 2007).
8. Standards are also to be followed in planning audits, conducting the same, and also in preparing the audit reports for any organization (GAO, Jul 2007).
9. The audit process studies internal & external quality control systems in place in an organization & recommends changes or alterations, if any, in the same based on such studies for organizational quality control.

Generally Accepted Audit Standards or GAAS (The AICPA 2008)

These audit standards, as mentioned before, are codified or modified by the AICPA from time to time. They relate to financial audits & comprise 10 standards, which are:

General Standards for Audits (The US GAO, 2007)

1. Audits need to be performed by a person or persons who has/have adequate technical training & proficiency as an auditor
2. Auditors need to maintain independence so that their assessment & opinions reflect an impartial & objective view of the issues involved.
3. Auditors must exercise due professional care in planning & conducting the audit and in preparing the audit report (GAO, Jul 2007).

Standards of Field Work during Audits (GAO, 2007)

1. Audit fieldwork must be adequately planned & properly supervised (GAO, Jul 2007).
2. The auditor must have sufficient knowledge of internal control processes so as to enable him to plan properly & arrive at the nature, extent & timing of tests to be performed for ensuring a proper audit (GAO, Jul 2007).
3. The competency and sufficiency of evidence reviewed need to be assured so that the auditor and others can form a proper opinion on the financial matters in the organization, which is subjected to the audit.

Standards for Audit Reporting (GAO, 2007)

1. The report must state if the financial statements are as per GAAP or not (GAO, 2007).
2. The report should clearly mention the circumstances in which the audit process detects an inconsistency in observing prescribed principles.
3. Financial statements must provide adequate disclosure of information and, if otherwise, this fact must be expressly stated in the audit report (GAO, 2007).
4. The report must clearly mention an opinion on the organization’s financials and it must also assert that no opinion can be expressed, if such be the case in the auditor’s considered opinion (GAO, 2007).

The New Risk Assessment Standards (Various Authors, 2008)

The AICPA has set new risk assessment standards in 2006, which have added to the number of audit standards already prescribed by the organization. These pertain to SAS No 104 to 111 & are designed to equip auditors with the capability of facing audit risks & materiality. They are also designed to ensure auditors focus on areas where risks of misstatements are more pronounced. These standards apply to private company financial statements and are effective on and from Dec 15, 2006

Generally Accepted Govt. Auditing Standards (GAGAS) (GAO, 2007)

These are set by the US GAO and are to be followed by auditors of government bodies or organizations receiving government assistance. In addition to the ten financial audit standards codified by the AICPA and any new standards or amendments to the standards by that organization, these also comprise other standards for performance audits & reporting. GAGAS comprises directives to auditors for ensuring objective assessment of appropriate and available evidence as also for ensuring appropriate reporting audit results for use of concerned parties.

The proper & economical end-use of public resources is of concern to the government and the GAGAS is a codification of audit standards for achieving this objective. The GAGAS comprise the ten audit standards outlined under GAAS as also other additional standards, which are outlined below for a better understanding of it:

General Standards

1. Staff performing the audit must collectively possess adequate professional proficiency for conducting the audit tasks. The emphasis is on collective proficiency so that the entire audit team, irrespective of an individual member’s abilities, can properly conduct the audit process. This standard also envisages the need for a continuing education & training program for auditors and their assistants. The vast & diverse knowledge required includes and is not limited to knowledge of government organizations & their functions, programs & activities, communicational skills, specialist skills, statistical sampling skills, technical & engineering skills, accounting knowledge, etc (GAO, 2007). The US GAO also fixes the desired qualifications of public accountants who are engaged to conduct audit: they must be licensed & certified public accountants or persons working for a licensed certified accounting firm; they may be public accountants, if licensed on or before Dec 31, 1970 (GAO, 2007)
2. The auditor or auditor organizations conducting audit must be mentally & organizationally independent of the audited organization; their personal & external independence should not be impaired (GAO, 2007). This is so that the auditor’s opinions, judgments & other oral and/or written communications are impartial, and viewed as such by all third persons. The three impairments to independence, viz, personal, external & organizational may manifest in diverse ways & must be totally absent.
3. In conducting the audit as also for preparing audit reports, proper and due professional care must be taken (GAO, 2007). Thus, this standard places a high degree of responsibility on the auditor to adhere to the GAGAS & GAAS. It also implies sound judgment in conducting & evaluating tests & results (GAO, 2008). Selection and non-selection of particular standards need to be highlighted with reasons in the audit report. However, this does not mean that the auditor is infallible or that he has unlimited responsibility. Also, this & other general standards borrow essentially from the AICPA (GAO, 2007).
4. All audit organizations conducting audits as per these (GAGAS) standards, must have internal quality control in place within the organization, and must also be subjected to external quality review (GAO, 2007). This means that the audit firm is following the prescribed & adequate audit policies, procedures & standards. The external quality control review is mandated once every three years by an organization, which is not related to the reviewed organization (GAO, 2007). The qualifications & abilities of reviewers are also mentioned so as to provide for an impartial & proper review. Scientific sampling methods are permitted to conduct the reviews, particularly of large organizations. The reviews cover reviews of working papers, audit reports, other documents & interviews (GAO, 2007).

Field Work Standards for Financial Statement Audits (GAO, 2007)

These include financial statement audits & audits related to financial issues and the GAGAS Field Work Standards for Financial Audits are very much related to the corresponding GAAS or SAS directives of the AICPA and need proper mention (GAO, 2008).

1. All audit work must be properly planned & assistants must be properly supervised & this is similar to the AICPA standards on the same (GAO, 2007).
2. Sufficient knowledge of the entity to be audited, its internal environment, and its internal controls are required in order to properly assess risk from material financial misstatements, and in order to find out the appropriate timing, nature & extent of further audit tests. This can be compared to the corresponding AICPA standard.
3. Appropriate inspection and observation must be conducted to gather competent and factual evidence so that a reasonable opinion on the financial state of affairs of the organization under audit may be formed. Audit work must be properly planned & materiality considered for arriving at considered opinions based on competent evidence by selecting appropriate nature, timing & extent of tests.
4. Audits must be designed so that material frauds may be detected reasonably well (GAO, 2007). It is notable that frauds are intentional misstatements.
5. Material misstatements may result from direct & material illegal acts and this is to be considered in audit design so as to ensure the reasonable detection of such misstatements through the audit process (GAO, 2007).
6. The auditor must detect any indirect illegal acts that may indirectly affect the correctness of financial statements by applying audit procedures (GAO, 2007).
7. Other than the AICPA general standards, there are additional standards under GAGAS (GAO, 2007). These are necessitated by the audit objectives & the public accountability of audits under GAGAS, unlike the GAAS, which are more general. The first such is the standard that the auditor must communicate information to the audited entity, its management, audit contractors, other related individuals & audit committee the nature and extent of planned tests, regulatory compliance, and internal control on financial reporting (GAO, 2007). While written communication is to be documented, the auditor can use professional judgment in selecting content & form of communication (GAO, 2007). In the case of the comparable AICPA standards, communication need not be completely written. Also, GAGAS broadens the number and kind of parties for such communication.
8. The second additional standard for planning for auditing financial statements is that auditors should follow up upon known & previous audits findings & recommendations, which are material, & on record (GAO, 2007). This is so as to stress materiality & achieve marked audit benefits.
9. An additional standard, this one a compliance standard for audit of financial statements, is that the audit must be designed such that the audit process detects material misstatements resulting from contractual non-compliance and which impact financial statement amounts.
10. In course of audit planning itself, the auditor should document the basis for control risk assessment at maximum levels in case of computerized IS as also the consideration that planned audit processes are modeled to achieve audit objectives & the reduction of risks by acceptable levels
11. A record of auditors’ work must be kept in the form of working papers
12. Additionally, the working paper needs to contain sufficient information so that a third person can assess the evidence explaining the results. Working papers thus need to contain the objects, scope, methods, sampling criteria used, transactional records & evidence of management reviews, which may be freely assessed by third parties.

Other Field Work Audit Standards for Financially Related Audits (GAO, 2007)

There are specific standards for financially-related audits as set by the AICPA. GAGAS incorporates these standards and this includes SAS No 75, SAS No 62, SAS No 74 & SAS No 70, relating to special reports, compliance, etc (GAO, Jul 2007).

Statement on Standards for Attestation Engagements (SSAE) ( 2008)

This includes the SSAE No. 1, SSAE No. 2, SSAE No. 3, all these as per amendments by SSAE No 9 as also the SSAE No. 4 (GAO, 2007).

Reporting Standards for Financial Audits (GAO, 2007)

GAGAS has adopted four related AICPA standards, which are as follows (GAO, 2007):

1. The audit report must state that the financial statements have been presented in accordance with generally accepted accounting principles (GAO, 2007).
2. The report must also detail the circumstances when there are inconsistencies in the financial statements with GAAP.
3. Disclosure of information in the financial statements is to be considered adequate unless provided otherwise in the report (GAO, Jul 2007).
4. An opinion statement on financial statements is mandatory in the report unless the auditor specifically states that opinion can’t be given.

Additional Reporting Standards for Financial Statement Audits (GAO, 2007)

1. The audit report must state the fact that the audit has been made as per the generally accepted government auditing standards or GAGAS, and while a report on the financial statement may cite AICPA standards, report on financial statements which need to comply with legal, regulatory or contractual requirements must be cited in GAGAS (GAO, Jul 2007).
2. The report on financial statements must include full details like the scope of audit tests for assessing legal and regulatory compliance, and details on evaluating internal controls on financial reporting. It must also present the results of tests, including any frauds, illegal acts, material non-compliances, etc in internal control systems, and also, an auditor may need to report on frauds & illegal acts to external parties (GAO, Jul 2007). This only adds responsibility to the auditor & supplements the AICPA standards.
3. The audit report should state the nature of any information prohibited from public disclosure & mention the necessity for omitting the same.
4. If otherwise legally permissible, written audit reports must be provided to proper officials of the audited organization and to the organizations arranging for such audits. This may include external funding entities. Also, the reports must be exhibited in public. Copies also need to be provided to officials having oversight authority, those who can act upon the audit recommendations & other authorized persons (GAO, Jul 2007).

Field Work Standards for Performance Audits (GAO, 2007)

1. Audit fieldwork needs to be adequately planned and while making an audit plan, the auditor needs to consider the significance & requirements of potential users of the audit report, derive an assessment of the program to be audited, take into account all legal & regulatory requirements, evaluate management controls, identify required criteria to arrive at a correct assessment of audit issues, consider staffing requirements, preparing a written audit plan, etc (GAO, Jul 2007).
2. Staff utilized for fieldwork need to be properly supervised.
3. Auditors must design audits so as to detect illegal acts or frauds and also must be alert to the possibility of such illegal acts or frauds, and provide reasonable assurance for compliance of laws & regulations in case such compliance is significant for the audit objectives (GAO, Jul 2007).
4. Auditors must understand relevant management controls, and also, in case the management controls have a significant impact on audit objectives, they must base their judgments on sufficient evidence (GAO, Jul 2007).
5. Auditor’s findings & conclusions must be based on competent, sufficient & relevant evidence and a record of the auditor’s work needs to be kept in the form of working papers and need to contain enough information from which an experienced auditor, with no link with the audit, can glean evidential information as per the audit results (GAO, Jul 2007).

Reporting Standards for Performance Audits (GAO, 2007)

• Auditors must prepare written audit reports communicating audit results (GAO, Jul 2007)
• Audit reports should be prepared and made available so as to ensure timely use by management, legislative, or other interested parties (GAO, Jul 2007).
  • Auditors must report the scope, objectives & methodology of audits & also,
  • they must report any significant findings of audits and in the applicable cases, also the auditor’s conclusions (GAO, Jul 2007).
  • Auditors must report recommendations for action. This is to correctproblem areas & to ensure operational improvement (GAO, Jul 2007).
  • Auditors must state that the audit was made as per GAGAS
  • Auditors must report all cases of significant non-compliance or Abuse found during or related to the audit, and in some cases, must Report the same directly to external parties.
  • Auditors must report the scope of their work on management controls, and also any significant weaknesses found during the audit (GAO, Jul 2007).
  • The report must contain the opinions of responsible officials of the Audited entity this includes their views on the audit findings, Conclusions, recommendations, and corrective measures needed
  • Audit reports must mention notable accomplishments, particularly relating to management improvements, which may be, used elsewhere.
  • Any significant audit issues needing further audit must be referred to Auditors involved in planning future audits (GAO, Jul 2007).
  • Any information prohibited from general disclosure needs to be Reported along with the necessity for the same
• Report prepared must be clear, concise, objective, accurate, compelling, and complete
• If otherwise legally permitted, written reports of audits must be provided to concerned officials of the audited organization or the organization arranging for the audit, including funding entities. Copies also need to be sent to other officials having oversight authority, or who can act upon audit recommendations, and also, these should be made available for public inspection, unless restricted by any law in force (GAO, Jul 2007).

PCAOB Audit Standards (PCAOB, 2008)

These are directives of the PCAOB and are concerned with audits of issuer public entities certified by the Securities and Exchange Commission or SEC. These are auditing and related professional practice standards established by the PCAOB which itself was set up under the Sarbanes-Oxley Act of 2002. Rules and standards set by the PCAOB need to be approved by the SEC. Initially, the PCAOB adopted the generally accepted auditing standards of the AICPA as interim standards but later on, it codified some detailed standards (2008). These include AS 1, AS 2, AS 2, AS 3, AS 4, and AS 5 & AS 6. Of these, AS2 was deleted and AS 3 & AS 4 modified as amended by AS 5. All the standards are comprehensive standards provided in some detail, unlike similar standards of the AICPA or the GAGAS.

1. AS1: This pertains to references in audit reports to the standards established by the Public Company Accounting Oversight Board or PCAOB. The auditor must comply with applicable auditing & professional practice standards of the PCAOB & must include the name of the city & state from which the audit report has been issued
2. AS 2: This standard incorporates a definition of internal control over financial reporting, control deficiency, significant deficiency, material weakness, control criteria, etc. The standard relates to performance and reporting requirements as per COSO‘s internal control framework.
3. AS 3: This is a comprehensive standard on audit documentation. Key features of this standard are as follows:

Audit documentation must be detailed, clearly written, must contain audit procedures performed, evidence obtained and conclusions reached, and must also support the auditor’s conclusions based on available statements in the financial statements of the audited firm. The audit documentation must also demonstrate that the engagement complied with relevant PCAOB standards and that the underlying accounting records agreed or reconciled with the financial statements (2008).

Other issues detailed include what things that the auditor must document, consider for documenting and the other matters like documenting for specific issues and the standard also introduces terms like significant findings or issues, audit adjustments, etc and deals extensively with the same (2008). Detailed background and basics for conclusions are also provided at the end of the AS 3 rules & bylaws.

1. AS 4: This audit standard is concerned with finding out whether a previously reported weakness exists or not. The engagement envisaged in this standard is voluntary and not mandatory (2008). Various related issues are discussed & rules prescribed in the paragraphs.
2. AS 5: This concerns the audit of internal control over financial reporting that is integrated with an audit of financial statements (2008).
3. AS 6: This standard set by PCAOB, 2008, updates the auditor’s responsibilities to evaluate & report upon the consistency of a company’s financial statements and align the auditor’s responsibilities with SFAS 154.

Conclusion

Thus, while all the audit standards GAAS, GAGAS & the PCAOB standards address basically the same issues and consist of the codifier’s attempt to address the broader issues relating to financial and performance audits, they are different in so far as the types of companies audited varies. The standards are more stringent for issuer companies than against non-issuer companies. Also, for companies using government assistance, public accountability for resources so users need to be addressed.

The similarities in the standards are in their attempt to address issues like the transparency of financial statements, issues relating to public accountability, and other such matters. They concern general audit principles, generally accepted standards, and common ground like audit fieldwork, communications, reporting, ethical practices, internal control systems for financial reporting, etc.

The differences are due to their very objectives. While one represents basic auditing standards evolved over time (GAAS by the AICPA), another (GAGAS by GAO) represents codified standards for auditing government organizations and organizations using government resources. Yet another (AS 1 to 6 codified by the PCAOB) represents the interests of the share-issue community and addresses the long-felt need to minimize risks due to partaking in share trading operations and aim at protecting both the general investing public as also the audited company from financial harm.

The standards are, however, still evolving, and the need is continually felt to integrate these standards with the International Audit Standards with broader objectives. Hopefully, in the present effervescent investment and commercial market, stronger standards addressing concerns of all and minimizing risk may be possible in time.

References

The AICPA, (2008), Generally Accepted Audit Standards. Web.

The Public Company Accounting Oversight Board (2008). Web.

The US GAO (2007), Government Auditing Standards. Web.

The US GAO (2007), Government Auditing Standards, the Yellow Book. Web.

Tie, R. (2006), The New World of Auditing Standards. Web.

Various Authors, (2008), Risk Assessment Standards in Action. Web.