CPA Journal, The
A Comparison of U.S. Auditing Standards with International Standards on Auditing
by Lindberg, Deborah L, Seifert, Deborah L | Apr 2011
Moving Toward Convergence
International Standards on Auditing (ISA) are targeted for convergence with existing auditing standards in the United States and other countries. Until convergence efforts are further along, however, there are five principal areas for which differences currently exist among U.S. generally accepted auditing standards (GAAS), Public Company Accounting Oversight Board (PCAOB) auditing standards, and ISAs.
ISAs are issued by the International Auditing and Assurance Standards Board (LAASB) of the International Federation of Accountants (IFAC), the successor organization to the International Auditing Practices Committee (IAPC). Similar to the manner in which the Auditing Standards Board (ASB) writes auditing and assurance standards under the auspices of the AICPA and the PCAOB issues standards that are approved by the SEC, the IAASB writes standards under the auspices of IFAC. Presently, more than 100 countries use or rely on ISAs.
In the United States, the ASB, which sets auditing standards for nonpublicly traded entities, has launched the Clarity Project in an effort to make U.S. GAAS easier to read, understand, and apply. The Clarity Project also includes the goal of working toward convergence of U.S. auditing standards with ISAs. This convergence project is attempting to make auditing standards coordinated, or comparable, throughout the world. At the time of this writing, the ASB' s Clarity Project is still a work in progress.
The PCAOB, created by the Sarbanes Oxley Act of 2002 (SOX) to oversee the auditors of public companies, considers the IAASB standards in developing its own proposed standards. Some critics of the PCAOB contend that it has failed to adequately take into account or promote the need for international convergence of auditing standards; however, the PCAOB recently undertook a major revision of its risk assessment standards. The PCAOB adopted a suite of eight auditing standards related to the auditor's assessment of, and response to, risk in an audit. The eight new risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010, and address audit procedures from the initial planning stages through the final evaluation of audit procedures and results (see pcaobus.org/ News/Releases/Pages/08052010AuditingSt andardsRiskAssessment.aspx). As a result, PCAOB auditing standards and ISAs have more similarities than ever before.
ISAs on the CPA Exam
Beginning in January 2011, the CPA exam began testing candidates on international standards. Content Specification Outlines (CSO) issued in May 2009 indicate that candidates taking the Auditing and Attestation (AUD) section of the CPA exam are now expected to demonstrate an awareness of -
* the IAASB and its role in establishing ISAs,
* the differences between U.S. auditing standards and international auditing standards, and
* the audit requirements under U.S. auditing standards that apply when performing audit procedures on a U.S. entity that supports an audit report based on ISAs or the auditing standards of another country.
Key Differences
There are five principal areas where differences exist among U.S. GAAS, PCAOB auditing standards, and ISAs. These significant differences are: documentation of audit procedures; going-concern considerations; assessing and reporting on internal control over financial reporting; risk assessment and responses to assessed risks; and the use of another auditor for part of an audit. In this article, much of the discussion of the differences between PCAOB auditing standards and ISAs is drawn from a study published by the European Commission (EC). An executive summary of this study, "Evaluation of the differences between International Standards on Auditing (ISA) and the standards of the US Public Company Accounting Oversight Board (PCAOB)" is available at ec.europa.eu/internal_market/auditing/docs/ ias/evalstudy2009/summary _en.pdf. The study was commissioned by the EC and solicited input from international technical partners from each of the Big Four audit firms.
Documentation of audit procedures. Conceptually, documentation requirements under U.S. auditing standards and ISAs differ: AICPA auditing standards and PCAOB auditing standards are relatively more prescriptive than ISAs, which are perceived as relying more on the professional judgment of the auditor. An example in the study prepared for the EC notes that PCAOB Auditing Standard (AS) 3 requires that an "engagement completion memo" be prepared; there is no such requirement under international auditing standards.
Retention periods of auditing workpapers also differ among the three sets of standards. The ASB requires that audit workpapers be retained for a period of at least five years, while the PCAOB mandates a retention period of at least seven years. ISA 230, Audit Documentation, requires audit firms "to establish policies and procedures for the retention of engagement documentation. The retention period for audit engagements ordinarily is no shorter than five years from the date of the auditor's report, or, if later, the date of the group auditor's report" (web.ifac.org/ download/a011-2010-iaasb-handbookisa-230.pdf).
Going-concern considerations. When considering whether an entity has the ability to continue as a going concern into the foreseeable future, the PCAOB auditing standards define the foreseeable future as the 12 months following the end of the fiscal period being audited. As noted in the study commissioned for the EC, when assessing going-concern considerations under ISAs, the foreseeable future is at least, but not limited to, 12 months.
At the time of this writing, FASB is considering releasing guidance on the going-concern-issue that would, among other things, increase management's responsibility for preparing financial statements as a going concern to consider information for at least, but not limited to, 12 months from the end of the reporting period. In addition, the ASB is still discussing whether an auditor's evaluation of an entity's ability to continue as a going concern "should be limited to a reasonable period of time, not to exceed one year beyond the date of the financial statements being audited, or should cover the same period as that used by management to make its assessment" (www.aicpa.org/Interest Areas/AccountingAndAuditing/Community/ AuditingStandardsBoard/ASBMeetings/ DownloadableDocuments/January 2010 ASB Meeting/2010_01_ASB_ Highlights.pdf). Accordingly, it should be noted that the ASB' s redraft of "The Auditor's Consideration of the Entity's Ability to Continue as a Going Concern" as part of its Clarity Project has been delayed so that the proposed standard can be aligned with the going-concern guidance under consideration by FASB.
Internal control over financial reporting. When the U.S. Congress passed SOX, it required that management of U.S. public companies assess and report on internal controls over financial reporting. Management states its assertion about the effectiveness of its controls over financial reporting in a report that accompanies the audit report.
The PCAOB' s AS 5 requires auditors of public companies to perform an examination of an entity's internal control over financial reporting that is integrated with an audit of its financial statements. In addition to issuing an opinion on the fairness of the financial statements, auditors of U.S. public companies must also express an opinion on the effectiveness of the entity's internal controls over financial reporting. While not required to do so, virtually all public companies (and their auditors) evaluate internal controls based on the criteria established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Neither the auditing standards issued by the ASB nor ISAs require an integrated audit that expresses as opinion on the effectiveness of the client's internal controls over financial reporting. Auditors following U.S. auditing standards, however, must obtain an understanding of the internal controls of the entity being audited in order to plan and perform the audit, including determining the nature, extent, and timing of substantive tests to be performed. International auditing standards require an auditor to test the internal controls of the organization being audited to ensure that they are adequate and functional.
Risk assessment ISAs require specific risk assessment procedures in order to obtain a broad understanding of an entity and its environment, with the goal of identifying risks of material misstatement. ISAs require that the auditor obtain an understanding of an entity' s business risks, such as its operating risks and its strategic risks. Auditors following ISAs must also determine how their client responds to such risks as the auditor plans and conducts the audit. Moreover, under international standards, an auditor is required to make inquiries of the internal auditors of the organization being audited, with the objective of obtaining a better understanding of the entity's expertise in assessing risk. Auditors following international standards should take all information regarding risks, as well as the client's responses to these risks, into consideration when assessing the risk of material misstatement.
Currently, auditors following auditing standards promulgated by the ASB are required to identify and assess risks of material misstatement based on an understanding of the entity and its environment, including the entity's internal control. This assessment and understanding can be aided by inquiries of the internal auditors of the entity being audited. The ASB' s redraft of "The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements," as part of its Clarity Project, has been delayed so that the proposed standard can be aligned with the IAASB' s revisions to its clarified standard on this issue.
As previously noted, the PCAOB recently completed a major revision of its risk assessment standards. Eight new auditing standards related to the auditor's assessment of, and response to, risk in an audit were adopted by the PCAOB. This suite of risk assessment standards became effective for audits of fiscal periods beginning on or after December 15, 2010. The new risk assessment standards address audit procedures from the initial planning stages through the final evaluation of audit procedures and results. Accordingly, PCAOB auditing standards and ISAs are now more similar than they are different when it comes to risk assessment and response. The eight new standards are -
* AS 8, Audit Risk
* AS 9, Audit Planning
* AS 10, Supervision of the Audit Engagement
* AS 11, Consideration of Materiality in Planning and Performing an Audit
* AS 12, Identifying and Assessing Risks of Material Misstatement
* AS 13, The Auditor's Responses to the Risks of Material Misstatement
* AS 14, Evaluating Audit Results
* AS 15, Audit Evidence.
A summary of the key provisions of the PCAOB' s suite of eight risk standards is provided in Exhibit 1.
The approach taken by the ASB is that it supports a separate fraud standard, Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, as opposed to the PCAOB' s integrated strategy. The ASB contends that the focused approach gives the consideration of fraud more prominence than integrating it into risk assessment standards.
Use of another auditor. In some audits, the "principal" auditor may engage another audit firm to perform some portion of the audit. For example, another audit firm may be hired to audit a foreign subsidiary, complex investments, or some other component of the overall audit. Under standards issued by both the ASB and the PCAOB, the principal audit firm has the option of making no reference to the work performed by the other audit firm. Nevertheless, the principal auditor also has the option of issuing a "division of responsibility" audit report, referring to the work and reports of the other auditor in the audit report issued by the principal auditor. ISAs do not permit the primary auditor to make any reference to the work of another auditor.
A Global View
There is a growing global acceptance of International Financial Reporting Standards (IFRS), and much has been written about that topic. In the global economy, in addition to understanding international accounting standards, auditors also need to be aware of the influence of international auditing standards on U.S. auditing standards. ISAs represent transparent, high quality auditing standards that have been gaining worldwide acceptance. This is evident in the United States, as the ASB' s Clarity Project is converging U.S. GAAS with ISAs or establishing reasons for not doing so. Furthermore, the IAASB continues to make the case for acceptance of ISAs by market regulators in cross-border market offerings and reports of foreign issuers.
As summarized in Exhibit 2, there are currently five key areas in which differences exist among standards issued by the ASB, PCAOB auditing standards, and ISAs: 1) documentation of audit procedures; 2) going concern considerations; 3) assessing and reporting on internal control over financial reporting; 4) risk assessment; and 5) the use of another auditor for part of an audit. Until ISAs are converged with U.S. auditing standards, it is important for auditing professionals to be aware of and understand these differences.
In cpa exam ISAs
Documentation: PCAOB prescriptive        IAAAB judgment
GCO: PCAOB 12 month ahead          IAASB   more than 12
Opinion on IC
Retention
Another auditor