CHAPTER 4

U.S. Auditing Standards and the Role of the PCAOB

Introduction

The purpose of this chapter is to set the foundations for the discussions in the following chapters. In doing so, we:

  • Provide important background information on how auditing standards are set for publicly owned companies in the United States;
  • Provide a brief summary of the differences between Public Company Accounting Oversight Board (PCAOB) standards and International Standards on Auditing (ISA);
  • Provide background information related to the differences between PCAOB and American Institute of CPAs (AICPA) Auditing Standards Board (ASB);
  • Discuss potential reasons why there are differences between the PCAOB and ISA.

There are two sources of auditing standards in the United States. One is the American Institute of Certified Public Accountants (AICPA’s) ASB, which creates auditing standards for nonpublicly listed companies and other organizations. The second source of these auditing standards is the PCAOB, which sets auditing standards for publicly listed companies. Many of the PCAOB standards originated from ASB since the AICPA ASB was in existence before the PCAOB and PCOAB adopted its first auditing standard, Auditing Standard (AS) 1, on April 16, 2003 from ASB as its interim standard. The interim standards that have not been superseded, modified, or repealed later by PCAOB remain in effect.

Accordingly, these generally accepted auditing standards (GAAS) are under the aegis of the PCAOB. They are titled AS if modified by PCAOB or AU otherwise. AU means that they may be amended and modified or superseded by PCAOB and converted to AS at a later date. In later chapters, we group them together as PCAOB standards (unless otherwise specified) and compare and contrast PCAOB standards with ISA. We show why, from a legal and regulatory standpoint, PCAOB standards could differ from ISA. We provide several examples of differences between PCAOB standards and ISA to illustrate our point. These variations and their importance and implications to auditors and users of the auditors’ report are discussed in greater detail in the following chapters.

Brief History of Auditing Standards

Prior to the Sarbanes Oxley Act (SOX) of 2002, the auditing standards in the United States were established by the ASB. This board operated under the supervision of the AICPA, which is a professional association of accountants. The standards developed are popularly referred to as the U.S. GAAS. However, in 2001 and 2002, it was learned that there were major auditing failures involving very large corporations such as Enron and WorldCom. The U.S. Congress concluded that there was a general breakdown of confidence among the public in major economic institutions (e.g., corporations) and in the auditing processes and auditing firms that audited the financial results of these firms. They also concluded that there must be flaws inherent in a system that could allow such massive scandals to take place. The U.S. Congress passed SOX to restore public confidence. SOX in turn created the PCAOB. The purpose of the PCAOB was to oversee the auditing of public companies. Most importantly, section 103 of SOX gave the PCAOB the authority to write auditing standards by itself, or alternatively, to delegate standard setting to the ASB. Even though the former is a more difficult route, the board members of the PCAOB decided to write their own standards rather than rely on the ASB. A member of the PCAOB board, Daniel Goelzer, in a speech on February 12 in 2012 noted that setting its own standards was one of the foundation stones of the PCAOB’s approach to fulfilling the investor protection mission placed on it by Congress.

PCAOB’s authority to set standards was subsequently expanded in 2010 with the enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd Frank Act 2010). This in effect extended the standard setting authority of the PCAOB to auditors of all security broker dealers that file financial statements with the Securities Exchange Commission (SEC). Because the vast majority of these broker dealers are not public companies, the Dodd Frank Act extended the power of the PCAOB to all public and a significant number of nonpublic companies. In essence, today in the United States, the standards that govern audits of all public companies that file reports with the SEC are written by the PCAOB. However, other auditing standards such as those governing private company audits are still written by the ASB. Thus, there are now two sets of auditing standards in the United States. These are the PCAOB standards for public companies and GAAS set by the ASB for nonpublic companies.

How Does the PCAOB Operate and Set Standards?

The PCAOB has set up an open and transparent process allowing a wide range of interested parties to comment. As board member Goelzer notes, there are three major stages in the operation of the PCAOB. These three stages are conceptualization, proposal, and PCAOB and SEC approval. Each of these is described in turn in the following sections.

Conceptualization

The PCAOB has two consultation or advisory groups. These are called the Standing Advisory Group (SAG) and the Investor Advisory Group (IAG). The SAG comprises individuals with a broad cross section of experience in financial reporting. The SAG could include practicing auditors, preparers of financial statements, investors, and other interested parties. The IAG comprises members who are users of public company financial statements such as financial analysts. The PCAOB may release a Concept release. Concept releases describe the problem to be solved or objectives to be accomplished. Ultimately this results in a proposed standard.

Proposal

All proposed standards are published for public comment. This provides an opportunity for all segments of society including, but not limited to, auditors and financial statement preparers to react to a specific proposal with comments and suggestions for improvements. If, based on the feedback, the resulting changes required are significant; the PCAOB may publish a second version for further comment.

Adoption and SEC Approval

Based on the public comments received, the PCAOB formulates the final standard. This has to be approved by the board members of the PCAOB. Once the board has approved the standard, SOX requires the SEC to solicit additional public comment on the standard. Once these additional comments are received, the SEC has the burden of either approving or disapproving the standard. The most important point to note is that PCAOB auditing standards cannot take effect until and unless it is approved by the SEC.

Are There Significant Differences between ISA and PCAOB Standards?

We discuss the differences between the ISA and the PCAOB standards from both a macro and micro perspective. From the macro view point, Goelzer—as a former PCAOB board member responsible for standard setting—noted that, although the fundamental underpinnings are similar, there are some significant differences between the PCAOB and the ISA. This is because of different expectations for audits and the more investor protection-oriented legal framework in the United States compared with the international environment. Some basic differences pointed out by Goelzer are important to note here:

  • ISA represent many different countries and cultures. The difference in cultures, in turn, creates differences in the audit environments. Therefore, some latitude must be given in ISA. Thus, ISA have less precision regarding procedures to be followed. PCAOB standards are much more precise about what must be done in an audit. Goelzer notes that, in the United States, because of greater involvement with legal consequences (i.e., there is a greater possibility of being sued) and more intensive regulatory frameworks, there is a greater requirement for precision in an audit. Internationally, there is less possibility of being sued because the British and European system of justice requires that the plaintiff pay the defendant’s costs if they lose the case. Therefore, risks associated with filing lawsuits are much greater internationally. Hence, the need for a similar precision in audits has not evolved in the international setting.
  • PCAOB standards are constructed with an integrated financial statement and internal control over financial reporting audit in mind. Internationally, most countries do NOT require an opinion on internal control over financial reporting. Accordingly, ISA do not address internal control auditing, whereas PCAOB standards do.
  • With the unique legal framework of the United States in mind, PCAOB standards require that the audit be performed with due professional care. Goelzer noted that “this requirement underpins much of the US auditor’s legal liability. The ISA contains no comparable requirement”. The fact that ISA, according to Goelzer, do not have a similar requirement is an important difference. Many PCAOB standards use the words due professional care. This wording is largely ignored in ISA. However, our research indicates that Goelzer is partially correct. We do not see the words due professional care but rather the words duty of care.
  • Because of SOX, PCAOB considers communications with the audit committee to be of paramount importance. For example, the PCAOB relevant standard requires the auditor to make certain inquiries of the audit committee. The ISA are not aligned with SOX. In fact, internationally the ISA operate in jurisdictions where audit committees play little or no role, or even exist. Hence, although the PCAOB has standards regarding dealing with communications with the audit committee, the ISA do not have similar requirements or standards.
  • The PCAOB is concerned, according to Goelzer, with the actual existence of items reported in the financial statements, especially assets. Hence, relative to ISA, there is more focus across the PCAOB standards on auditing to verify the existence of assets reported. Goelzer adds that he does not mean to suggest that the PCAOB’s standards are better than ISA.

    Rather, he means that PCAOB standards are better aligned with the legal, regulatory, and business environment in the United States. One example of this is the requirement in the relevant PCAOB standard for auditors to require the verification of accounts receivable by sending out confirmations. The ISA do not place the same emphasis on, and hence no ISA require confirmation of accounts receivable.

The preceding issues provide the rationale for divergences between PCAOB standards and ISA standards. From a micro view point, Lindberg and Seifert wrote in the CPA Journal (2011) that there are five principal differences between PCAOB standards and ISA. These significant differences are in the areas of:

  • Documentation of audit procedures;
  • Going concern considerations;
  • Assessing and reporting on internal control over financial reporting;
  • Risk assessment and responses to assessed risks; and
  • Use of another auditor for part of an audit.

These will be considered in greater depth in the chapters to follow but are discussed briefly here.

Documentation Procedures

PCAOB standards are more prescriptive than ISA, which rely more on the professional judgment of the auditor. To illustrate, PCAOB auditing standards require that an engagement completion memo be prepared; there is no such requirement under ISA. Another issue relates to the retention period of audit papers. Here in addition to difference between ISA and PCAOB standards, there is also a rare divergence between PCAOB and the AICPA’s GAAS. GAAS, in AU-C Section 230 Audit Documentation, requires that audit work papers be retained for a period of at least five years, whereas the PCAOB mandates a retention period of at least seven years. The ISA section 230 entitled Audit Documentation requires audit firms “to establish policies and procedures for the retention of engagement documentation. The retention period should be no shorter than five years from the date of the auditor’s report, or, if later, the date of the group auditor’s report.” (Please note that AU numbers were temporarily assigned AU-C with the intention to revert back to AU. However, the AICPA subsequently decided to retain the AU-C references. The interim PCAOB standards are still denoted as AU, not AU-C.)

Going Concern Considerations

Under both PCAOB standards and ISA, the auditor must make a judgment with respect to whether the auditee will likely survive as a going concern for a period of time. Going concern means that the entity has the ability to continue as a going concern into the foreseeable future. The PCAOB auditing standards define the foreseeable future as the 12 months following the end of the fiscal period being audited. Under ISA, the foreseeable future is at least, but not limited to, 12 months.

Internal Control over Financial Reporting

When the U.S. Congress passed SOX, it required that management of U.S. public companies assess and report on internal controls over financial reporting. Management is then required to state their assertions about the effectiveness of their company’s controls over financial reporting in a report that accompanies the financial statements. Under SOX, the auditor—for the first time in the United States—is required to gain an understanding of, and more significantly test, the effectiveness of the client’s internal accounting controls. The standard for doing so was set forth by the PCAOB in its AS 5 (a previous version of standards for auditing internal controls, AS 2, was repealed.) AS 5 requires auditors of public companies to perform an examination of an entity’s internal control with respect to the financial reporting process; auditors of U.S. public companies must also express an opinion on the effectiveness of the entity’s internal controls over financial reporting as well as express an opinion on the financial statements themselves. The ISA do not require an audit of, or an opinion on, the effectiveness of the client’s internal control over financial reporting.

Risk Assessment and Response to Assessed Risks

There are differences between ISA and PCAOB standards, but because we devote a whole chapter (Chapter 7) to this and hence for brevity, these differences will not be elaborated here.

Use of Another Auditor

Under PCAOB standards, the principal auditor refers to the work of another auditor. Under ISA, referring to the work of another auditor is NOT permitted.

Are There Significant Differences between GAAS and PCAOB Standards?

In the previous section, we looked at differences between PCAOB standards and ISA. As mentioned, whereas SOX requires auditors of public companies to follow PCAOB auditing standards, the ASB’s GAAS applies to all audits of non-SEC registered entities who are also not broker-dealers. John A. Fogarty, former Chairman of the ASB, noted the difference in this way: “The ASB is a body with the authority to promulgate auditing, attestation and quality control standards related to the preparation and issuance of audit reports for non issuers. The PCAOB is a body with the authority to promulgate auditing standards as well as attestation, quality control, ethics, independence and other standards related to the presentation and issuance of audit reports for issuers.” The ASB has renumbered its standards to be consistent with the ISA and had each renumbered ASB standard discuss the same topics as the corresponding standard in the ISA. (For example, ISA 240 entitled The Auditor’s Responsibility to consider Fraud in an Audit of Financial Statements would be section 240 with the same title in GAAS.) At the same time the ASB renumbered its standards to have numbering consistent with that of the ISA, it also rewrote the standards in a new clarification format, in the process making some previously implicit requirements explicit.

In this section, we discuss whether there are significant differences between GAAS and PCAOB standards. Fogarty notes that the ASB has been very clear in that it “does not intend to create gratuitous differences between its standards and those of the PCAOB”. Further, in order to help coordinate agendas, the chairs of the ASB and PCAOB and their respective staffs meet at least three times a year to discuss projects. These meetings provide a valuable forum to the ASB for discussing projects, time tables, and goals. Because of this close collaboration, there are hardly any differences between PCAOB and GAAS, according to Fogarty.

Fogarty notes that, in addition to monitoring PCAOB standards very closely (to the extent that even though auditing standards numbers are different, the content and guidelines are very similar), the ASB also collaborates with the International Auditing and Assurance Standards Board (IAASB) to try and harmonize standards. However, despite much overlap, some areas of difference remain. (Please refer, http://www.aicpa.org/research/standards/auditattest/pages/clarifiedsas.aspx.)

The essence of the ASB chairman’s remarks can be summarized as follows.

The ASB collaborates with the IAASB to the extent of having the same titles and numbers for all their standards. However, due to differences in cultural, legal, and regulatory frameworks, differences do exist.

Fogarty noted that it is very important for U.S. auditors, especially those from smaller firms, to stay abreast of developments related to ISA. This is because, as international standards in audit and attest services gain worldwide acceptance in cross border operations, U.S. Certified Public Accountants (CPAs), including small firm practitioners, will have to become familiar with ISA in order to perform engagements in accordance with international standards.

The discussion that follows relates to the remaining areas of difference.

Conclusion

This chapter is important because the discussions set the foundations for the further elaborations in the following chapters. Up to now, the PCAOB has published 18 standards. This raises questions about the standards passed by the ASB and not addressed by the PCAOB. As we noted earlier, the AICPA ASB was in existence before the PCAOB and PCOAB adopted its first auditing standard, AS 1, from the ASB as its interim standard. The interim standards that have not been superseded or repealed by later PCAOB standards remain in effect. Hence, these ASB standards can be considered to be under the aegis of the PCAOB. Accordingly, these GAAS are considered as PCAOB standards since the PCAOB now has ultimate responsibility for their use with publicly listed companies and has not yet amended or modified these standards.

We noted earlier that there are differences between PCAOB and the ISA. We also noted that significant differences could arise between ISA and PCAOB for the following reasons:

  • Certain items are in different locations in PCAOB compared with ISA;
  • There are items in PCAOB not covered in ISA; and
  • There are items in ISA not covered in PCAOB.

The reasons why items or requirements may be in one standard but not in another standard are because of variations (such as the legal and regulatory environment) between the United States and other international countries. This is an important takeaway from this discussion. Auditors clearly must be aware of the standard environment within which they operate. It is also helpful to them to be aware of why these divergences in standards exist because that may lead the auditor to be even more careful than they otherwise might be in adhering closely to the relevant standard.

Similarly, readers should be aware of the divergences in auditing standards that may impact the audit reports they see. Depending on the differences in particular auditing standards involved, an audit report’s conclusion in one environment may differ from the report that would be seen in another environment. Although this is an extreme case, it is possible. Other chapters discuss these issues in greater detail.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.90.40.84