Original Pronouncements | Statements on Auditing Standards (SASs) 1, 5, 25, 41, 43, 78, 82, 95, 98, 99, 102, 104, 105, and 113. |
Effective Date | All standards currently are effective. |
Applicability | All audits in accordance with generally accepted auditing standards (GAAS) and other services covered by SASs. |
SAS No. 122, Codification of Auditing Standards and Procedures, is effective for audits of financial statements with periods ending on or after December 15, 2012.
AU-C 200 supersedes AU sections 110, 201, 210, 220, and 330. What is required of the auditor is not substantially changed. However, the structure is changed by the clarified SAS, and new terminology is used.
SAS No. 95 (AU Section 150), which contains the general, field work, and reporting standards, is superseded. In its place, each clarified standard has objectives. These objectives provide a link to the overall objective of the auditor. If the auditor fulfills the objectives and the ethical requirements, then the auditor will have fulfilled the requirements stated in the ten standards.
AU-C 220 supersedes AU Section 161. AU-C 220 addresses specific responsibilities of the auditor regarding quality control standards for an audit of financial statements. Quality control is the responsibility of the audit firm. Because quality control procedures are required by Statements on Quality Control Standards (SQCS) No. 7, A Firm’s System of Quality Control, the clarified standards should not change current practice but strengthen existing standards by making it easier to understand and apply those standards. Note that SQCS No. 8, A Firm’s System of Quality Control (redrafted), is effective as of January 1, 2012. However, no substantive differences existed between the two quality control standards. Firms who reference SQCS No. 7 will have to update paragraph references.
AU-C 220 also addresses AU-311.28–.32, Supervision of an Audit Requirement.
Auditing procedures. Acts to be performed by the auditor during the course of an audit to comply with auditing standards.
Auditing standards. Measures of audit quality and the objectives to be achieved in an audit.
Practitioner-in-charge. An individual responsible for supervising an audit engagement or signing the report on such an engagement.
Professional skepticism. An attitude that includes a questioning mind and a critical assessment of audit evidence.
Reasonable assurance. A high, but not absolute, level of assurance.
Applicable financial reporting framework. The financial reporting framework adopted by management and, when appropriate, those charged with governance in the preparation and fair presentation of the financial statements, that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation.
Audit evidence. Information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence includes both information contained in the accounting records underlying the financial statements and other information. Sufficiency of audit evidence is the measure of the quantity of audit evidence. The quantity of the audit evidence needed is affected by the auditor’s assessment of the risks of material misstatement and also by the quality of such audit evidence. Appropriateness of audit evidence is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based.
Audit risk. The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.
Auditor. The term used to refer to the person or persons conducting the audit, usually the engagement partner or other members of the engagement team, or, as applicable, the firm. When an AU-C section expressly intends that a requirement or responsibility be fulfilled by the engagement partner, the term engagement partner rather than auditor is used. Engagement partner and firm are to be read as referring to their governmental equivalents when relevant.
Detection risk. The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Financial reporting framework. A set of criteria used to determine measurement, recognition, presentation, and disclosure of all material items appearing in the financial statements; for example, U.S. generally accepted accounting principles, International Financial Reporting Standards (IFRSs) promulgated by the International Accounting Standards Board (IASB), or a special purpose framework.
The term fair presentation framework is used to refer to a financial reporting framework that requires compliance with the requirements of the framework and
A financial reporting framework that requires compliance with the requirements of the framework but does not contain the acknowledgments in 1 or 2 is not a fair presentation framework.
Financial statements. A structured representation of historical financial information, including related notes, intended to communicate an entity’s economic resources and obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework. The related notes ordinarily comprise a summary of significant accounting policies and other explanatory information. The term financial statements ordinarily refers to a complete set of financial statements as determined by the requirements of the applicable financial reporting framework, but can also refer to a single financial statement.
Historical financial information. Information expressed in financial terms regarding a particular entity, derived primarily from that entity’s accounting system, about economic events occurring in past time periods or about economic conditions or circumstances at points in time in the past.
Interpretive publications. Auditing interpretations of generally accepted accounting standards (GAAS), exhibits to GAAS, auditing guidance included in the American Institute of Certified Public Accountants (AICPA) Audit and Accounting Guides, and the AICPA Auditing Statements of Position (SOPs).
Management. The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities, management includes some or all of those charged with governance; for example, executive members of a governance board or an owner-manager.
Misstatement. A difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be presented fairly in accordance with the applicable financial reporting framework. Misstatements can arise from fraud or error.
Other auditing publications. Publications other than interpretive publications; these include AICPA auditing publications not defined as interpretive publications; auditing articles in the Journal of Accountancy and other professional journals; continuing professional education programs and other instruction materials, textbooks, guide books, audit programs, and checklists; and other auditing publications from state certified public accountant (CPA) societies, other organizations, and individuals.
Premise, relating to the responsibilities of management and, when appropriate, those charged with governance, on which an audit is conducted (the premise). Management and, when appropriate, those charged with governance have acknowledged and understand that they have the following responsibilities that are fundamental to the conduct of an audit in accordance with GAAS; that is, responsibility
The premise, relating to the responsibilities of management and, when appropriate, those charged with governance, on which an audit is conducted may also be referred to as the premise.
Professional judgment. The application of relevant training, knowledge, and experience within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement.
Professional skepticism. An attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.
Reasonable assurance. In the context of an audit of financial statements, a high, but not absolute, level of assurance.
Risk of material misstatement. The risk that the financial statements are materially misstated prior to the audit. This consists of two components, described as follows at the assertion level:
Those charged with governance. The person(s) or organization(s) (for example, a corporate trustee) with responsibility for overseeing the strategic direction of the entity and the obligations related to the accountability of the entity. This includes overseeing the financial reporting process. Those charged with governance may include management personnel; for example, executive members of a governance board or an owner-manager.
Engagement partner. The partner or other person in the firm who is responsible for the audit engagement and its performance and for the auditor’s report issued on behalf of the firm and who, when required, has the appropriate authority from a professional, legal, or regulatory body.
Engagement quality control review. A process designed to provide an objective evaluation, before the report is released, of the significant judgments the engagement team made and the conclusions it reached in formulating the auditor’s report. The engagement quality control review process is only for those audit engagements, if any, for which the firm has determined that an engagement quality control review is required, in accordance with its policies and procedures.
Engagement quality control reviewer. A partner, other person in the firm, suitably qualified external person, or team made up of such individuals, none of whom is part of the engagement team, with sufficient and appropriate experience and authority to objectively evaluate the significant judgments that the engagement team made and the conclusions it reached in formulating the auditor’s report.
Engagement team. All partners and staff performing the engagement and any individuals engaged by the firm or a network firm who perform audit procedures on the engagement. This excludes an auditor’s external specialist engaged by the firm or a network firm.
Firm. A form of organization permitted by law or regulation whose characteristics conform to resolutions of the Council of the AICPA and which is engaged in the practice of public accounting.
Monitoring. A process comprising an ongoing consideration and evaluation of the firm’s system of quality control, including inspection or a periodic review of engagement documentation, reports, and clients’ financial statements for a selection of completed engagements, designed to provide the firm with reasonable assurance that its system of quality control is designed appropriately and operating effectively.
Network. An association of entities, as defined in ET Section 92, Definitions.
Network firm. A firm or other entity that belongs to a network, as defined in ET Section 92.
Partner. Any individual with authority to bind the firm with respect to the performance of a professional services engagement. For purposes of this definition, partner may include an employee with this authority who has not assumed the risks and benefits of ownership. Firms may use different titles to refer to individuals with this authority.
Personnel. Partners and staff.
Professional standards. Standards promulgated by the AICPA Auditing Standards Board or the AICPA Accounting and Review Services Committee under Rule 201, General Standards (ET sec. 201 par. .01), or Rule 202, Compliance with Standards (ET sec. 202 par. .01), of the AICPA Code of Professional Conduct, or other standards-setting bodies that set auditing and attest standards applicable to the engagement being performed and relevant ethical requirements.
Relevant ethical requirements. Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which consist of the AICPA Code of Professional Conduct together with rules of applicable state boards of accountancy and applicable regulatory agencies that are more restrictive.
Staff. Professionals, other than partners, including any specialists that the firm employs.
Suitably qualified external person. An individual outside the firm with the competence and capabilities to act as an engagement partner (for example, a partner of another firm).
Sections 100 through 230 clarify the difference between the responsibilities of the auditor and management, the nature of auditing standards, and their relationship to quality control standards. The Sections also provide guidelines for the training, independence, and proficiency of the independent auditor, as well as the level of professional care (including the use of professional skepticism and reasonable assurance) required in the performance of audit work.
AU-C Section 200.12 states that:
. . . The overall objectives of the auditor, in conducting an audit of financial statements, are to
AU-C Section 220.08 states that:
. . . the objective of the auditor is to implement quality control procedures at the engagement level that provide the auditor with reasonable assurance that
To express an opinion on the fairness, in all material respects, with which the financial statements present financial position, results of operations, and cash flows in conformity with GAAP.
In every audit, the auditor has to obtain reasonable assurance about whether the financial statements are free of material misstatement. Material misstatement includes:
The fairness of the representations made through financial statements is an implicit and integral part of management’s responsibility. Management is responsible for:
The auditor’s participation in preparing financial statements does not change the character of the statements as representations of management. In brief, management is responsible for the financial statements; the auditor is responsible for expressing an opinion on those financial statements.
AU Section 120 clarifies that the SASs use two categories of professional requirements to describe the degree of responsibility the standards impose on auditors.
The term “should consider” means that the consideration of the procedure or action is presumptively required, whereas carrying out the procedure or action is not.
AU Section 120 also clarifies that explanatory material, is intended to explain the objective of the professional requirements, rather than imposing a professional requirement for the auditor to perform.
The auditor is responsible for planning, conducting, and reporting the results of an audit according to GAAS. The hierarchy of GAAS consists of the following three tiers:
Tier 1 consists of (1) the ten general, fieldwork, and reporting standards, and (2) the SASs. As stated in AU 150.02 the GAAS approved by the AICPA membership are:
The preceding ten formal standards apply to all other services covered by SASs unless they are clearly not relevant or the SAS specifies that they do not apply.
These ten general, fieldwork, and reporting standards provide the framework for the SASs promulgated by the Auditing Standards Board (ASB). Auditors are required under Rule 202, Compliance with Standards, of the AICPA Code of Professional Conduct to comply with these standards. Auditors should have sufficient knowledge of the SASs to determine when they apply and should be prepared to justify departures from the SASs.
Interpretive publications are recommendations, issued under the authority of the ASB, on how to apply the SASs in specific circumstances, including engagements for entities in specialized industries. Interpretive publications are not auditing standards. They consist of the following:
Auditors should be aware of and consider interpretive publications that apply to their audits. Auditors who do not follow the guidance in an applicable interpretive publication should be prepared to explain how they complied with the relevant SAS requirements addressed by such guidance.
Other auditing publications are not authoritative but may help auditors to understand and apply SASs. Such publications include all AICPA auditing publications not included under Tier 1 or Tier 2 and other auditing publications, including
An auditor should evaluate such guidance to determine whether it is both (1) relevant for a particular engagement and (2) appropriate for the particular situation. When evaluating whether the guidance is appropriate, the auditor should consider whether the publication is recognized as helpful in understanding and applying SASs, and whether the author is recognized as an auditing authority. (AICPA auditing publications that have been reviewed by the AICPA Audit and Attest Standards staff are presumed to be appropriate.)
An audit firm should establish a quality control system to provide it with reasonable assurance that its staff meets the requirements of GAAS in its audit engagements. The nature of this system depends on such factors as an audit firm’s size, the nature of its practice, its organizational structure, the degree of autonomy allowed its personnel and office, and cost-benefit considerations.
The auditor holds out himself or herself as being proficient in accounting and auditing. Attaining proficiency begins with formal education and continues through later experience. The auditor must be aware of and understand new authoritative pronouncements on accounting and auditing.
To be independent, the auditor must be intellectually honest; to be recognized as independent, he or she must be free from any obligation to or interest in the client, its management, or its owners. For specific guidance, the auditor should look to AICPA and the state society rules of conduct and, if relevant, the requirements of the Securities and Exchange Commission (SEC).
The auditor should observe the standards of fieldwork and reporting, possess the degree of skill commonly possessed by other auditors, and should exercise that skill with reasonable care and diligence. The auditor should also exercise professional skepticism, that is, an attitude that includes a questioning mind and a critical assessment of audit evidence. However, the auditor is not an insurer, and the audit report does not constitute a guarantee because it is based on reasonable assurance. Thus, an audit conducted in accordance with GAAS may not detect a material misstatement. The auditor should be alert to the possibility of collusion when performing the audit and how management may override controls in a way that would make the fraud particularly difficult to detect.
There are no interpretations for this section.
Many times, clients do not understand their responsibilities for the audited financial statements. These financial statements are management’s. They contain management’s representations. The form and content of the financial statements are management’s responsibility, even though the auditor may have prepared them or participated in their preparation. The SEC has stated:
The fundamental and primary responsibility for the accuracy of information filed with the Commission and disseminated among the investors rests upon management. Management does not discharge its obligations in this respect by the employment of independent accountants, however reputable (Accounting Series Release No. 62; emphasis added).
Management also is responsible for implementing and maintaining an effective system of internal control.
GAAS require the auditor to obtain a management representation letter (see Section 333). In the letter, management acknowledges its responsibility for the financial statements and states its belief that the financial statements are fairly presented in conformity with GAAP. Sometimes, the client objects to this acknowledgment because of the auditor’s role in the preparation of the financial statements. To avoid this misunderstanding, the auditor’s engagement letter may include a paragraph such as the following:
Generally accepted auditing standards require that we obtain from you a representation letter about the financial statements and the underlying accounting records and an acknowledgment that the financial statements are management’s responsibility, and that they are presented in accordance with generally accepted accounting principles.
The annual reports of many public companies contain statements acknowledging management’s responsibility for the financial statements and the underlying accounting records.
The auditor’s responsibility for the financial statements he or she audits is confined to the expression of an opinion on those statements. In performing the audit, the auditor is responsible for compliance with GAAS, including the SASs.
Under the GAAS hierarchy, the auditor has a responsibility to consider SASs and interpretive publications in all audits. If such guidance is not followed, an auditor must be prepared:
In other words, the first two categories of GAAS are “must know.” When applying the Tier 3 level of GAAS, other auditing publications, the auditor should determine whether such guidance is relevant and appropriate.
To provide reasonable assurance that it is conforming with generally accepted auditing standards in its audit engagements, an accounting firm should establish quality control policies and procedures. These policies and procedures should apply not only to audit engagements but also to attest and accounting and review services for which professional standards have been established.
The nature and extent of a firm’s quality control policies and procedures depend on the following:
When a firm establishes quality control policies and procedures, it also should do the following:
When a firm establishes its quality control policies and procedures, it should follow the five elements of quality control (see SQCS 2, System of Quality Control for a CPA Firm’s Accounting and Auditing Practice, as amended by SQCS 4, Amendment to System of Quality Control for a CPA Firm’s Accounting and Auditing Practice).
Policies and procedures should provide reasonable assurance that personnel:
SQCS 5, The Personnel Management Element of a Firm’s System of Quality Control—Competencies Required by a Practitioner-in-Charge of an Attest Engagement, clarifies that a partner-in-charge of accounting, auditing, and attestation engagements should ordinarily:
Firm policies and procedures should address other competencies necessary in the circumstances.
Policies and procedures should provide reasonable assurance that the firm will not be associated with clients whose management lacks integrity. A firm should:
Moreover, a firm should obtain an understanding with the client regarding the engagement.
Policies and procedures should provide reasonable assurance that personnel meet:
Policies and procedures should also provide reasonable assurance that personnel refer to authoritative literature and consult, on a timely basis, with appropriate individuals when dealing with complex, unusual, or unfamiliar issues.
Policies and procedures should provide reasonable assurance that the above elements of quality control are suitably designed and effectively applied. Monitoring involves:
Policies and procedures should provide reasonable assurance that personnel maintain independence when required and perform all responsibilities with integrity and objectivity.
A partner or partners, depending on the size of the firm, should be responsible for monitoring the effectiveness of the firm’s quality control system. The objective is to determine on a timely basis that the firm’s quality control policies and procedures, assignment of responsibilities, and communication of policies and procedures continue to be appropriate.
The following chart illustrates the GAAS hierarchy.
Level | Elements | Authority |
Tier 1 Auditing Standards |
|
Auditors must be familiar with all guidance in this category. Any departures must be justified. |
Tier 2 Interpretive Publications |
|
Auditors must be familiar with all guidance in this category. Any departures must be justified. |
Tier 3 Other Auditing Publications |
|
Guidance in this category is not authoritative. Auditors must determine whether guidance is appropriate and relevant in particular circumstances. |
1 AICPA has designated the Public Company Accounting Oversight Board (PCAOB) as a body to promulgate auditing and related professional practice standards relating to the preparation and issuance of audit reports of issuers.
2 Section 201 of the Sarbanes-Oxley Act of 2002 and the related SEC implementing rules created significant new independence requirements for auditors of public companies. For example, the SEC prohibits certain nonaudit services such as bookkeeping, internal audit outsourcing, and valuation services. All audit and nonaudit services performed by the auditor, including tax services, must be preapproved by the company’s audit committee. In March 2003, the SEC issued final rules implementing Section 201 of the Act. The rules, Strengthening the Commission’s Requirements Regarding Auditor Independence, can be found at www.sec.gov/rules/final/33-8183.htm.
3.17.110.58