 Until 2002, the accounting profession was self-regulated; the standards governing audits were
established by members of the profession themselves (through the American Institute of
Certified Public Accountants, or AICPA)
 As a result of audit failures to Enron and WorldCom, Congress passed the Sarbanes-Oxley Act of
o Among other reforms, this act created the Public Company Accounting Oversight Board
(PCAOB) to provide external and independent oversight over the audits of public entities
o A public entity is one who offers registered securities, such as stocks and bonds, for sale to
the general public
o The PCAOB is mainly responsible for registering public accounting firms, establishing
standards for audit engagements, and inspecting the quality of audits conducted by
registered public accounting firms
 PCAOB has met a lot of controversy, including criticisms of the increased costs for
public companies of complying with the PCAOB’s standards related to internal
control, as well as their inspection process
 Firms have filed a lawsuit challenging the constitutionality of the PCAOB based on
both the process through which members of the PCAOB are appointed as well as the
powers held by those members
Generally Accepted Auditing Standards (GAAS)
 The AICPA first developed standards that served as the basis for audits of both public and
nonpublic entities
o 1972-present, AICPA’s Auditing Standards Board issues the Statements on Auditing
Standards (SASs) to provide guidance for the conduct of audits
o The PCAOB issues Auditing Standards, which are subject to the formal approval of the SEC
 The authorization for developing standards for the audit of public entities belongs
to the PCAOB, while the authorization for developing standards to nonpublic
continues to remain with the Auditing Standards Board of the AICPA
 Together, the pronouncements of the AICPA and PCOAB are collectively referred to as generally
accepted auditing standards (GAAS)
o GAAS are auditing standards that identify the necessary qualifications and characteristics
of auditors and guide the conduct of the audit examination
o The purpose of GAAS is to meet the objectives of an audit examination, which are:
 To obtain reasonable assurance about whether the financial statements as a whole
are free of material misstatement, whether due to fraud or error, thereby enabling
auditors to express an opinion on whether the statements are presented fairly in all
material respects in accordance to applicable financial framework
 And, to report on the financial statements, and communicate as required by GAAS, in
accordance with the auditor’s findings
 Generally, auditors that don’t follow guidance provided by GAAS are presumed to have performed
deficient audits


o Auditing standards can be unconditionally required (auditors must fully comply with the
provisions or standards), or presumptively mandatory required (auditors can depart from
standards under certain circumstance and with appropriate documentation)
 More auditing literature: Interpretive publications
o This includes AICPA Audit and Accounting Guides, and AICA Auditing Statements and
Positions  provide application of GAAS in specific circumstances and for certain
o These are less authoritative than SASs and Auditing Standards but auditors must still
justify any departure from these publications
 In sum, GAAS:
o (1) Fundamental Principles (guide general conduct of audit engagements)  (2) PCAOB
Auditing Standards and ASB Statements on Auditing Standards (both provide support to
fundamental principles); can also include (3) the Interpretive publications (provide
further guidance on application of GAS)
 Auditing Standards vs. Auditing procedures  two different things
o Audit procedures are the specialized actions auditors take to obtain evidence in a specific
audit engagement  they are usually situation-specific: depend on the industry, the type of
entity, the complexity of the accounting system, etc.
o Auditing Standards are quality guides to the audit that apply to all audits
 Hence, auditors’ reports refer to an audit “conducted in accordance with standards
 We have special auditing standards for governmental and foreign entities
o A firm that audits public and private entities throughout the world may be subject to
multiple and sometimes conflicting standards issued by the ASB, PCAOB, and IAASB
 Having multiple sets of standards for the audits of different entities is a current
 Auditors and regulators have a great interest in convergence  making the
standards coordinated throughout the world
 International Standards on Auditing (ISAs) are the first step in the development of
one consistent set of guidelines that auditors worldwide can follow
Public entities
Rule-making body
AICPA - Auditing U.S. Government
IFAC Standards Board Accountability
Office (GAO)
Auditing and
Standards Board
Statements on
Standards (ASs)
Standards on
Standards (SASs) Standards (The
Auditing (ISAs)
Yellow Book)

Organization of GAAS
 Body of GAAS emerged from 10 basic standards that were classified into three major categories:
o General standards
o Standards of field work
o Standards of reporting
 ASB made an Exposure Draft and identified three fundamental principles very similar to the 10
basic standards underlying an audit
o These are related to the: responsibilities of the audit team, performance of the audit, and
reporting the results of the engagement
o Exhibit 2.1 (pg. 41) compares the 10 basic standards to the 3 fundamental principles of ASB
Comparison of AICPA GAAS with ASB Fundamental Principles
10 Basic Standards
Responsibilities Principles
Auditors responsible for:
General Standards
1. Competence and capabilities; 2. Complying with ethical
1. Training and proficiency
requirements (independence and due care); 3. Professional
2. Independence in mental attitude
skepticism and professional judgment
3. Due professional care in audit and report
Standards of Field Work
Performance Principle
To obtain reasonable assurance:
1. Planning and supervision
1.Plan work and supervise assistants; 2. Determine and
2. Understand entity and its environment to asses
apply appropriate materiality levels; 3. Identify and assess
risk of material misstatement
risk of material misstatements; 4.Obtain sufficient evidence
3. Obtain sufficient evidence
Standards of Reporting
Reporting Principle
Based on evidence obtained, auditor:
1. F/S in accordance with GAAP
1. Expresses an opinion or states that an opinion can't be
1. GAAP is applied consistently (only report if it was
expressed; 2. Opinion is based on conformity of financial
not applied consistently)
3.Adequacy of disclosures (only report if inadequate) statements with applicable financial reporting framework
4. Express of disclaim an opinion
 The fundamental principles closely parallel the definition of auditing
o Responsibilities principle defines objectivity and identifies auditors role
o Performance principle requires auditors to plan their work (“systematic process”) and to
“obtain and evaluate evidence” through assessing the risk of material misstatement and
gathering sufficient evidence
o Reporting principle provides guidance for “communicating results” of the audit about
whether financial statements prepared using “established criteria”
Fundamental Principle: Responsibilities
 Fundamental principle of responsibilities relates to personal integrity and professional
qualification of auditors; it includes:
o Having appropriate competence and capabilities to perform audit
o Complying with relevant ethical requirements : independence and due care
o Maintaining prof. skepticism and using professional judgment throughout the audit
 Most points relating to responsibilities principle are addressed before firm accepts a client
o However, Prof. skepticism and prof. judgment must be exercised throughout entire audit

Stages of an Audit (see page 42 for chart)
1. Obtain (or retain) engagement
 Responsibilities in this stage:
o Competence and capabilities
o Relevant ethical requirements (independence and due care)
2. Engagement Planning
Responsibilities for these stages include:
3. Risk Assessment
 Professional skepticism and professional judgment
4. Audit Evidence
 Due care
5. Reporting
Competence and Capabilities
 The competence and capabilities component of responsibilities principle has two elements:
education and expertise/experience
o Education: auditors are experts in accounting standards, financial reporting and auditing
 In addition to university-level education, auditors are also required to participate in
continuing professional education throughout their careers to keep pace with
changes in accounting profession
*Continuing professional education is a requirement for maintaining CPA
o Experience: gained through hands-on practice and on-the-job training
 Includes the ability to develop and apply professional judgment during audits
 Judgments relate to gathering evidence on fairness of financial statements,
evaluating evidence against GAAP, etc.
Independence and Due Care
 Responsibilities principle requires auditors to comply with appropriate ethical requirements
o Two specific ethical requirements we must know: independence and due care
 Auditors must maintain independence in mental attitude: they are expected to be unbiased and
impartial with respect to information they audit
o This state of mind and impartiality with respect to a client is also called independence in
 Auditors must also appear unbiased; independence in appearance is the extent to which others
(particularly financial statement users) perceive auditors to be independent
o Example: if an auditor owns shares of a client’s stock, third-party users would not perceive
the auditor to be independent (even though the mental attitude of the auditor is impartial)
 The concept of independence has evolved over time  SEC has issued rules that prohibit audits
from providing financial systems implementation and audit services to their clients; and all nonaudit work must be approved by audit committee before taken up
o SOX has imposed more restrictions (see page 43 for details on restrictions)
 Two major threats to independence exist:
o 1. Financial relationships, such as owning shares of stock in a client or having a loan
outstanding to/from a client
o 2. Managerial relationships, such as the ability to act in a decision-making capacity on
behalf of a client or to provide advice on information that will be audited

Independence must be guarded  general public will grant professional status to an auditor only
as long as they are perceived to be independent
 Second ethical requirement: due care
o Due care reflects a level of performance that would be exercises by reasonable auditors in
a similar circumstance; auditors are expected to possess the skills and knowledge of others
in their profession and are not expected to be infallible
 This aspect relates to the competence and capabilities of the auditor to perform the
engagement and issue appropriate reports
 One specific element of due care is performing the audit with appropriate level of
professional skepticism
Professional Skepticism and Professional Judgment
 Both professional skepticism and professional judgment are required throughout the entire audit
 Professional skepticism is a state of mind characterized by appropriate questioning and a
critical assessment of audit evidence; Auditors consider:
o Contradictory evidence obtained through different procedures
o Reliability of documentary evidence
o Reliability of information obtained from management and those in charged of the entity
(audit committee)
 Professional judgment is the application of relevant training, knowledge, and experience in
making informed decisions about appropriate courses of action during the audit engagement
o These judgments relate to the evidence obtained during the audit and the conclusions
 Professional judgment is exercised through gathering, evaluating and drawing
conclusions on the evidence
o Auditors are required to carefully document their professional judgment in a way such that
experienced auditors with no previous relationship to the audit can understand the
judgments and conclusions made
Fundamental Principle: Performance
 Fundamental principle of performance sets for the quality for conducting an audit
o Performance is also highly influenced by the need for prof. skepticism and prof. judgment
 The performance principle states:
o To express an opinion, the auditor obtains reasonable assurance about whether the
financial statements are free from material misstatements, whether due to fraud/error. To
obtain reasonable assurance (high, but not absolute assurance), the audit must:
 Plan the work and supervise assistants
 Determine appropriate materiality level throughout the audit
 Assess risk of material misstatement, whether due to fraud or error, based on
understanding the entity/its environment, and its internal control
 Obtain sufficient audit evidence about whether material misstatements exist,
through implementing appropriate responses to assessed risks

Basically, performance principle contains five elements: (1) reasonable assurance, (2) planning
and supervision, (3) materiality, (4) risk assessment, and (5) audit evidence
Reasonable Assurance
 Reasonable assurance recognized that a GAAS audit may not detect all material misstatements and
that auditors are not ‘insurers’ or ‘guarantors’ regarding the fairness of the entity’s financial
o Auditors are expected to provide a high level of assurance about their work (not absolute
o Reasonable assurance is provided by assessing various risks relating to the likelihood of
material misstatement in financial statements and performing audit procedures to control
the risk to a low level
 Why can’t GAAS audits achieve absolute assurance? Some limitations:
o Auditors are not infallible
o The nature of financial reporting is such that certain aspects of this process are subject to
management judgment and estimates (useful lives for depreciation, etc.)
o Audit procedures can’t always detect misstatements
o Due to time constrains, auditors only evaluate a sample of transactions/components
*Despite these limitations, the concept of reasonable assurance does require auditors to
reduce the risk of failing to detect a material misstatement to a low level
Planning and Supervision
 After obtaining/retaining an engagement, the next step is planning; it includes:
o (1) Preparing an audit and supervising and audit work
o (2) Obtaining knowledge of client’s business
o (3) Dealing with differences of opinion among the accounting firm’s personnel
 GAAS requires a written audit plan – a list of the audit procedures auditors need to perform to
gather sufficient appropriate evidence on which to base their opinion on the financial statements
 Auditors must obtain an understanding of the client’s business and industry
o This helps auditors identify areas for special attention (accounts or transactions where
fraud may exist), evaluate the reasonableness of accounting estimates, and make
judgments about management’s choices among accounting principles
 Timing is extremely important for audit planning  in order to have enough time to plan an audit,
auditors need to be engaged before the fiscal year end (known as the date of the financial
o More advance notice allows more time for planning
o The audit team may also be able to perform part of the audit at an interim date – a date that
is weeks or months before year-end, and thereby make the rest of the audit work more
January 1

November 10

Evaluate activity from Jan 1-Nov 10
Planning and Interim Work

December 31

Evaluate activity from Nov 10 –Dec 31
Normal Year-End Work


 Materiality, as it relates to financial reporting, is the dollar amount that would influence the
lending or investing decisions of financial statement users
 Materiality is recognized as part of the objective of an audit, which is to “obtain reasonable
assurance about whether the financial statements as a whole are free of material misstatement”
o Auditors are not responsible for detecting misstatements that are not material
 The audit team considers materiality in planning the audit, performing the audit, and evaluating
the effect of misstatements on financial statements
 However, auditors must consider qualitative materiality - a small misstatement with large
Risk Assessment
 The risk assessment process requires an understanding of the client, its operating environment,
and its industry, including its internal controls
 Internal control is defined as the policies and procedures implemented by an entity to
prevent/detect material accounting fraud/error and provide for their correction in a timely basis
 Auditors assess the risk of material misstatement, the combined probability that a material
misstatement (error or fraud) will occur [inherent risk] and the probability that a material
misstatement (error or fraud) will not be prevented or detected on a timely basis [control risk]
by the entity’s internal controls
o Basically, risk of material misstatement is the likelihood that an error/fraud will exist in
the F/S prior to the auditor’s work
 The primary purpose of assessing the risk of material misstatement is to help auditors determine
the nature, timing, and extent of audit procedures necessary to gather evidence about the fairness
of the financial statements
 Process of risk assessment includes two relationships:
o 1. Effective internal control  Lower level of control risk  Allows auditors to evaluate
less evidence and use less effective substantive procedures
o 2. Ineffective internal control  Higher level of control risk  Requires that auditors
evaluate more evidence and use more effective procedures
 Auditors responsibility to report on the effectiveness of an entity’s internal controls for public
entities exceeds that for the audit of a nonpublic entity
Audit Evidence
 Final element of performance principle is collecting and evaluating evidence to provide the
o Evidence – the information used by auditors in arriving at the conclusions on which the
audit opinion is based and includes the underlying accounting data and all available
corroborating data
 Substantive procedures are the methods used by auditors to evaluate evidence following the risk
 The performance principle requires auditors to gain persuasive evidence; persuasiveness is an
overall ability of evidence to support the auditor’s opinion
 Persuasive evidence relies on both sufficiency and appropriateness
 Appropriateness relates to evidence quality, sufficiency relates to evidence quantity
o Appropriate evidence must be relevant and reliable
 Relevance refers to the nature of information provided by the audit evidence 
relates to the quality of evidence; operationalized through management assertions
 Reliability refers to the extent of trust auditors place in evidence  Evidence that is
reliable is high quality

Reliable evidence also depends on sources: in evaluating potential sources of
evidence, auditors consider the hierarchy of audit evidence quality
 1. Direct, personal knowledge of auditor obtained through physical
observation and mathematical computation done by auditor; this is
considered the most reliable evidence
 2. External documentary evidence: documentary evidence obtained
directly from external sources; generally considered reliable, but knowledge
and objectivity of sources must be considered
 3. External-Internal evidence: documentary evidence that originated
outside the client’s information system but has been processed by the client;
considered reliable when internal controls are strong but less reliable than
external evidence
 4. Internal evidence: documents produced and stored within the client’s
information system; considered low in reliability, but used extensively when
produced under satisfactory internal control conditions
 5. Verbal evidence: responses provided by client’s officers, directors,
owners, etc.; considered the least reliable form of evidence; GAAS requires
auditors obtain written representation – written assertions provided by
management to auditors on matters such as the fairness of the f/s,
availability of financial records and other data, and other specific financial
Sufficiency measures the quantity of audit evidence (the number of transactions or components
o Sufficiency is left to auditor’s professional judgment
o There is no official standard to how much evidence is needed, but sufficient evidence can be
defined as enough evidence to stand the scrutiny of other auditors (supervisors/reviewers)
and outsiders (critics, judges, etc.)
Sufficiency and appropriateness of evidence is reflected in detection risk – the risk that the audit
teams’ substantive procedures will fail to detect a material misstatement
o To lower detection risk, auditors must require higher quality evidence, gather more
relevant and reliable evidence (appropriateness), and evaluate a larger number of
transactions/components (sufficiency)
 Thus detection risk is affected by both sufficiency and appropriateness

Fundamental Principle: Reporting
 The final stage of an audit
 Fundamental reporting principle states: Based on evaluation of evidence obtained, the auditor
expresses in the form of a written report, an opinion in accordance with the auditor’s findings, or
states that an opinion can’t be expressed. The opinion states whether the financial statements are
presented fairly, in all material respects, in accordance with applicable financial reporting
 The reporting principle requires the auditor to express an opinion on the entity’s financial
statements (or indicate that an opinion can not be expressed)
 In expressing the opinion, the auditor is required to assess the financial statements against an
applicable set of criteria (GAAP, IFRS, etc.) used to determine the measurement, recognition,
presentation, and disclosure of material items in the financial statements
 Types of Audit Opinions:
o Unqualified: a “clean” opinion that makes no mention of auditing or accounting
deficiencies; F/S are fully in accordance to GAAP