NINJA BOOK

A u d i t i n g & Att est ation 2021

Other Auditing Standards

 Copyright & Disclaimer

This book contains material copyrighted © 1953 through 2020 by the American Institute of Certified Public
Accountants, Inc., and is used or adapted with permission.

Material from the Uniform CPA Examination Questions and Unofficial Answers, copyright © 1976 through
2020, American Institute of Certified Public Accountants, Inc., is used or adapted with permission.

This book is written to provide accurate and authoritative information concerning the covered topics for
the Uniform CPA Examination and is to be used solely for studying for the Uniform CPA Examination and
for no other purpose.

© 2020 NINJA CPA Review, LLC. All Rights Reserved.

FULL CPA REVIEW COURSE ACCOUNTS AVAILABLE

@30% of Original Price Only.
BECKER,
WILEY,ROGER,Gleim
Contact Telegram-@cpareviewcourse @Aeyron

2
 Other Auditing Standards

International Standards on Auditing (ISA)

Overview
The International Auditing and Assurance Standards Board (IAASB) of the International Federation of
Accountants (IFAC) issues International Standards on Auditing (ISA) and assurance standards.

A CPA practicing in the United States may be engaged to audit the financial statements of a client in
accordance with the ISA. In those circumstances where the auditor’s report states that the audit was
conducted in accordance with International Auditing Standards, the US auditor should comply with both the
ISA and, as required by the AICPA Code of Professional Conduct, auditing standards generally accepted in
the United States of America for a nonissuer or the standards of the Public Company Accounting Oversight
Board (United States) for an issuer. An engagement of this nature is normally conducted by performing an
audit in accordance with auditing standards generally accepted in the United States of America or the
PCAOB standards plus performing the additional procedures required by the ISA.

Public Company Accounting Oversight Board (PCAOB) Auditing Standards

Background
The Sarbanes-Oxley Act of 2002 established the Public Company Accounting Oversight Board (PCAOB).
The term public company refers to an issuer of publicly traded securities. The Securities and Exchange
Commission (SEC) has oversight authority over the PCAOB, including the approval of its rules, standards,
and budget.

PCAOB Responsibilities
The PCAOB is charged with the responsibility of overseeing the audits of public companies, brokers, and
dealers. Its four primary responsibilities are:

1. Registration of accounting firms

a. Accounting firms are required to register with the PCAOB to prepare, issue, or participate in audit
reports of issuers, brokers, and dealers. Non-US accounting firms that furnish, prepare, or play a
substantial role in preparing an audit report for same are also subject to PCAOB rules.

b. Each registered firm is required to file an annual report (Form 10-K).

2. Inspections of registered firms’ audits and quality control

3. Establishment of auditing and related attestation, quality control, ethics, and independence standards
for registered public accounting firms

4. Investigation and discipline of registered public accounting firms and their associated persons for
violations of specified laws or professional standards

3
The 10 Auditing Standards
Auditing standards provide a measure of audit quality and the objectives to be achieved in an audit. Auditing
procedures differ from auditing standards. Auditing procedures are acts that the auditor performs during
the course of an audit to comply with auditing standards.

1. Overview

a. General Standards

(1) Technical Training & Proficiency The audit is to be performed by a person or persons
having adequate technical training and proficiency as an auditor.

(2) Independence In all matters relating to the assignment, an independence in mental attitude
is to be maintained by the auditor or auditors.

(3) Due Professional Care Due professional care is to be exercised in the performance of the
audit and the preparation of the report.

b. Standards of Fieldwork Audit documentation should be sufficient to show that the standards of
fieldwork have been observed.

(1) Adequate Planning & Supervision The work is to be adequately planned and assistants,
if any, are to be properly supervised.

(2) Understanding of Internal Control A sufficient understanding of internal control is to be

obtained to plan the audit and to determine the nature, timing, and extent of tests to be
performed.

(3) Sufficient Appropriate Evidential Matter Sufficient appropriate evidential matter is to be

obtained through inspection, observation, inquiries, and confirmations to afford a reasonable
basis for an opinion regarding the financial statements under audit.

c. Standards of Reporting

(1) Accounting in Conformity with US GAAP The report shall state whether the financial
statements are presented in accordance with generally accepted accounting principles
(GAAP).

(2) Consistency The report shall identify those circumstances in which such principles have
not been consistently observed in the current period in relation to the preceding period.

(3) Adequate Informative Disclosure Informative disclosures in the financial statements are
to be regarded as reasonably adequate unless otherwise stated in the report.

(4) Expression of an Opinion The report shall contain either an expression of opinion
regarding the financial statements, taken as a whole, or an assertion to the effect that an
opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons
therefor should be stated. In all cases where an auditor’s name is associated with financial
statements, the report should contain a clear-cut indication of the character of the auditor’s
work, if any, and the degree of responsibility the auditor is taking.

4
2. Nature of the General Standards The general standards are personal in nature. They relate to the
qualifications of the auditor and the quality of the work performed. They apply alike to the areas of
fieldwork and reporting.

a. Technical Training & Proficiency The audit is to be performed by a person or persons having
adequate technical training and proficiency as an auditor.

In the performance of the audit which leads to an opinion, the independent auditor holds himself
or herself out as one who is proficient in accounting and auditing. The attainment of that
proficiency begins with the auditor’s formal education and extends into his or her subsequent
experience. The independent auditor must undergo training adequate to meet the requirements
of a professional. This training must be adequate in technical scope and should include a
commensurate measure of general education. The junior assistant, just entering upon an auditing
career, must obtain his or her professional experience with the proper supervision and review of
his or her work by a more experienced superior. The nature and extent of supervision and review
must necessarily reflect wide variances in practice. The engagement partner must exercise
seasoned judgment in the varying degrees of his or her supervision and review of the work done
and judgments exercised by his or her subordinates, who in turn must meet the responsibilities
attaching to the varying gradations and functions of their work.

b. Independence In all matters relating to the assignment, an independence in mental attitude is

to be maintained by the auditor or auditors.

The attitude implied by independence is that of judicial impartiality or fairness toward clients and
others who rely upon the independent auditor’s report. The auditor’s objective is to ensure that the
general public maintains confidence in the independence of the auditor. Independence in attitude
also implies the auditor is without bias towards the client.

c. Due Professional Care Due professional care is to be exercised in the performance of the audit
and the preparation of the report.

An auditor should possess the degree of skill commonly possessed by other auditors. An auditor
commits a type of fraud if the auditor alleges possessing the degree of skill commonly possessed
by other auditors when that is not the case.

Each person within an independent auditor’s organization has the responsibility to exercise due
care and adhere to the standards of fieldwork and reporting. Auditors should be assigned to tasks
and supervised commensurate with their level of knowledge, skill, and ability so that they can
evaluate the audit evidence they are examining. The engagement partner should know, at a
minimum, the relevant professional accounting and auditing standards and should be
knowledgeable about the client. The engagement partner is responsible for the assignment of
tasks to, and supervision of, the members of the engagement team.

(1) Professional Skepticism Due professional care requires the auditor to exercise
professional skepticism. Professional skepticism is an attitude that includes a questioning
mind and a critical assessment of audit evidence.

Gathering and objectively evaluating audit evidence requires the auditor to consider the
appropriateness and sufficiency of the evidence. Since evidence is gathered and evaluated
throughout the audit, professional skepticism should be exercised throughout the audit
process.

The auditor neither assumes that management is dishonest nor assumes unquestioned
honesty. In exercising professional skepticism, the auditor should not be satisfied with less
than persuasive evidence because of a belief that management is honest.

5
 (2) Reasonable Assurance The exercise of due professional care allows the auditor to obtain
reasonable assurance about whether the financial statements are free of material
misstatement, whether caused by error or fraud, or whether any material weaknesses exist
as of the date of management's assessment. Absolute assurance is not attainable because
of the nature of audit evidence and the characteristics of fraud. Although not absolute
assurance, reasonable assurance is a high level of assurance. Therefore, an audit conducted
in accordance with the standards of the PCAOB may not detect a material weakness in
internal control over financial reporting or a material misstatement to the financial
statements.

(a) Inherent Limitations of an Audit The independent auditor’s objective is to obtain

sufficient appropriate evidential matter to provide him or her with a reasonable basis for
forming an opinion. The nature of most evidence derives, in part, from the concept of
selective testing of the data being audited, which involves judgment regarding both the
areas to be tested and the nature, extent, and timing of the tests to be performed. In
addition, judgment is required in interpreting the results of audit testing and evaluating
audit evidence. Even with good faith and integrity, mistakes and errors in judgment can
be made. Furthermore, accounting presentations contain accounting estimates, the
measurement of which is inherently uncertain and depends on the outcome of future
events. The auditor exercises professional judgment in evaluating the reasonableness
of accounting estimates based on information that could reasonably be expected to be
available prior to the completion of fieldwork. As a result of these factors, in the great
majority of cases, the auditor must rely on evidence that is persuasive rather than
convincing.

(b) Fraud Because of the characteristics of fraud, a properly planned and performed audit
may not detect a material misstatement. Characteristics of fraud include (1)
concealment through collusion among management, employees, or third parties; (2)
withheld, misrepresented, or falsified documentation; and (3) the ability of management
to override or instruct others to override what otherwise appears to be effective controls.
For example, auditing procedures may be ineffective for detecting an intentional
misstatement that is concealed through collusion among personnel within the entity and
third parties or among management or employees of the entity. Collusion may cause
the auditor who has properly performed the audit to conclude that evidence provided is
persuasive when it is, in fact, false. In addition, an audit conducted in accordance with
PCAOB auditing standards rarely involves authentication of documentation, nor are
auditors trained as or expected to be experts in such authentication. Furthermore, an
auditor may not discover the existence of a modification of documentation through a
side agreement that management or a third party has not disclosed. Finally,
management has the ability to directly or indirectly manipulate accounting records and
present fraudulent financial information by overriding controls in unpredictable ways.

Overall Opinion & Association with Financial Statements

1. Overall Opinion Reference to the financial statements taken as a whole applies equally to a complete
set of financial statements and to an individual financial statement (such as a balance sheet) for one
or more periods presented. Thus, an auditor may express an unqualified opinion on one of the financial
statements and express a qualified or adverse opinion or disclaim an opinion on another if the
circumstances warrant. For example, when an auditor of a new client cannot become satisfied with
the accuracy of opening inventory balances, this scope limitation affects the income, retained earnings,
and cash flow statements, but not the balance sheet. (This is because cost of goods sold cannot be
verified.) Thus, an unqualified opinion could be issued on the balance sheet and a disclaimer of opinion
should be issued on the other financial statements.

2. Association with Financial Statements The objective of the fourth standard is to prevent any
misinterpretation of the degree of responsibility the auditor is assuming when the auditor’s name is
associated with financial statements.

6
3. Piecemeal Opinions The auditor should not express an opinion on specified elements, accounts, or
items included in financial statements on which the auditor has expressed an adverse opinion or
disclaimed an opinion on the financial statements taken as a whole, if such reporting would be
tantamount to expressing a piecemeal opinion on the financial statements. Piecemeal opinions are
expressions of opinion as to certain identified items in financial statements and tend to overshadow or
contradict a disclaimer of opinion or an adverse opinion. However, an auditor is able to express an
opinion on one or more certain identified items of a financial statement, provided the identified items
and the scope of the related audit do not encompass so many elements as to constitute a major portion
of the financial statements. For example, it may be appropriate for an auditor to express an opinion on
an entity’s accounts receivable even if the auditor disclaimed an opinion on the financial statements
taken as a whole. However, the report on the certain identified item should be presented separately
from the report on the financial statements.

Types of Audit Opinions

1. Unqualified Opinion, Standard Report The standard report is issued when the auditor feels the
financial statements fairly present, in all material respects, the financial position, results of operations,
and cash flows in conformity with US GAAP or OCBOA (including adequate disclosure). The audit must
have been conducted in accordance with the standards of the Public Company Accounting Oversight
Board (PCAOB auditing standards).

2. Explanatory Language Added to Standard Report Certain circumstances, while not affecting the
auditor’s unqualified opinion on the financial statements, may require that the auditor add an
explanatory paragraph (or other explanatory language) to the report. These circumstances include:
part of the audit is performed by other auditors; substantial doubt about the entity’s ability to continue
as a going concern; a material lack of consistency; certain circumstances related to reports on
comparative financial statements; certain circumstances related to interim financial information;
required supplementary information (RSI) accompanies the financial statements; and other information
in documents containing the financial statements is materially inconsistent with the financial
statements.

Additionally, the auditor may add an explanatory paragraph to emphasize a matter regarding the
financial statements, but this is not required. Emphasis paragraphs are added solely at the auditor’s
discretion.

3. Qualified Opinion A qualified opinion states that, “except for” the effects of the matter to which the
qualification relates, the financial statements present fairly, in all material respects, the financial
position, results of operations, and cash flows of the entity in conformity with GAAP. A qualification
may exist due to a scope limitation (and the auditor has decided not to express an unqualified opinion
or disclaim an opinion) or a material departure from GAAP (and the auditor has decided not to express
an adverse opinion).

4. Adverse Opinion An adverse opinion states that the financial statements do not present fairly the
financial position, results of operations, or cash flows of the entity in conformity with GAAP. It is
expressed when the financial statements taken as a whole are not presented fairly in conformity with
GAAP.

5. Disclaimer of Opinion A disclaimer of opinion states that the auditor does not express an opinion on
the financial statements. Usually an opinion is disclaimed due to scope limitations. It should not be
expressed when there is a material departure from GAAP.

7
Unqualified Opinion & the Standard Report (PCAOB 2017-001)

1. Elements of the Standard Report The basic elements of the report are TAO-BS:

a. Title - “Report of Independent Registered Public Accounting Firm”

b. Addressee - Addressed to the Shareholders & Board of Directors

c. Opinion - “Opinion on the Financial Statements”

(1) Who: Name of the Company

(2) What: List of Statements & Schedules Audited

(3) When: Specify the Date or Period

(4) Opinion: “The financial statements present fairly, in all material respects, the financial position of
the company as of the balance sheet date, and the results of its operations and its cash flows for
the period then ended in conformity with the applicable financial reporting framework.”

d. Basis for Opinion

(1) Management’s Responsibility – Financial Statements

(2) Auditor’s Responsibility – Express Opinion

(3) Accordance with PCAOB Standards

a. Plan and Perform Audit

b. Obtain Reasonable Assurance – Free of Material Misstatement due to Error or

Fraud

(4) Audit Included

a. Performing Procedures

b. Examining Evidence

c. Evaluating Accounting Principles

d. Evaluating Presentation of Financial Statements

(5) Audit Provides Reasonable Basis for Opinion

(6) Auditor Firm is Registered with PCAOB

e. Signature of Audit Firm

(1) Auditor Tenure (Required)

a. Date Firm began serving consecutively as Auditor

(2) City / State

(3) Date of Auditor’s Report

8
Audit Documentation (AS 3)

Note that in general, the PCAOB’s requirements are more stringent than US GAAS.

PCAOB vs. US GAAS

1. Documentation Completion Date A complete and final set of audit documentation should be
assembled for retention as of a date not more than 45 days after the report release date. Per US
GAAS, this is required no later than 60 days following the report release date.

2. Retention Audit documentation must be retained for 7 years from the report release date unless a
longer period of time is required by law. Per US GAAS, the retention period should not be shorter than
5 years from the report release date.

Additional PCAOB or US GAAS Requirements

1. Engagement Completion Document In addition to requirements similar to those in US GAAS

pertaining to significant findings or issues, the PCAOB requires that significant findings or issues be
identified in an engagement completion document. This document may include either all information
necessary to understand the significant findings or issues or consist of cross-references to other
supporting documentation. Per US GAAS, a similar document is highly recommended, but it is not
required.

2. Risk Assessment Procedures & Responses to Risks of Misstatement In addition to requirements

similar to those in US GAAS regarding the documentation of audit procedures, the PCAOB specifies
that the documentation of risk assessment procedures and responses to risks of misstatement should
include:

a. A summary of the identified risks of misstatement and the auditor’s assessment of risks of material
misstatement (RMM) at the financial statement and assertion levels

b. The auditor’s responses to the risks of material misstatement, including linkage of the responses
to those risks

3. Audit Documentation Supporting the Work of Other Auditors

a. PCAOB The PCAOB requires that all supporting documentation prepared by other auditors must
be retained by or accessible to the office issuing the audit report.

In addition, unless reference is made to the other auditor in the audit report, the following specific
documentation must be obtained, reviewed, and retained by the office issuing the audit report
prior to the report release date:

(1) An engagement completion document including any cross-referenced documentation

(2) A list of significant risks and results of related audit procedures

(3) Sufficient information concerning significant findings or issues that contradict or are
inconsistent with final conclusions

(4) Any findings affecting the consolidating or combining of accounts in the consolidated
financial statements

(5) Sufficient information to show that financial statement amounts audited by other auditors
reconcile to the information underlying the consolidated financial statements

9
 (6) A schedule of accumulated misstatements, including descriptions of the nature and cause
of each misstatement, and an evaluation of uncorrected misstatements, including the
quantitative and qualitative factors

(7) All significant deficiencies and material weaknesses in internal control over financial
reporting, including a clear distinction between the two

(8) Management representation letters

(9) All matters to be communicated to the audit committee

b. US GAAS US GAAS requires the group engagement team to include the following in the audit
documentation. There is no similar explicit requirement regarding the role of the office that issued
the audit report.

(1) Overall Requirements

(a) An analysis of components indicating those that are significant and the type of work
performed on the financial information of the components

(b) Written communications between the group engagement team and the component
auditors about the group engagement team’s requirements

(2) Requirements Related to Components for Which Reference Is Made in Group Audit
Report to Component Auditor

(a) Those components referenced

(b) The financial statements of those components

(c) The audit reports of the component auditors

(d) The basis for the group engagement partner’s determination that the audit performed
by the component auditor met the relevant requirements of US GAAS when the
component audit reports do not state that their audit was performed in accordance with
US GAAS or PCAOB auditing standards

(3) Additional Requirements When Group Auditor Is Assuming Responsibility for Work
of Component Auditor The group engagement team should include in the audit
documentation the nature, extent, and timing of the group engagement team’s involvement
in the work performed by the component auditors on significant components, including, when
applicable, the group engagement team’s review of relevant parts of the component auditors’
audit documentation and related conclusions.

Audit of Internal Control Over Financial Reporting (AS 5)

Overview
PCAOB AS 5, An Audit of Internal Control Over Financial That Is Integrated with An Audit of Financial
Statements, establishes requirements and provides guidance for auditors engaged to audit management’s
assessment of the effectiveness of internal control over financial reporting (ICFR) that is integrated with an
audit of the financial statements. Effective ICFR provides reasonable assurance that the financial reporting
process and the preparation of the financial statements are reliable for external purposes.

Auditor’s Objective in an Audit of ICFR

The objective of the auditor for this type of engagement is to express an opinion on the effectiveness of the
company’s ICFR as of a point in time and taken as a whole. To express an opinion as of a point in time, the

10
auditor must obtain evidence that ICFR has operated effectively for a sufficient period of time which may
be less than the period covered by the company’s financial statements.

To express an opinion on ICFR as a whole, the auditor must obtain evidence about the effectiveness of
selected controls over all relevant assertions. This involves testing the design and operating effectiveness
of controls that in most cases would not be required if only expressing an opinion on the financial
statements.

During an audit of financial statements, when the auditor’s risk assessment of specific financial statement
assertions includes an expectation of the operating effectiveness of the relevant controls, evidence must
be obtained that these controls were effective for a particular time (or throughout the period) upon which
the auditor plans to rely on them. The auditor’s risk assessment, during a financial statement audit, would
ordinarily not include an expectation of the operating effectiveness of controls for all relevant assertions.

1. Material Weaknesses If one or more material weaknesses exist, a company’s ICFR is not effective.
Therefore, the auditor must plan and perform the audit to obtain evidence that is sufficient to obtain
reasonable assurance about whether material weaknesses exist as of the date of management’s
assessment. There may be a material weakness in ICFR even when financial statements are not
materially misstated. Indicators of material weaknesses include:

a. Identification of fraud on the part of senior management, whether or not material

b. Restatement of previously issued financial statements to reflect the correction of a material

misstatement

c. Auditor identification of a material misstatement of current period financial statements that would
not have been detected by the company’s ICFR

d. Ineffective oversight by the company’s audit committee of external financial reporting and ICFR

2. Standards & Criteria The three general standards per the PCAOB’s interim standards are applicable
to an audit of ICFR. PCAOB AS 5 establishes the applicable fieldwork and reporting standards. The
auditor should use the same appropriate, established control framework to perform an audit of ICFR
as the company’s management uses in its annual evaluation of the effectiveness of ICFR.

Management’s Written Representations

The standard refers the auditor to the PCAOB auditing standard on management representations for further
guidance on the management representation letter such as who should sign it, the period it covers, and when
to obtain an updated letter as these are the same as for an audit of the financial statements. The auditor
should obtain the following written representations from management:

1. Acknowledgment of management’s responsibility for establishing and maintaining effective ICFR

2. Statement that management has performed an evaluation and made an assessment of the
effectiveness of the company’s ICFR and specifying the control criteria

3. Statement that management did not use the auditor’s procedures performed during either the audit of
ICFR or the financial statements as part of the basis for management’s assessment of the
effectiveness of the company’s ICFR

4. Statement of management’s conclusion, as set forth in its assessment, about the effectiveness of the
company’s ICFR based on the control criteria as of a specified date

5. Statement that management disclosed to the auditor all deficiencies in the design or operation of ICFR
identified as part of management’s evaluation, including separately disclosing all such deficiencies that
it believes to be significant deficiencies or material weaknesses in ICFR

11
6. Description of any fraud resulting in a material misstatement to the company’s financial statements
and any other fraud that involves senior management or management or other employees who have
a significant role in the company’s ICFR

7. Statement of whether control deficiencies identified and communicated to the audit committee during
previous engagements have been resolved, and specifically identifying any that have not

8. Statement whether there were, subsequent to the date being reported on, any changes in ICFR or
other factors that might significantly affect ICFR, including any corrective actions taken by
management with regard to significant deficiencies and material weaknesses

Communications

1. Ineffective Oversight In the case where the auditor concludes that oversight by the company’s audit
committee of external financial reporting and ICFR is ineffective, the auditor must communicate that
conclusion, in writing, to the board of directors.

2. Material Weaknesses The auditor must communicate, in writing, to management and the audit
committee all material weaknesses identified during the audit. This should be done prior to the
issuance of the audit report on ICFR. If a material weakness has not been included in management’s
assessment, the auditor should also communicate this fact, in writing, to the audit committee.

3. Significant Deficiencies The auditor must also communicate, in writing, all significant deficiencies to
the audit committee.

4. Deficiencies The auditor should communicate, in writing, all deficiencies in ICFR to management of
which he or she is aware—the auditor is not required to perform procedures that are sufficient to
identify all control deficiencies. The audit committee should be informed by the auditor when this
communication to management has been made.

5. Scope Limitation If the auditor concludes that he or she cannot express an opinion because there has
been a scope limitation, the auditor should communicate, in writing, to management and the audit
committee that the audit of ICFR cannot be completed.

6. Material Misstatement in Additional Information Included with Management’s Report If the

auditor determines that the other information included with management’s annual report on ICFR
contains a material misstatement of fact and if after a discussion with management, management does
not remedy it, the auditor should communicate his or her concerns, in writing, to management and the
audit committee.

7. Fraud & Illegal Acts The standard refers the auditor to the PCAOB auditing standards on fraud,
illegal acts, and §10A of the Securities Exchange Act of 1934 for guidance regarding the auditor’s
responsibilities if he or she becomes aware of fraud or possible illegal acts.

8. Management’s Annual Certification Is Misstated The standard refers the auditor to the PCAOB
auditing standard on interim financial information, for guidance as to communication responsibilities in
this instance.

9. Auditor Disagrees with Management’s Exclusion of Certain Entities The auditor may disagree
with management’s application of the SEC’s criteria for exclusion of certain entities from the
assessment of ICFR or find their disclosure of the exclusion inadequate. The standard refers the
auditor to the PCAOB auditing standard on interim financial information for guidance as to communi-
cation responsibilities in this instance.

Reporting

1. Forming an Opinion The auditor should form an opinion of the effectiveness of ICFR after
considering the evidence obtained from all sources. In addition to the evidence from the auditor’s

12
 testing of controls and identification of control deficiencies, this would include misstatements identified
during the financial statement audit and the evidence in current reports on ICFR issued by internal
auditors or others.

The auditor should not issue a report stating that no deficiencies exist because an audit of ICFR does
not provide assurance that all deficiencies less severe than a material weakness have been identified.

Risk Assessment Standards: PCAOB vs. US GAAS & ISA

PCAOB Audit Risk

1. Inverse Relationship of Detection Risk & Substantive Procedures

PCAOB standards include an explicit requirement that as the appropriate level of detection risk
decreases, the evidence from substantive procedures that the auditor should obtain increases.

US GAAS and ISA include an implicit rather than an explicit requirement regarding this matter because
risk assessment is required and its purpose is to allow auditors to vary the amount of audit attention
related to particular areas based on the risks presented by them.

Editor’s Note: Detection risk relates to the substantive audit procedures and is managed by the
auditor’s response to the risk of material misstatement (RMM). As the assessed RMM increases, the
evidence from substantive procedures that the auditor should obtain also increases. The auditor
reduces detection risk through the nature, extent, and timing of substantive procedures performed.
However, the auditor should perform substantive procedures for all relevant assertions related to
material classes of transactions, account balances, and disclosures. The formula for RMM is as
follows: Inherent Risk (IR) x Control Risk (CR) = RMM. RMM x Detection Risk (DR) = Audit Risk.

2. Tolerable Misstatement PCAOB standards contain a requirement to take into account the nature,
cause (if known), and amount of misstatements that were accumulated in audits of the financial
statements of prior periods when determining tolerable misstatement and planning and performing
audit procedures.

US GAAS and ISA do not have such a requirement.

Editor’s Note: Tolerable misstatement is the maximum error in a population (e.g., the class of
transactions, account balance, or disclosure) that the auditor is willing to accept. When assessing the
RMM and designing and performing further audit procedures to respond to the assessed risks, the
auditor should allow for the possibility that some misstatements of lesser amounts than the materiality
levels could, in the aggregate, result in a material misstatement of the financial statements.

PCAOB Identifying and Assessing Risks of Material Misstatement

1. Additional Procedures for Obtaining an Understanding PCAOB standards require the auditor to
consider performing certain procedures as part of obtaining an understanding of the company.

These procedures include reading public information about the company, observing or reading
transcripts of earnings calls, obtaining an understanding of compensation arrangements with senior
management, and obtaining information about trading activity in the company’s securities and holdings
in the company’s securities by significant holders.

US GAAS and ISA do not have such a requirement.

2. Disclosures PCAOB standards require the auditor to develop expectations about the disclosures that
are necessary for the company’s financial statements to be presented fairly in conformity with the
applicable financial reporting framework to identify and assess the RMM related to omitted, incomplete,
or inaccurate disclosures. Additionally, the engagement team members should discuss how fraud
might be perpetrated or concealed by omitting or presenting incomplete or inaccurate disclosures. The

13
 auditor’s evaluation of fraud risk factors should include how fraud could be perpetrated or concealed
by presenting incomplete or inaccurate disclosures or by omitting disclosures that are necessary for
the financial statements to be presented fairly in conformity with the applicable financial reporting
framework.

Although consideration of appropriate disclosure is included throughout the US GAAS and ISA, they
do not include a risk assessment requirement similar to this for disclosures.

3. Control Deficiencies Identified PCAOB standards state that if the auditor identifies a control
deficiency in the company’s control environment, the auditor should evaluate the extent to which this
control deficiency is indicative of a fraud risk factor.

US GAAS and ISA do not have such a requirement.

4.Relationship of Understanding of Internal Controlto Tests of Controls PCAOB standards require

the auditor to take into account the evidence obtained from understanding internal control when
assessing control risk and, in the audit of internal control, forming conclusions about the effectiveness
of controls. The auditor should also take into account the evidence obtained from understanding
internal control when determining the nature, extent, and timing of procedures necessary to support
the auditor’s conclusions about the effectiveness of entity-level controls in the audit of internal control.

US GAAS and ISA do not have such a requirement linking tests of controls to the audit of internal
control.

6. Review of Interim Financial Information When the auditor has performed a review of interim financial
information in accordance with the PCAOB auditing standard on interim financial information, PCAOB
standards require the auditor to evaluate whether information obtained during the review is relevant to
identifying RMM in the year-end audit.

US GAAS and ISA do not have such a requirement.

7. Analytical Procedures Per PCAOB standards, when the auditor has performed a review of interim
financial information in accordance with the PCAOB auditing standard on interim financial information
the auditor should take into account the analytical procedures applied in that review when designing
and applying analytical procedures as risk assessment procedures.

US GAAS and ISA do not have such a requirement.

8. Discussion Among Engagement Team Per PCAOB standards, communication among the
engagement team members about significant matters affecting the RMM should continue throughout
the audit, including when conditions change.

US GAAS and ISA do not have such a requirement to continue the discussion throughout the audit.

US GAAS state that depending on the circumstances of the audit, there may be multiple discussions
in order to facilitate the ongoing exchange of information between audit team members regarding the
susceptibility of the entity’s financial statements to material misstatements. The purpose is for audit
team members to communicate and share information obtained throughout the audit that may affect
the assessment of the RMM due to fraud or error or the audit procedures performed to address the
risks.

PCAOB The Auditor’s Responses to the Risks of Material Misstatement

1. Determination of Need for Pervasive Changes PCAOB standards require the auditor to determine
whether it is necessary to make pervasive changes to the nature, timing, or extent of audit procedures
to adequately address the assessed RMM.

US GAAS and ISA require the adjustment of the audit strategy and plan to changes in circumstances
which would cover the events described above, but they do not have this specific requirement.

14
2. More Persuasive Evidence Required PCAOB standards require the auditor to obtain more
persuasive evidence about the effectiveness of controls for each relevant assertion for which the audit
approach consists primarily of tests of controls.

US GAAS and ISA do not have such a requirement.

3. Evaluating Operating Effectiveness of Controls PCAOB standards and US GAAS require the
auditor to determine whether the person performing the control possesses the necessary authority and
competence to perform the control effectively.

ISA do not have such a requirement.

4. Tests of Controls in an Integrated Audit PCAOB standards require the auditor to perform tests of
controls in integrated audits to meet the objectives of both the audit of financial statements and the
audit of internal control.

US GAAS and ISA do not have such a requirement.

5. Testing of Controls That Have Not Changed When the auditor is relying on controls, US GAAS and
ISA allow the testing of the operating effectiveness of controls that have not changed to be performed
at least every third annual audit.

PCAOB standards require the auditor to test controls during the period of reliance, i.e., the period
covered by the financial statements or the portion of that period for which the auditor plans to rely on
them in order to modify the nature, extent, and timing of substantive procedures—they do not allow
rotational testing.

6. Assessment of Control Risk PCAOB standards require the assessment of control risk.

US GAAS and ISA do not require the separate specific assessment of control risk—how to consider
the components of audit risk is left up to the auditor’s judgment.

7. Confirmation Procedures PCAOB standards and US GAAS do not specifically address confirmation
procedures in their risk assessment standards; however, in their respective standards dedicated to
confirmations, an auditor who has not requested confirmations in the examination of accounts
receivable is required to document the justification for not doing so.

ISA address confirmation procedures in their risk assessment standards, requiring the auditor to
consider whether confirmation procedures are to be performed as substantive audit procedures.

9. Interim Substantive Procedures PCAOB standards and US GAAS list various factors the auditor is
required to consider when determining whether to perform substantive procedures at an interim date.

ISA do not have such a requirement; however, they do provide a list of similar factors that may
influence the auditor’s decision.

10. Dual-Purpose Tests PCAOB standards define a dual-purpose test as a substantive test of a
transaction and a test of a control relevant to that transaction that are performed concurrently, e.g., a
substantive test of sales transactions performed concurrently with a test of controls over those
transactions. PCAOB standards state that when dual-purpose tests are performed, the auditor should
design the dual-purpose test to achieve the objectives of both the test of the control and the substantive
test. Also, when performing a dual-purpose test, the auditor should evaluate the results of the test in
forming conclusions about both the assertion and the effectiveness of the control being tested.

US GAAS and ISA do not have such requirements.

15
PCAOB Evaluating Audit Results

1. Analytical Procedures Regarding Revenue All three sets of standards require the auditor to perform
analytical procedures relating to revenue; however, only the PCAOB standards require them to be
performed through the end of the period.

2. Timely Communication of Accumulated Misstatements All three sets of standards require the
auditor to communicate misstatements accumulated during the audit to management and follow up on
their correction; however, PCAOB standards do not include a specific requirement for the auditor to
request their correction as US GAAS and ISA do.

3. Evaluation of Effect of Misstatements on Assessed RMM PCAOB standards require the auditor
to evaluate the nature and effects of the individual misstatements accumulated during the audit on the
assessed risks of material misstatement.

US GAAS and ISA do not have an explicit requirement to evaluate the effect of accumulated
misstatements on risk assessment; however, US GAAS and ISA do have a requirement for the auditor
to consider whether the overall audit strategy and audit plan need to be revised if the nature of
identified misstatements and the circumstances of their occurrence are indicative that other
misstatements may exist that, when aggregated with identified misstatements, could be material.

4. Misstatements Indicative of Fraud PCAOB standards and US GAAS require the auditor to perform
procedures to obtain additional audit evidence to determine whether fraud has occurred or is likely to
have occurred, and, if so, its effect on the financial statements and the auditor’s report if the auditor
believes that a misstatement is or might be intentional, and if the effect on the financial statement
cannot be readily determined.

ISA have similar requirements; however, they do not explicitly require the auditor to perform audit
procedures to obtain additional audit evidence to determine the effect of the misstatement on the
financial statements.

5. Adjusting Entries by Management That Offset Accumulated Misstatements If management

identifies adjusting entries that offset misstatements accumulated by the auditor, PCAOB standards
require the auditor to perform procedures to determine why the misstatements were not identified
previously and to evaluate the implications on the integrity of management and the auditor’s risk
assessments, including fraud risk assessments. The auditor should also perform additional procedures
as necessary to address the risk of further undetected misstatements.

US GAAS and ISA do not have such a requirement.

FULL CPA REVIEW COURSE ACCOUNTS AVAILABLE

@30% of Original Price Only.
BECKER,
WILEY,ROGER,Gleim
Contact Telegram-@cpareviewcourse @Aeyron

16
PCAOB Auditing Standards vs. US GAAS vs. ISA
1. Objectives

• US GAAS & ISA both include an objective (and requirement) to establish whether the
preconditions for an audit are present.
• PCAOB does not include this objective or requirement.

2. Appointment & Retention

a. Significant Issues Discussed with Management in Connection with the Auditor’s

Appointment or Retention

• PCAOB requires the auditor to discuss with the audit committee any significant issues that
the auditor discussed with management in connection with the appointment or retention of
the auditor, including significant discussions regarding the application of accounting
principles and auditing standards.
• US GAAS & ISA do not include a similar requirement.

b. Establish an Understanding of the Terms of the Audit / Engagement Letter

• PCAOB requires the auditor to establish an understanding of the terms of the audit
engagement with the audit committee. PCAOB requires the auditor to decline to accept,
continue, or perform the engagement if the auditor cannot establish an understanding of the
terms of the audit engagement with the audit committee.
• US GAAS & ISA require the auditor to agree on the terms of the audit engagement with
management and, where appropriate, those charged with governance.

• PCAOB requires the auditor to provide the engagement letter to the audit committee
annually.
• US GAAS & ISA do not require that the engagement letter be given to the audit
committee

• Per US GAAS, if the auditor concludes that the terms of the preceding engagement
need not be revised for the current engagement, the auditor should remind
management of the terms of the engagement, and the reminder should be
documented.
• Per ISA, the auditor is not required to send a new audit engagement letter or other
written agreement each period (for recurring audits) unless circumstances require
the terms of the audit engagement to be revised. And the auditor decides whether
there is a need to remind the entity of the existing terms of the audit engagement.

• PCAOB requires the auditor to have the engagement letter executed by the appropriate
parties on behalf of the company. If this is other than the audit committee, the auditor should
determine that the audit committee has acknowledged and agreed to the terms of the
engagement.
• US GAAS & ISA do not require that the engagement letter be signed by the audit
committee or that it otherwise be acknowledged by the audit committee.

• ISA requires the auditor to determine whether there are any conflicts between the financial
reporting standards and additional requirements supplemented by law or regulation.
• PCAOB and US GAAS do not have a similar requirement.

17
 • US GAAS & ISA include requirements regarding the limitation of scope prior to audit
engagement acceptance, other factors affecting audit engagement acceptance, and
acceptance of a change in the terms of the audit engagement.
• PCAOB does not have a similar requirement.

• US GAAS & ISA includes requirements regarding initial audits and re-audits.
• PCAOB does not include similar requirements, but its interim standard on
communications between predecessor and successor auditors does.

• ISA does not include similar requirements.

• US GAAS & ISA include a requirement for the auditor to communicate with those charged
with governance the form, timing, and expected general content of communications.
• PCAOB does not have a similar requirement, but it does not preclude it.

3. Obtaining Information & Communicating the Audit Strategy

a. Obtaining Information Relevant to the Audit

• PCAOB requires the auditor to inquire of the audit committee about whether it is aware of
matters relevant to the audit, including, but not limited to, violations, or possible violations of
laws or regulations.
• US GAAS & ISA do not include a similar requirement; however, they require the auditor
to make inquiries of those charged with governance to determine whether they have
knowledge of any actual, suspected, or alleged fraud affecting the entity.

b. Overall Audit Strategy, Timing of the Audit & Significant Risks

• PCAOB requires the auditor to communicate an overview of the overall audit strategy,
including the timing of the audit, and discuss the significant risks identified. Significant
changes to the planned audit strategy or the significant risks initially identified and the
reasons for such changes should also be communicated.
• US GAAS & ISA require the auditor to communicate an overview of the planned scope
and timing of the audit; however, they do not require the auditor to communicate
significant changes to the planned scope and timing of the audit.

• PCAOB requires the auditor to communicate the nature and extent of specialized skill or
knowledge needed to perform the planned audit procedures or evaluate the audit results
related to significant risks.
• US GAAS & ISA do not have a similar requirement.

• PCAOB requires the auditor to communicate the extent to which the auditor plans to use the
work of the company’s internal auditors, other company personnel, and third parties.
• US GAAS & ISA do not have a similar requirement.

• PCAOB requires the auditor to communicate the names, locations, and planned
responsibilities of other independent public accounting firms or other persons, who are not
employed by the auditor, that perform audit procedures in the current period audit.
• US GAAS & ISA do not have a similar requirement, however, they include requirements
for the auditor to communicate to those charged with governance information about the
work of component auditors.

18
4. Results of the Audit

a. Accounting Policies and Practices, Estimates & Significant Unusual Transactions

• PCAOB includes a requirement to communicate certain matters related to significant unusual

transactions.
• US GAAS & ISA do not have a similar requirement.

b. Auditor’s Evaluation of the Quality of the Company’s Financial Reporting

• PCAOB includes a requirement to communicate the auditor’s understanding of the business

rationale for significant unusual transactions.
• US GAAS & ISA do not have a similar requirement.

c. Other Information in Documents Containing Audited Financial Statements

• PCAOB includes a requirement to communicate the auditor’s responsibilities when other

information is presented in documents containing audited financial statements; any related
procedures performed; and the results of such procedures.
• US GAAS & ISA do not have a similar requirement; however, US GAAS and ISA include
requirements in other standards for communication to those charged with governance
when there are material inconsistencies or misstatements in the other information that
management refuses to revise.

d. Difficult or Contentious Matters for Which the Auditor Consulted

• PCAOB requires the auditor to communicate matters that are difficult or contentious for
which the auditor consulted outside the engagement team and that the auditor reasonably
determined are relevant to the audit committee’s oversight of the financial reporting process.
• US GAAS & ISA do not have a similar requirement.

e. Management Consultation with Other Accountants

• PCAOB requires the auditor to communicate the auditor’s concerns, if any, regarding
management’s consultation with other accountants about significant auditing or accounting
matters.
• US GAAS requires the auditor to do the same regarding significant matters rather than
identified concerns about significant matters.
• ISA does not have a similar requirement.

f. Going Concern Issues

• PCAOB requires the auditor to communicate, when applicable, certain matters relating to
the auditor’s evaluation of the company’s ability to continue as a going concern.
• US GAAS requires the communication of going concern issues via an Emphasis-of-
Matter / Other-Matter paragraph (SAS 132)

g. Uncorrected & Corrected Misstatements

• PCAOB requires the auditor to provide the audit committee with the schedule of uncorrected
misstatements related to accounts and disclosures that the auditor presented to
management.
• US GAAS & ISA, Evaluation of Misstatements Identified During the Audit, include
requirements for the auditor to communicate uncorrected misstatements plus an

19
 additional requirement to communicate the effect that they, individually or in aggregate,
may have on the audit report opinion.

• PCAOB and US GAAS require the auditor to communicate those corrected misstatements
that were brought to management’s attention as a result of audit procedures.
• ISA does not have a similar requirement.

• US GAAS & ISA include requirements for the auditor to communicate the effect of
uncorrected misstatements related to prior periods on the relevant classes of transactions,
account balances or disclosures, and the financial statements as a whole.
• PCAOB does not have a similar requirement.

• US GAAS & ISA require the auditor to request that uncorrected misstatements be corrected.
• PCAOB does not have a similar requirement because under SEC rules the financial
statements are required to reflect all material correcting adjustments identified by the
auditor.

h. Material Written Communications

• PCAOB requires the auditor to communicate other material written communications between
the auditor and management.
• US GAAS & ISA require the auditor to communicate to those charged with governance
written representations the auditor is requesting.

i. Disagreements with Management

• PCAOB and US GAAS require the auditor to communicate disagreements with management
that could be significant to the financial statements or audit report.
• ISA does not include a similar requirement.

5. Form & Documentation of Communications

• PCAOB requires the auditor to include a copy or a summary of management’s

communication provided to the audit committee in the audit documentation, if as part of its
communications to the audit committee, management communicated any of the matters
related to accounting policies and practices, estimates, significant unusual transactions, or
uncorrected misstatements to the audit committee, and, as a result, the auditor did not
communicate these matters at the same level of detail as management.
• US GAAS & ISA do not have a similar requirement.

6. Timing

• PCAOB requires communications to the audit committee to be made in a timely manner and
prior to the issuance of the audit report.
• US GAAS & ISA do not include the requirement that the communications be made prior
to the issuance of the audit report, i.e., they only require that the communications be
made in a timely manner.

20