Multiple Auditing Standards and Standard Setting: Implications for Practice and Education Free

Currently, multiple standard setters establish auditing standards for audits of both publicly traded companies (issuers) and other companies (non-issuers). The authors convened a panel of representatives from two of these standard setters (i.e., the ASB and PCAOB), together with representatives of two groups directly affected by the standards—CPA firms and state accounting profession regulators. The goal of the panel was to provide a forum for the participants (and audience members) to exchange views on the benefits and challenges of these multiple sets of standards, and to share their insights about the implications of multiple standards for auditing education.

The American Institute of Certified Public Accountants (AICPA) has been establishing auditing standards since at least 1940 (SEC 1940).² The current body within the AICPA with responsibility for audit standard setting is the Auditing Standards Board (ASB). The ASB currently consists of 19 members, 15 of whom are CPAs (mostly in public practice), two represent user groups, one is an academic, and one represents the GAO. The board's mission is:

The Public Company Accounting Oversight Board (PCAOB) was established by the Sarbanes-Oxley Act (SOX) of 2002 (U.S. House of Representatives 2002). The board is composed of five members, no more than two of whom may be CPAs. One of the two CPAs may serve as the board chair only if he/she has been out of practice for at least five years before his/her appointment to the board (SOX §101(e)). The board was established to:

The PCAOB has the authority to create auditing standards applicable for the audit of publicly traded companies (termed “issuers”), or to adopt (with or without modifications) auditing standards developed by other professional bodies or advisory groups, e.g., the ASB (SOX §103). The PCAOB also inspects the auditors of issuers to ensure that the auditors comply with the relevant PCAOB auditing standards (SOX §104), and the PCAOB may take enforcement action against those that are not in compliance.

SOX provides the PCAOB with the authority to either create auditing standards applicable for issuer audits, or to adopt auditing standards set by professional bodies or advisory groups. Initially, the PCAOB chose to adopt the AICPA's Generally Accepted Auditing Standards (GAAS) as they existed as of April 16, 2003. However, since that date, different changes have been made to both the ASB and the PCAOB standards, resulting in an increasing divergence between the two sets of standards over time.³

The ASB, as part of its ongoing standard-setting activity, has modified the AICPA standards since 2003. One change to the standards involved the definition of financial statement assertions that underlie the objectives for audit testing. In 2006, the ASB adopted a new audit evidence standard (SAS No. 106, or AU 326), which expanded the number of assertions embodied in a financial statement account from five to 13 assertions (AICPA 2006). AU 326 also categorized the 13 assertions into three subcategories: assertions concerning (1) classes of transactions, (2) balances, and (3) presentation and disclosure (AU 326.15).

Some other recent changes have been the result of a joint project between the ASB and the IAASB, known as the Clarity Project.⁴ The purpose of the Clarity Project is to converge U.S. GAAS and international standards in order to move closer to globalization of auditing standards (Morris and Thomas 2011).⁵ Indeed, the standards have been written and most will be effective for audited financial statement periods ending on or after December 15, 2012 (AICPA 2012b). This project has resulted in material modifications to the structure and language of the standards and was designed to provide a clearer conceptual framework for promulgating future GAAS, to make the standards easier to read and understand, and to incorporate special considerations for audits of governmental and smaller entities (Morris and Thomas 2011). All of the changes to existing standards caused by the Clarity Project are broad and beyond the scope of this paper, but we highlight a few examples below.

In 2008, SAS No. 95, Generally Accepted Auditing Standards (AICPA 2001), was amended to apply the clarified drafting format and consistency with International Standards on Auditing (ISAs), resulting in AU 200-C (AICPA 2012c).⁶ The “10 GAAS” were replaced with specific SAS objectives linked to the two newly developed overall objectives of the audit, to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatements and to report on the financial statements (AICPA 2012c). To preserve the function of the expunged 10 GAAS, the ASB created “Principles” to govern the conduct of the audit that were placed in the Preface to the Codification of Statements on Auditing Standards (SAS). The principles are organized to provide codification structure for SASs under the categories of Purpose, Responsibilities, Performance, and Reporting.⁷

The PCAOB has made several changes to the common 2003 standards in the areas of audit documentation (AS No. 3, PCAOB 2004) and internal control auditing (AS No. 5, PCAOB 2007), which also prompted similar changes in the ASB standards. The PCAOB recently made major modifications to the common 2003 standards in the areas of risk assessment and response, which differ from the current ASB standards (see PCAOB 2010). Some of the major changes in these standards result from continuously considering the risk of material misstatement throughout the audit, and clearly documenting how these risks have been addressed in the substantive testing phase of the audit. As part of these standards, the PCAOB reaffirmed the use of the five financial statement assertions contained in the original standards, despite the ASB's expansion to 13 assertions.

The changes in standards that began with the passage of SOX in 2002 and accelerated in recent years have increased complexity in the audit environment for both auditors and educators of accounting students. Therefore we convened a panel of experts at the 2012 AAA Midyear Auditing Section Conference to address issues related to standard setting. The remainder of this paper outlines the discussion that occurred during that panel session.

We selected panelists from each of the two standard-setting bodies described in detail above (the ASB and the PCAOB), as well as two groups that are affected by the standard-setting process: (1) audit firms, which must develop audit methodologies based on the standards; and (2) the National Association of State Boards of Accountancy (NASBA), which oversees the licensing of CPAs and therefore must test auditors' knowledge of and enforce adherence to professional standards.

Representing the standard setters were Darrel R. Schubert, partner at Ernst & Young LLP and chair of the ASB; and C. Gregory “Greg” Scates, the deputy chief auditor at the PCAOB. Representing the audit firms was Harold “Hal” Zeidman, a partner in the Department of Professional Practice for KPMG LLP, who is responsible for consulting on and assisting in the development of matters related to the firm's audit methodology. Representing NASBA was Colleen Conrad, who is its chief operating officer. All of these individuals provided insights into various issues concerning standard setting, and all noted that their opinions were theirs alone and did not constitute the opinions of their respective organizations. The following represents a composite of the remarks made by the four panelists in response to questions we developed (see the list of our questions in Appendix A).

When the panelists were asked if two different sets of standards were needed, their responses indicated that they basically favored a single set of performance standards that allowed for differences driven by user needs. Panel members were concerned that two sets of standards could be confusing to both financial statement users and practitioners, and may have an adverse effect on the meaning of audit opinions and audit quality. One audience member asked, “Should an audit opinion mean the same thing in different contexts?” Another audience member declared that, “The world does not want a separate set of standards for each type of audit.”

One of the panelists (Hal Zeidman) commented, “We are done as a profession if we stop responding to user needs.” It was noted that the needs of sophisticated users could be different from the needs of unsophisticated users. All panelists agreed that the SOX §404 requirement for audits of issuer internal control systems demonstrates the desirability for some differentiation among the standards for issuers and non-issuers. However, panelists acknowledged the challenge of meeting user needs without increasing the complexity of audit standards. Colleen Conrad of NASBA stated that, for practitioners, fewer sets of standards are better, as multiple standards add complexity to the audit environment and may be onerous for auditors to learn and implement.

While there are many different kinds of audits, such as those of issuers, non-issuers, governments, non-profits (e.g., 503c), and entities receiving grants, the necessity and practicality of having different standards for each purpose is debatable. Panelists also pointed out the challenge for practitioners to ensure that they follow the appropriate set of standards when performing certain types of audits. Ms. Conrad (also a past member of the Missouri State Board of Accountancy) noted that many of the allegations of auditor misconduct reaching the Missouri Board involved a lack of knowledge of auditing standards, and that this lack of knowledge may be exacerbated with multiple sets of standards.

The possibility of having one base set of standards, which could then be adapted to different audit contexts, was proposed by the authors as a possibility to reduce the burden on CPAs to be conversant with multiple sets of standards. This is the approach taken by the GAO in setting GAGAS. For example, the recent (December 2011) revision of the GAO Yellow Book documenting GAGAS notes that: “[f]or financial audits and attestation engagements, GAGAS incorporates by reference AICPA standards” (GAO 2011, ¶2.20a). The GAO also notes that “[a]uditors may elect to use the PCAOB standards in conjunction with GAGAS” (GAO 2011, ¶2.20c).

Greg Scates of the PCAOB noted that the base set of standards was generally seen as an idea worthy of consideration by the panelists, but that such an approach may be “easier said than done.” He also noted that the PCAOB started with GAAS and has modified the standards when the board believed that there was a compelling need to do so (such as with the recent material revision of the risk assessment/response standards), and not simply for the sake of creating differentiation. The PCAOB indicated that it sometimes changes the foundation of standards, such as with the recent risk assessment standards, where the PCAOB began with the GAAS approach (SAS No. 99, AICPA 2002) and “baked in” the risk assessment throughout the audit.

According to both Greg Scates and Darrel Schubert, the standard-setting boards are also working to reduce complexity. For example, the PCAOB is attempting to deal with the divergence between AICPA standards and the PCAOB's standards, and to create transparency by providing appendices to their standards in which they detail the differences between PCAOB standards and ASB standards (as well as the differences between PCAOB standards and ISAs). The ASB is attempting to reduce divergence in standards by converging AICPA standards with the ISAs through the Clarity Project.

A lively discussion ensued about which set of standards should be the base set of auditing standards. Darrel Schubert made several arguments in favor of using AICPA standards as the base standards, including:

• • 

  More audits are conducted using AICPA standards than PCAOB standards, as there are over 110,000 audits of non-issuers each year, but only between 15,000 and 17,000 issuer audits.

• • 

  With the increasing globalization of business, ISAs will see increasing use, and AICPA standards are converging with the ISAs.

Greg Scates argued in favor of the PCAOB standards as the base set of standards for some of the following reasons:

• • 

  PCAOB standards are set by an independent board, which is not controlled by the auditing profession.

• • 

  As mandated by SOX, the PCAOB's inspection and enforcement process is rigorous and robust, and auditors are therefore held more accountable when following PCAOB standards than when following other standards.

With the increasing internationalization of both business and the auditing profession, Darrel Schubert expressed concerns that PCAOB standards may not be the appropriate base set of standards. In foreign contexts, there are statutory audits and foreign audits with multiple objectives. PCAOB standards adapted for non-issuer audits may not be a good solution for audits outside of the U.S. However, PCAOB inspections outside of the U.S. are becoming more common as the PCAOB continues to reach agreements with foreign regulatory oversight bodies.

Panelists also discussed the relative quality of different processes for setting auditing standards. Darrel Schubert asserted that the PCAOB's standard-setting process lacks transparency, as members of the profession do not know how or whether their input is used in the PCAOB's standard-setting process. In response, Greg Scates noted that the PCAOB often has multiple comment periods for its standards, such as in the recent reproposal of the proposed standard on communication with audit committees (which was adopted as AS No. 16 in August 2012). Mr. Scates also noted that the PCAOB reads all of the letters received on the proposed standards.

The question of the composition of the standard-setting boards also was raised by an audience member. The audience member indicated that there is an inherent tension between professional experience and independence when it comes to standard setting. For example, current practitioners with long-term experience and in-depth knowledge of the field (which describes a majority of the ASB members) could enhance the standard-setting process by identifying high-quality, but practical, standards. Alternatively, more experienced practitioners may lack an objective perspective in the standard-setting process and allow their concern for litigation risk minimization to erode the quality of the standards. While the experience argument favors the use of practicing auditors for standard setting, the objectivity argument favors the use of a more independent standard-setting board (such as the PCAOB).

The relative specificity of the standards compared to the flexibility of the different sets of standards was another topic addressed by the panel. There is some tension between the specificity of the standards (and the ability to assess compliance with the standards), and the flexibility needed to apply good audit judgment. For example, there are many instances in AICPA standards in which the words “should consider” (concerning performing a task) are used. The question arose as to whether these requirements have any substantive meaning compared to “should” or “must” perform the task.

Greg Scates noted that the standard-setting division of the PCAOB is subject to pressure from its own inspection and enforcement divisions to make standards that are more specific and enforceable than current AICPA standards. This pressure creates a motivation for the standard-setting division of the PCAOB to create standards that diverge from the AICPA standards. Consequently, while the AICPA is moving toward convergence with international standards through the Clarity Project, the PCAOB standards are not moving toward convergence. In order to address the enforceability issue, the PCAOB has endeavored to be clearer about what auditors must do, rather than “should consider” doing. From an inspection perspective, a standard specifying “must” is more enforceable than a standard that says “should consider.” As an aside, Darrel Schubert also noted that the ASB has decreased the use of “should consider” with the Clarity Project.

Audience members commented that too many specific requirements in the auditing standards may reduce the role of auditor judgment and result in a loss of flexibility. From a professional guidance perspective, the ability to apply auditor judgment reduces situations in which auditors “lose the forest for the trees.” Fulfilling the ultimate objective of an audit (i.e., to assess the fair presentation of the financial statements in accordance with GAAP) often relies on auditor judgment.

Incorporating greater use of judgment may assist in ensuring higher-quality audits; however, a greater role for judgment could make it more difficult to assess compliance with the applicable standards unless the judgment process and rationale are thoroughly documented. Greg Scates noted that the PCAOB inspection process tries to ameliorate this tension through increasing the dialogue between involved parties. For example, in auditing estimates, there is a great deal of dialogue between the PCAOB inspection team and the CPA firm's engagement team about what was done and why. The PCAOB board also is available to the inspection teams for consultation during the inspection process should difficult or contentious issues arise.

CPA firms face the challenge of ensuring that they comply with the applicable professional standards when they conduct an audit. Colleen Conrad indicated that the existence of multiple sets of auditing standards requires incremental training and monitoring costs to ensure such compliance. The key question for the profession is whether the incremental costs are worth whatever benefits accrue from having to comply with multiple standards. Benefits are especially difficult to assess because they relate to meeting the needs of various user groups, and the benefits may not be evident.

According to Hal Zeidman, KPMG deals with these issues by having a base set of standards around the world, which are the ISAs. For all U.S. audits, incremental AICPA standards are added. Finally, for audits of U.S. publicly traded companies, incremental PCAOB standards are added on top of the AICPA standards, which were added to the ISAs. For international affiliates of the firm, these incremental standards are imposed on the foreign firm when they are performing work for a U.S. client.

Mr. Zeidman's firm also considers whether the rationale for incremental PCAOB standards may be sufficiently compelling to warrant incorporation of these PCAOB standards into audits of non-issuers. For example, GAAS (SAS No. 111, AICPA 2006) allows the use of different sample sizes for control evaluation and substantive testing purposes when performing dual-purpose tests. Under PCAOB standards, the same sample size must be used for both purposes, even if that means that a larger sample size than otherwise necessary is used for one of the two purposes. In the past, the firm has chosen to implement the more stringent PCAOB standard on some non-issuer audits. In a different context the firm chose not to require the incremental procedures required by PCAOB AS No. 7 (PCAOB 2009) for engagement quality review partners on non-issuer audits, because it believed that the rationale for these incremental procedures on these audits was not sufficiently compelling for the firm to exceed the AICPA procedures in this area.

The discussion of the effects on audit education was initiated by a member of the audience who asked, “As an auditing teacher and a writer of textbooks, how am I supposed to deal with all of this?” Educators were advised by the audit practitioners on the panel to emphasize good judgment skills in preparing students for a career in accounting. Hal Zeidman suggested focusing on the underlying conceptual basis for auditing, especially risk assessment and response. The firms can teach particular procedures and techniques. Comparing accounting students to law students studying for the bar exam, he remarked that accounting students cannot learn everything they need to know for the CPA Exam in school. He also noted that his firm (KPMG) uses the PCAOB's five management assertions (plus the added assertion of accuracy), rather than the 13 outlined by the AICPA, to guide the firm's audit methodology. An audience member indicated that while the ten generally accepted auditing standards (i.e., general, fieldwork, and reporting) have been removed from GAAS, they still are included in the PCAOB standards and are useful as a conceptual foundation for teaching auditing.

Colleen Conrad stated that the CPA Exam will assess knowledge of and differences among the AICPA, the PCAOB, and International Auditing Standards. The content specification for the CPA Exam is based on surveys of financial statement users and supervisors of entry-level auditors, and therefore the focus of the exam is on the knowledge base required by entry-level auditors. A majority of the board members overseeing the exam now are representatives of state boards (which have CPA licensing authority).

Members of the panel acknowledged that the multiple-standard environment may require more auditing course time or a greater number of courses to cover. Hal Zeidman suggested that perhaps the law school model may prove useful—the curriculum covers the principles and concepts, and focuses on critical thinking and judgment skills, while post-education CPA Exam review courses prepare accounting students for learning (and distinguishing among) multiple sets of auditing standards for the CPA Exam.

There are several key takeaways from the panel's presentation that have implications for audit quality and audit education. First, the panelists agreed that multiple sets of standards present challenges for auditors, but there was a lack of consensus regarding which set of standards would serve as an appropriate set of base standards for rulemaking, given the differing needs of multiple user groups. Second, the differences in the make-up of standard-setting bodies (practitioner versus independent of the profession), the process by which standards are developed, and the specificity of guidance provided in the standards were all debated, with pros and cons of different approaches being presented.

Third, it was acknowledged that multiple standards have the potential to adversely affect audit quality if auditors are confused about how to implement the standards. Education and training are critical to overcoming these adverse effects, but it is not necessarily the audit educators' role at the university or college level to address the differences in standards. Rather, the audit firms are responsible for incorporating all standards into their audit methodologies and for training their employees on the details of these methodologies. Panelists suggested that university educators should focus on teaching critical thinking and judgment, and perhaps CPA Exam review courses could be used to cover the details of the various standards. Finally, the role of international standards was discussed, and it was noted that knowledge of such standards is becoming increasingly important for auditors in the U.S. as the Clarity Project moves U.S. GAAS toward convergence with the ISAs.

Overall, it appears that different auditing standards are likely to continue to exist for the foreseeable future, and a greater divergence among the standards in the future is inevitable. Educators need to consider how best to deal with these different standards in preparing their students for the challenges of dealing with these multiple sets of standards on the CPA Exam and in their professional practice. Similarly, accounting firms' quality control processes need to ensure that audit team members properly apply the correct set of standards to ensure a high-quality audit.

(1) Do you think we need two sets of auditing standards in the U.S., one for public entities and one for non-public entities? If so, why?

(2) Specifically, for non-public companies, is there a possibility that the PCAOB standards used for public entities could be modified, rather than have two separate sets of standards? In other words, is it possible to have one set of “base standards” that could be modified accordingly?

(3) There are certain differences in AICPA versus PCAOB standards (e.g., the expanded number of management assertions divided into three categories under AICPA standards, versus five assertions used in PCAOB standards). Do the differing standards improve the audit process or complicate the process by adding complexity?

(4) This question is related to implementation issues that are relevant to specific panelists:

• For Colleen Conrad, NASBA: What set(s) of standards should be tested on the CPA Exam? Why?

• For Hal Zeidman, KPMG: How do the public accounting firms incorporate the various standards into their audit methodologies? Is there one standard methodology used firmwide that incorporates aspects of PCAOB and AICPA standards (as well as international auditing standards)? If so, how do you reconcile the differences in standards when developing the methodology?

We will link the topics above back to the issue of how we teach our students, and address any audience member questions as they arise.