AUTHORITATIVE LITERATURE USED IN AUDITING (STUDY OBJECTIVE 4)

The work of an auditor must be conducted in accordance with several sources of authoritative literature, as described next.

Generally accepted auditing standards (GAAS) are broad guidelines for an auditor's professional responsibilities. These ten standards are divided into three categories that include general qualifications and conduct of an auditor (general standards), guidelines for performing the audit (standards of fieldwork), and requirements for the written report communicating the results of the audit (standards of reporting). Exhibit 7-1 summarizes these standards by category.

Exhibit 7-1 Generally Accepted Auditing Standards

GAAS provides a general framework for conducting quality audits, but this framework is not specific enough to provide useful guidance in the actual performance of an audit engagement. For such detailed guidance, auditors rely upon standards issued by the Public Company Accounting Oversight Board, the Auditing Standards Board, the International Auditing and Assurance Standards Board, the Internal Auditing Standards Board, and the Information Systems Audit and Control Association.

The Public Company Accounting Oversight Board (PCAOB) was organized in 2003 for the purpose of establishing auditing standards for public companies in the United States. These standards are to serve as interpretations of GAAS and guidelines for quality control within CPA firms. The PCAOB was established by the Sarbanes–Oxley Act, which was created in response to several major corporate accounting scandals, including those affecting Enron, WorldCom, and others. Prior to the PCAOB, standard-setting was the responsibility of the Auditing Standards Board (ASB) of the American Institute of CPAs (AICPA). The ASB has issued Statements on Auditing Standards (SASs) that have historically been widely used in practice and will continue to be the standards applicable to nonpublic companies. The International Auditing and Assurance Standards Board (IAASB) was established by the International Federation of Accountants (IFAC) to set International Standards on Auditing (ISAs) that contribute to the uniform application of auditing practices on a worldwide basis. ISAs are similar to SASs; however, ISAs tend to extend SASs because of their usefulness in audits of multinational companies. Although auditors have a primary responsibility to comply with standards issued within their own countries, ISAs are useful in expanding those requirements in order to meet different needs in other countries where the audited information may also be used. The Institute of Internal Auditors (IIA) established the Internal Auditing Standards Board (IASB) to issue standards that pertain to attributes of internal audit activities, performance criteria, and implementation guidance. The Information Systems Audit and Control Association (ISACA) issues Information Systems Auditing Standards (ISASs) that provide guidelines for conducting the IT audit. These standards address audit issues unique to a company's information systems environment, including control and security issues.

Although SASs, ISAs, and ISASs contribute more detailed guidance than is provided by GAAS, they still do not furnish the auditor with specific direction regarding the types of audit tests to use and the manner in which conclusions should be drawn. Auditors must resort to industry guidelines, professional journals, textbooks, and other resources for those purposes. Many CPA firms and internal audit groups develop their own specific policies and procedures for designing and conducting effective audit engagements. Still, individual audits must be customized to apply to the specific environment of each company or each business unit being audited. Accordingly, auditors must exercise a considerable amount of professional judgment in performing audits.