Generally Accepted Auditing Standards (GAAS) - Overview
There are a number of accounting guidelines and standards known as the Generally Accepted Auditing Standards (GAAS). They give auditors the framework for planning and reporting an audit outcome. In 1972, the American Institute of Certified Public Accountants (AICPA) developed it. AICPA member auditors are currently required to adhere to 10 standards known as GAAS. Any audit or auditing technique used by auditors must follow GAAS.
Although the AICPA is an American organization, audit members come from many different nations.
They adhere to GAAS since it is required by the AICPA's code of professional conduct. We can assert that GAAS offers an international framework for auditing. It makes it easier for auditors to utilise it as a model for their auditing procedures. Further, norms are followed based on the country of audit, industry, and the audit body of that country.
According to the AICPA, an independent auditor must plan, conduct, and report the results of an audit in accordance with GAAS. These standards provide a scale to measure the quality of the audit and its objectives.
Auditors need to follow procedures to do the audit. These procedures must be done so that they comply with auditing standards.
According to GAAS, the 10 standards fall into three categories, general, field reporting and reporting standards.
- The audit must be performed by an auditor who has proficiency and technical training.
- Throughout the audit, the auditor must maintain an independent and objective attitude.
- Due professional care must be taken by the auditor both while performing the audit and in the preparation of the audit report.
Standards of Field Work
- During the audit, the auditor must plan the work, allocate it to assistants if any and supervise them.
- The auditor must sufficiently understand the business entity and its environment. They must also have an understanding of its internal control, so that they may assess the risk of material misstatement of the financial statements due to error or fraud. They must also design the audit procedures' nature, timing, and extent for future audits.
- Sufficient and appropriate audit evidence must be obtained by performing the audit procedures. This enables a reasonable basis for an opinion about the financial statements under audit.
Standards of Reporting
- The auditor must inform in the auditor's report whether the financial statements presented are in accordance with GAAS.
- If principles have not been consistently observed in the current period in relation to the preceding period, these deviations must be identified and presented in the auditor report.
- If informative disclosures are not adequate, they must be stated in the auditor's report.
- The auditor report must state an opinion regarding the financial statements, in its entirety, or state that an opinion cannot be expressed. The reasons for not stating an opinion must also be expressed in the report. In the financial statements certified by the auditor, they must clearly state the scope of their work and to what extent they take responsibility for it.
Framework for the audit firm
This is the framework for an audit firm to ensure that its clients meet auditing standards
- Establish a culture of audit control. This includes leadership, strong policies and procedures.
- Establish mechanisms for ethical behaviours - integrity, confidentiality, objectivity, professional conduct, and due care - all must meet the highest standards.
- Independent functioning is a key element.
- Judicious selection of clients. Is the client ethical? Is your auditing firm capable of handling the client’s needs effectively?
- Establish an effective human resources team that ensures the right auditor is assigned who understands the client's needs and can work independently.
- Ensure you and your staff undertake continuous professional development.
- Develop an audit framework that ensures GAAS is complied with. This includes software, specialists, supervision and review of work.
- A quality control system that ensures audit quality during and after a client engagement. Policies for technical reviews and second partner reviews are required.
- A documentation policy that states which documents need to be retained and to which extent they need to be retained.
Case study: Arthur Anderson and Enron
One of the foremost cases in which an auditing firm did not call out a client that was flouting GAAS is of the accounting firm Arthur Anderson and its client Enron.
GAAS standards are clear in terms of what standards must be met during an audit cycle, starting with the tests that must be conducted, and the extent and level at which these tests must be conducted. Auditors are also expected to function independently with no other business interest in their client.
Enron started a trading business to offset large debts it had incurred during a merger with Houston Natural Gas and Internorth. It traded in energy derivatives, with two executives Jeffery Skilling and Andrew Fastow to head and manage it.
Skilling used the mark-to-market technique in accounting for the energy trading business. In this method, outstanding derivatives and energy-related contracts in the balance sheet in a quarter must be adjusted for fair market value. The unrealized gains or losses must be booked for that period. Gas commodities' fair market values were difficult to ascertain, so the company could manipulate and assign values to it to show reduced debt in the balance sheet.
Fastow also used special purpose entities or SPEs for better ratings. SPEs allow partnerships with third parties and an increase in Return on Assets (ROA) and leverage without reporting debt in their financial statements. These entities are supposed to be evaluated by the auditor and termed risky or worthy. Fastow managed to hide the debt using these SPEs. Arthur Anderson failed to report these risky measures since they were earning non-audit fees, through consulting for Enron.
The legal documents against Anderson's personnel clearly show that auditor after auditor who was responsible for ensuring Enron followed the various accounting and financial reporting standards failed to do so. They ignored the red flags and signs of trouble. Their licenses were revoked or suspended for improper professional conduct. Anderson was found guilty of obstructing justice, and not following audit standards and procedures.
As a result of this debacle, companies that had used Arthur Anderson previously had to appoint new oversight committees and auditors to go over their past financial reports to verify their veracity.
The Government passed the Sarbanes Oxley Act, which has provisions that impact corporate governance, risk management, auditing, and financial reporting of public companies. It also has provisions to deter and punish companies that indulge in corporate accounting fraud and corruption.
It states that companies must reevaluate their internal audit procedures that must meet or exceed auditor standards. CEOs and CFOs are expected to know the company's financial workings and ensure that no fraud is occurring. They increased the net on the types of transactions that were to be reported, failing which large penalties would be imposed.
GAAS is an important code of accounting standards. Audit firms and their clients gain by following these standards. In case of gaps, they can evaluate how to fill them. Shareholders benefit since they can assess the true value of the business. If these standards are not maintained and followed, it will adversely impact the firm or in some cases end them. Conversely, following these standards allows companies to improve their processes and operations.
- Introduction to Auditing
- Players in the Audit Industry
- Generally Accepted Auditing Standards (GAAS) - Overview
- Auditing Ethics and Rules of Professional Conduct
- Understanding the Independent Auditors' Report
- Auditor's Report with Reservations
- The Auditing Process
- Auditing: Management Assertions
- The Audit Evidence
- Audit Risk Models
- Auditing: Assessing Inherent Risk
- Auditing: The Concept of Materiality
- Auditing: Client Risk Profile
- How Auditors Document Their Work?
- Internal Controls in a Company
- COSO - Integrated Internal Control Framework
- Assessing Control Risk
- Testing Internal Controls
- Auditing Issues in Small Businesses
- Auditing Planning Approach
- Audit Programs
- Auditing the Sales Cycle
- Substantive Audit Procedures