2.1.

Generally Accepted Auditing

Standards (GAAS)
• The broadest guidelines available to auditors are the 10
GAAS- which were developed by the AICPA.
• The 10 generally accepted auditing standards fall into three
(3) categories:
A. General standards
B. Standards of field work
C. Reporting standards
 GAAS Framework Figure

• GAAS
 A. General Standards
• The general standards stress the important personal qualities
that the auditor should possess.
• 1). Adequate Technical Training and Proficiency:-
• The first general standard.
– Auditors must be technically & educationally qualified and
adequately experienced in different industries which their
audit clients are engaged.
– The auditor must have to formal education in auditing and
accounting or continuing professional education.
 Cont’d….
• 2). Independence in Mental Attitude:- In all matters relating
to the auditing assignment, independence in mental attitude
and in appearance is to be maintained by auditors.
– Example:-
• If an auditor owned shares of stock in a company that they
audited, or
• If they served as members of the BoDs, they might
subconsciously be biased in the performance of auditing
duties.
– A CPA should therefore avoid any relationship with the
client
 Cont’d…
• 3). Due Professional Care:- means that auditors are
professionals responsible for fulfilling their duties diligently
and carefully.
• Due care includes;
– consideration of the completeness of the audit
documentation,
– the sufficiency of the audit evidence, and
– the appropriateness of the audit report.
– As professionals, auditors must not act negligently or in
bad faith, but they are not expected to be infallible.
 B. Standards of Field Work
• The standards of field work concern evidence accumulation
and other activities during the actual conduct of the audit.
1) Adequate Planning and Supervision:-
– This standard requires that the audit be sufficiently
planned to ensure an adequate audit and proper
supervision of assistants.
– Supervision:- is essential in auditing because a
considerable portion of the field work is done by less
experienced staff members.
 Cont’d….
• 2). Sufficient, competent, and appropriate Evidence:-
Decisions about how much and what types of evidence to
accumulate for a given set of circumstances require
professional judgment.
• The word “competent” refers to the quality of the evidence.
– Therefore, sufficient, competent and appropriate evidence
is a basis for expressing an opinion on the financial
statement.
 Cont’d….
• 3). Understanding of Internal Control:
• An excellent internal control structure of client’s business and
industry provides strong assurance that the clients records are
rely on.
– For example:- To audit a bank, an auditor must understand the nature
of the bank’s operations, federal and state regulations applicable to
banks, and risks affecting significant accounts such as loan loss
reserves.
• When the auditor find strong internal control type, the
quality of other evidence required is much less than if control
were weak.
 C. Standards of Reporting
• RS-require that the report state whether;
– the statements are presented in accordance with GAAP
and
– identify any circumstances in which GAAP have not been
consistently applied in the current year as compared with
the previous one.
• 1. In Accordance with GAAP:
– The report shall state whether the financial statements are
presented in accordance with GAAP.
• 2. Deviations from GAAP:
– The report shall identify those circumstances in which such
principles haven’t been consistently observed comparatively .
 Cont’d….
• 3. Adequate Disclosure:
– Informative disclosures in the F/st are to be regarded as
reasonably adequate unless otherwise stated in the report.
• 4. Expression of Opinion:
– The report shall either contain;
• an expression of opinion regarding the F/st, or
• an assertion to the effect that an opinion cannot be
expressed should be stated.
 2.2. Professional Ethics
• The word ‘ethics’ is comes from the Greek word ’ethos’ which
means "character".
• Ethics is a branch of philosophy that involves systematizing,
defending, and recommending concepts of right and wrong
conduct.
• Ethics can be defined broadly as a set of moral principles or
values.
• Each of us has such set of values, although we may or may not
have considered them explicitly.
– E.g: ‘Love your neighbors’ –how you respect this value?
 Cont’d….
• Professional Ethics plays an important role in the field of
auditing.
• Users of audit services trust the opinions of the auditors only;
– if they believe the existence of professional ethics for the
practitioners and
– If the practitioners respect those ethics.

• The auditing profession has a well-documented professional

code of conduct.
 2.2.1. Need for Ethics in Auditing

• The purpose of professional ethics in the auditing profession

is;
– to build the public confidence
– to judge the quality of audit work and means of grounding
guidance of conduct for practitioners.
– encourage high level of performance while preventing mal-
practices
 2.2.2. Code of Professional Conduct
• The AICPA Code of Professional Conduct provides both
general standards and specific enforceable rules of conduct.
• There are four parts to the code:
– Principles
– Rules of conduct,
– Interpretations of the rules of conduct, and
– Ethical rulings.
• The parts are listed in order of increasing specificity;
– principles provide ideal standards of conduct, whereas
– ethical rulings are highly specific.
Cont’d….
 2.2.3. Fundamental Ethical Principles
• Auditors have to observe a number of prerequisites or
fundamental principles.
• The fundamental principles are:
• 1. Integrity:
– Auditors should be straightforward and honest in
performing professional services.
• 2. Objectivity:
– Auditors should be fair and should not allow prejudice or
bias, conflict of interest or influence of others to override
objectivity.
 Cont’d….
• 3. Professional Competence and Due Care:
– Auditors should perform professional services with due
care, competence & diligence.
– Auditors have a continuing duty to maintain professional
knowledge and skill at a level required to ensure that a
client or employer receives the advantage of competent
professional service.
 Cont’d…
• 4. Confidentiality:
– Auditors should respect the confidentiality of information
acquired during the course of performing professional services.
– Auditors should not use or disclose confidential information
without proper and specific authority.(legal requirement)
– the principle of confidentiality continues even after the end of
relationships between a professional accountant and a client or
employer.
• 5. Professional Behavior:
– Auditors must act in consistent with the good reputation of the
profession.
– Refrain from any conduct which might bring discredit to the
profession.
 Cont’d…
• 6. Technical Standards:
– Auditors should carry out professional services in accordance
with the relevant technical and professional standards.
– they must compatible with the requirements of integrity and
objectivity.
– The auditors should conform to the technical and professional
standards promulgated by: for example;
 2.2.3.1. AICPA Rules of Conduct

Rule 101-Independence 301 – Confidential client information

R 102 – Integrity and objectivity 302 – Contingent fees

R 201 – General standards 502 – Advertising and other solicitation
R 202 – Compliance with standards 503 – Commissions and referral fees
R 203 – Accounting principles 505 – Form of organization and name
302 – Contingent fees
 AICPA Code of Professional Conduct
Rule 101: Independence
Rule 101: Independence
– A member in public practice shall be independent in the
performance of professional services as required by standards
promulgated (E.g; by AICPA).
• Applies to attestation engagements (audits and reviews)
• A. Financial relationships
– No direct financial interest
– No material indirect financial interests
– No material joint ventures with client, officers, directors, or
shareholders
– Loans - normal lending practices, collateral required
• B. Managerial relationships
– Cannot act as a promoter, underwriter, or equivalent to an
employee (i.e., no decision making).
Rule 102: Integrity and Objectivity
• CPAs must remain free of conflicts of interest
– A conflict of interest may exist when;
• there is a significant r/ship with a person, entity,
product, or service that could be viewed as impairing
the members objectivity.
• Do not knowingly misrepresent facts.
• May not subordinate judgments to others.
• Do not knowingly make false or misleading entries in an
entity’s financial records.
 Cont’d….
• If disagreements exist concerning the preparation of financial
statements or the recording of transactions, accept the
supervisor’s position if acceptable.
– if supervisor’s position is not acceptable, report to higher
level.
– if upper management will not take appropriate action,
consider resigning.
Rule 201: General Standards
Rule 202: Compliance with Standards
Rule 203: Compliance with Accounting Principles

• Follow professional standards and interpretations.

• Perform only those services that can be completed with
professional competence.
• Exercise due care.
• Adequately plan and supervise all engagements.
• Obtain sufficient relevant data to afford a reasonable basis
for all conclusions and recommendations.
 Rule 301: Confidentiality of Client Information
• A CPA cannot disclose confidential information without
client's consent.
• When to disclose confidential information?
– When disclosure is authorized.
• authorization may be given by ; client or the employer
and third parties.
– When disclosure is required by law.
• when the auditor is required by law to disclose
confidential information
– When there is a professional duty or right to disclose.
• As part of an ethics violation for a state board of
accountancy investigation.
 Rule 302: Contingent Fees
Contingent Fees: are those fees based on a particular finding or
outcome.
• Not permitted for attest engagements
• Not contingent if:
– Fixed by courts
– Based on hours worked or services provided
• Allowed for non-attest (tax, consulting, litigation support)
engagements
 Rule 501: Acts Discreditable
• A member shall not commit an act discreditable to the
profession (including, but not limited to):
– Discrimination
– Failure to follow GAAS on a Governmental audit
– Making false or misleading journal entries
– Failure to met requirements of a Governmental body,
commission, or regulatory body
– Failure to file personal income tax return
– Disclosure of CPA examination questions or answers
Rule 502: Advertising and Solicitation
• Advertising and solicitation of new clients is permitted.
• Advertising: Cannot be “false, misleading, or deceptive”
– Cannot create false or unjustified expectations of favorable
results
– Cannot state ability to influence third parties
– Cannot underestimate fees (“low balling”)
Rule 503: Commissions and Referral Fees
• Commissions:
• Receiving fees for recommending the products or services of
clients or third parties (non-CPA)
– Permitted for non-attest, if disclosed
– Prohibited for attest engagements

• Referrals:
• Receiving fees for recommending the services of CPAs
– Permitted for any engagement, if disclosed
Rule 505: Form of Organization and Name
• A firm can practice in any form permitted by state including:
– Limited Liability Partnership (LLP)
– Limited Liability Corporation (LLC)
• Firm name should not be misleading.
• All partners must be CPAs or members of AICPA if included in
firm name.
• N.B: whenever an audit engagement is completed for a
multinational client, International Ethics Standards Board for
Accountants (IESBA) Code must be followed by auditors.
– The importance has increased dramatically in recent years with
the globalization of companies and their audits.
 Regulation and Quality Control(Enforcement)

• It is the regulation or enforcement of;

– Self-Regulatory Discipline (AICPA and State Societies of
CPAs) and
– Public Regulation Discipline (State Boards of Accountancy
(SEC, PCAOB and IRS).

AICPA
Professional State Board of
Accountancy
• Ethics Division
 2.3. Auditors Legal Liability to client
• The most frequent source of lawsuit against CPAs is from
clients.
• The typical lawsuit from clients involves;
– failure to complete an unaudited engagement on the
agreed upon date.
– Inappropriate withdrawal from an audit.
– failure to discover a defalcation(theft of assets), and
– breaching the confidentiality requirements of CPAs.
– negligence in the conduct of the audit.
– Tort action (wrongful act or damage not involving breach
of contract).
• In the auditing environment, failure to meet GAAS is often
conclusive evidence of negligence.
 A. Auditors Defense against Client Suit
• The CPA firm normally uses one or a combination of four
defense mechanisms when there are legal claims by clients:
1. Lack of duty to perform the service
2. Non-negligent performance
3. Contributory negligence and
4. Absence of causal connection.
 1. Lack of Duty to perform the service
• Lack of duty to perform the service means that the CPA firm
claims there was no implied or expressed contract.
– For example:- the CPA firm might claim that errors were
not uncovered because the firm did a review service, not
an audit.
– A common ways for CPA firm to demonstrate a lack of duty
to perform the service is by use of an engagement letter.
• Many litigation experts believe well-written
engagement letters are one of the most important ways
CPA firm can reduce the likelihood of adverse legal
action.
 2. Non-negligent Performance
• For non-negligent performance in an audit, the CPA firm
claims that the audit was performed in accordance with
GAAS.
• But according to;
– SAS 47 ( AU 312) and SAS 53 (AU 316) make clear that an audit in
accordance with GAAS is subject to limitations and cannot be relied
upon for complete assurance that all errors and irregularities will be
found.
– Requiring the auditors to discover all material errors and irregularities
would make them insurers or guarantors of the accuracy of the
financial statement which is not possible in general.
 3. Contributory Negligence
• Contributory Negligence:- The CPA firm claims that if the client had
performed certain obligations, the loss would not have occurred. This
considered as contributory negligence.
• For example:- suppose the client claims that the CPA firm was negligent in
not uncovering an employee theft of cash.
– A likely defense mechanism is the auditor's claim that the CPA firm
informed management of a weakness in the system of internal control
that enhanced the likelihood of the fraud but management did not
correct it.
• Management often does not correct the internal control weakness because of cost
considerations, attitude about employee honesty, or procrastinations.
 4. Absence of Causal connection
• Absence of Causal connection:
• To succeed in an action against the auditor;
– the client must be able to show that there is a close causal connection
between the auditor's breach of the standard of due care and the
damages suffered by the client.
– For example, assume an auditor failed to complete an audit the
agreed- upon date. The client alleges that this caused a bank not to
renew an outstanding loan, which caused damages.
– A potential auditor defense is that the bank refused to
renew the loan for other reasons, such as the weakening
financial condition of the client.
 2.3.2. Auditor Liability to Third Party
• A CPA firm may be liable to third parties if a loss was incurred
by the claimant due to reliance on misleading financial
statements.
– Third parties includes; actual and potential stockholders, vendors,
bankers, and other creditors, employees, and customers.
• For example:- A typical suit might occur when a banker can
claim that misleading audited F/st were relied upon in making
the loan.
– The CPA firm should be held responsible because it failed to perform
the audit with due care.
 Auditors Defense against Third Party Suit
• Three defenses available to auditor in suit by client are also
available in third party lawsuit. These are:
– Non-negligence performance
– Lack of duty to Perform the Services
– Absence of Causal Connection
– Contributory negligence :- is ordinary not available b/c the
third party is not in apposition to contribute to misstated
financial statement.
 Cont’d….
• A. Non-negligent performance.
– If the auditor conducted the audit in accordance with GAAS, the other
defenses are unnecessary.
– On the other hand, non-negligent performance is difficult to
demonstrate to the court.
• B. Lack of duty to Perform the Services
– A lack of duty defense in third-party suits contends lack of
privity(private) of contract.
– The extent to which privity of contract is an appropriate defense
depends heavily on the judicial jurisdiction.
 Cont’d…
• C. Absence of causal connection in third-party
– Absence of causal connection in third-party suits usually
means non- reliance on the F/st by the user.
– Of course, it is difficult to prove non-reliance on the
financial statements.
• For example:- Assume the auditor can demonstrate that a
lender relied upon an ongoing banking relationship with a
customer, rather than the F/st, in making a loan.
– The fact that the auditor was negligent in the conduct of
the audit would not be relevant in that case.
Auditors Responsibility for detecting Misstatements

• The auditors have responsibility to plan and perform the audit

to obtain reasonable assurance about whether the financial
statements are free of material misstatement of either caused
by error or fraud.
– Reasonable assurance is not defined in the literature, but it is
presume less than absolute assurance and more than low level of
assurance.
– Reasonable Assurance: assurance is a measure of certainty level that
the auditor has obtained at the completion of the audit.
 Cont’d….
• Why not absolute assurance?
• The fact that auditing is based on sample base.
– There is no assurance for the absence of error/fraud in the amounts
not included in the sample.
• The other reason is that some frauds are so professionally
canceled that the application of GAAS will not reveal it.
– Hence, with these limitations the auditor can not provide absolute
assurance.
• Thank You!!
End of
Chapter Two!!!