|
Developments in International
Auditing Standards During 2001
Roger
Simnett, University of New South Wales
Member, Auditing Standards Committee
Kay W. Tatum, University of Miami
Chair, Auditing Standards Committee
In
the past year, the International Federation of Accountants (IFAC)
and various constituencies within the auditing profession have worked
to increase the quality of the International Standards on Auditing
(ISAs) issued by the International Auditing Practices Committee
(IAPC). As has been outlined in previous international updates contained
in The Auditor’s Report, the IFAC’s ultimate goal
is to attain endorsement of the ISAs by the International Organization
of Securities Commissions (IOSCO). To achieve this goal, some of
the more recent initiatives of the IFAC have been aimed at improving
the processes used to develop the ISAs as well as the ISAs themselves.
In January 2001, the IFAC appointed the IAPC Review Task Force (Task
Force). In November 2001, the Task Force issued its final report,
which was approved by the IFAC. This article discusses the principal
recommendations contained in the Task Force’s report, as well
as outlining significant developments concerning other major projects
on the IAPC’s agenda.
IAPC
Review Task Force
The Task Force was charged with conducting a comprehensive review
of the membership, organization, and processes of the IAPC. The
objective of the review was “to ensure that the IAPC meets
the anticipated requirements of regulators and other external observers
in terms of its efficiency, transparency and credibility as the
recognized international auditing standard setter, within IFAC”
(IFAC 2001, 21). The Task Force’s principal recommendations
include:
| • |
Revising
the IAPC’s objectives. The IAPC’s new goals are to
establish auditing standards and guidance for financial statement
audits, establish assurance standards and guidance on both financial
and nonfinancial matters, and publish other papers on audit
and assurance matters. Regarding auditing standards, the IAPC’s
goal is that the auditing standards should be “of such
high quality that they are acceptable to auditors, governments,
securities regulators and other key stakeholders across the
world, thereby strengthening public confidence in the global
auditing profession” (IFAC 2001, 9). |
| • |
Changing
the IAPC’s name to the International Auditing and Assurance
Standards Board (IAASB). The new name more accurately describes
the IAPC’s objectives and is consistent with the name of
the internationally recognized accounting standard-setting body,
the International Accounting Standards Board. Most importantly,
the new name conveys a message about the broader focus of the
IAPC. |
| • |
Expanding
the size of the IAPC from 14 to 18 members. Of the 18 members,
there are 15 auditors and three nonauditors (an academic, a
user of financial reports, a public sector representative).
According to the Task Force, the major role of the academic
is to “provide a link to research in the professional area
and…contribute to a scientific, systematic approach to
the standard-setting work” (IFAC 2001, 12). |
| • |
Opening
the IAPC’s meetings to the public and publishing its agenda
materials and minutes of meetings, preferably on the Web. These
new policies are designed to increase the transparency of the
standard-setting process. |
| • |
Establishing
partnerships with individual national standard setters in preparing
and issuing standards. It is argued that there are two main
advantages to partnering. First, it increases the efficiency
of the standard-setting process by allowing the IAPC to take
advantage of work done by national standard setters. Second,
it encourages convergence of national and international standards.
A trend toward these joint work efforts can be seen in the IAPC’s
recently completed fraud project and in its current projects
on the audit risk model and auditing fair values. |
Fraud
In 2001 the IAPC issued ISA No. 240, The Auditor’s Responsibility
to Consider Fraud and Error in an Audit of Financial Statements.
The standard is effective for audits of financial statements for
periods ending on or after June 30, 2002. ISA No. 240 is an example
of an IAPC project in which the IAPC benefited from efforts of national
standard-setting bodies. ISA No. 240 holds some similarities to
U.S. Statement on Auditing Standards (SAS) No. 82, Consideration
of Fraud in a Financial Statement Audit. For example, both standards
require the auditor to consider fraud risk factors that relate to
fraudulent financial reporting and misappropriation of assets when
planning the audit. However, there are some significant differences
between the two documents. For example, SAS No. 82 requires the
auditor to consider the risk factors to make a separate fraud assessment,
while ISA No. 240 requires no separate assessment of fraud, but
a consideration of these factors while assessing inherent and control
risk. The fact that the IAPC has determined that these factors should
be considered when assessing inherent risk and control risk is an
indication that the IAPC has not yet been sold on (and their belief
that academic research has not yet demonstrated) the benefits arising
from a separate fraud risk assessment.
When
the IAPC issued the fraud standard, the IAPC was aware that the
U.S. Auditing Standards Board (ASB) had undertaken a major project
on fraud and that the outcome of the U.S. project might require
the IAPC to revisit it standards. The IAPC is currently monitoring
the ASB’s fraud project.
Auditing
Fair Values
In October 2001, the IAPC issued an Exposure Draft of a proposed
ISA, Auditing Fair Value Measurements and Disclosures. The
proposed ISA addresses audit considerations relating to the measurement,
presentation and disclosure for material assets, liabilities and
specific components of equity presented or disclosed at fair value
in financial statements. The IAPC views the proposed ISA as a foundation
standard that will provide a framework for auditing fair value measurements
and disclosures. The proposed ISA will also serve as an umbrella
standard for other pronouncements (for example, International Auditing
Practice Statement No. 1012, Auditing Derivative Financial Instruments).
The
deadline for comments about the proposed ISA was January 15, 2002.
Although some respondents complained that the proposed ISA is too
general in nature and that there is too much overlap with ISA No.
540, Audit of Accounting Estimates, the overall support for
the proposed ISA is strong. The IAPC expects to issue the standard
at its June 2002 meeting.
Interestingly,
the ASB has decided to use the proposed ISA as the basis for a SAS.
On January 15, 2002, the ASB issued an Invitation to Comment, which
asks for comments about the proposed ISA and the process being used
to develop the SAS. The ASB plans to use the comments received and
the proposed ISA to develop an Exposure Draft of a proposed SAS
that will be issued in April 2002. The ASB anticipates issuing a
final SAS in July 2002.
The
ASB has committed to forwarding all significant comments to the
IAPC. The IAPC and the ASB plan to reconcile significant differences
before the final standards are issued.
Audit
Risk Model
In response to the report of the Joint Working Group, the IAPC formed
the Audit Risk Subcommittee to consider whether the ISAs should
be modified to incorporate what is commonly referred to as a business
risk approach to auditing. The Audit Risk Subcommittee worked separately,
but in tandem, with the ASB’s Risk Assessment Task Force for
a year. In October 2001, the two task forces were merged into one
task force, the Audit Risk Task Force, which is co-chaired by IAPC
member John Kellas and ASB member John Fogarty. The Audit Risk Task
Force’s goal is to draft two documents that will be issued
as two ISAs and SASs. The two documents, if ultimately adopted,
will make significant changes to the existing ISAs.
The
first document, which is referred to as “assessing risk,”
will replace ISA No. 310, Knowledge of the Business, and
ISA No. 400, Risk Assessments and Internal Control. The other
document, which is referred to as “further audit procedures,”
will be a new standard. The adoption of these two standards will
prompt the revision of other standards such as ISA No. 300, Planning,
and ISA No. 500, Audit Evidence.
The
“assessing risk” document requires the auditor to obtain
an understanding of the entity and its environment, including its
internal control, sufficient to identify and assess risks that may
result in material misstatement of the financial statements. The
entity and its environment consists of: (1) nature of the entity;
(2) industry, regulatory, and other external factors, including
accounting policies; (3) objectives and strategies and related business
risks; (4) measurement and monitoring of the entity’s performance;
and (5) internal control. Although the document requires the auditor
to assess the risk of material misstatement, it does not require
a separate assessment of inherent and control risk. The “further
audit procedures” document will set forth requirements for
linking the design and performance of procedures to the risk assessment.
The
IAPC will review the first draft of the “assessing risk”
document at its March 2002 meeting, at which time it will also discuss
a timetable for the “further audit procedures” document.
Determination/Communication
of Assurance Levels other than High
Over the last few years the IAPC reached something of an impasse
as to the determinants of the level of assurance for an assurance
services framework. Two major views had been forwarded: the single
determining factor (work effort) view, and the multiple determinants
(interaction of variables) view. The U.S. had supported the single
factor approach in the development of the attestation standards.
The IAPC commissioned research from the International Symposium
of Audit Research (ISAR) team, comprising academics from University
of Southern California (North America), Universiteit Maastricht
(Europe), Nanyang Technological University (Asia), and University
of New South Wales (Australia). The research approach involved reviewing
all current research and available evidence (including approaches
of other professions) and distributing questionnaires to National
Accounting Institutes and accounting practices in twelve countries,
on determinants of level of assurance and identifying innovative
assurance services provided and the approach used for communicating
the level of assurance.
The
report concluded that the evidence broadly supported an interaction
of variables approach, with the major three determinants being the
work effort, subject matter and suitability of criteria. They also
concluded that while the high-assurance-level audit report was well
recognized and appeared to be an effective communication device,
the standard form review report containing negative assurance was
generally not effective. Some of the reasons included the fact that
in format the two reports were very similar, and standard descriptions
contained in the review report, such as that used for work effort,
were misunderstood. It found that while there were some innovative
reporting practices being undertaken by the profession for various
assurance services providing assurance at levels other than high,
in most situations the reports were standard form review reports,
with perhaps some minor variations. This commissioned research report
entitled “The Determination and Communication of Levels of
Assurance other than High” is to be made available on the IFAC
web site.
Information
Technology
For the first time in many years the IAPC has released new or revised
guidance in the area of information technology. During the year
the following guidance was issued: International Auditing Practice
Statement (IAPS) No. 1001, IT Environments—Stand-Alone Personal
Computers, IAPS No. 1002, IT Environments—On-line Computer
Systems, IAPS No. 1003, IT Environments—Database Systems,
and IAPS No. 1009, Computer-Assisted Audit Techniques.
Guidance
has also been drafted for the situations where the client entity
engages in commercial activity over a public network such as the
Internet. The guidance covers four main areas. In the area of skills
and knowledge it outlines that appropriate levels are required for
two main areas; information technology and Internet e-com, and provides
some guidance on these appropriate levels. The second area is knowledge
of the business, including general knowledge of the entity’s
business activities and the industry in which it operates, the extent
of the entity’s Internet e-com involvement, and the entity’s
e-com strategy. The third main area is risk identification, which
takes a business risk approach and also emphasizes legal and regulatory
issues. The final main area is internal control considerations,
covering security, transaction integrity, and process alignment
(the way the various IT systems are aligned). This Exposure Draft
of a proposed IAPS entitled Electronic Commerce Using the Internet
or Other Public Networks—Effect on the Audit of Financial Statements
was released for public comment in October 2001, with the comments
closing January 2002. The comments received are to be considered
at their next meeting.
Conclusion
In our last international auditing standards update published in
The Auditor’s Report (Winter 2001), we outlined that
globalization will continue to be one of the major forces motivating
the IAPC. Clearly this has occurred, as seen in the continued push
to gain the IOSCO accreditation for the ISAs, and the acceptance
of the Review Task Force’s recommendations not only to increase
the quality of the standards, but to also make the standard-setting
process more transparent. The review of the audit risk model, and
developments in the umbrella assurance services standards will continue
to be a major focus of attention as the flow-through effect onto
other standards is felt.
Also
in our update last year we outlined that the major perceived deficiencies
in the standards were in the areas of IT and governance. While there
have been initiatives in the area of IT, it still appears that the
standard-setting process is playing catch-up to many of the issues
confronting practice. In the area of governance, while there have
been standards developed aimed at independence, recent events have
shown how fragile public confidence in the profession and the reputation
of the profession, its major asset, really is. Perceived deficiencies
in accounting standards and corporate governance practices show
that initiatives in the development of assurance services standards
must be closely linked to the initiatives of other standard-setting
bodies. The profession must explore how it can best participate
in the development of appropriate international corporate governance
standards and practices. If these issues are not addressed, it is
one of the groups with the most to lose.
REFERENCES
International
Federation of Accountants (IFAC), International Auditing Practices
Committee (IAPC) Review Task Force. 2001. Report and Recommendations.
New York, NY: IFAC.
Back to Contents Page
|
