International Standards on Auditing
International Standards on Auditing
International Standards on Auditing (ISA), developed by the independent International Auditing and Assurance Standards Board (IAASB) under the author- ity of the International Federation of Accountants (IFAC), specify auditor objectives and responsibilities related to conducting financial audits. Much like the GAAS, the directives in the ISA apply to the individual auditors that conduct audits, rather than to the organizations the auditors represent or that are the subject of an audit. Numerous ISA documents provide additional objectives and requirements related
170 CHAPTER 9 Methodologies and Frameworks
Table 9.2 Generally Accepted Auditing Standards [1] Category
Standards
General 1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.
2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or auditors.
3. Due professional care is to be exercised in the performance of the audit and the preparation of the report.
Standards of Field Work 1. The work is to be adequately planned and assistants, if any, are to be properly supervised. 2. A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.
3. Sufficient competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under audit.
Standards of Reporting 1. The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles (GAAP).
2. The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.
3. Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.
4. The report shall contain either an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot
be expressed. When an overall opinion cannot be expressed, the reasons therefore should be stated. In all cases where an auditor’s name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor’s work, if any, and the degree of responsibility the auditor is taking.
to various aspects of performing audits which should apply to an auditor seeking to comply with the ISA when conducting any type of audit. IAASB specifies the core objectives and requirements for auditors complying with International Standards on Auditing in ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing. Under ISA, an auditor’s overarching objectives are first “to obtain reasonable assur- ance about whether the financial statements as a whole are free from material mis- statement,” and second, “to report on the financial statements, and communicate as
Audit-Specific Methodologies and Frameworks 171
Table 9.3 Auditor Requirements Under International Standards on Auditing [2] Category
Standards Ethical
The auditor shall comply with relevant ethical requirements, Requirements
including those pertaining to independence, relating to financial statement audit engagements.
Professional
The auditor shall plan and perform an audit with professional Skepticism
skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated.
Professional
The auditor shall exercise professional judgment in planning and Judgment
performing an audit of financial statements. Audit Evidence
To obtain reasonable assurance, the auditor shall obtain sufficient and Risk
appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.
Conducting
The auditor shall comply with all ISAs relevant to the audit. An Audits
ISA is relevant to the audit when the ISA is in effect and the circumstances addressed by the ISA exist.
The auditor shall have an understanding of the entire text of an ISA, including its application and other explanatory material, to understand its objectives and to apply its requirements properly.
The auditor shall not represent compliance with ISAs in the auditor’s report unless the auditor has complied with the requirements of this ISA and all other ISAs relevant to the audit.
To achieve the overall objectives of the auditor, the auditor shall use the objectives stated in relevant ISAs in planning and performing the audit.
The auditor shall comply with each requirement of an ISA unless, in the circumstances of the audit, the entire ISA is not relevant; or the requirement is not relevant because it is conditional and the condition does not exist.
In exceptional circumstances, the auditor may judge it necessary to depart from a relevant requirement in an ISA. In such circumstances, the auditor shall perform alternative audit procedures to achieve the aim of that requirement.
If an objective in a relevant ISA cannot be achieved, the auditor shall evaluate whether this prevents the auditor from achieving the overall objectives of the auditor and thereby requires the auditor, in accordance with the ISAs, to modify the auditor’s opinion or withdraw from the engagement.
required by the ISAs, in accordance with the auditor’s findings” [2] . ISA guidance requires auditors who cannot satisfy these objectives to refuse to render an opinion or to withdraw from the audit engagement. Auditors following ISA are subject to
10 requirements related to auditor behavior and to conducting audits in accordance with the International Standards, as listed in Table 9.3 . In contrast to the SAS, none of the current ISA documentation explicitly addresses IT auditing, although ISA 402, Audit Considerations Relating to an Entity
172 CHAPTER 9 Methodologies and Frameworks
Using a Service Organization, addresses the use of external services provided as part of an entity’s financial management and reporting systems [3] . ISA 402 is com- parable in focus and intent to the AICPA’s Statement on Auditing Standards No. 70, Service Organizations, although the ISA guidance only considers matters related to auditing financial statements, not to IT, management, or information security con- trols more generally. For this reason, auditors may find SAS guidance more applica- ble to many types of IT audits than ISA guidance. Audit professionals who represent members of IFAC are required under the Federation’s Statement of Membership Obligations to “adopt and implement” IAASB standards including the ISA [4] .