The AICPA Auditing Standards Board (ASB) performs functions that are vital to the public interest by creating requirements that ensure that audit and attest engagements are performed in a consistent, thorough manner according to best practices in the profession.
In this Q&A, Sara Lord, CPA, who chairs the ASB, describes how this critical standard-setting board serves the public, investors, audit clients and the audit profession. Lord also serves as chief auditor and a member of the board of directors at RSM US LLP.
Q: What is the Auditing Standards Board, and what is your mission?
The Auditing Standards Board is a senior committee of the AICPA designated by the AICPA Council. That means it has official authority to issue auditing, attestation and quality control standards, as well as practice guidance for performing and reporting on audit and attestation engagements for non-issuers. This essentially means U.S. companies that are not audited according to PCAOB-issued public company standards. Essentially the ASB sets the standards for audits and for attest work, which includes examinations, reviews and agreed-upon procedures engagements that private companies use.
Q: Who serves on the Auditing Standards Board? I understand you’re careful about the mix to make sure everybody’s thoughts are represented.
Yes, absolutely. There are typically 19 members, and it is a mix. The Big Four accounting firms (Deloitte, EY, KPMG and PwC) each have one ASB representative. There are five representatives from non-Big Four firms, so all sizes of firms within the profession are represented. The National Association of State Boards of Accountancy (NASBA) nominates five members who come from whatever constituency NASBA would like represented. Then we have five more members who represent financial statement users, financial statement preparers, academics and other people who use financial statements or study auditing and accounting.
Q: Can you tell me how that group results in a diverse set of opinions?
A sole practitioner firm has different needs from larger firms when you think of quality management systems or auditing clients. We have representatives from the government space as well, and that’s a different set of concerns. From a practitioner perspective, making sure we have representation from all sizes of firms helps us set standards that [are] scalable and can work for the most complex audits, but also aren’t too cumbersome or complex for a simpler audit. When we look at a lot of our outreach, the academics are excellent at helping us to devise surveys, analyze comments that are received, and think about it from that more analytical perspective from the training they have in doing research and analysis. Our preparers and users typically have a bit of an auditing standards bent or have maybe been auditors in the past. They’re intended to create output that is best for the users of the financials. Having their perspective helps us stay focused on setting standards to provide quality across the profession so the profession can deliver quality to the users.
Q: Is it tough to get 19 people to agree on anything?
At times. I think that that’s what’s good though, right? It would be not a super productive board if everybody agreed on everything. We have varying perspectives. We’ll have debates over components of issues. As you get into a great theme of like, do we believe in enhancing audit quality? Yeah, 19 people believe in that. Yes. Then you get into the different components of how to enhance audit quality, and sometimes it does vary based on different practice setups or different users. So, we get into really good debates about what makes the most sense. I think that keeps us true to the mission of, why are we doing this? We’re helping the greater good or the profession as a whole.
Typically, we get to a place where everybody is comfortable with the answer or the overall output. But I think it’s a healthy debate on disagreements along the way in a productive manner, which is one of the things I enjoy about the board.
Q: Why is it important to have a set of prescriptive standards exist in the marketplace?
Within the CPA profession, in addition to the standards for executing an audit or attest engagement, we have ethics standards for independence, objectivity, due professional care and confidentiality. It’s really important for people who are using our reports to understand that we weren’t influenced unduly by management, the people that hired us, or others. Users can have the confidence to be able to pick up a report and say, “Oh, a CPA prepared this. I understand they were independent. I understand that they followed due professional care, that they followed the ethics rules, and they followed audit execution standards.” So you don’t have to question the value of the report that you’re getting, you understand its value because it was based on prescriptive standards.
Q: Can you give some examples of why standards must be updated over time?
Our clients keep changing and technology keeps changing as new things are created such as blockchain and cryptocurrency. They didn’t exist in 1975. So, when we were writing standards then, we couldn’t comprehend those things. We’ve spent time recently updating risk assessment requirements. That’s saying, “What actually is risky in a client?” If we were doing an audit 30 years ago, you might be more focused on accounts receivable, fixed assets; things that are more tangible when you look at financial statements. Now, so much value is tied up in intangible areas, so that has shifted. We need to make sure our standards are shifting to accommodate that. The other thing we’re seeing is technology increasingly becoming part of every business. So we need to make sure that we’re testing through the technology, not around it, and understand how technology influences what’s recorded. Finally, with the attestation standards, we’re seeing more interest from the public in ESG and climate, where they want management to tell them what is being done. When management makes bold statements, the public is looking for someone to come in and say, is this real, is this accurate? How can we have confidence in it? From a professional perspective, we see that attestation space continues to build as companies become more complex.
Q: What are some of the big projects the ASB is working on right now?
We recently finalized updates to the quality management standards. That’s been a very large project that looks at the foundation from a firm perspective of shifting your quality management system to a risk-based approach that intends for firms to ask, “OK, what’s risky to me,” and tailor and spend time in their risky areas. We have an exposure draft related to group audit engagements where we are providing enhancements to the standards. If you’re working with a group of auditors when a company has subsidiaries or is international with multiple locations, we’re ensuring that those standards are fit for purpose. We’re expanding guidance in areas such as clients that have service centers. What does it mean if your client outsources their financial record keeping to a different jurisdiction? We continue to look at fraud and going concern, looking at what the IAASB has done from a research perspective on fraud. Additionally, we are continuing to look into attestation services. We have a broad core set of attest standards that cover lots of different attest services. We’re looking to see if we need specific guidance in certain areas. Are there different components of attestation, whether it’s ESG, whether it’s internal controls, where we can provide more guidance to practitioners on how to adapt the core standards for the specialized services?
Q: You mentioned the IAASB, which is the International Auditing and Assurance Standards Board. Perhaps it’s important to talk a bit about your efforts to make standards congruent with the international standards.
The ASB has a mission to converge with the international standards unless there’s some reason that in the U.S. jurisdiction convergence doesn’t work. So we set the stage for anticipating convergence because there is a due process to their standard setting as well. We are involved throughout the IAASB’s process. We have a voice in the standard setting at the IAASB level. If there’s something different we’re considering in the U.S. jurisdiction, we’ll provide that insight. Hopefully, we can be very close to converged, if not completely converged. We believe it helps practitioners in the U.S. to not have multiple sets of standards if they are working both globally and domestically. And for the practitioners who are U.S.-focused, we’re providing that solid basis.
Q: Can you talk more about the quality management standards and how they serve the public interest?
The quality management standards have been in their current form for about 15 years, which is a long time with the pace of changes in technology and changes in CPA firms. The idea behind updating them is completely focused on the public interest and making sure we have transparency in how quality is set up in the individual firms. The standard provides firms with the ability to tailor quality management for their firm. Maybe you have a firm that focuses on a certain industry or certain type of audit or attest engagement. For them, work in their specialty area might not be that risky because they have the systems, controls and training established. It might be riskier if they take on a new type of industry that they don’t have experience with. Then they would spend more effort on their quality management around that new work. Also, within the standards some updates clarify what the engagement partner needs to do in leading the audit engagement. What is an engagement partner responsible for and when? What can they delegate? What do they have oversight responsibility for, and what things do we expect them to do themselves?
Partners don’t necessarily have to be involved in every single aspect of the audit. But in the risky areas, [partner-level] expertise and knowledge are really needed, and you want to be involved. The standards are intended to guide partners so their knowledge and influence are added to those components. We look at this as an opportunity to make the quality management standards more scalable and more adaptable for different sizes of firms, and I think that will protect the public interest.
Q: What kind of satisfaction do you get out of doing all of this? It’s a lot of work.
It’s just great fun getting to work with a variety of people with different perspectives. I learn things that I otherwise wouldn’t have an opportunity to learn. You get put in somebody else’s shoes in a way that you wouldn’t have the opportunity necessarily to do because you’re working in your environment. You can learn a lot just by thinking through things with someone else’s eyes. I believe in the CPA profession. I do this because I believe that we make a difference for investors, for people lending money, and for people in management. For a privately owned business, the work that we do can provide security and safety for people’s money and investments. We also can provide insight that can enhance internal controls or processes to make a company’s operations more efficient. Being part of the standard setting helps enable us to continue to be relevant and continue serving the public interest. It gives me a lot of personal satisfaction to be part of something at a professional level that I believe has a broad impact on lots of people.