AS 1000: General Responsibilities of the Auditor in Conducting an Audit
Adopting Release: PCAOB Release No. 2024-004
Amendments: Amending releases and related SEC approval orders
Summary Table of Contents
- .01 Introduction
- .03 Objectives of the Auditor
- .04 Professional Qualifications of the Auditor
- .09 Due Professional Care, Including Professional Skepticism
- .12 Professional Judgment
- .13 Conducting an Audit
- APPENDIX A – Definition
Introduction
.01 The auditor has a fundamental obligation to protect investors through the preparation and issuance of informative, accurate, and independent auditor’s reports. This responsibility transcends an auditor’s relationship with management and the audit committee of the company under audit, providing the foundation for an objective and independent audit. A properly conducted audit and the related auditor’s report enhance the confidence of investors and other financial statement users1 in the company’s financial statements and, if applicable, internal control over financial reporting.
Note: The auditor’s obligation to protect investors provides important context to the auditor’s work when applying the requirements of this and other Public Company Accounting Oversight Board (“PCAOB”) standards and rules.
.02 This standard describes the general principles and responsibilities of the auditor in properly conducting an audit in accordance with the standards of the PCAOB. This standard sets out the objectives of the auditor, establishes requirements for the auditor’s professional qualifications and the auditor’s general responsibilities applicable in all audits, and describes auditing principles relevant to conducting the audit.
Objectives of the Auditor
.03 The objectives of the auditor are to:
- In an audit of financial statements – (1) obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud; and (2) issue an auditor’s report that expresses an opinion about whether the financial statements, taken as a whole, are presented fairly, in all material respects, in conformity with the applicable financial reporting framework;
- In an audit of internal control over financial reporting –– (1) obtain reasonable assurance about whether material weaknesses exist as of the date specified in management’s assessment; and (2) issue an auditor’s report that expresses an opinion on the effectiveness of the company’s internal control over financial reporting;
- Communicate externally in accordance with applicable professional and legal requirements;2 and
- Satisfy and fulfill the other general principles and responsibilities described in this standard.
Professional Qualifications of the Auditor
Independence and Ethics
.04 The auditor must be independent of the company under audit both in fact and in appearance throughout the audit and professional engagement period.3 The auditor is not independent with respect to the company under audit if the auditor is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the auditor is not, capable of exercising objective and impartial judgment on all matters encompassed within the engagement.4
.05 The auditor must satisfy the independence criteria set out in the rules and standards of the PCAOB, and satisfy all other independence criteria applicable to the engagement, including the independence criteria set out in the rules and regulations of the U.S. Securities and Exchange Commission (“SEC”) under the federal securities laws.5
.06 The auditor must comply with applicable ethics requirements, including the ethics rules and standards of the PCAOB.6
Competence
.07 The audit must be performed by an auditor who has the competence to conduct an audit in accordance with applicable professional and legal requirements. Competence consists of having the knowledge, skill, and ability that enable the auditor to perform their assigned activities in accordance with applicable professional and legal requirements and the firm’s policies and procedures. Competence is measured both qualitatively and quantitatively.
Note: Competence includes knowledge and proficiency in accounting and auditing standards and SEC rules and regulations relevant to the company being audited and the related industry or industries in which it operates.
.08 The auditor should develop and maintain competence through an appropriate combination of:
- Academic education;
- Professional experience in accounting and auditing, with proper supervision;7 and
- Training, including accounting, auditing, independence, ethics, and other relevant continuing professional education.
Due Professional Care, Including Professional Skepticism
.09 The auditor must exercise due professional care in all matters related to the audit.8 Due professional care concerns what the auditor does and how well the auditor does it. Due professional care means acting with reasonable care and diligence, exercising professional skepticism, acting with integrity, and complying with applicable professional and legal requirements.9
.10 For the engagement partner,10 due professional care also includes (1) being responsible for the appropriate assignment of responsibilities to,11 and supervision of,12 engagement team members;13 (2) determining that the audit is properly planned14 and performed to obtain reasonable assurance;15 (3) evaluating that significant findings or issues are appropriately addressed;16 (4) determining that significant judgments and conclusions on which the auditor’s report is based are appropriate and supported by sufficient appropriate audit evidence;17 and (5) determining that required communications under applicable professional and legal requirements have been made.18
.11 Exercising due professional care includes exercising professional skepticism in conducting an audit. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence and other information that is obtained to comply with PCAOB standards and rules. The auditor’s exercise of professional skepticism includes:
- Objectively evaluating evidence obtained in an audit (including information that supports and corroborates management’s assertions19 and information that contradicts such assertions), and consideration of the sufficiency and the appropriateness (i.e., relevance and reliability) of that evidence;20
- Remaining alert to conditions that may indicate possible misstatement due to error or fraud;
- Not being satisfied with evidence that is less than persuasive;
- Not assuming that management is honest or dishonest; and
- Considering potential bias on the part of management and the auditor.
Professional Judgment
.12 The auditor must exercise professional judgment, which involves applying relevant training, knowledge, and experience to make informed decisions and reach well-reasoned conclusions about the courses of action that are appropriate in the circumstances.21
Note: Professional judgment is applied in the context of conducting an audit with due professional care in accordance with applicable professional and legal requirements.
Conducting an Audit
.13 The auditor must plan and perform the audit to obtain sufficient appropriate audit evidence to:
- Obtain reasonable assurance about whether:
- In an audit of financial statements, the financial statements are free of material misstatement,22 whether due to error or fraud;23
- In an audit of internal control over financial reporting, material weaknesses exist as of the date specified in management‘s assessment; and
- Provide the auditor with a reasonable basis for forming an opinion.24
Note: In an audit of financial statements, the financial statements, including their preparation, are management’s responsibility and the auditor’s responsibility is to express an opinion on the financial statements. In an audit of internal control over financial reporting, management is responsible for establishing and maintaining effective internal control over financial reporting and for assessing the effectiveness of internal control over financial reporting, and the auditor’s responsibility is to express an opinion on the effectiveness of the company’s internal control over financial reporting.
.14 Reasonable assurance is not absolute assurance, but a high level of assurance. It is obtained by reducing audit risk to an appropriately low level through the application of due professional care, including by obtaining sufficient appropriate audit evidence.25 The auditor obtains reasonable assurance that (1) misstatements are detected that, individually or in combination, would result in material misstatement of the financial statements; and (2) in an audit of internal control over financial reporting, material weaknesses are detected.
.15 The auditor must comply with applicable professional and legal requirements in conducting an audit.
Note: When complying with PCAOB standards, the auditor should also take into account PCAOB auditing interpretations26 applicable to the audit.
.16 The auditor must prepare audit documentation in connection with each engagement conducted in accordance with the standards of the PCAOB.27 Audit documentation facilitates the planning, performance, and supervision of the engagement and is the basis for reviewing the quality of the work performed in an audit because it provides the engagement partner and other reviewers with written documentation of the evidence supporting the auditor’s significant conclusions.28 AS 1215 also sets forth requirements for the assembly and retention of audit documentation.29
Auditor Communications
.17 The auditor’s report must contain:
- In an audit of financial statements, an expression of opinion on the financial statements, taken as a whole, or an assertion that an opinion cannot be expressed; and
- In an audit of internal control over financial reporting, an expression of opinion on the effectiveness of the company’s internal control over financial reporting or an assertion that an opinion cannot be expressed.
Note: The auditor’s report also contains other elements, such as those included in the basis for opinion or basis for disclaimer of opinion sections, and, if applicable, critical audit matters.30
.18 The auditor should express an unqualified opinion only when the auditor has performed the audit in accordance with the standards of the PCAOB and has obtained sufficient appropriate audit evidence to conclude that:
- In an audit of financial statements, the financial statements, taken as a whole, are presented fairly,31 in all material respects, in conformity with the applicable financial reporting framework;32
- In an audit of internal control over financial reporting, the company maintained, in all material respects, effective internal control over financial reporting.33
.19 When the auditor conducts an audit in accordance with the standards of the PCAOB, some circumstances require that the auditor depart from an unqualified opinion on the company’s financial statements or internal control over financial reporting, and state the reasons for the departure from the unqualified opinion.34
.20 The auditor must communicate externally in accordance with applicable professional and legal requirements.35
APPENDIX A – Definition
.A1 For purposes of this standard, the term below is defined as follows:
.A2 Applicable professional and legal requirements –
(1) Professional standards, as defined in PCAOB Rule 1001(p)(vi);
(2) Rules of the PCAOB that are not professional standards; and
(3) To the extent related to the obligations and responsibilities of accountants or auditors in the conduct of engagements or in relation to the quality control system, rules of the SEC, other provisions of U.S. federal securities law, ethics laws and regulations, and other applicable statutory, regulatory, and other legal requirements.
1 This standard uses “investors and other financial statement users” to include a company’s existing and potential shareholders, bondholders, lenders, other creditors, and others who use the company’s financial statements.
2 The term is defined in Appendix A, Definition, and is set in boldface type the first time it appears.
3 See PCAOB Rule 3501, Definitions of Terms Employed in Section 3, Part 5 of the Rules, for the definition of the term “audit and professional engagement period.”
4 See Regulation S-X Rule 2-01, 17 C.F.R. § 210.2-01 for the analogous provision on auditor independence. For the purposes of this standard, the phrase “company under audit” has the same meaning as “audit client” under PCAOB Rule 3501(a)(iv).
5 See, e.g., Regulation S-X Rule 2-01, 17 C.F.R. § 210.2-01, and Section 3, Part 5 of PCAOB rules. To the extent that a provision of one rule is more restrictive than that of another rule, the auditor is required to comply with the more restrictive provision. See PCAOB Rule 3500T, Interim Ethics and Independence Standards.
6 See, e.g., Section 3, Part 5 of PCAOB rules; EI 1000, Integrity and Objectivity, which requires auditors to maintain integrity and objectivity.
7 Paragraphs .05 and .06 of AS 1201, Supervision of the Audit Engagement, describe the nature and extent of supervisory activities necessary for proper supervision of engagement team members.
8 For audits that involve other auditors, the other auditors are responsible for performing their work with due professional care. The lead auditor’s responsibilities for planning the audit and supervising the other auditors’ work are set forth in AS 2101, Audit Planning, and AS 1201.
9 See also note to AS 1201.05b.
10 The term “engagement partner,” as used in this standard, has the same meaning as defined in Appendix A of AS 1201.
11 Paragraph .05 of AS 2301, The Auditor’s Responses to the Risks of Material Misstatement, establishes requirements regarding the assignment of engagement team members.
12 See AS 1201.
13 The term “engagement team,” as used in this standard, has the same meaning as defined in Appendix A of AS 2101.
14 See AS 2101.03, which describes the engagement partner’s responsibility for planning an audit.
15 See paragraph .13 of this standard.
16 See paragraph .12 of AS 1215, Audit Documentation.
17 See, e.g., paragraphs .09-.10 of AS 1220, Engagement Quality Review. See also AS 2810, Evaluating Audit Results.
18 See paragraph .20 of this standard.
19 See AS 1105, Audit Evidence, for management’s assertions regarding the financial statements and internal control over financial reporting.
20 See AS 1105, which explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence.
21 References to judgment of the auditor in other PCAOB standards have the same meaning as “professional judgment.” See, e.g., AS 1215.07 and AS 1220.02.
22 The term “misstatement,” as used in this standard, has the same meaning as defined in Appendix A of AS 2810.
23 See AS 2105, Consideration of Materiality in Planning and Performing an Audit, for requirements regarding the auditor’s consideration of materiality in planning and performing an audit. See AS 2401, Consideration of Fraud in a Financial Statement Audit. See also paragraph .05 of AS 2405, Illegal Acts by Clients.
24 In circumstances when the auditor is not able to obtain sufficient appropriate audit evidence to provide a reasonable basis for forming an opinion, PCAOB standards require the auditor to disclaim an opinion or withdraw (or resign) from the engagement. See AS 3105, Departures from Unqualified Opinions and Other Reporting Circumstances, for a financial statement audit and paragraphs .90 through .98 of AS 2201, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, and Appendix C of AS 2201, for an audit of internal control over financial reporting.
25 See paragraphs .03-.04 of AS 1101, Audit Risk. In a financial statement audit, audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated, i.e., the financial statements are not presented fairly in conformity with the applicable financial reporting framework.
26 PCAOB auditing interpretations refer to the PCAOB publications entitled “Auditing Interpretations” as currently in effect.
27 See, e.g., AS 1215; AS 1301, Communications with Audit Committees; and AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion.
28 See generally AS 1215.
29 See AS 1215.14-.20.
30 See AS 3101 and AS 3105. AS 3101.18 also includes a list of other PCAOB standards with requirements that, in certain circumstances, the auditor include explanatory language (or an explanatory paragraph) in the auditor’s report, while not affecting the auditor’s opinion on the financial statements. For example, an explanatory paragraph is required when there is substantial doubt about the company’s ability to continue as a going concern.
31 AS 2810.30-.31 describe the auditor’s responsibilities related to the evaluation of whether the financial statements are presented fairly, in all material respects, in conformity with the applicable financial reporting framework.
32 See AS 3101 for requirements regarding the content of the auditor’s written report when the auditor expresses an unqualified opinion on the financial statements. The auditor should look to the requirements of the SEC for the company under audit with respect to the accounting principles applicable to that company.
33 See AS 2201.85-.98 for the form and content of the auditor’s report when the auditor conducts an audit of internal control over financial reporting.
34 See AS 3105 for reporting requirements related to departures from unqualified opinions and other reporting circumstances. See also AS 2201.90-.98 and Appendix C of AS 2201, for special reporting situations in an audit of internal control over financial reporting.
35 See, e.g., AS 1301; PCAOB Rule 3211, Auditor Reporting of Certain Audit Participants.