Generally Accepted Auditing Standards (GAAS)
In 1947, the American Institute of Certified Public Accountants (AICPA) adopted GAAS to establish standards for audits. The standards cover the following three categories:
- General Standards – relates to professional and technical competence, independence, and professional due care.
- Field Work Standards – relates to the planning of an audit, evaluation of internal control, and obtaining sufficient evidential matter upon which an opinion is based.
- Reporting Standards – relates to the compliance of all auditing standards and adequacy of disclosure of opinion in the audit reports. If an opinion cannot be reached, the auditor is required to explicitly state their assertions.
The auditor must plan and conduct the audit to ensure their audit risk (the risk of reaching an incorrect conclusion based on the audit findings) will be limited to an acceptable level. To eliminate the possibility of assessing audit risk too low the auditor should perform the following steps:
Obtain an Understanding of the Organization and its Environment: The understanding of the organization and its environment is used to assess the risk of material misstatement/weakness and to set the scope of the audit. The auditor’s understanding should include information on the nature of the entity, management, governance, objectives and strategies, and business processes. Identify Risks that May Result in Material Misstatements: The auditor must evaluate an organization’s business risks (threats to the organization’s ability to achieve its objectives). An organization’s business risks can arise or change due to new personnel, new or restructured information systems, corporate restructuring, and rapid growth to name a few. Evaluate the Organization’s Response to those Risks: Once the auditor has evaluated the organization’s response to the assessed risks, the auditor should then obtain evidence of management’s actions toward those risks. The organization’s response (or lack thereof) to any business risks will impact the auditor’s assessed level of audit risk. Assess the Risk of Material Misstatement: Based on the knowledge obtained in evaluating the organization’s responses to business risks, the auditor then assesses the risk of material misstatements and determines specific audit procedures that are necessary based on that risk assessment.
Read more about this topic: Information Technology Audit Process
Famous quotes containing the words generally, accepted and/or standards:
“Peer pressure is not a monolithic force that presses adolescents into the same mold. . . . Adolescents generally choose friend whose values, attitudes, tastes, and families are similar to their own. In short, good kids rarely go bad because of their friends.”
—Laurence Steinberg (20th century)
“... no other railroad station in the world manages so mysteriously to cloak with compassion the anguish of departure and the dubious ecstasies of return and arrival. Any waiting room in the world is filled with all this, and I have sat in many of them and accepted it, and I know from deliberate acquaintance that the whole human experience is more bearable at the Gare de Lyon in Paris than anywhere else.”
—M.F.K. Fisher (1908–1992)
“Our ego ideal is precious to us because it repairs a loss of our earlier childhood, the loss of our image of self as perfect and whole, the loss of a major portion of our infantile, limitless, ain’t-I-wonderful narcissism which we had to give up in the face of compelling reality. Modified and reshaped into ethical goals and moral standards and a vision of what at our finest we might be, our dream of perfection lives on—our lost narcissism lives on—in our ego ideal.”
—Judith Viorst (20th century)