Without proper application of professional skepticism, the effectiveness of audit procedures is diminished. As a result, the sufficiency and appropriateness of audit evidence obtained is negatively impacted.
Concern about instances when auditors did not appropriately apply professional skepticism in their audits is a recurring theme in audit inspection findings globally and has been a key issue in discussions about audit quality.
But what is professional skepticism in the context of an audit? In layman’s terms it is a mindset where an auditor does not simply accept information or audit evidence at face value. Rather, the auditor applies a reasonably questioning attitude while performing the audit.
Regulatory bodies have suggested that auditors’ enhanced professional skepticism will contribute significantly to improving the quality of audits and that firms should prioritize efforts in this area. A question then is whether the auditing standards themselves could better address the application of professional skepticism?
Auditing standards for audits not subject to PCAOB standards (i.e., US GAAS as promulgated by the AICPA) explicitly recognize the fundamental importance of professional skepticism. In US GAAS, AU-C 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, officially defines professional skepticism as an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.
The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. Nevertheless, the auditor is required to consider the reliability of information to be used as audit evidence.
In today’s business environment, with the expanding use of external information sources by both preparers and auditors, the task of considering the reliability of information is becoming increasingly difficult and much more important.
Questions have been raised about how auditors can more clearly demonstrate the application of professional skepticism, how to better describe the basis for the auditor’s professional judgments, and how the auditor’s mind-set has affected the nature, timing and extent of audit procedures performed as well as the critical evaluation of audit evidence.
In part, given this background and the issues related to professional skepticism, the AICPA’s Auditing Standards Board (ASB) on June 20, 2019, issued a Proposed Statement on Auditing Standards (SAS), Audit Evidence, to supersede SAS No. 122, Statements on Auditing Standards: Clarification and Recodification, as amended, section 500, Audit Evidence, and amend various other AU-C sections in AICPA Professional Standards.
In the proposed SAS, the ASB has taken an approach to:
- accept the definition of professional skepticism as set out in AU-C section 200
- explain activities undertaken by the auditor that would demonstrate the application of professional skepticism when obtaining and assessing the sufficiency and appropriateness of audit evidence.
Simply including a separate section of a proposed SAS labeled “professional skepticism” or merely sprinkling the words “professional skepticism” throughout the proposed SAS is not enough to achieve the objectives outlined here. In the context of requiring auditors to obtain sufficient, appropriate audit evidence, the proposed SAS seeks to strengthen the application of professional skepticism in three specific ways.
First, it requires that the auditor, in forming conclusions about whether sufficient appropriate audit evidence has been obtained, evaluate the relevance and reliability of information to be used as audit evidence -- notwithstanding the source (internal or external) of the information, or the methods used to obtain the evidence. The proposed SAS then lays out four specific attributes of “reliability” of information that the auditor is required to consider:
- risk of bias
The last two attributes are new to the audit evidence standard and are clearly aimed at enhancing the application of professional skepticism. With expanding the use of external information sources, auditors’ consideration of the authenticity of information obtained from such sources, as well as considering whether bias exists in the information, is becoming critically important. However, the proposed SAS continues to acknowledge that an audit performed in accordance with GAAS rarely involves the actual authentication of documents, nor is the auditor trained as, or expected to be, an expert in such authentication.
Next, the proposed SAS recognizes the increasing sources of information used by preparers and auditors in today’s business world. The expanding sources of information allow the auditor to obtain information not previously readily available and to use information from various sources to confirm or refute assertions or statements made by company management.
As also acknowledged in the proposed SAS, use of emerging technologies and automated tools and techniques make obtaining information easier and less time consuming than in the past. These automated tools and techniques can also be used to better analyze increased volumes of information obtained from different sources to spot unusual relationships that warrant further questions to be asked.
Lastly, the proposed SAS explicitly requires the auditor to consider all information obtained, whether corroborative or contradictory in nature, in forming conclusions about whether sufficient, appropriate audit evidence has been obtained. While a requirement of this nature currently resides in auditing standards, the equal consideration of both contradictory and corroborative information is featured in the proposed SAS.
To further push the application of professional skepticism, the considerations required in the proposed SAS would indicate that auditors should not dismiss contradictory information simply on the basis that it may be less reliable than corroborative information, especially when such information comes from sources external to the company and the corroborative information is generated internally at the company.
There is no doubt that lack of professional skepticism is frequently cited by audit regulators as a leading cause of lower quality audits. The changes in the new proposed SAS on audit evidence are to be accomplished by establishing a multi-dimensional consideration of the attributes and factors used in evaluating audit evidence obtained from any source and, regardless of how the auditor acquired the information, include the use of automated tools and techniques.
The proposed SAS, if finalized in its proposed form, will hopefully further enhance audit quality and address concerns of professional skepticism.
About Bob Dohrer CPA
Bob Dohrer, CPA is Chief Auditor at the AICPA. He was the Global Leader - Quality & Risk for RSM between 2012 and 2018 where he had overall responsibility for the network’s audit and other attest services policies, procedures and guidance. Bob was also responsible for overseeing RSM’s global quality inspection programs in accordance with International Standards on Quality Control. Prior to joining RSM in March 2012, Bob served as McGladrey & Pullen, LLP’s National Director of Assurance Services and International Assurance Services Practice Leader and served a broad range of clients, including listed companies.