Let Us Guide You Through Your InfoSec & Compliance Journey.
Learn how to use the Compyl Platform.
Watch all Security Session Episodes
Real-world stories on how we help our customers.
The U.S. accounting industry is a powerhouse, with firms making nearly $150 billion annually and counting. The more than 4,000 public corporations in the U.S. undergo financial audits every year, along with countless private enterprises and nonprofits. To prepare effectively for audits, your organization needs to adhere to the right regulatory standards. That means understanding the differences between the PCAOB and the AICPA.
Audit and accounting firms in the United States don’t have the authority to simply use their best judgment when deciding whether businesses pass or fail an audit. The law requires Certified Public Accountants to follow a strict set of standards when performing audits and documenting their findings.
The American Institute of Certified Public Accountants is responsible for one set of audit standards. The Public Company Accounting Oversight Board regulates a different set of standards. Both organizations follow similar best practices, but there are important differences in the scope, viewpoint, and controls of their respective frameworks.
The American Institute of Certified Public Accountants — along with its partner organization, the Chartered Institute of Management Accountants — creates globally recognized standards for accounting and auditing. The AICPA is a nonprofit professional membership organization, not a government entity. AICPA and CIMA standards are used for management accounting, financial audits, attestations, asset valuations, and other business auditing practices.
The organizations also oversee credentials for:
AICPA and CIMA technical and professional standards are also reflected in other industry norms, such as the SOC 2 framework.
The AICPA has a long history. In its present form, it was established in the 1950s, but its original mission goes back to 1887. For nearly 100 years, the AICPA was responsible for setting generally accepted accounting principles for all public and private companies in the United States.
The AICPA joined with CIMA in 2012 and created the Association of International Certified Professional Accountants in 2017. This partnership highlighted its global focus. AICPA standards are used by companies of every size in North America, Europe, Asia, and other regions.
The Public Company Accounting Oversight Board is a regulation body in charge of overseeing CPA firms that audit publicly traded companies. Technically, the PCAOB is a nonprofit corporation, but it was established by Congress and operates under the purview of the Securities and Exchange Commission.
PCAOB standards are mandatory for SEC-registered auditors of public corporations. In 2023, the PCAOB performed over 220 inspections of audit firms, issued more than 45 disciplinary penalties, and handed out fines of more than $20 million.
The history of the AICPA and PCAOB intertwine. In fact, when Congress created the PCAOB in 2002, the new organization based its own auditing standards almost entirely on the AICPA’s existing framework.
In the late 1990s, the U.S. stock market experienced several high-profile accounting scandals. Enron, WorldCom, and Peregrine Systems are a few companies that committed massive accounting fraud worth billions. This period also coincided with the collapse of the dotcom bubble.
To protect future investors from similar scandals, Congress passed the Sarbanes-Oxley Act in 2002, part of which established the formation of the PCAOB. The goal was to create a new set of accounting standards that would improve the quality of corporate audits, hold CPA firms to a higher code of conduct, and increase auditor independence from the clients they serve.
Even today, when comparing PCAOB vs. AICPA, many areas of these frameworks are largely similar. There are wording changes, but the spirit of many requirements coincide closely. That said, there are at least four areas where PCAOB and AICPA rules are distinct.
Publicly traded companies must follow PCAOB standards (along with GAAP rules from the Financial Accounting Standards Board). On the other hand, private companies are free to implement AICPA standards, and many CPAs use AICPA rules for audits.
Auditing firms that violate PCAOB standards can face steep financial penalties and disciplinary sanctions. The PCAOB regularly conducts audits of SEC-registered firms.
On the other hand, AICPA rules are industry standards, not regulations. The AICPA has a Code of Professional Conduct, but it doesn’t carry out inspections of CPA firms. Of course, many states have accounting laws that CPAs must follow to keep their licenses.
The PCAOB works hand in hand with the SEC to promote accountability and accuracy in accounting records for public corporations. This is why — even though PCAOB and AICPA standards are mostly identical — PCAOB audits have a reputation for being stricter and more difficult to pass.
The goal of the AICPA is to support accountants. It gives CPAs more flexibility and freedom to make judgment calls. AICPA rules tend to be “business-friendly.”
PCAOB audits require some documentation that AICPA accounting practices don’t. New publicly traded companies must put together a detailed capitalization table that outlines ownership stakes, shares, equity transactions, and option pools. The added complexity can add to the time and expense of PCAOB audits.
If your organization is a publicly traded company, your decision is simple. You must use an accounting firm that follows PCAOB audit standards.
Private companies generally use AICPA standards instead. Only AICPA-accredited CPAs can perform a SOC 2 assessment. However, they can opt for PCAOB audits when they aim for an IPO or want more investor trust.
Are there any situations when a private company might opt for a PCAOB audit? It’s a must for organizations planning on launching an IPO. Companies that want to sell or attract investor support may also benefit from the added weight and trustworthiness that a PCAOB audit provides.
Financial audits with PCAOB and AICPA standards often require extensive document gathering over months. Misplacing a few critical files can create enormous headaches. Avoid this issue by automating your document workflow and synchronizing compliance progress across your organization. Learn why major organizations are using Compyl to streamline PCAOB and AICPA audit prep.
