A good question that people ask all the time. Typically the question is framed with “What does the AICPA do?” The AICPA is the acronym for the American Institute of Certified Public Accountants. It is the primary professional standards setting organization that guides the accounting profession in the United States of America. The majority of certified public accountants (CPAs) in the United States are members of the AICPA. Membership is basically required. The AICPA established the professional code of conduct that accounting professionals are “supposed” to adhere to. Supposed is in quotes because many do not adhere, more on that below. One of the most important functions performed by the AICPA is the Auditing Standards Board (ASB) and the Assurance Services Executive Committee (ASEC), both of which are technical committees of the AICPA responsible for standards and guidance. The ASB is responsible for many of the audit, attestation and quality control standards used by the accounting profession, including the audit standards used by Linfordco, which are briefly described below.
Professional Code of Conduct
The AICPA’s Professional Code of Conduct (Code) can be found Click Here. This document includes the integrity, objectivity, and ethical standards that CPA practitioners should adhere to in order to best serve the public. The CPA’s first duty or responsibility is to the public, not to the client and certainly not to themselves. The Code is 190 pages that explains the concept in painful detail. It’s always a disappointment when certain individuals go out of their way to try and discredit the profession (Click Here for one fine example). Nevertheless, the Professional Code of Conduct is a good document and the public benefits from those practitioners who abide by its precepts.
There are numerous audit standards that cover all types of audits and industries. The types of audits that Linfordco concerns itself with as they relate to the AICPA, are statements on standards for attestation engagements (SSAE). Here is where the standards can get a bit complicated. System and Organization Controls (SOC) audits fall under a number of SSAEs. SOC is really just a nickname created by the AICPA in an effort to market the services to service organizations. The SOC audits are governed by a number of different SSAEs. The SOC 1 audit (formerly SSAE 16) is governed by SSAE number 16, which is codified under AT section 801….but it is still just called a SOC 1 or an SSAE 16 audit. There are two types of SOC 1 audits (Type I and Type II) covered Click Here. SOC 2 audits on the other hand are governed by SSAE number 10, 11, 12 and 14, which are codified under AT section 101. That’s not all though, SOC 2 audits are also governed by the Trust Services Principles established by the Assurance Executives Committee of the AICPA and the Canadian Institute of Chartered Accountants (CICA). To further complicate matters, the HIPAA examinations Linfordco performs are governed by SSAE number 10 and codified under AT 601; though the criteria used in the actual examinations were developed and are maintained by the U.S. Department of Health and Human Services. It looks tangled and it is a bit, though when you are focused on this in your profession it becomes more clear.
So what is the AICPA and what does it do? In short, it helps keep the accounting profession in check and provides guidance for conducting audits. Without the AICPA, there would undoubtedly be unstructured chaos and less public trust in companies.
Newel Linford is the co-founder of Linford & Co., LLP, the Managing Partner, and specializes in SOC and royalty examinations. He started his career with Ernst & Young in 1997. He has lectured at Data Center World, Rocky Mountain Area Conference for Finance & Accounting Professionals, University of Denver, and University of Colorado Boulder. He works closely with his clients so that the examinations meet the public needs and are performed in accordance with professional guidance.