Public companies have their shares traded on a stock exchange, and private companies do not. That's the big difference between them, but from that difference, other differences spring. Private company audit requirements are different from public companies, but over time, they've moved closer together.
TL;DR (Too Long; Didn't Read)
Public and private company audit requirements are imposed by two separate accounting organizations. Private companies may have to comply with the tougher set of standards, however, to convince investors and lenders that they're worth putting money into them.
Public and Private Requirements
The reason for having two sets of standards is because public company shares are traded much more frequently and widely than private companies. There's a greater need for them to provide accurate information. For instance, federal rules require that public companies (but not privately held ones) have their financial statements publicly audited for accuracy.
Regulatory requirements for private company audit standards aren't as strict. Private and public companies both face similar pressures, however, to undergo a tough, accurate audit.
- Lenders and investors reviewing the company's financial information want to know that it's accurate.
- If the company goes up for sale, auditing the finances is part of the buyer's due diligence.
- Internal control requirements for private companies have to be at least as strict as public companies. Private companies are often more vulnerable to fraud and employee theft, and an audit can tell if your internal controls are good enough to prevent this.
Even though the private company audit requirements are lesser than those for public companies, private firms have reason to adopt high audit standards. The desire to attract investors and lenders may produce even more pressure for a tough audit than the need to follow the law.
Internal controls are a good example of both the differences and similarities between private and public company audits. Auditors reviewing a public company's financial statements have to evaluate the company's internal controls. The weaker the controls, the greater the chance of fraud or internal theft undermining the accuracy of the statements.
Internal control audit requirements for private companies aren't as strict. When auditors look for inaccuracies in the financial statement, there's no requirement that they look for internal control deficiencies.
As a practical matter, though, private companies face the same control issues as public companies. If there are serious deficiencies in the internal controls, that could render their financial statements inaccurate. Even if the statements are factual, the potential for serious error is a problem. Finding and fixing the deficiencies make internal control audits important for any business.
Public and Private Company Audit Requirements
Requirements for auditing private companies are set by the Public Company Accounting Oversight Board. Private company audit standards are defined by the Auditing Standards Board of the American Institute of CPAs.
The two sets of standards have always been fairly close, and recent ASB rule changes have made them even closer. In 2019, the ASB made changes in several key areas that align private company audit requirements with the PCAOB rules:
- The related parties auditing standard sets tougher private company audit requirements when they review deals by company officers and directors to see if there are conflicts of interest. The auditor must look for any related parties or related-party transactions that haven't been identified.
- Communications with audit committees strengthened the contacts between auditors and audit committees. The communication issues involve significant unusual transactions and the effect of uncorrected misstatements on future financial statements.
- The auditor's report will be expanded to meet international financial reporting standards.
The changes to the ASB private company audit standards didn't happen in a vacuum. The PCAOB standards were originally based on ASB's rules, but the 21st century has seen some catastrophic accounting failures. As PCAOB has toughened its standards, ASB has fallen behind, but the newest changes will help private company audits catch up.
- Corporate Finance Institute: Private vs. Public Company
- AccountingTools: Financial Statement Audit
- Assurance Dimensions: Private Company Audits
- Cohen & Co: Will Your Private Company’s Internal Controls Pass the Test During Your Next Audit?
- Financial Executives International: Little Difference Between Private Company, Public Company Audits: Study
- Weaver: Private Company Audit Standards to Look More Like PCAOB's
- Securities and Exchange Commission. "SEC Implements Internal Control Provisions of Sarbanes-Oxley Act; Adopts Investment Company R&D Safe Harbor." Accessed August 10, 2020.
- AICPA. "Generally Accepted Auditing Standards," Page 1599. Accessed August 10, 2020.
- Securities and Exchange Commission. "Public Company Accounting Oversight Board (PCAOB)." Accessed August 10, 2020.
- IAASB. "International Auditing and Assurance Standards Board." Accessed August 10, 2020.
- Internal Revenue Service. "IRS Audits." Accessed August 10, 2020.
Fraser Sherman has written about every aspect of business: how to start one, how to keep one in the black, the best business structure, the details of financial statements. He's also run a couple of small businesses of his own. He lives in Durham NC with his awesome wife and two wonderful dogs. His website is frasersherman.com