Book a demo Log in / Sign up

Audit Code Of Conduct Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Audit Code Of Conduct?

The Audit Code of Conduct serves as a foundational document for audit firms and professionals operating in the United States. This document becomes necessary when establishing or updating professional standards within audit organizations, ensuring compliance with federal regulations, and maintaining quality control. The code incorporates requirements from key legislation such as Sarbanes-Oxley Act, SEC regulations, and PCAOB standards, while addressing crucial aspects such as independence, confidentiality, and professional competence. It provides detailed guidance on ethical behavior, professional responsibilities, and quality control measures required in modern audit practice.

Frequently Asked Questions

Is an Audit Code of Conduct legally binding for CPA firms in the United States?

Yes, an Audit Code of Conduct becomes legally binding when properly implemented and can expose firms to liability under federal securities laws. The code must comply with Sarbanes-Oxley Act requirements, SEC regulations, and PCAOB standards. Violations can result in regulatory sanctions, civil penalties, and potential criminal charges for willful misconduct.

Can my audit firm face penalties if we don't have a proper Code of Conduct?

Yes, operating without an adequate Code of Conduct can result in PCAOB enforcement actions, SEC sanctions, and suspension from auditing public companies. The Sarbanes-Oxley Act requires audit firms to maintain quality control systems including ethical standards. Missing or inadequate codes can lead to fines, remedial measures, and loss of registration to audit public companies.

Which federal laws must our Audit Code of Conduct comply with in the US?

Your code must comply with the Sarbanes-Oxley Act, Securities Exchange Act, and Securities Act requirements. Key compliance areas include PCAOB auditing standards, SEC independence rules under Regulation S-X, and quality control standards. The code must also address prohibited non-audit services, partner rotation requirements, and conflicts of interest as mandated by federal law.

How is an Audit Code of Conduct different from general professional ethics rules?

An Audit Code of Conduct is specifically tailored to federal securities law requirements and PCAOB standards, while general ethics rules are broader professional guidelines. The audit code must address specific independence requirements, quality control procedures, and regulatory compliance mandated by SOX and SEC rules. It's more detailed and legally prescriptive than general professional conduct standards.

How long does it typically take to develop a compliant Audit Code of Conduct?

Developing a comprehensive Audit Code of Conduct typically takes 4-8 weeks with proper legal and compliance review. The process involves analyzing current firm practices, researching federal requirements, drafting policies, and conducting internal reviews. Larger firms with complex operations may require 2-3 months to ensure all regulatory requirements and quality control procedures are properly addressed.

Most common mistakes audit firms make when creating their Code of Conduct?

Common mistakes include failing to address specific PCAOB independence requirements, inadequate partner rotation policies, and missing prohibited non-audit service restrictions. Firms often overlook SEC fee disclosure requirements, conflict of interest procedures, and quality control documentation standards. Many codes also lack proper enforcement mechanisms and regular update procedures to maintain regulatory compliance.

Can state-licensed CPAs use the same Code of Conduct as PCAOB-registered firms?

No, PCAOB-registered firms have additional federal compliance requirements beyond state licensing standards. While state-licensed CPAs must follow professional standards, PCAOB firms must meet stricter independence rules, quality control requirements, and federal securities law provisions. State-only practices need simpler codes focused on professional ethics rather than complex federal regulatory compliance.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Code of Conduct

Sector

Business

Cost

Free to use

Last updated

About the Audit Code Of Conduct

An Audit Code of Conduct is a comprehensive document that establishes professional standards, ethical guidelines, and compliance requirements for audit firms and individual auditors. This foundational document ensures your audit practice operates within the strict regulatory framework of United States federal law while maintaining the highest standards of professional integrity and quality control.

When do you need this document?

You need an Audit Code of Conduct when establishing a new audit firm, updating existing professional standards, or ensuring compliance with evolving regulatory requirements. This document becomes essential when your firm conducts audits of public companies subject to SEC oversight, when onboarding new audit staff who must understand professional responsibilities, or when implementing quality control measures required by PCAOB standards. Additionally, you'll need this code when preparing for regulatory inspections, establishing client engagement protocols, or demonstrating your firm's commitment to professional standards to potential clients and regulatory bodies.

Key legal considerations

Your Audit Code of Conduct must address several critical legal requirements to ensure comprehensive compliance. Independence and objectivity provisions are paramount, requiring clear guidelines on avoiding conflicts of interest, maintaining professional skepticism, and establishing appropriate relationships with audit clients. The code must include robust confidentiality measures that protect client information while ensuring compliance with disclosure requirements under federal securities laws. Quality control standards must align with PCAOB requirements, including documentation standards, supervision protocols, and continuing education requirements. Professional competence clauses should outline technical knowledge requirements, training obligations, and performance evaluation criteria. The document must also address whistleblower protections and reporting mechanisms for ethical violations or regulatory non-compliance.

Legal requirements in United States

Under United States law, audit codes of conduct must comply with multiple layers of federal regulation. The Sarbanes-Oxley Act imposes strict requirements for auditor independence, rotation of audit partners, and prohibition of certain non-audit services for public company clients. PCAOB standards require adherence to specific auditing standards, quality control measures, and inspection protocols for firms auditing public companies. SEC regulations mandate compliance with professional conduct rules and financial reporting requirements. The Dodd-Frank Act adds transparency and accountability requirements that must be reflected in your code's governance provisions. Additionally, Generally Accepted Auditing Standards (GAAS) provide the professional framework that your code must incorporate, covering audit planning, evidence gathering, and reporting standards. State licensing requirements may also apply, requiring alignment with state board of accountancy regulations and continuing professional education mandates.

GOVERNING LAW

Applicable law

This Audit Code Of Conduct is drafted to comply with United States law. Key legislation includes:

Sarbanes-Oxley Act (SOX): A federal law that sets requirements for all U.S. public company boards, management, and public accounting firms. Includes requirements for financial reporting, internal controls, and auditor independence.

Securities Exchange Act and Securities Act: Key federal laws governing securities markets, establishing SEC oversight, and setting requirements for financial disclosure and prevention of fraud in securities trading.

Dodd-Frank Act: Legislation that brought significant changes to financial regulation, including new requirements for accountability and transparency in the financial system.

GAAS and PCAOB Standards: Professional auditing standards that provide framework for conducting audits, including requirements for audit performance, reporting, and quality control.

AICPA Code of Professional Conduct: Principles and rules that guide certified public accountants in performing their professional responsibilities, including integrity, objectivity, and independence requirements.

SEC Regulations: Rules and requirements established by the Securities and Exchange Commission governing public company audits, reporting requirements, and auditor independence.

Privacy and Data Protection Laws: Including Gramm-Leach-Bliley Act and state privacy laws, governing the handling and protection of sensitive financial and personal information during audits.

Industry-Specific Regulations: Sector-specific requirements such as HIPAA for healthcare and FFIEC guidelines for financial institutions that must be considered during relevant audits.

Whistleblower Protection Laws: Federal and state laws protecting individuals who report violations of securities laws, including provisions under SOX and Dodd-Frank.

Independence Requirements: Comprehensive standards set by SEC, PCAOB, and AICPA governing auditor independence, including restrictions on non-audit services and relationships with audit clients.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it