Jennifer Louis, CPA, brings forth crucial insights into the latest auditing standard recently finalized by the Auditing Standards Board (ASB). In this article, we'll delve into the key aspects of the standard titled "Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement," shedding light on its objectives and the transformative impact it is poised to have on the risk assessment process.
The Genesis of SAS No. 145
In a significant move in August 2021, the ASB voted to ratify a new auditing standard designed to fortify the risk assessment process. The primary goals of this standard, now known as SAS No. 145, encompass a more profound understanding of the entity's internal control system, particularly emphasizing the effort required to acquire this understanding. Additionally, the standard seeks to modernize considerations for information technology (IT) and enhance the determination of risks of material misstatements, aligning with International Standards on Audits (ISA) 315.
The core elements of SAS No. 145 can be summarized as follows:
- Understanding Internal Control Systems:
- Emphasis on a more comprehensive understanding of the entity's system of internal control.
- Special attention to the work effort needed to obtain the necessary understanding.
- Modernizing IT Considerations:
- Acknowledgment and incorporation of information technology considerations into the risk assessment process.
- Clarification of Risks of Material Misstatement:
- Detailed clarification on the determination of risks of material misstatements, including significant risks.
- Intention to improve risk assessment without fundamentally altering audit risk concepts.
- Convergence with International Standards:
- Alignment with International Standards on Audits ISA 315, bringing consistency to global auditing practices.
- Applicability for audits of financial statements for periods ending on or after December 15, 2023.
SAS No. 145: In-Depth Insights
1. Scalability of Risk Assessment:
- Introduction of the concept that risk assessment should be scalable based on the complexity of the entity and its financial reporting.
- A departure from a size-centric approach to risk assessment.
2. New Definition of "Inherent Risk Factors":
- Introduction of a new definition for "inherent risk factors."
- Evaluation on a relative scale, with "significant risks" positioned at the upper end.
3. Understanding System Design:
- Emphasis on understanding how management has designed its system of internal control.
- Aiding auditors in determining where to focus audit attention.
4. Evaluation of Internal Control Deficiencies:
- Explicit requirement to evaluate the impact of identified deficiencies in internal control.
- Integral to identifying risks of material misstatement.
5. Separate Assessments of Inherent and Control Risk:
- Mandate for separate assessments of inherent and control risk.
- Clear demarcation to enhance precision in risk assessment.
6. Maximum Assessment of Control Risk:
- Explicit statement that control risk is assessed at the maximum if the operating effectiveness of controls is not tested.
- A pivotal clarification in the risk assessment process.
7. Utilization of Automated Tools:
- Recognition of the potential use of automated tools and techniques, such as audit data analytics.
- Enabling auditors to enhance efficiency and effectiveness in risk assessment procedures.
8. Stand Back Assessment:
- Requirement for a "stand back" assessment of the completeness and appropriateness of a detailed audit plan.
- Ensures a holistic evaluation of the audit plan's robustness.
Implications for Accountants
The advent of SAS No. 145 marks a significant shift in how risk assessment is approached in the auditing landscape. Accountants across various focus areas will experience the impact of this standard, requiring a nuanced understanding to navigate its implications effectively. The scalability of risk assessment, the incorporation of IT considerations, and the explicit requirements for separate assessments underscore the nuanced nature of SAS No. 145.
The official release of SAS No. 145 is anticipated in October 2021, with its effectiveness set for audits of financial statements for periods ending on or after December 15, 2023. As the auditing profession braces for this transformative standard, it becomes imperative for auditors to stay abreast of its nuances and intricacies.
The unveiling of SAS No. 145 represents a pivotal moment in auditing standards. As auditors gear up to embrace this new era, staying informed and adapting to the evolving landscape will be key to navigating the intricacies of risk assessment.