Assessing risk: AICPA's new risk assessment standards present a sea change for auditors.The Panel on Audit Effectiveness issued its "Report and Recommendations" Aug. 31, 2000 after performing a comprehensive review of a sample of audits of public companies by the then-eight largest audit firms. Among the panel's numerous recommendations were those in the area of the "conduct of audits, including the auditor's responsibility for the detection of fraud (including earnings management when it constitutes fraud)." The panel's recommendations were principally directed to three groups able to influence audit conduct: the Auditing Standards Board In the United States, the Auditing Standards Board (ASB) is the senior technical committee designated by the American Institute of Certified Public Accountants (AICPA) to issue auditing, attestation, and quality control statements, standards and guidance to certified public , auditing firms and the former SEC Practice Section of the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). . The recommendations addressed to the ASB ASB Asbestos ASB Arbeiter Samariter Bund (German medical help organisation) ASB Anti-Social Behaviour ASB Accounting Standards Board (UK FRC) ASB Aarhus School of Business in part represented a call for auditing standards that provide "more specific and definitive guidance containing imperatives," such as SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. No. 67, The Confirmation Process. The panel recommended that auditors should be required to possess a "far deeper understanding" of the client's business, risks and controls, in addition to designing and performing substantive tests to detect fraud. The development and issuance of the new Statements on Auditing Standards Statements on Auditing Standards, commonly abbreviated as SAS, provide guidance to external auditors on generally accepted auditing standards (abbreviated as GAAS) in regards to auditing an entity and issuing a report. Nos. 104-111, discussed below, were primarily in response to the panel's report but also conform to Verb 1. conform to - satisfy a condition or restriction; "Does this paper meet the requirements for the degree?" fit, meet coordinate - be co-ordinated; "These activities coordinate well" the PCAOB's views. Issued in March 2006, the new standards are effective for audits of financial statements for periods beginning on or after Dec. 15, 2006, with earlier application permitted. The new standards are expected to enhance the application of the long-standing audit risk model and improve the quality of audits because they specifically require auditors to: * have a more comprehensive understanding of the client's business and its environment, including its internal control; * perform a more exacting assessment of the risk of material misstatement mis·state tr.v. mis·stat·ed, mis·stat·ing, mis·states To state wrongly or falsely. mis·state  ment n. resulting from such understanding; and * perform procedures that more clearly link the risk assessment to the decision of what audit procedures to perform, and when. Also, the new standards redefine Verb 1. redefine - give a new or different definition to; "She redefined his duties" define, delimit, delimitate, delineate, specify - determine the essential quality of 2. longstanding concepts, such as "reasonable assurance," "financial statement assertions" and "audit evidence." They also set forth provisions that emphasize the planning phase In amphibious operations, the phase normally denoted by the period extending from the issuance of the order initiating the amphibious operation up to the embarkation phase. The planning phase may occur during movement or at any other time upon receipt of a new mission or change in the , setting the stage for a more efficient audit engagement while reminding the auditor "planning and supervision continue throughout the audit." SAS NO. 104 SAS No. 104 amends AMENDS. A satisfaction, given by a wrong doer to the party injured for a wrong committed. 1 Lilly's Reg. 81. 2. By statute 24 Geo. II. c. 44, in England, and by similar statutes in some of the United States, justices of the peace, upon being notified of an SAS No. 1 (AU 230 of AICPA Professional Standards) by expanding on what "due professional care" entails and defining "reasonable assurance" to mean "high" level of assurance. The old version of AU 230, paragraph 10, states, "... due professional care allows the auditor to obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud." SAS 104 replaces the above with "while exercising due professional care, the auditor must plan and perform the audit to obtain sufficient appropriate evidence so that audit risk will be limited to a low level...." (emphasis added). The phrase "appropriate evidence" is also added. SAS 104 appears to have conformed to the PCAOB's Auditing Statement No. 2's concept of "reasonable assurance" by stating its use of that phrase in the audit report means a "high" level of assurance was intended to be obtained by the auditor. SAS No. 104 did not, however, quantify when "high" is reached or what circumstances would define such level. SAS NO. 105 SAS No. 105, Generally Accepted Auditing Standards Generally Accepted Auditing Standards, or GAAS, are ten auditing standards, developed by the AICPA, consisting of general standards, standards of field work, and standards of reporting, along with interpretations. , amends SAS No. 95. The predominant change is the addition of the term "must." SAS No. 102 describes "must" as an "unconditional HEIR, UNCONDITIONAL. A term used in the civil law, adopted by the Civil Code of Louisiana. Unconditional heirs are those who inherit without any reservation, or without making an inventory, whether their acceptance be express or tacit. Civ. Code of Lo. art. 878. UNCONDITIONAL. requirement," meaning the auditor is required to comply with it in all cases in which the circumstances exist to which the unconditional requirement applies. This description mirrors the PCAOB's Rule 3100. [ILLUSTRATION OMITTED] General Standard No. 1 now states, "The audit must be performed by a person or persons having adequate technical training." The three Standards of Fieldwork field·work n. 1. A temporary military fortification erected in the field. 2. Work done or firsthand observations made in the field as opposed to that done or observed in a controlled environment. 3. have been revised and are now in the active voice, as in "The auditor must," removing any doubt as to who's responsible. Also, the second standard of fieldwork is more encompassing, stating the auditor must obtain a sufficient understanding of the client's entity and its environment, including its internal control. Further, the risk assessment of material misstatement resulting from such understanding is no longer limited to the planning phase, as "further audit procedures" may be necessary. The third standard of fieldwork requires the auditor to obtain sufficient "appropriate audit evidence" as further discussed in SAS No. 106. Lastly, rather than enumerating specific types of procedures, thus appearing to limit what the auditor should perform, the standard calls for the performance of "audit procedures" in the gathering of "appropriate audit evidence." SAS NO. 108 SAS No. 108, Planning and Supervision, supersedes SAS No. 22 and re-emphasizes that planning is not an isolated phase at the beginning of the audit, but rather continues throughout the engagement as the audit evidence accumulates. Also notable is the provision relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc "preliminary engagement activities." According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the standard, the auditor "should" perform certain procedures that consider events or circumstances that may negatively impact the auditor's ability to plan the audit to reduce audit risk. Such procedures address client continuance The adjournment or postponement of an action pending in a court to a later date of the same or another session of the court, granted by a court in response to a motion made by a party to a lawsuit. considerations, such as management's integrity, and the auditor's compliance with ethics rules, like those relating to independence. SAS No. 102 describes "should" as a "presumptively pre·sump·tive adj. 1. Providing a reasonable basis for belief or acceptance. 2. Founded on probability or presumption. pre·sump mandatory" requirement, meaning the auditor is required to comply with it in all cases in which the circumstances exist to which the presumptively mandatory requirement applies. In rare circumstances, the auditor may depart from such requirement so long as the auditor documents the justification for the departure and how the alternative procedure was sufficient to achieve the objective of the presumptively mandatory requirement. This is similar to the PCAOB's Rule 3100. While the term "audit plan" has been used for many years, it was not fully discussed, nor required, in the standards until now. SAS No. 108 states the auditor "must develop an audit plan in which the auditor documents the audit procedures to be used that, when performed, are expected to reduce audit risk to an acceptable low level." The audit plan replaces the concept of "audit program" discussed in SAS No. 22 and is expected to be tailored to the circumstances of the audit client, as the auditor "should document changes to the original audit plan" resulting from risk assessment procedures. The new SAS also provides guidance on the use of an information technology professional in understanding the effect of IT on the audit. The new SAS expands on the responsibility of auditors to supervise lower level staff, emphasizing that the "auditor with final responsibility" communicate and discuss the susceptibility susceptibility the state of being susceptible. Refers usually to infectious disease but may be to physical factors such as wetting or to psychological factors such as harassment. of the client's financial statements to fraud-related misstatements. Unlike the old SAS, the exercise of professional skepticism and maintaining a questioning mind throughout the audit are explicit in the new SAS. In fact, the new SAS even states that the lower level staff have the "professional responsibility" to let their concerns and disagreements be known to the appropriate individuals relating to auditing and accounting issues they believe are significant to the audit. SAS NO. 106 SAS No. 106, Audit Evidence, supersedes SAS No. 31. The phrase "sufficient, competent evidential ev·i·den·tial adj. Law Of, providing, or constituting evidence: evidential material. ev matter" is now referred to as "sufficient, appropriate audit evidence." The new SAS defines audit evidence as "all the information used by the auditor in arriving at the conclusions on which the audit opinion is based and includes the information contained in the accounting records underlying the financial statements and other information." While SAS No. 106 states that "auditors are not expected to examine all information that may exist," it does state that audit evidence is cumulative in nature, meaning a piece of information is not to be viewed just by itself, but in the context of all other information. Audit evidence includes information from previous audits. "Sufficiency" relates to the quantity and "appropriateness" relates to the quality of the audit evidence, or its relevance and reliability in providing support for the financial statement assertions. Notable about SAS No. 106 is its in-depth discussion of financial statement assertions, now called "relevant assertions," and audit procedures for obtaining the related audit evidence. Whereas the old SAS No. 31 briefly explained the five types of management assertions In a financial audit, management assertions are the set of information that the preparer of financial statements (management) is providing to another party. Financial statements represent a very complex and interrelated set of assertions. , SAS No. 106 has a new system with a slight variation of the five assertions and a sixth labeled "classification" (or "classification and understandability"). Assertions are assigned to at least one of three new categories: 1) assertions about classes of transactions (income statement); 2) assertions about account balances (balance sheet); and 3) assertions about presentation and disclosure (including footnotes). The assertions assigned by categories are also called "relevant assertions." Not all assertions are in all categories. SAS No. 106 also states the auditor should perform "risk assessment procedures," a new term, in addition to tests of controls and substantive procedures, collectively called "further audit procedures". It also describes the types of audit procedures the auditor should perform, which include inspection of records or documents, inspection of tangible assets Tangible Asset An asset that has a physical form such as machinery, buildings and land. Notes: This is the opposite of an intangible asset such as a patent or trademark. Whether an asset is tangible or intangible isn't inherently good or bad. , observation, inquiry, confirmation, recalculation re·cal·cu·late tr.v. re·cal·cu·lat·ed, re·cal·cu·lat·ing, re·cal·cu·lates To calculate again, especially in order to eliminate errors or to incorporate additional factors or data. , "reperformance" and analytical procedures Analytical Procedures is one of financial audit skill which help an auditor understand the client's business and changes in the business, to identify potential risk areas and to plan other audit procedures. . The new SAS describes what an effective inquiry involves, including the subsequent consideration to be made after all the questions have been asked and apparently answered: evaluating the client's responses (or, "does that response make sense, given the other information I am aware of?"). SAS NO. 107 SAS No. 107, Audit Risk and Materiality MATERIALITY. That which is important; that which is not merely of form but of substance. 2. When a bill for discovery has been filed, for example, the defendant must answer every material fact which is charged in the bill, and the test in these cases seems to in Conducting an Audit, supersedes SAS No. 47. The new SAS replaces "should" to "must," stating the auditor "must" consider audit risk and "must" consider a materiality level for the financial statements. The new SAS clearly states that such consideration is to be used to identify and assess the risk of material misstatement, with four specific goals contemplated by the standard. Also, the risk of material misstatement is to be assessed at the financial statement, account balance or class of transaction level, as well as at the disclosure level, including the notes to the financial statements Notes to the financial statements A detailed set of notes immediately following the financial statements in an annual report that explain and expand on the information in the financial statements. , acknowledging that users of the financial statements do consider such notes in their decisions. Notably, SAS No. 107 requires auditors to document their basis for assessing risk "at the maximum." Prior practice did not require a basis for such assessment. In addition, the new SAS provides more guidance to determine materiality, including examples of benchmarks and when such benchmarks are generally appropriate. The new standard also states that the auditor should reconsider the appropriateness of the initial materiality and related planned procedures if, for example, the auditor becomes aware of additional quantitative and qualitative factors not initially considered. In evaluating audit findings, the auditor must include the effects of prior period misstatements not booked by the client due to immateriality im·ma·te·ri·al·i·ty n. pl. im·ma·te·ri·al·i·ties 1. The state or quality of being immaterial. 2. Something immaterial. Noun 1. , in addition to considering the qualitative aspects of the accumulated misstatements. SAS 109 SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, supersedes SAS No. 55, Consideration of the Internal Control in a Financial Statement Audit, as Amended. Under the old standard, the purpose of gaining an understanding of the client's internal control was to plan the audit. Now, such understanding is part of the audit evidence and goes beyond the initial phase of the audit to assess the risk of material misstatement throughout the audit. SAS No. 109 requires the auditor to perform "risk assessment procedures" (a new term) for the specific purpose of gathering information and gaining an understanding of the client and its environment. While the old standard required such understanding, it did not describe the procedures that should be performed. The new SAS lists the procedures with expanded discussion, including the limitations of client's responses to inquiry as an audit procedure. More importantly, SAS No. 109 directly links the auditor's understanding of the client and its environment with risk assessment and design of tests of controls and substantive procedures by explicitly stating that the purpose of obtaining such understanding is to identify and assess the risk of material misstatement and design and perform further audit procedures responsive to the assessed risk. This is a notable improvement over the old standard. Other improvements include the idea of "significant risks" requiring special consideration and the requirement to determine if internal controls have been implemented. SAS No. 111, Audit Sampling, amends SAS No. 39, mainly by providing increased guidance on tolerable tol·er·a·ble adj. 1. Capable of being tolerated; endurable. 2. Fairly good; passable. See Synonyms at average. tol misstatement. SAS 110 SAS No. 110 supersedes SAS No. 45, Substantive Tests Prior to the Balance-Sheet Date, and together with SAS No. 109, supersedes SAS No. 55. SAS No. 110 relates to the risk of material misstatement at the financial statement level, focusing on "overall responses" by the auditor; further audit procedures responsive to assessed risk at relevant assertion levels; evaluating the sufficiency and appropriateness of the audit evidence obtained; and documentation. The new SAS provides guidance in implementing the third standard of fieldwork, signaling that this SAS goes beyond the initial phase of the audit. This SAS provides examples of overall responses, such as assigning more experienced staff or retaining a professional with specialized skills. Additionally, there is to be a clear link between the auditor's understanding of the entity, the risk assessment and the design of further audit procedures. More importantly, the linkage is to be documented in the working papers working papers pl.n. Legal documents certifying the right to employment of a minor or alien. Noun 1. working papers . For an identified risk, the working paper should show the audit procedures designed to respond to that specific risk. SAS No. 110 states that the sufficiency and appropriateness of audit evidence are still a matter of professional judgment, but it re-emphasizes that if auditors are unable to obtain sufficient appropriate evidence, they should express a qualified opinion or a disclaimer of opinion Disclaimer of opinion An auditor's statement that does not express any opinion regarding the company's financial condition. disclaimer of opinion . The implementation of the new standards are expected to increase audit work and documentation, but in a more thoughtful risk assessment process supporting a stronger audit risk model. A. Christine Davis, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. is a director of litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. consulting and forensic accounting Forensic accounting, sometimes called investigative accounting, involves the application of accounting concepts and techniques to legal problems. Forensic accountants investigate and document financial Fraud and white-collar crimes at Hemming Hemming may refer to:
BY A. CHRISTINE DAVIS, CPA |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion