Inherent risk assessment & effective confirmations


← Blog home 

At a high level, SAS 145 brings with it refinements to risk assessment standards in audits, reinforcing the need for vigilance and critical thinking. While it does not change the confirmation requirements, it prompts auditors to re-examine inherent risk factors closely, particularly for areas like cash and cash equivalents, where fraud can be more prevalent.

For audit professionals involved in confirming accounts, understanding the implications of SAS 145 can improve the reliability of audit evidence and strengthen the approach to risk assessment. So, let’s explore the impact of SAS 145 on risk assessment in audits, particularly the importance of understanding inherent risk and its evolving nature.

Jump to ↓







Understanding inherent risk in SAS 145

By definition, inherent risk is the susceptibility of an account balance or assertion to misstatement, irrespective of controls. SAS 145 requires the separate assessment of inherent risk and control risk, both of which feed into the risk of material misstatement (RMM).

A critical takeaway for auditors is that if controls are not tested, then the RMM equals the inherent risk. So, if the auditor does not test controls and assesses inherent risk as low, then the RMM is low. This nuance demands careful judgment — assessing inherent risk as low without adequate support can lead to not performing adequate audit procedures, including confirmations, which may be helpful for fraud detection, especially in cash-related accounts.

Inherent and control risks should be assessed individually. When inherent risk is high, it heightens the RMM, particularly if control tests aren’t conducted. That’s why skepticism is essential, even in familiar audit areas, to mitigate bias that might cause the auditor to understate risk. While inherent risk reflects susceptibility to misstatements, control risk considers the risk that internal controls may fail to detect these misstatements. Together, they shape the RMM and influence confirmation decisions.

Inherent risk factors in audits of cash accounts

Cash and cash equivalents are inherently susceptible to misstatement due to the potential for fraud and ease of manipulation. While SAS 145 highlights the importance of vigilance in assessing risks, auditors may independently consider common fraud schemes, such as “kiting,” falsified bank statements, or improper handling of receipts.

Bank confirmations may detect fraud schemes involving cash, like kiting and falsifying statements. Failing to confirm bank balances, especially for small to medium-sized clients, could expose firms to litigation and reputational damage if fraud is later detected.

Professional judgment in assessing inherent risk for cash is also critical, as improper assessments could lead to misstatements that compromise the integrity of financial reporting. Cash transactions are often high-volume and can obscure fraud. Assessing the risk correctly and testing the existence of cash are crucial to ensure schemes do not go undetected.

 

Critical thinking in low-risk assessments

SAS 145 emphasizes the importance of critical thinking when assessing risks, particularly when considering low-risk assessments. This approach encourages auditors to continually evaluate the appropriateness of their procedures in light of the specific circumstances of each engagement.

Cash existence serves as an excellent example where critical thinking in risk assessment is crucial. While traditionally viewed as a low-risk area, auditors might consider questioning whether this assessment is always correct. It’s important to consider the possibility of fraud, even in areas typically deemed low risk.

External confirmations can be a valuable tool in this process, potentially uncovering discrepancies that might not be apparent through other procedures. For instance, practices like “kiting” (falsely inflating cash balances) or holding records open past the balance sheet date could be detected through external confirmations. Confirming cash is a powerful tool in the auditor’s toolbox.

The decision to use confirmations, like any audit procedure, should stem from a thoughtful risk assessment. Factors to consider may include the entity’s control environment, past audit experiences, and the potential for material misstatement. By applying critical thinking to these assessments, regardless of the initial risk level, auditors can develop a more robust audit approach.

This mindset of continuous evaluation and critical thinking, as emphasized in SAS 145, helps ensure that audit procedures remain appropriate and effective for each unique engagement.

Changes in auditing standards and future considerations

While SAS 145 has clarified and modified risk assessment guidance, further revisions to auditing standards may be coming.

The Public Company Accounting Oversight Board (PCAOB), which sets standards for public company audits, has recently issued guidance on cash confirmations. In response, the American Institute of Certified Public Accountants (AICPA) is considering similar measures for private company audits.

The AICPA typically looks to align private company audit standards with those of public companies where appropriate. If the AICPA does issue new guidance, the requirements for cash confirmations in private company audits could potentially change. However, it’s important to note that this is currently in the discussion phase, and no formal exposure draft has been issued.

Given these potential developments, firms might consider the benefits of continuing their current cash confirmation practices. This approach could help maintain consistency in audit procedures and potentially ease the transition if new standards are implemented in the future.

Professional judgement and skepticism: The cornerstones of SAS 145

At the heart of SAS 145 is the reaffirmation of professional skepticism and judgment. Auditors might consider challenging assumptions, particularly in areas like cash, where a low-risk label may not reflect the reality of potential risks.

Remaining current on evolving standards and revisiting risk assessments with a critical lens ensures that audit procedures are robust, comprehensive, and attuned to both regulatory expectations and the real-world financial landscape.

An opportunity to refine your approach to inherent risk assessment

SAS 145 provides audit professionals with an opportunity to refine their approach to risk assessment. And a robust risk assessment process can help guide auditors towards more effective audit procedures. By conducting a thorough evaluation of inherent risks and tailoring audit procedures accordingly, auditors can enhance their ability to detect significant financial misstatements. The focus on a well-executed risk assessment allows auditors to adapt their approach to each unique client situation, potentially leading to obtaining more reliable audit evidence and ensuring that their audit opinion is correct.

Staying informed on evolving standards, such as SAS 145, and adapting practices accordingly helps auditors uphold the integrity of financial reporting. In a landscape where risks are continually shifting, these principles are vital for maintaining high-quality, effective audits that meet both regulatory demands and the complex needs of clients.

For more resources on SAS 145 and its practical applications, explore our SAS 145 Hub and the SAS 145 Webcast. Visit AuditWatch for additional training and updates.

 

Laptop with Cloud Audit Suite

 

← Back to blog



Source link