The American Institute of CPAs released a new standard to help auditors assess the risks of material misstatement.
The new Statement on Auditing Standards (SAS) No. 145, aims to improve the requirements and guidance related to an auditor’s risk assessment, especially when it comes to gaining a better understanding of a business’s system of internal controls and assessing the various control risks. The new guidance deals with the economic, technological and regulatory aspects of the markets and environment in which entities and audit firms operate.
The AICPA’s Auditing Standards Board worked on the standard in response to the results of some peer reviews last year that found deficiencies in the auditor’s risk assessment procedures. They wanted to modernize the standard in relation to information technology considerations, including the risks arising from an entity’s use of IT and determining the risks of a material misstatement.
SAS No. 145 also includes revised requirements to evaluate the design of some controls, including technology controls, and to determine whether the controls have been implemented. There’s also a new requirement to separately assess the inherent risks and control risks, along with a new requirement to assess control risks at the maximum level so, if the auditor doesn’t plan to test the operating effectiveness of the controls, the assessment of the risk of material misstatement would be the same as the assessment of inherent risk. There’s also a revised definition of “significant risk,” along with new guidance on scalability and professional skepticism. In addition, SAS No. 145 contains a new “stand-back” requirement to encourage auditors to do more to identify significant transactions, account balances and disclosures. The standard also includes revised requirements pertaining to audit documentation, along with an amendment to undertake substantial procedures for each relevant assertion of every significant class of transactions, account balance and disclosure, no matter what level of control risk.
“SAS No. 145 does not fundamentally change the key concepts underpinning audit risk, which is a function of the risks of material misstatement and detection risk,” said the document. “Rather, SAS No. 145 clarifies and enhances certain aspects of the identification and assessment of the risks of material misstatement to drive better risk assessments and, therefore, enhance audit quality.”
The new standard becomes effective for audits of financial statements for periods ending on or after Dec. 15, 2023.