Coming soon: New auditing standard on risk assessment
I’m Jennifer Louis, CPA. In this article, I’ll explain the main points detailed in a new auditing standard from the ASB. Let’s get started!
In August 2021, the Auditing Standards Board (ASB) voted to finalize a generally accepted auditing standard entitled Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. This standard aims to enhance the risk assessment process in the following primary ways:
- Develop a better understanding of the entity’s system of internal control, especially the work effort needed to obtain the necessary understanding.
- Modernize for information technology (IT) considerations.
- Clarify the determination of risks of material misstatements, including significant risks, with the intent to improve risk assessment while not fundamentally changing audit risk concepts.
- Converge with International Standards on Audits ISA 315, Identifying and Assessing the Risks of Material Misstatement, already effective for audits of financial statements for periods beginning on or after December 15, 2021.
Official release of the new standard as SAS No. 145 is expected to occur in October 2021. The planned effective date is for audits of financial statements for periods ending on or after December 15, 2023.
The following are just a few of the most consequential clarifications or enhancements:
- Risk assessment should be scalable to the level of complexity in an entity and its financial reporting, not just focused on the size of the entity.
- Introducing a new definition of “inherent risk factors,” which can be evaluated on a relative scale where “significant risks” are on the upper end of the spectrum.
- Clarifying that understanding how management has designed its system of internal control helps the auditor decide where audit attention should be placed.
- Explicitly requiring evaluation of the impact of identified deficiencies in internal control on identifying risks of material misstatement.
- Requiring separate assessments of inherent and control risk.
- Explicitly states that control risk is assessed at maximum if operating effectiveness of controls is not tested.
- Explicitly recognizing the potential usage of automated tools and techniques (e.g., audit data analytics) to perform risk assessment procedures.
- Requiring a “stand back” assessment of the completeness and appropriateness of a detailed audit plan.
This new standard will affect risk assessment in a number of ways for accountants across different focus areas and is something all auditors should be versed in.
Keep reading the Becker blog for more important tax updates that all tax professionals, accountants and CPAs should be in-the-know of.
The content contained in this article is for informational purposes only and is not tax advice. You should consult a tax advisor for advice applicable to your situation.