The AICPA Auditing Standards Board (ASB) issued Statement on Auditing Standards (SAS) no. 102, Defining Professional Requirements in Statements on Auditing Standards, and Statement on Standards for Attestation Engagements (SSAE) no. 13, Defining Professional Requirements in Statements on Attestation Engagements, which apply to audit and attestation engagements performed for nonissuers only. They define the degree of responsibility imposed by the standards on auditors or, in attestation engagements, practitioners when imperative terms—such as must , is required and should —are used. SAS no. 102 also amends paragraph 5 of AU section 150, Generally Accepted Auditing Standards, by requiring auditors to document in the working papers their justification for departures from the SASs. The standards, which will appear in the JofA s Official Releases section next month, took effect upon issuance.
The ASB issued SAS no. 103, Audit Documentation, which supersedes SAS no. 96 of the same name. It establishes standards and provides guidance to auditors of nonissuers on audit documentation. In developing the SAS, the ASB considered the documentation requirements of the Public Company Accounting Oversight Board (PCAOB), the International Auditing and Assurance Standards Board, auditing standards issued by the U.S. Comptroller General and suggestions from the National Association of State Boards of Accountancy. The SAS requires the auditor to prepare audit documentation that is sufficiently detailed for an experienced auditor having no previous connection to the audit to understand the audit work performed, evidence obtained and conclusions reached. It requires auditors to assemble the audit documentation to form the final engagement file within 60 days of the report release date.
In addition it provides guidance on what to document; states that oral explanations by themselves are insufficient to support audit work or conclusions although they may be used to clarify audit documentation; and specifies a minimum file retention period of five years.
The SAS also amends paragraphs .01 and .05 of AU section 530, “Dating of the Independent Auditor’s Report,” requiring that the auditor’s report not be dated earlier than the date on which the auditor has obtained sufficient appropriate audit evidence to support the opinion on the financial statements. The SAS (which will appear in the JofA s Official Releases section next month) and amendment are effective for audits of financial statements for periods ending on or after December 15, 2006.
A new ASB exposure draft (ED) proposes revising AT section 501, “Reporting on an Entity’s Internal Control Over Financial Reporting,” of SSAE no. 10, Attestation Standards: Revision and Recodification, for audits of nonissuers only. The ED is based largely on the original draft, dated March 18, 2003, and revised to reflect guidance from PCAOB Auditing Standard no. 2, which the board believes would be applicable and appropriate for examinations of nonissuers. An accompanying document, “A Framework for Assessing Control Exceptions and Deficiencies,” is designed to help practitioners apply the proposed SSAE. Comments are due April 30, 2006.
The PCAOB reported its findings from monitoring auditors’ implementation of Auditing Standard no. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements ( www.pcaobus.org/rules/docket_014/2005-11-30_release_2005-023.pdf ). The board found that because firms had had inadequate time and experience in this first year of implementing the standard, some audits were not as efficient and effective as they should have been.
Some auditors failed to integrate their audits of internal controls with those of financial statements; to evaluate company-level controls before working down to their transaction-level counterparts; to vary the nature, timing and extent of testing to reflect the level of risk; to test controls thoroughly by tracing a transaction from beginning to end; and to efficiently use the work of others as permitted by Standard no. 2. The board said it was aware that firms have enhanced their audit methodologies and training materials to improve the quality of their internal control audits.