The AICPA’s Auditing Standards Board issued two final standards on internal control.
Statement on Standards for Attestation Engagements (SSAE) no. 15, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements, converges the standards practitioners use for reporting on a nonissuer’s internal control with the PCAOB’s Auditing Standard no. 5, An Audit of Internal Control That is Integrated With an Audit of Financial Statements. The SSAE supersedes AT section 501, Reporting on an Entity’s Internal Control Over Financial Reporting. It is effective for integrated audits for periods ending on or after Dec. 15, 2008. Earlier implementation is permitted. The SSAE is available at http://tinyurl.com/56jxmf.
Statement on Auditing Standards (SAS) no. 115, Communicating Internal Control Related Matters Identified in an Audit, was issued to eliminate definitional differences within the AICPA’s audit and attest standards resulting from the issuance of SSAE no. 15. The SAS supersedes AU section 325, Communicating Internal Control Related Matters Identified in an Audit.
The SAS contains revised definitions of the terms material weakness and significant deficiency; revises the list of deficiencies in internal control that are indicators of material weaknesses; removes a list of deficiencies that ordinarily would be considered at least significant deficiencies; and contains a revised illustrative written communication to management and those charged with governance of material weaknesses and significant deficiencies.
The SAS is effective for audits of financial statements for periods ending on or after Dec. 15, 2009. Earlier implementation is permitted. It is available at http://tinyurl.com/59gm78.
The ASB also issued the first clarified auditing standard resulting from its clarity project—Statement on Auditing Standards, The Auditor’s Communication With Those Charged With Governance (Redrafted), which supersedes AU section 380, The Auditor’s Communication With Those Charged With Governance.
The AICPA’s Auditing Standards Board voted in October to approve for exposure the following risk assessment standards rewritten as part of its clarity project:
- Proposed SAS, Audit Evidence (Redrafted): Supersedes SAS no. 106, Audit Evidence.
- Proposed SAS, Materiality in Planning and Performing an Audit (Redrafted): Supersedes SAS no. 107, Audit Risk and Materiality in Planning an Audit.
- Proposed SAS, Planning an Audit (Redrafted): Supersedes SAS no. 108, Planning and Supervision.
- Proposed SAS, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted): Supersedes SAS no. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
- Proposed SAS, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted): Supersedes SAS no. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained.
The ASB also voted to seek comments on a new proposed SAS, Evaluation of Misstatements Identified During the Audit.
The PCAOB voted to propose a slate of seven auditing standards related to risk assessment and response. The standards would supersede the board’s interim auditing standards related to audit risk and materiality, audit planning and supervision, consideration of internal control in an audit of financial statements, audit evidence, and performing tests of accounts and disclosures before year-end.
The proposed standards, which were released with related conforming amendments, would establish requirements and provide direction on audit procedures performed throughout the audit, from the initial planning stages through the evaluation of the audit results. The proposals build on the existing framework for risk assessment by, among other things, taking account of improvements in risk assessment methodologies, enhancing the integration of the risk assessment standards with the board’s standard for the audit of internal control over financial reporting, emphasizing the auditor’s responsibilities for considering the risk of fraud as being a central part of the audit process, and reducing unnecessary differences with the risk assessment standards issued by the other standard setters.
The PCAOB’s proposed risk assessment standards generally are consistent with the ASB’s risk assessment standards. Where differences exist, they are generally due to the PCAOB’s moving fraud risk procedures from SAS no. 99, Consideration of Fraud in a Financial Statement Audit, into the risk standards and addressing integrated audits, a requirement that applies only to certain public companies.
Comments are due Feb. 18. The proposing release, text of the proposed auditing standards, and related amendments to PCAOB standards are available at www.pcaobus.org under Rulemaking Docket no. 026.