The AICPA Auditing Standards Board sharpened the audit profession's focus on risk-based auditing Tuesday with the release of a new standard on audit risk assessment.
Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, is designed in the simplest terms to help auditors determine which areas pose the greatest risks of material misstatement in an audit engagement and spend more of their time performing procedures in those areas.
One of the driving forces for developing this SAS stemmed from deficiencies in the auditor's risk assessment procedures identified by practice monitoring programs in the United States and worldwide.
The new standard is designed to enhance the requirements and guidance for identifying and assessing the risks of material misstatement, particularly the areas of understanding the entity's system of internal control and assessing control risk.
The standard also:
- Includes extensive guidance regarding the use of information technology and the consideration of general IT controls;
- Revises the definition of significant risk;
- Includes a new requirement to separately assess inherent risk and control risk;
- Includes new guidance on maintaining professional skepticism; and
- Includes a new "stand-back" requirement that is intended to drive an evaluation of the completeness of the identification of significant classes of transactions, account balances, and disclosures by the auditor.
"The auditor's risk assessment drives almost every part of the audit," AICPA Chief Auditor Jennifer Burns, CPA, said in a news release. "As a result, the evaluation of risks sits at the core of audit quality. SAS No. 145 supports the performance of quality audits by providing additional clarity and guidance in identifying and evaluating risks of material misstatement, while considering the evolving nature of business."
SAS No. 145 takes effect for audits of financial statements for periods ending on or after Dec. 15, 2023.
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA's editorial director.