In March 2006, the Accounting Standards Board of the AICPA issued eight Statements on Auditing Standards
(SAS 104-111) to make sure auditors would have a more detailed understanding of organizations and their internal controls. The new standards known as the Risk Assessment Standards are effective for financial statement audits beginning on or after Dec. 15, 2006, and will require auditors to use a more rigorous approach to evaluating the effectiveness of their clients’ internal controls.
Smart Business asked Kamal Parag, CPA, senior manager in the accounting and auditing department of Tauber & Balser, P.C., about the impact the new Risk Assessment Standards will have on companies preparing for audits.
What is the purpose of the new Risk Assessment Standards, and how might they benefit companies?
SAS 104-111 apply to nonpublic companies and together constitute the most sweeping and comprehensive revision of our auditing standards in almost 20 years. The objective is to improve the accuracy of financial statements by focusing on the related risks within organizations. While this does increase the preparation to be done by companies undergoing audits, the overall process should go a long way toward pushing companies to beef up their financial systems and become more proactive about improving internal controls and the ability to accurately report operational financial results.
What changes have these standards introduced?
The standards change the types of testing auditors must do, including both the amount and timing of the testing during and after the on-site portion of an audit. The new standards call for an increased scrutiny in many areas of the audit process, including:
- More in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them
- More rigorous assessment of the risks of material misstatement of the financial statements based on that understanding
- Improved linkage between the assessed risks and the nature, timing and extent of audit procedures performed in response to those risks
How can companies best prepare for an audit under the new standards?
- Expect larger sample sizes. In some cases, your auditor may increase the number of items selected for testing, which means the quantity of supporting documentation you provide will likely increase.
- Study the management letters previously issued by your auditors and design a plan of implementation of their recommendations.
- Be ready to provide documentation to give your auditor a more in-depth understanding of your business risk assessment process, including your process for responding to identified risks. Higher risks will require a higher quality and quantity of audit evidence.
- Know that your auditors are considering whether any of the assessed risks are significant risks, which are usually related to nonroutine or infrequent transactions areas that are subjective in nature, such as estimates.
- When evaluating the results of sampling procedures, your auditor may request that you examine the entire population for additional misstatements before the auditor re-evaluates the population. Provide documentation to convey the scale of your organization and the environment. Be ready to produce detailed evidence as required no longer can internal control be understood through inquiry alone. You must provide evidence that your company’s controls are properly designed, operating effectively, and are able to prevent or detect misstatements in financial statements whether due to errors or fraud. The auditors will conduct more vigorous walk-through testing to determine whether controls related to relevant assertions are in place and designed properly.
- Plan ahead. Talk with your board and audit committee well before the audit takes place to let them know about the standard changes and potential changes to the audit process. Be prepared to provide supporting documentation for explanations of significant variances and your assumptions regarding certain higher risk areas.
Schedule a detailed planning session with your audit firm so that you are well prepared. <<
KAMAL PARAG, CPA, CA, is a senior manager in the accounting and auditing department of Tauber & Balser, P.C. He provides audit services to both closely held and publicly traded entities in a variety of industries. Reach him at (404) 814-4989 or firstname.lastname@example.org.