In March 2006, the Accounting Standards Board of the AICPA issued eight
Statements on Auditing Standards
(SAS 104-111) to make sure auditors
would have a more detailed understanding of organizations and their internal
controls. The new standards — known
as the Risk Assessment Standards — are
effective for financial statement audits
beginning on or after Dec. 15, 2006, and
will require auditors to use a more rigorous approach to evaluating the effectiveness of their clients’ internal controls.
Smart Business asked Kamal Parag,
CPA, senior manager in the accounting
and auditing department of Tauber &
Balser, P.C., about the impact the new
Risk Assessment Standards will have on
companies preparing for audits.
What is the purpose of the new Risk
Assessment Standards, and how might they
benefit companies?
SAS 104-111 apply to nonpublic companies and together constitute the most
sweeping and comprehensive revision of
our auditing standards in almost 20
years. The objective is to improve the
accuracy of financial statements by
focusing on the related risks within
organizations. While this does increase
the preparation to be done by companies
undergoing audits, the overall process
should go a long way toward pushing
companies to beef up their financial systems and become more proactive about
improving internal controls and the ability to accurately report operational
financial results.
What changes have these standards introduced?
The standards change the types of testing auditors must do, including both the
amount and timing of the testing during
and after the on-site portion of an audit.
The new standards call for an increased
scrutiny in many areas of the audit
process, including:
- More in-depth understanding of the
entity and its environment, including its
internal control, to identify the risks of
material misstatement in the financial
statements and what the entity is doing
to mitigate them - More rigorous assessment of the
risks of material misstatement of the
financial statements based on that
understanding - Improved linkage between the assessed risks and the nature, timing and
extent of audit procedures performed in
response to those risks
How can companies best prepare for an
audit under the new standards?
- Expect larger sample sizes. In some
cases, your auditor may increase the
number of items selected for testing,
which means the quantity of supporting
documentation you provide will likely
increase. - Study the management letters previously issued by your auditors and design a plan of implementation of their recommendations.
- Be ready to provide documentation
to give your auditor a more in-depth
understanding of your business risk
assessment process, including your
process for responding to identified
risks. Higher risks will require a higher
quality and quantity of audit evidence. - Know that your auditors are considering whether any of the assessed risks
are significant risks, which are usually
related to nonroutine or infrequent
transactions — areas that are subjective
in nature, such as estimates. - When evaluating the results of sampling procedures, your auditor may
request that you examine the entire population for additional misstatements
before the auditor re-evaluates the population. Provide documentation to convey
the scale of your organization and the
environment. Be ready to produce
detailed evidence as required — no
longer can internal control be understood through inquiry alone. You must
provide evidence that your company’s
controls are properly designed, operating effectively, and are able to prevent or
detect misstatements in financial statements whether due to errors or fraud.
The auditors will conduct more vigorous
walk-through testing to determine
whether controls related to relevant
assertions are in place and designed
properly. - Plan ahead. Talk with your board
and audit committee well before the
audit takes place to let them know about
the standard changes and potential
changes to the audit process. Be prepared to provide supporting documentation for explanations of significant variances and your assumptions regarding
certain higher risk areas.
Schedule a detailed planning session
with your audit firm so that you are well
prepared. <<
KAMAL PARAG, CPA, CA, is a senior manager in the accounting and auditing department of Tauber & Balser, P.C. He provides audit
services to both closely held and publicly traded entities in a variety of industries. Reach him at (404) 814-4989 or [email protected].