280 likes | 475 Views
New Auditing Standards. Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008. Overview of Risk Standards. 8 new SAS’s (No. 104 through No. 111) issued March 2006 - Collectively referred to as Risk Assessment Standards
E N D
New Auditing Standards Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008
Overview of Risk Standards 8 new SAS’s (No. 104 through No. 111) issued March 2006 - Collectively referred to as Risk Assessment Standards • Applicable to all non-PCAOB audits • Effective for audits of periods beginning on or after December 15, 2006 (generally calendar year 2007)
No. 104 – Due Professional Care (Amends to SAS No. 1) No. 105 – GAAS(Amends SAS No. 95) No. 106 – Audit Evidence No. 107 – Audit Risk & Materiality No. 108 – Planning and Supervision No. 109 – Understanding the Entity and Assessing Risks of Material Misstatement No. 110 – Audit Procedures in Response to Risks and Evaluating Audit Evidence No. 111 – Audit Sampling The 8 New Risk Standards
Objectives of New Risk Standards • More in-depth understanding of the audited entity and its environment • More rigorous assessment of the risks of where and how the financial statements could be materially misstated • Improved linkage between the auditor’s assessed risks and the nature, timing and extent of the audit procedures to be performed
Audit Strategy Audit Plan Auditor’s operational approach to achieving the objectives of the audit; high-level determination by audit area (previously referred to as the Audit Plan) A more detailed; includes nature, timing and extent of procedures (previously referred to as the Audit Program) New Vocabulary
Audit Evidence Sufficient, Appropriate Evidence All the information used by the auditor in arriving at conclusions on which audit opinion is based (previously referred to as the evidential matter) Replaces sufficient, competent evidential matter (for compatibility with ISA) New Vocabulary (continued)
Those Charged with Governance Significant Deficiencies Group responsible for oversight of financial reporting; more general and inclusive than previous Audit Committee reference(also for compatibility with ISA) Replaces previous concept of reportable conditions New Vocabulary (continued)
Central Themes of New Standards • Better understanding (and documentation!) of internal control to be used in risk assessment • Checklist-driven approach no longer acceptable • Auditor judgment emphasized in the assessment of and response to risk • Learning about client is not part of planning the audit – it is the audit!
Preliminary Team “Brainstorming” Meeting Now Required • Consider nature and magnitude of possible misstatement risks (whether they are caused by error OR fraud) • Should be held prior to designing further audit procedures • Many examples of risks to consider in Appendix C of SAS No. 109
“Understanding of Internal Control” Now Required • Provides a basis for assessment (can no longer “default” to high risk) • Includes a review of the design of controls and a confirmation they are in operation • MORE than inquiry • Walkthrough and observation • Auditors NOT required to test or rely on controls as part of their audit strategy
“Linkage” Now Required • Identified risks are REQUIRED to be linked to relevant controls and audit actions designed to respond to these risks • Helps audit team determine if responses are appropriate • Helps reviewers (including peer reviews) follow the implantation of the audit
Overview of Additional Standards • 3 additional new SAS’s: • SAS 112 establishes standards for communicating internal control matters (supersedes SAS 60) • SAS 113 makes conforming and other minor terminology changes to existing standards • SAS 114 revises standards for communicating with “those charged with an entity’s governance”(supersedes SAS 61) • All effective for calendar year 2007
Overview of SAS 112 & 114 Significant deficiencies and material weaknesses must be reported to management and those charged with governance
Overview of SAS 113 • Conforms terminology describing professional requirements • Links the consideration of fraud to auditor’s assessment of and response to risk • Clarifies date of report is date sufficient appropriate audit evidence obtained • Clarifies date of management rep letter should be the same as audit report
Contact me at laurie.ball@swensonadvisors.com
Risk Assessment By the Numbers: SAS 104 • Requires auditor to obtain sufficient appropriate audit evidence to limit audit risk to a low level • Should obtain a high, but not absolute, level of assurance that the financials are free of material misstatements
Risk Assessment By the Numbers: SAS 105 • Scope of understanding expanded to include the entity and its environment, including its internal control • Considered to provide audit evidence supporting opinion (not just planning) • Emphasizes the link between understanding the entity, assessing risks and the design of further audit procedures; no more “generic” audit programs
Risk Assessment By the Numbers: SAS 106 • Defines audit evidence and provides guidance on the reliability of various kinds of evidence • New groups of assertions by classes of transactions, account balances and presentation and disclosure • Defines relevant assertions as those having meaningful bearing on whether something is fairly stated
Risk Assessment By the Numbers: SAS 106 (continued) • Defines risk assessment procedures, which along with results of further audit procedures, provide basis for opinion • Describes the types of audit procedures that may be used alone or in combination throughout audit (including risk assessment process)
Risk Assessment By the Numbers: SAS 107 • Extended discussion of materiality in more qualitative terms (e.g., consider users of financial statements) • Audit risk and materiality are used to identify and assess the risk of material misstatement • Discusses evaluating audit evidence and communicating material misstatements to those charged with governance
Risk Assessment By the Numbers: SAS 108 • Significant discussion of preliminary engagement activities and components of overall audit strategy and audit plan • Discusses use of specialists • Makes clear that planning process is ongoing • Supervisory communications should go both ways
Risk Assessment By the Numbers: SAS 109 • Defines risk assessment procedures • Requires audit team discussion of susceptibility of financials to material misstatement (from both errors and fraud) • Directly links risk assessment to design and performance of further audit procedures • Guidance on how to evaluate the design of internal control and determine if design adequate and controls have been implemented
Risk Assessment By the Numbers: SAS 110 • Significant discussion of overall responses to address identified risks • Requires documentation of linkage between assessed risks and the design of further audit procedures • Guidance on matters to consider when determining the nature, timing and extent of such procedures
Risk Assessment By the Numbers: SAS 111 • Moves appendix from SAS 39 into body of new SAS (now authoritative not interpretive) • Enhanced guidance on tolerable misstatement