The American Institute of CPAs has released a guide to help auditors deal with a new standard on assessing the risks of a material misstatement.
The new audit guide,
SAS No. 145 makes several changes in the requirements for the risk assessment process for auditors, including:
- A revised definition of significant risk;
- A new requirement to assess control risk at the maximum level so, if the auditor does not plan to test the operating effectiveness of controls, the assessment of the risk of material misstatement is the same as the assessment of inherent risk;
- Revised requirements relating to audit documentation; and,
- New guidance on scaling the risk assessment process.
SAS No. 145 aims to improve the requirements and guidance related to the auditor's risk assessment, especially when it comes to gaining a better understanding of the entity's system of internal control and assessing control risk. The guidance deals with the economic, technological and regulatory aspects of the markets and environment in which entities and audit firms operate.
There are revised requirements to evaluate the design of certain controls, including general IT controls, and to decide whether they've been implemented. The standard also includes new guidance on maintaining professional skepticism, as well as a new "stand-back" requirement intended to drive an evaluation of the completeness of the auditor's identification of significant classes of transactions, account balances and disclosures.
In addition, there are revised requirements relating to audit documentation. Also new is a conforming amendment to perform substantive procedures for each relevant assertion of each significant class of transactions, account balance and disclosure, no matter what level of control risk has been assessed.