AT Think

SAS 145 offers tech-powered audits for the future

The introduction of Statement on Auditing Standards (SAS) No. 145, "Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement" (SAS 145) last December marked a significant shift in the financial statement auditing landscape. While the core objectives of our profession remain unchanged — delivering high-quality audits and ensuring the reliability of financial statements — SAS 145 provides auditors with a more refined and risk-centric approach and set of tools to achieving those goals. 

This article explores how this new standard changes the game for auditors, with topics including the key changes, how they impact an auditor's daily work, and how they make risk assessments even more effective, before looking ahead to how artificial intelligence, data analytics, and other emerging technologies will influence how auditors navigate the world of SAS 145.

Moving beyond the traditional: embracing the risk-based mindset

Previously, risk assessments relied heavily on understanding a client's internal controls to determine control risk. A standardized approach was employed, often testing the existence and documentation of control procedures. 

While internal controls remain crucial, SAS 145 ushers in a new era of risk-based thinking. The focus has shifted to identifying and evaluating the specific risks that could lead to material misstatements at the assertion level. This creates a more tailored testing approach. 

Consider a manufacturing company with a history of significant inventory write-downs. Under the traditional approach, auditors might have simply verified the existence of documented procedures for cycle counts. However, under SAS 145, analysis is on the inherent risk of inventory misstatements. Factors like the complexity of the inventory (think high-value electronics vs. standard office supplies) or reliance on third-party logistics providers would influence our risk assessment. 

The next steps might include designing targeted procedures to assess the effectiveness of controls mitigating those specific risks. For example, observing physical inventory counts more closely, focusing more on high-risk inventory items or performing additional testing of inventory valuation methods.

Sharper focus on inherent risk

SAS 145 provides a clear definition of inherent risk as the susceptibility of an account balance, transaction type or disclosure to a material misstatement, absent any controls. This concept empowers auditors to prioritize their audit efforts more effectively. 

For instance, a public company in the highly competitive tech industry might have a higher inherent risk for revenue recognition than a private company in a more stable industry. This would influence the nature, extent and timing of our revenue audit procedures. This might mean performing more extensive analytical procedures on sales data, scrutinizing customer contracts for potential side agreements, or dedicating additional resources to testing the valuation of complex software licenses.

Leveraging technology and data analytics

The rise of data analytics, AI and other technologies presents exciting opportunities under SAS 145, providing the ability to gain deeper insights into potential risks by leveraging data-mining techniques and continuous auditing tools. For example, analyzing trends in sales returns or customer complaints for a retail client might reveal areas with a higher inherent risk of fraudulent sales. 

Similarly, data visualization tools can help us identify unusual patterns in financial data, prompting further investigation. Imagine a sudden surge in accounts receivable aging for a company in a declining industry — this could be a red flag for potential bad debt. AI, data analytics and other emerging technologies are likely to impact how auditors deal with the standard.

Maintaining a healthy dose of professional skepticism

Professional skepticism has always been a cornerstone of auditing, and SAS 145 underscores its importance. Auditors must constantly challenge management's explanations, critically analyze unusual trends, and be vigilant for potential red flags. 

Consider a scenario where a client reports a significant increase in investments during a period of declining profitability. This could be a sign of management attempting to manipulate financial ratios. Under SAS 145, auditors are expected to dig deeper, perform additional procedures to verify the existence and valuation of investments, and potentially consider bringing in a valuation specialist.

The "stand-back" requirement

This new provision ensures a comprehensive risk assessment by requiring auditors to take a step back after completing the initial analysis. This involves critically assessing whether the auditor has identified all significant risks across the entire financial statement. 

This might necessitate brainstorming sessions with the audit team, consulting industry benchmarks, or reviewing recent news articles related to the client's specific industry. For example, overlooking the risk of a new environmental regulation impacting a client's waste disposal costs could lead to a significant deficiency in the audit.

Collaboration and communication

Successful implementation of SAS 145 hinges on effective collaboration and communication within the audit team. Sharing insights gleaned from inherent risk analysis, data analytics tools and brainstorming sessions allows for a more comprehensive risk assessment. Furthermore, clear communication with clients regarding the identified risks fosters transparency and enables them to address any control weaknesses that may exist.

AI, data analytics and other advanced technologies are poised to significantly impact how auditors deal with SAS 145, particularly in the following areas:

Enhanced risk assessment

Data mining can assist auditors in identifying inherent risks, something SAS 145 emphasizes, allowing auditors to analyze vast amounts of historical data and identify patterns and anomalies that might indicate areas of high inherent risk.

Predictive analytics goes beyond historical analysis. It uses machine learning algorithms to predict potential risks based on current trends and industry forecasts. 

Streamlined audit procedures

Continuous auditing: An approach encouraged by SAS 145, real-time data analytics can continuously monitor key financial metrics and transactions, allowing for more timely identification of potential issues compared to traditional periodic testing.

Automated testing: AI-powered tools can automate routine audit procedures such as vouching for transactions or performing analytical procedures on large data sets. This frees up auditor time for higher-level analysis and investigation of identified risks.

Deeper insights and improved efficiency

Data visualization tools can present complex data sets in a clear, visually compelling way, allowing auditors to quickly identify trends, outliers and potential red flags. This can significantly enhance the effectiveness of the "stand-back" requirement in SAS 145, ensuring a comprehensive view of risks.

Natural language processing can be used to analyze vast amounts of unstructured data like emails, contracts, and board meeting minutes. This can help auditors uncover potential areas of concern or corroborate management's explanations.

Challenges and considerations

Explainability and transparency: While AI can identify risks, auditors must understand the "why" behind the identified risks. Overreliance on black-box AI models needs to be balanced with human judgment and professional skepticism.

Data quality and security: The effectiveness of these technologies hinges on the quality and security of the underlying data. Auditors need to ensure data integrity and implement robust controls to mitigate cyber threats.

Upskilling the workforce: As auditors' roles evolve, continuous learning and development opportunities will be essential. Auditors will need to develop skills in data analysis, technology integration, and critical thinking to leverage these tools effectively.

A catalyst for enhanced audit quality

SAS 145 is not a wholesale overhaul of the auditing process. It is an evolution, equipping auditors with a more refined and risk-focused approach to identifying and evaluating material misstatements, enhanced further by AI and other technologies. 

By embracing the core principles of SAS 145, the audit profession elevates the quality of risk assessments, leading to more efficient and effective audits. This in turn fosters greater trust in the financial reporting process and protects the interests of investors and stakeholders. The journey of continuous improvement never ends, and SAS 145 empowers us to navigate the ever-changing auditing landscape with greater confidence and a sharper focus on delivering high-quality audits.

For reprint and licensing requests for this article, click here.
Audit Audit standards Audit software Artificial intelligence Wolters Kluwer Tax & Accounting
MORE FROM ACCOUNTING TODAY