New Auditing Standards

Laurie Ball, CPASwenson Advisors, LLP (Murrieta)

Audit Director

Accounting DayMay 12, 2008

Overview of Risk Standards8 new SAS’s (No. 104 through No. 111) issued March 2006 - Collectively referred to as Risk Assessment Standards Applicable to all non-PCAOB audits Effective for audits of periods beginning on or

after December 15, 2006 (generally calendar year 2007)

The 8 New Risk Standards No. 104 – Due

Professional Care (Amends to SAS No. 1)

No. 105 – GAAS (Amends SAS No. 95)

No. 106 – Audit Evidence

No. 107 – Audit Risk & Materiality

No. 108 – Planning and Supervision

No. 109 – Understanding the Entity and Assessing Risks of Material Misstatement

No. 110 – Audit Procedures in Response to Risks and Evaluating Audit Evidence

No. 111 – Audit Sampling

Objectives of New Risk Standards More in-depth understanding of the audited

entity and its environment More rigorous assessment of the risks of

where and how the financial statements could be materially misstated

Improved linkage between the auditor’s assessed risks and the nature, timing and extent of the audit procedures to be performed

New Vocabulary

Audit Strategy

Audit Plan

Auditor’s operational approach to achieving the objectives of the audit; high-level determination by audit area (previously referred to as the Audit Plan)

A more detailed; includes nature, timing and extent of procedures (previously referred to as the Audit Program)

New Vocabulary (continued)Audit

Evidence

Sufficient,

Appropriate

Evidence

All the information used by the auditor in arriving at conclusions on which audit opinion is based (previously referred to as the evidential matter)

Replaces sufficient, competent evidential matter (for compatibility with ISA)

New Vocabulary (continued)Those Charged with

Governance

SignificantDeficiencies

Group responsible for oversight of financial reporting; more general and inclusive than previous Audit Committee reference (also for compatibility with ISA)

Replaces previous concept of reportable conditions

So What Does this all mean?!

Central Themes of New Standards Better understanding (and documentation!) of

internal control to be used in risk assessment Checklist-driven approach no longer

acceptable Auditor judgment emphasized in the

assessment of and response to risk Learning about client is not part of planning

the audit – it is the audit!

Preliminary Team “Brainstorming” Meeting Now Required

Consider nature and magnitude of possible misstatement risks (whether they are caused by error OR fraud)

Should be held prior to designing further audit procedures

Many examples of risks to consider in Appendix C of SAS No. 109

“Understanding of Internal Control” Now Required

Provides a basis for assessment (can no longer “default” to high risk)

Includes a review of the design of controls and a confirmation they are in operation MORE than inquiry Walkthrough and observation

Auditors NOT required to test or rely on controls as part of their audit strategy

“Linkage” Now Required Identified risks are REQUIRED to be linked

to relevant controls and audit actions designed to respond to these risks

Helps audit team determine if responses are appropriate

Helps reviewers (including peer reviews) follow the implantation of the audit

Other New Standards

Overview of Additional Standards 3 additional new SAS’s:

SAS 112 establishes standards for communicating internal control matters (supersedes SAS 60)

SAS 113 makes conforming and other minor terminology changes to existing standards

SAS 114 revises standards for communicating with “those charged with an entity’s governance” (supersedes SAS 61)

All effective for calendar year 2007

Overview of SAS 112 & 114Significant deficiencies and material weaknesses must be reported to management and those charged with governance

Overview of SAS 113 Conforms terminology describing

professional requirements Links the consideration of fraud to auditor’s

assessment of and response to risk Clarifies date of report is date sufficient

appropriate audit evidence obtained Clarifies date of management rep letter should

be the same as audit report

Questions?!

Contact me at

laurie.ball@swensonadvisors.com

Risk Standards “By the Numbers”

Risk Assessment By the Numbers: SAS 104 Requires auditor to obtain sufficient

appropriate audit evidence to limit audit risk to a low level

Should obtain a high, but not absolute, level of assurance that the financials are free of material misstatements

Risk Assessment By the Numbers: SAS 105 Scope of understanding expanded to include

the entity and its environment, including its internal control

Considered to provide audit evidence supporting opinion (not just planning)

Emphasizes the link between understanding the entity, assessing risks and the design of further audit procedures; no more “generic” audit programs

Risk Assessment By the Numbers: SAS 106 Defines audit evidence and provides guidance

on the reliability of various kinds of evidence New groups of assertions by classes of

transactions, account balances and presentation and disclosure

Defines relevant assertions as those having meaningful bearing on whether something is fairly stated

Risk Assessment By the Numbers: SAS 106 (continued) Defines risk assessment procedures, which

along with results of further audit procedures, provide basis for opinion

Describes the types of audit procedures that may be used alone or in combination throughout audit (including risk assessment process)

Risk Assessment By the Numbers: SAS 107 Extended discussion of materiality in more

qualitative terms (e.g., consider users of financial statements)

Audit risk and materiality are used to identify and assess the risk of material misstatement

Discusses evaluating audit evidence and communicating material misstatements to those charged with governance

Risk Assessment By the Numbers: SAS 108 Significant discussion of preliminary

engagement activities and components of overall audit strategy and audit plan

Discusses use of specialists Makes clear that planning process is ongoing Supervisory communications should go both

ways

Risk Assessment By the Numbers: SAS 109 Defines risk assessment procedures Requires audit team discussion of susceptibility of

financials to material misstatement (from both errors and fraud)

Directly links risk assessment to design and performance of further audit procedures

Guidance on how to evaluate the design of internal control and determine if design adequate and controls have been implemented

Risk Assessment By the Numbers: SAS 110 Significant discussion of overall responses to

address identified risks Requires documentation of linkage between

assessed risks and the design of further audit procedures

Guidance on matters to consider when determining the nature, timing and extent of such procedures

Risk Assessment By the Numbers: SAS 111 Moves appendix from SAS 39 into body of

new SAS (now authoritative not interpretive) Enhanced guidance on tolerable misstatement