new auditing standards
DESCRIPTION
New Auditing Standards. Laurie Ball, CPA Swenson Advisors, LLP (Murrieta) Audit Director Accounting Day May 12, 2008. Overview of Risk Standards. 8 new SAS’s (No. 104 through No. 111) issued March 2006 - Collectively referred to as Risk Assessment Standards - PowerPoint PPT PresentationTRANSCRIPT
New Auditing Standards
Laurie Ball, CPASwenson Advisors, LLP (Murrieta)
Audit Director
Accounting DayMay 12, 2008
Overview of Risk Standards8 new SAS’s (No. 104 through No. 111) issued March 2006 - Collectively referred to as Risk Assessment Standards Applicable to all non-PCAOB audits Effective for audits of periods beginning on or
after December 15, 2006 (generally calendar year 2007)
The 8 New Risk Standards No. 104 – Due
Professional Care (Amends to SAS No. 1)
No. 105 – GAAS (Amends SAS No. 95)
No. 106 – Audit Evidence
No. 107 – Audit Risk & Materiality
No. 108 – Planning and Supervision
No. 109 – Understanding the Entity and Assessing Risks of Material Misstatement
No. 110 – Audit Procedures in Response to Risks and Evaluating Audit Evidence
No. 111 – Audit Sampling
Objectives of New Risk Standards More in-depth understanding of the audited
entity and its environment More rigorous assessment of the risks of
where and how the financial statements could be materially misstated
Improved linkage between the auditor’s assessed risks and the nature, timing and extent of the audit procedures to be performed
New Vocabulary
Audit Strategy
Audit Plan
Auditor’s operational approach to achieving the objectives of the audit; high-level determination by audit area (previously referred to as the Audit Plan)
A more detailed; includes nature, timing and extent of procedures (previously referred to as the Audit Program)
New Vocabulary (continued)Audit
Evidence
Sufficient,
Appropriate
Evidence
All the information used by the auditor in arriving at conclusions on which audit opinion is based (previously referred to as the evidential matter)
Replaces sufficient, competent evidential matter (for compatibility with ISA)
New Vocabulary (continued)Those Charged with
Governance
SignificantDeficiencies
Group responsible for oversight of financial reporting; more general and inclusive than previous Audit Committee reference (also for compatibility with ISA)
Replaces previous concept of reportable conditions
So What Does this all mean?!
Central Themes of New Standards Better understanding (and documentation!) of
internal control to be used in risk assessment Checklist-driven approach no longer
acceptable Auditor judgment emphasized in the
assessment of and response to risk Learning about client is not part of planning
the audit – it is the audit!
Preliminary Team “Brainstorming” Meeting Now Required
Consider nature and magnitude of possible misstatement risks (whether they are caused by error OR fraud)
Should be held prior to designing further audit procedures
Many examples of risks to consider in Appendix C of SAS No. 109
“Understanding of Internal Control” Now Required
Provides a basis for assessment (can no longer “default” to high risk)
Includes a review of the design of controls and a confirmation they are in operation MORE than inquiry Walkthrough and observation
Auditors NOT required to test or rely on controls as part of their audit strategy
“Linkage” Now Required Identified risks are REQUIRED to be linked
to relevant controls and audit actions designed to respond to these risks
Helps audit team determine if responses are appropriate
Helps reviewers (including peer reviews) follow the implantation of the audit
Other New Standards
Overview of Additional Standards 3 additional new SAS’s:
SAS 112 establishes standards for communicating internal control matters (supersedes SAS 60)
SAS 113 makes conforming and other minor terminology changes to existing standards
SAS 114 revises standards for communicating with “those charged with an entity’s governance” (supersedes SAS 61)
All effective for calendar year 2007
Overview of SAS 112 & 114Significant deficiencies and material weaknesses must be reported to management and those charged with governance
Overview of SAS 113 Conforms terminology describing
professional requirements Links the consideration of fraud to auditor’s
assessment of and response to risk Clarifies date of report is date sufficient
appropriate audit evidence obtained Clarifies date of management rep letter should
be the same as audit report
Questions?!
Contact me at
Risk Standards “By the Numbers”
Risk Assessment By the Numbers: SAS 104 Requires auditor to obtain sufficient
appropriate audit evidence to limit audit risk to a low level
Should obtain a high, but not absolute, level of assurance that the financials are free of material misstatements
Risk Assessment By the Numbers: SAS 105 Scope of understanding expanded to include
the entity and its environment, including its internal control
Considered to provide audit evidence supporting opinion (not just planning)
Emphasizes the link between understanding the entity, assessing risks and the design of further audit procedures; no more “generic” audit programs
Risk Assessment By the Numbers: SAS 106 Defines audit evidence and provides guidance
on the reliability of various kinds of evidence New groups of assertions by classes of
transactions, account balances and presentation and disclosure
Defines relevant assertions as those having meaningful bearing on whether something is fairly stated
Risk Assessment By the Numbers: SAS 106 (continued) Defines risk assessment procedures, which
along with results of further audit procedures, provide basis for opinion
Describes the types of audit procedures that may be used alone or in combination throughout audit (including risk assessment process)
Risk Assessment By the Numbers: SAS 107 Extended discussion of materiality in more
qualitative terms (e.g., consider users of financial statements)
Audit risk and materiality are used to identify and assess the risk of material misstatement
Discusses evaluating audit evidence and communicating material misstatements to those charged with governance
Risk Assessment By the Numbers: SAS 108 Significant discussion of preliminary
engagement activities and components of overall audit strategy and audit plan
Discusses use of specialists Makes clear that planning process is ongoing Supervisory communications should go both
ways
Risk Assessment By the Numbers: SAS 109 Defines risk assessment procedures Requires audit team discussion of susceptibility of
financials to material misstatement (from both errors and fraud)
Directly links risk assessment to design and performance of further audit procedures
Guidance on how to evaluate the design of internal control and determine if design adequate and controls have been implemented
Risk Assessment By the Numbers: SAS 110 Significant discussion of overall responses to
address identified risks Requires documentation of linkage between
assessed risks and the design of further audit procedures
Guidance on matters to consider when determining the nature, timing and extent of such procedures
Risk Assessment By the Numbers: SAS 111 Moves appendix from SAS 39 into body of
new SAS (now authoritative not interpretive) Enhanced guidance on tolerable misstatement