The AICPA Auditing Standards Board has recently introduced a new standard focused on enhancing risk-based auditing practices. Statement on Auditing Standards (SAS) No. 145, titled “Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement,” is aimed at assisting auditors in identifying areas with the highest potential for material misstatement risks during audit engagements. The primary objective is to enable auditors to allocate more of their efforts towards conducting procedures in these high-risk areas.
This initiative to develop SAS No. 145 was prompted by the identification of deficiencies in auditor risk assessment procedures through practice monitoring programs in the United States and globally.
The new standard seeks to strengthen the requirements and guidance related to the identification and assessment of risks associated with material misstatements. It places particular emphasis on understanding an entity’s internal control system and evaluating control risk.
Key provisions of SAS No. 145 include:
- Extensive Guidance on Information Technology: The standard provides comprehensive guidance on the utilization of information technology and the consideration of general IT controls.
- Revised Definition of Significant Risk: The standard revises the definition of significant risk, offering more clarity in this crucial area.
- Separate Assessment of Inherent Risk and Control Risk: A new requirement is introduced to separately assess inherent risk and control risk, providing auditors with a more comprehensive approach to risk evaluation.
- Guidance on Maintaining Professional Skepticism: The standard includes new guidance on the importance of maintaining professional skepticism throughout the audit process.
- “Stand-Back” Requirement: SAS No. 145 introduces a “stand-back” requirement, designed to prompt auditors to evaluate the completeness of their identification of significant classes of transactions, account balances, and disclosures.
Jennifer Burns, CPA, AICPA Chief Auditor, emphasized the central role of the auditor’s risk assessment in driving various aspects of the audit process. She stated, “The auditor’s risk assessment drives almost every part of the audit. As a result, the evaluation of risks sits at the core of audit quality. SAS No. 145 supports the performance of quality audits by providing additional clarity and guidance in identifying and evaluating risks of material misstatement, while considering the evolving nature of business.”
To assist AICPA members in understanding and implementing the new standard, resources such as an At a Glance summary and an upcoming webcast will be made available at no charge. These resources aim to support auditors in adopting SAS No. 145 effectively and improving the quality of audit procedures.
