Overview of the ASB Risk Assessment Standards Indexed to

Auditing and Assurance Services: An Integrated Approach 11th Edition

In March 2006 the AICPA’s Auditing Standards Board issued SAS Nos. 104-111, eight standards relating to the assessment of risks in a financial statement audit. The ASB also issued SAS No. 112 in May 2006 on communication of internal control related matters. The Risk Assessment Standards and SAS No. 112 are effective for audits of financial statements for periods beginning on or after December 15, 2006, with early application permissible.

The Risk Assessment Standards establish standards and provide guidance in financial statement audits for private companies concerning the auditor’s assessment of the risks of material misstatements (whether caused by error or fraud), and the design and performance of audit procedures that are responsive to those risks. In addition, these Statements establish standards and provide guidance on planning and supervision, the nature of audit evidence, and evaluating whether the audit evidence affords a reasonable basis for the auditor’s opinion on the financial statements under audit.

The primary objective of the Statements is to enhance auditor’s application of the risk model, including specifying:

·  More in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements and entity actions to mitigate those risks.

·  More rigorous assessment of the risks of material misstatement of the financial statements based on that understanding.

·  Improved linkage between the assessed risks and the nature, timing and extent of audit procedures performed in response to those risks.

These standards introduce many changes in terminology. However, these standards were first exposed in 2002 and the audit methodology presented in Auditing and Assurance Services: An Integrated Approach 11th Edition is largely consistent with these standards. We first provide an analysis of how these standards affect individual chapters in the 11th Edition. This is followed by a summary of the key provisions of each individual standard.


Chapter 2 – The CPA Profession

SAS No. 105 includes revisions to the 10 auditing standards in Table 2-3 on p. 34 of the 11th edition. A comparison of the revised and original standards is included below:

Original Standard / Revised Standard
General Standards
1.  The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor. / General Standards
1.  The audit must be performed by a person or persons having adequate technical training and proficiency as an auditor.
Standards of Field Work
1.  The work is to be adequately planned and assistants, if any, are to be properly supervised.
2.  A sufficient understanding of internal control is to be obtained to plan the audit and determine the nature, timing, and extent of tests to be performed.
3.  Sufficient competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under audit. / Standards of Field Work
1.  The auditor must adequately plan the work and must properly supervise any assistants.
2.  The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
3.  The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.

The effects of the changes to the three standards of field work are included in the discussion of the impact of the standards on other chapters.

Chapter 6 – Audit Responsibilities and Objectives

1.  SAS No. 104 expands the definition of reasonable assurance to indicate that it is a high, but not absolute level of assurance.

2.  SAS No. 106, Audit Evidence expands the five management assertions included on p. 145 of the 11th edition into three categories: 1) assertions about classes of transactions and events; 2) assertions about account balances at the period end; and 3) assertions about presentation and disclosure. The assertions in each category are included in Table 1; the assertions are presented so that related assertions are included in each table row.

3.  Table 2 indicates how the transaction objectives in Table 6-2 (p. 147) relate to the assertions about transactions and events.

4.  Table 3 indicates how the balance objectives in Table 6-3 (p. 150) relate to assertions about account balances. These are substantially unchanged from the 11th edition.

TABLE 1 / Management Assertions for Each Category of Assertions
Assertions About Classes of Transactions and Events / Assertions About Account Balances / Assertions About Presentation and Disclosure
Occurrence – Transactions and events that have been recorded have occurred and pertain to the entity. / Existence – Assets, liabilities, and equity interests exist. / Occurrence and rights and obligations – Disclosed events and transactions have occurred and pertain to the entity.
Completeness – All transactions and events that should have been recorded have been recorded. / Completeness – All assets, liabilities, and equity interests that should have been recorded have been recorded. / Completeness – All disclosures that should have been included in the financial statements have been included.
Accuracy – Amounts and other data relating to recorded transactions and events have been recorded appropriately. / Valuation and allocation – Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation adjustments are appropriately recorded. / Accuracy and valuation – Financial and other information are disclosed fairly and at appropriate amounts.
Classification – Transactions and events have been recorded in the proper accounts. / Classification and understandability – Financial and other information is appropriately presented and described and disclosures are clearly expressed.
Cutoff – Transactions and events have been recorded in the correct accounting period.
Rights and obligations – The entity holds or controls the rights to assets, and liabilities are the obligation of the entity.
TABLE 2 / Transaction-Related Audit Objectives and Management Assertions for Sales Transactions
Management Assertions About Classes of Transactions and Events / General Transaction-Related Audit Objectives / Specific Sales Transaction-Related Audit Objectives
Occurrence / Occurrence / Recorded sales are for shipments made to nonfictitious customers.
Completeness / Completeness / Existing sales transactions are recorded.
Accuracy / Accuracy
Posting and summarization / Recorded sales are for the amount of goods shipped and are correctly recorded.
Sales transactions are properly included in the master file and are correctly summarized.
Classification / Classification / Sales transactions are properly classified.
Cutoff / Timing / Sales are recorded on the correct dates.
TABLE 3 / Hillsburg Hardware Co.: Balance-Related Audit Objectives and Management Assertions Applied to Inventory
Management Assertions About Account Balances / General Balance-Related Audit Objectives / Specific Balance-Related Audit Objectives Applied to Inventory
Existence / Existence / All recorded inventory exists at the balance sheet date.
Completeness / Completeness / All existing inventory has been counted and included in the inventory summary.
Valuation and allocation / Accuracy
Classification
Cutoff
Detail tie-in
Net realizable value / Inventory quantities on the client’s perpetual records agree with items physically on hand.
Prices used to value inventories are materially correct.
Extensions of price times quantity are correct and details are correctly added.
Inventory items are properly classified as to raw materials, work in process, and finished goods.
Purchase cutoff at year-end is proper.
Sales cutoff at year-end is proper.
Total of inventory items agrees with general ledger.
Inventories have been written down where net realizable value is impaired.
Rights and obligations / Rights and obligations / The company has title to all inventory items listed.
Inventories are not pledged as collateral.

Chapter 7 – Audit Evidence

1.  The term “sufficient competent evidential matter” is replaced with the term “sufficient appropriate audit evidence” in SAS No. 106.

2.  The standard also defines audit procedures for obtaining audit evidence in the following categories:

·  Inspection of records or documents

·  Inspection of tangible assets

·  Observation

·  Inquiry

·  Confirmation

·  Recalculation

·  Reperformance

·  Analytical procedures


Chapter 8 – Audit Planning and Analytical Procedures

SAS No. 109 requires the auditor to perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control. This requirement is consistent with the audit approach to gaining an understanding of the client’s business and industry in the 11th edition.

  1. SAS No. 108, Planning and Supervision, clarifies that the auditor should establish an understanding with the client through a written communication with the client. The new standard requires the communication to be in the form of an engagement letter.
  2. SAS No. 108 also requires the auditor to establish an overall strategy for the audit, and develop an audit plan that includes:

·  A description of the nature, timing, and extent of planned risk assessment procedures sufficient to assess the risks of material misstatement as determined under SAS No. 109.

·  A description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and presentation and disclosure as determined under SAS No. 110.

  1. SAS No. 109 indicates that the members of the audit team should discuss the susceptibility of the entity’s financial statements to material misstatements. This discussion can be held concurrently with the discussion of the susceptibility of the entity’s financial statements to fraud required by SAS No. 99.

Chapter 9 – Materiality and Risk

The risk assessment process in Chapter 9 of the 11th edition is consistent with the risk assessment standards.

1.  SAS No. 107, Audit Risk and Materiality in Conducting an Audit, identifies two types of misstatements: known and likely. Likely misstatements include projections of misstatements based on a sample, and differences between management’s and the auditor’s judgments for accounting estimates that the auditor considers unreasonable or inappropriate.

2.  SAS No. 107 also notes that “closest reasonable estimate” for estimated amounts such as inventory obsolescence may be a range of acceptable amounts or a point estimate. If management’s estimate falls outside the auditor’s range of acceptable amounts, the difference between the client’s recorded amounts and the amount at the closest end of the auditor’s range should be aggregated as a likely misstatement. For example, if the auditor determines that an allowance for doubtful accounts of $120,000 to $150,000 is reasonable and the client’s recorded allowance is $100,000, then $20,000, the difference between the lower end of the auditor’s range and the client’s estimate should be aggregated as a likely misstatement. In addition, the auditor should consider whether the differences between the estimates best supported by audit evidence and the client’s evidence, which may be individually reasonable, indicate a possible bias by the entity’s management.

3.  The auditor should request management to record an adjustment for all known misstatements except for those considered “trivial.” Trivial amounts are amounts below the auditor’s threshold for accumulating misstatements. The auditor should request management to examine the class of transactions or account balance to identify and correct likely misstatements, and review the assumptions for estimates where the auditor has identified a likely misstatement.

4.  SAS No. 109 notes that in assessing risks, the auditor should assess whether they are at the overall financial statement level or pertain to relevant assertions related to classes of transactions, account balances, and disclosures.

5.  The auditor should also consider whether any of the identified risks represent significant risks that require special audit attention. In making this determination, the auditor should consider:

·  Whether the risk is a risk of fraud

·  Whether the risk is related to recent significant economic, accounting, or other developments requiring specific attention

·  The complexity of the transactions

·  Whether the risk involves significant transactions with related parties

·  The degree of subjectivity in the measurement of financial information related to the risks, especially those involving a wide range of measurement uncertainty

·  Whether the risk involves significant nonroutine transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

6.  SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained is also consistent with Chapter 9. Page 248 in the 11th edition discusses two overall responses to risk – use of more experienced staff and a more careful review. SAS No. 110 includes additional overall responses, including the need for professional skepticism and incorporating more elements of unpredictability in testing.

7.  SAS No. 109 notes that the auditor may assess inherent risk and control risk on a separate or combined basis, which was also allowed under existing standards. However, the auditor can no longer default to control risk at maximum and perform a substantive audit. Instead, auditors must obtain an understanding of internal controls and then assess control risk based on that understanding.

Chapter 10 – Section 404 Audits of Internal Control and Control Risk

SAS No. 109 and SAS No. 110 together supersede SAS No. 55, Consideration of Internal Control in a Financial Statement Audit, but do not significantly alter the approach to understanding internal control in Ch. 10. Similarly, the reporting of significant deficiencies and material weaknesses for nonpublic companies discussed in Ch. 10 is consistent with SAS No. 112.

  1. SAS No. 109 discusses manual and IT controls and notes that because of the inherent consistency of IT controls, audit procedures to test whether an automated control has been implemented may serve as a test of the control’s operating effectiveness, depending on the auditor’s assessment and testing of IT general controls.
  1. SAS No. 110 indicates that the auditor should perform tests of controls when the auditor’s risk assessment includes an expectation of the operating effectiveness of controls or when substantive procedures alone do not provide sufficient audit evidence at the relevant assertion level. Substantive procedures alone may not be sufficient when the entity relies on IT and no documentation of transactions is maintained, other than through the IT system.
  2. Auditors may test controls that have not changed on a rotational basis. The operating effectiveness of such controls should be tested at least every third audit. The decision to rely on evidence on the effectiveness of controls obtained in prior audits depends on the overall effectiveness of other elements of internal control, the effectiveness of the control being relied upon, and the risks arising from characteristics of the control, including whether it is manual or automated.

Chapter 13 – Overall Audit Plan and Audit Program