In October 2021, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement in response to common issues identified in the profession’s peer review process. This new standard supersedes SAS No. 122, as amended, section 315 of the same title, and amends various AU-C sections in the AICPA. SAS No. 145 is effective for audits of financial statements for periods ending on or after December 15, 2023. The new standard is intended to enhance audit quality by clarifying and enhancing certain aspects of the identification and assessment of the risks of material misstatement to drive better risk assessment.
Overview
SAS No. 145 provides enhancements to the requirements and guidance related to obtaining an understanding of the entity’s system of internal control and assessing control risk as well as addressing certain aspects of the markets and environments in which entities and audit firms operate. In addition, the most notable change that the new standard provides is new requirements and more enhanced guidance on assessing the risks of material misstatement in financial statement audits. A summary of these changes to the risk assessment process are:
1. New and revised risk assessment terminology and concepts, including revised definitions of significant risk and risk assessment.
2. New requirements to separately assess inherent risk, which is based on the likelihood and magnitude of a misstatement due to error or omission without consideration of internal controls, and control risk, which is based on a test of the operating effectiveness of internal controls.
3. New requirement that when the auditor does not plan to test the operating effectiveness of controls, control risk should be assessed at the maximum level and the assessment of the risk of material misstatement should be the same as the assessment of inherent risk.
4. A new “stand-back” requirement intended to drive an evaluation of the completeness of identified significant classes of transactions, account balances and disclosures and consider those that are material to the financial statements but, perhaps not significant for the audit.
5. New guidance on scalability and on maintaining professional skepticism.
6. Revised requirements relating to audit documentation.
Why Is This New Standard Being Implemented?
This new standard is intended to provide the following benefits to the audit process:
1. More effective and efficient audits.
2. Assist the auditor to identify and assess risks based on a spectrum of inherent risk.
3. Help the auditor better design and perform audit procedures that are tailored to respond to more specific risks of material misstatement.
4. Create opportunities for auditors to evolve risk assessment procedures.
Steps to a Successful Implementation of SAS No. 145
Below are a few steps that our auditors at Weinstein Spira have taken to successfully implement the new standard:
1. Develop educational materials for internal training programs that provide auditors with a general understanding of the new standard and what will change for planning procedures.
2. Prepare case studies and examples on engagements to demonstrate and illustrate how the new standard can be effectively implemented.
3. Develop focus groups among common industries, business models, and entity sizes to brainstorm on common risk assessment themes and create a consistent approach to implementation across those related groups.
4. In audit engagement team planning meetings, take a fresh lens approach to audit scoping and risk assessment and have specific discussions on how the new standard will be applied on the individual audit engagements.
5. As the standard is being adopted, maintain effective communication across the audit department about new developments and best practices for implementation.
In Summary
SAS No. 145 was developed to enhance audit quality and reimagine risk assessment by breaking through barriers in the traditional risk assessment process. As Albert Einstein once said, “The world we have created is a product of our thinking; it cannot be changed without changing our thinking.”
