Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations

Presentation on theme: "AUDITORS MOVING FROM GUIDANCE TO REQUIREMENTS: ARRIVING AT THE RISK ASSESSMENT STANDARDS Brian Patrick Green, CPA, Ph.D. University of Michigan-Dearborn."— Presentation transcript:

1 AUDITORS MOVING FROM GUIDANCE TO REQUIREMENTS: ARRIVING AT THE RISK ASSESSMENT STANDARDS Brian Patrick Green, CPA, Ph.D. University of Michigan-Dearborn Alan Reinstein, CPA, D.B.A. Wayne State University

2 PURPOSE 1970s audit standards offered minimal guidance for risk- based audit planning. Practitioners did not apply standards consistently. 1980s standards provide more structured guidance for auditors –assessment of identified risks –audit planning focus on internal control environment –plan respond to risks Evolved into auditing risk assessment standards. Purpose: –describe the evolution of risk assessment –discuss the possible effect of the current standards on future practice. INT

3 INTRODUCTION ASB did not exist 35 years ago Statements on Auditing Procedures provided limited audit guidance 1972: auditor would assert that audit procedures selected were based on evaluation of internal control. However, would hard pressed to provide evidence. ASB 1973, audit standard focus relating audit procedures to the strengths and weaknesses of internal control environment. ASBs 2006 Risk Assessment Standards (RAS) (SAS Nos. 104-111) issuing standards and guidance on matching audit risk with audit effort. INT

4 Foundation Standards Early ASBs focus: –guide auditors plan for timing, nature and extent of audit procedures –evaluate the procedures results Auditor professional judgment Standards combine good/leading practice General guidance vs specific rules Review IC as audit by-product INT

5 Trend Towards Assessing Risk SAS No. 31, Evidential Matter (1980) –Planned evidence followed the link between management objective, specific audit objectives, and substantive procedures –consider the accounting systems internal consistency –used professional judgment to assess inherent and control risk FS

6 Guidance versus Requirements, SAS No. 39 (1981), Audit Sampling –factors that should anchor the quantitative decision to meet the sufficient evidence criteria –consider items dollar amount, risk created by the item under audit, and expected frequency of misstatement –linked sample size directly to the auditors plan to rely on internal control FS

7 Supporting Auditor Judgment SAS No 41 (1982), Working Papers –Content based on judgment of sufficient –Described what auditor should do –Document internal control, but not required to test –Listed factors that might affect judgment SAS No 47 (1983), Audit Risk and Materiality –Too theoretical/no definitive method –Should gain an understanding of controls…judgment to test FS

8 Expectation Gap Standards Sustained SAS No. 47s distinction between control and inherent risks Moved from guidance to some requirements Began to require specific audit documentation EGS

9 Internal Control & Fraud SAS No 53 (1988) –Must plan the audit to provide reasonable assurance –Must report discovered fraud –Documentation requirements –Still conceptual SAS No 55 (1988) –Must gain an understanding –Should document understanding –Few specifics/not required to test controls EGS

10 Fraud Risks Affect on Requirements SAS No 82 (1997) –Move from guidance to requirements –Required to assess and document risk of fraud, develop and document specific response, and communicate potential fraud SAS No 99 (2002) –Added more requirements What is risk of fraud (revenue, management IC) Brain storm EGS

11 Redefining Due Professional Care RAS, SAS No. 104-111 (2006) for Private companies –Required in-depth understanding of statements, operations, and control environment –Anchored on IC and ability to mitigate risk –Link assessed risk to timing, nature, and extent –Adds consistency to due professional care –Increased use of must and should RAS

12 Must vs Should: Intent of Standards PCAOB defined the terminology to state expressly the auditors degree of responsibility in complying with professional standards. Public Company Accounting Oversight Board defined in Rule 3101 (PCAOB 2004). Certain Terms Used in Auditing and Related Professional Practice Standards and an Amendment to Rule 1001: Must, …indicate unconditional responsibilities. The auditor must fulfill responsibilities of this type in all cases… Should indicates responsibilities that are presumptively mandatory… comply with requirements unless the auditor demonstrates that alternative actions… were sufficient RAS

13 Added Requirements to Achieve Due Professional Care SAS No 103 (2005) Audit Documentation –Lists required audit documentation for risk, response, evidence, procedures, 5 year rule SAS No 105 (2006) Amendment GAAS –Links risk, IC, audit procedures…document SAS No 107 (2006) Risk and Materiality –Must obtain an understanding, –Should consider analytics RAS

14 Added Requirements to Achieve Due Professional Care SAS No 109 (2006), Understanding the Entity –Must gain an understanding of entity, environment, and IC –Audit Risk = Risk of Misstatement * Detection Risk –Should collect and document nature of client evidence –Should obtain an understanding of external risks –Control risk is not 1.0 –Audit team should discuss understanding and risks –Team must consider significance and likelihood of risks RAS

15 Description Consider audit risk. Determine materiality level. Establish an overall audit strategy. Develop an audit plan and document audit procedures expected to reduce audit risk to an acceptable level. Gain an understanding of an entity and its control process (environment). Assess control risk based on that understanding. Accumulate non-trivial known and likely misstatements. Communicate non-trivial known and likely misstatements to the appropriate level of management and those charged with governance. Based on audit procedures and evidence, evaluate whether the aggregate financial statements are free of material misstatement (fairly presented) at a high level of assurance. RAS Requirements: Examples of Must Must involves critical steps in the audit process. RAS

16 RAS Requirements: Examples of Should Should describes audit procedures that are used to help satisfy the critical steps Description Document materiality levels, their changes during the audit, and their effect on the audit plan (procedures). Determine and document tolerable misstatement? Establish an understanding with the client and document the understanding through a written communication with the client. Respond to overall risk at the financial statement level, and adjust the audit program to respond to risk at the assertion level. Document the links between risks, control efficiencies and weaknesses, and changes in audit procedures. Audit team discusses susceptibility to material misstatement (can be done with fraud brain storming). Set tolerable misstatement for a specific audit procedure at less than financial statement materiality so that when the results of audit procedures are aggregated, the required overall assurance is attained. Test controls when there is an expectation of operating efficiencies. If using a rotation plan, test some controls every year; test all controls at least every 3 rd. year for controls that have not changed. Use inquiry to confirm unchanged controls are still in place each year Perform substantive procedures for relevant assertions, where material. Examine all material journal entries and adjustments. Agree financial statements to underlying accounting records. Suggest adjusting entries for known misstatement to management. Review current and prior period unadjusted known and likely misstatements. Compare individually and in aggregate to materially levels.

17 Impact on Practice Move from guidance to requirements Specific use of must should should consider Lessened professional judgment in key areas: –Risk –Planning –Internal control –Documentation Due professional care is supported by increasing requirements and less professional judgment Other thoughts –ASB and PCAOB are becoming consistent –Big GAAS, Little GAAS RAS Consistent practice


Similar presentations

Ads by Google