AICPA Issues New Standard on Auditor’s Risk Assessment
SAS No. 145 clarifies and enhances the requirements and guidance on the identification and assessment of the risks of material misstatement
SAS No. 145 becomes effective for audits of financial statements for periods ending on or after Dec. 15, 2023
The American Institute of CPAs (AICPA) Auditing Standards Board (ASB) has issued Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, to supersede SAS No. 122, as amended, section 315 of the same title, and to amend various AU-C sections in AICPA Professional Standards.
“The auditor’s risk assessment drives almost every part of the audit. As a result, the evaluation of risks sits at the core of audit quality,” said AICPA Chief Auditor Jennifer Burns, CPA. “SAS No. 145 supports the performance of quality audits by providing additional clarity and guidance in identifying and evaluating risks of material misstatement, while considering the evolving nature of business.”
SAS No. 145 addresses the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements. The SAS enhances the requirements and guidance on identifying and assessing the risks of material misstatement, in particular the areas of understanding the entity’s system of internal control and assessing control risk. The SAS revises the definition of significant risk, includes new guidance on maintaining professional skepticism, and includes a new “stand-back” requirement intended to drive an evaluation of the completeness of the identification of significant classes of transactions, account balances, and disclosures by the auditor. The SAS also includes extensive guidance regarding the use of information technology (IT) and the consideration of IT general controls.
In addition, the SAS includes, among other things, the following:
Revised requirements to evaluate the design of certain controls within the control activities component, including general IT controls, and to determine whether such controls have been implemented.
- New requirement to separately assess inherent risk and control risk.
- New requirement to assess control risk at the maximum level such that, if the auditor does not plan to test the operating effectiveness of controls, the assessment of the risk of material misstatement is the same as the assessment of inherent risk.
- New guidance on scalability.
- Revised requirements relating to audit documentation.
- A conforming amendment to perform substantive procedures for each relevant assertion of each significant class of transactions, account balance, and disclosure, regardless of the assessed level of control risk (rather than for all relevant assertions related to each material class of transactions, account balance, and disclosure, irrespective of the assessed risks of material misstatement, as previously required).
SAS No. 145 becomes effective for audits of financial statements for periods ending on or after December 15, 2023.
On Nov. 16 from 1 to 2 p.m. EST the AICPA will be hosting a webcast to help practitioners prepare for the new risk assessment standard. Attendees will learn how to determine their responsibility to identify and assess the risks of material misstatement in the financial statements; apply the new concepts in SAS No. 145 as they begin to plan and perform audits and apply the enhanced or new requirements or guidance in SAS No. 145. The webcast is free of charge to AICPA members.