Risks abound in today’s challenging business environment. Business owners and their advisors must constantly be on the lookout for emerging risks that threaten business operations and financial reporting. In light of these changes, the Auditing Standards Board (ASB) has issued a proposal that would revise its audit standards related to risk assessment.
Keeping up with the times
The ASB, which is the part of the American Institute of Certified Public Accountants (AICPA), sets the standards for audits of private companies. In recent years, the business environments have changed dramatically, so the ASB has proposed updates to the risk assessment standards to stay current with these rapid changes. Auditors use risk assessment to determine the nature and scope of confirmation, testing, inquiry, and analytical procedures that are appropriate during companies’ external audits.
If adopted, the proposed Statement on Auditing Standards (SAS), Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, would supersede SAS No. 122, Statements on Auditing Standards: Clarification and Recodification, and AU-C Section 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment. The proposal would also revise other AU-C sections.
The AICPA says the proposed SAS has some origins based on the International Standard on Auditing (ISA) No. 315, Identifying and Assessing the Risks of Material Misstatement, issued by the International Auditing and Assurance Standards Board (IAASB). The ASB’s proposal strives to converge U.S. auditing standards with international auditing standards while considering the unique circumstances of U.S. business environment.
The proposed SAS would enhance the guidance on identifying and assessing risks of material misstatement and adds infuses on addressing a company’s system of internal controls and information technology (IT). The proposal also includes new guidance aimed at enhancing the auditor’s professional skepticism and revises the definition of “significant risk” to address where risks lie on a spectrum of inherent risk.
The proposed definition is an identified risk of material misstatement “for which the assessment of inherent risk is close to the upper end of the spectrum of inherent risk due to the degree to which inherent risk factors affect the combination of the likelihood of a misstatement occurring and the magnitude of the potential misstatement should that misstatement occur, or that is to be treated as a significant risk in accordance with the requirements of other AU-C sections.”
Currently, the definition focuses on risks that require special audit considerations. But oversite inspection findings show that there has been a lack of consistency when determining significant risks.
The ASB believes that one of the main reasons for this inconsistency lies in the definition of “significant risk.” The proposal notes that the current definition focuses the auditor on the response to the risk, rather than the nature of the risk.
Comments on the ASB’s proposal are due by Nov. 25. If issued as final, the proposed SAS will be effective for audits of financial statements for periods ending on or after Dec. 15, 2023.
The effective date of the proposed SAS would be several years away if it’s approved. But auditors are keenly aware of today’s volatile market conditions, and they recognize that prior years’ risk assessments may need to be updated to maintain audit quality. During the upcoming audit season, be prepared for more audit procedures (including testing and inquiry) related to your company’s internal controls, cyberthreats, and other risk factors as your auditors assess your current situation.
Reach out to a KraftCPAs advisor to see how these pending changes could impact your future assurance services.