A new risk assessment guide helps auditors identify and assess the risks of material misstatements and allows them to scale their approach depending on the entity’s complexity.
The AICPA Audit Guide Risk Assessment in a Financial Statement Audit complements the new auditing standard, Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. Together, the guide and standard aim to strengthen the risk assessment process and make the audit more efficient and effective.
“Risk assessments are required, and they help you tailor your audit to the particular facts and circumstances,” said Jennifer Burns, CPA, and chief auditor at the AICPA® & CIMA®, together as the Association of International Certified Professional Accountants®. “When you go in and test everything, you’re probably doing too much work.”
Scalable resources for entities of all complexities
SAS No. 145 addresses concerns that risk assessments were too cumbersome for smaller entities, and the guide includes “scalability scenarios” that detail the practical application of risk assessments.
The scenarios contrast two types of entities — one more complex and one less complex, according to Linda Delahanty, CPA, senior manager of audit and attest standards at AICPA & CIMA. “It will show how the auditor approached it differently for each of those scenarios.”
The easy-to-understand scenarios replace lengthy examples in the previous guide that were akin to case studies, Delahanty said.
“The guide is written to be more accessible and really shows how auditors can perform a scalable risk assessment,” Burns said. Scaling risk assessments to your entity’s needs frees up a valuable resource — time. “If you take that little extra time, it will save you time,” she added. “And then you can perform a more effective audit.”
Snapshot of updates to SAS No. 145
Within SAS No. 145, the key concepts underpinning audit risk do not fundamentally change, but the standard provides additional clarity and enhances certain aspects of the identification and assessment of the risks of material misstatement to drive better risk assessment. Various AU-C sections in AICPA Professional Standards are amended, and SAS No. 122, as codified in AU-C section 315, is superseded.
The new standard is robust at 211 pages and introduces a variety of new concepts and requirements, including separate assessments of inherent risk and control risk, revised definitions of significant risk and relevant assertions and the introduction of a new “stand-back” requirement.
The standard becomes effective for audits of financial statements for periods ending on or after December 15, 2023. As an auditor, you’ll want to determine the effects of the new standard early to ensure you are ready to apply the new requirements by their effective date.
Enhance the quality of your risk assessments
Risk assessments are fundamental to an audit and using the new risk assessment guide will enable you to tailor your audit processes.
After completing a detailed risk assessment, you can take a step back and view the identified risks. Then, you can design suitable audit procedures to address the identified and assessed risks. This focuses your attention to the highest risks of material misstatement.
“Risk assessments really can help auditors do a much more efficient and effective audit, if done correctly,” said Delahanty.
Throughout the risk assessment process, you can lean on the information provided within the guide.
To enhance your audits and to prepare for SAS No. 145, review the guide Risk Assessment in a Financial Statement Audit. Additional risk assessment resources are available and will continue to be released throughout the year.