Introduction: Basic requirements: Key provisions:

advertisement
Understanding SAS Nos. 104 to 111
Issued March 2006 (testable on CPA starting July/August 2007)
Risk Assessment
Must of the following is quoted or paraphrased from the following sources:
ƒ Audit Risk Alerts: Understanding the New Auditing Standards Related to Risk
Assessment, AICPA: New York, 2006
ƒ AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial
Statement Audit, AICPA: New York, 2006
Introduction:
Eight new standards provide guidance on applying the audit risk model in the planning
and performance of a financial statement audit. Effective for periods beginning after
December 15, 2006 and earlier application is permitted.
Applies to audit of _____________ held companies and other _______________.
Basic requirements:
1. A more in-depth understanding of your audit client and its environment, including it
internal control. This knowledge will be used to identify the risk of material
misstatement in the financial statements (whether caused by error or fraud) and
what the client is doing to mitigate them.
2. A more rigorous assessment of the risk of material misstatement of the financial
statements based on that understanding.
3. Improved linkage between the assessed risks and the nature, timing, and extent of
audit procedures performed in response to those risks.
Key provisions:
ƒ
SAS No. 104, Amendment to SAS No. 1, Codification of Auditing Standards and
Procedures (“Due Professional Care in the Performance of Work”)
ƒ defines reasonable assurance as a “high level of assurance.”
ƒ
SAS No. 105, Amendment to Statement on Auditing Standards No. 95, GAAS
ƒ expands the scope of the understanding that the auditor must obtain in the
second standard of field work from “internal control” to “the entity and its
environment including its internal control.”
ƒ The quality and depth of the understanding to be obtained is emphasized by
amending its purpose from “planning the audit” to “assessing the risk of material
misstatement of the financial statements whether due to error or fraud and to
design the nature, timing, and extent of further audit procedures.”
ƒ
SAS No. 106, Audit Evidence
ƒ defines audit evidence as “all the information used by the auditor in arriving at
the conclusions on which the audit opinion is based.”
ƒ recatergorizes assertions by classes of transactions, account balances, and
presentation and disclosure; expands the guidance related to presentation and
1
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
disclosure; and describes how the auditor uses relevant assertions to assess risk
and design audit procedures.
defines relevant assertions as those assertions that have a meaningful bearing
on whether the account is fairly stated.
provides additional guidance on the reliability of various kinds of audit evidence.
identifies “risk assessment procedures” as audit procedures performed on all
audits to obtain an understanding of the entity and its environment, including its
internal control, to assess the risk of material misstatement at the financial
statement and relevant assertions levels.
provides that evidence obtained by performing risk assessment procedures, as
well as that obtained by performing tests of controls and substantive procedures,
is part of the evidence that auditor obtains to draw reasonable conclusions on
which to base the audit opinion, although such evidence is not sufficient in and of
itself to support the audit opinion.
describes the types of audit procedures that the auditor may use alone or in
combination as risk assessment procedures, tests of controls, or substantive
procedures, depending on the context in which they are applied by the auditor.
includes guidance on the uses and limitations of inquiry as an audit procedure.
ƒ
SAS No. 107, Audit Risk and Materiality in Conducting an Audit
ƒ The auditor must consider audit risk and must determine a materiality level for
the financial statements taken as a whole for the purpose of
1. Determining the extent and nature of risk assessment procedures.
2. Identifying and assessing the risk of material misstatement.
3. Determining the nature, timing, and extent of further audit procedures.
4. Evaluating whether the financial statements taken as a whole are
presented fairly, in conformity with generally accepted accounting
principles.
ƒ Combined assessment of inherent and control risks is termed the risk if material
misstatement.
ƒ The auditor should assess the risk of material misstatement as a basis for further
audit procedures, Although that risk assessment is a judgment rather than a
precise measurement of risk, the auditor should have an appropriate basis for
that assessment.
ƒ Assessed risks and the basis for those assessments should be documented
ƒ The auditor must accumulate all known and likely misstatements identified
during the audit, other that those that the auditor believes are trivial, and
communicate them to the appropriate level of management.
ƒ The auditor should request management to respond appropriately when
misstatements (known or likely) are identified during the audit.
ƒ
SAS No. 108, Planning and Supervision
Provides guidance on:
ƒ appointment of the independent auditor.
ƒ establishing an understanding with the client.
ƒ preliminary engagement activities.
2
ƒ
ƒ
ƒ
ƒ
ƒ
ƒ
the overall audit strategy.
the audit plan.
determining the extent of involvement of professional possessing specialized
skills.
using a professional possessing information technology (IT) skills to understand
the effect of IT on the audit.
additional considerations in initial audit engagements.
supervision of assistants.
ƒ
SAS No. 109, Understanding the Entity and Its Environment and Assessing the
Risks of Material Misstatement
ƒ describes audit procedures that the auditor should perform to obtain the
understanding of the entity and its environment, including its internal control.
ƒ The audit team should discuss the susceptibility of the entity’s financial
statements to material misstatement.
ƒ The purpose of obtaining an understanding of the entity and its environment,
including its internal control, is to identify and assess “the risk of material
misstatement” and design and perform further audit procedures responsive to
the assessed risk.
ƒ states the auditor should assess the risk of material misstatement at both the
financial statement and relevant assertion levels.
ƒ provides directions on how to evaluate the design of the entity’s controls and
determine whether the controls are adequate and have been implemented.
ƒ directs the auditor to consider whether any of the assessed risks are significant
risks that require special audit consideration or risks for which substantive
procedures alone do not provide sufficient appropriate audit evidence.
ƒ provides extensive guidance on the matters that should be documented.
ƒ
SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and
Evaluating the Audit Evidence Obtained
ƒ provides guidance on determining overall responses to address the risk of
material misstatement at the financial statement level and the nature of those
responses.
ƒ Further audit procedures, which may include tests of controls, or substantive
procedures should be responsive to the assessed risk of material misstatement
at the relevant assertion level.
ƒ provides guidance on matters the auditor should consider in determining the
nature, timing, and extent of such audit procedures.
ƒ
SAS No. 111, Amendment to SAS No. 39, Audit Sampling
ƒ provides guidance relating to the auditor’s judgment about establishing tolerable
misstatement for a specific audit procedure and on the application of sampling to
tests of controls.
3
Fundamental Concepts:
I.
Reasonable assurance
– high, but not absolute
– must obtain sufficient audit evidence to reduce audit risk (failure to detect a
material misstatement) to a low level
II.
Audit risk (AR) and risk of material misstatement
A. Audit risk is a function of two components
o Risk of material misstatement (RMM), risk that an account or
disclosure contains a material misstatement. Combination of inherent
and control risk.
o Detection risk (DR), risk that you will not detect a misstatement in an
account or disclosure.
B. Reducing audit risk to a low level requires you to:
o Assess the risk of material misstatement.
o Based on the assessment, design and perform further audit
procedures to reduce audit risk to an appropriate low level.
C. Assessing the Risk of Material Misstatement
o Factors affecting RMM:
¾ Client’s industry, its regulatory environment, and other external factors
¾ Nature of the entity, for example, its operations, ownership, and
financing
¾ Client’s objectives, strategies, and related business risks
¾ Management’s measures and review of company’s financial
performance
¾ Client’s internal control, which includes selection and application of
accounting policies
o RMM may reside at financial statement level or assertion level
¾ Financial statement-level risks potentially affect many different
assertions
¾ Assertion-level risks are limited to a single assertion
o Response to each RMM level
¾ Financial statement-level risks require an overall response, such as
providing more supervision to the engagement team or incorporating
additional elements of unpredictability in the selection of your audit
procedures.
¾ Assertion-level risks are addressed by the nature, timing, and extent
of further audit procedures.
o Risks of Material Misstatement at the Assertion Level.
¾ Inherent risk (IR), susceptibility of an assertion to a material
misstatement, assuming no related internal controls.
¾ Control risk (CR), risk that a material misstatement could occur in an
assertion and will not be prevented or detected on a timely basis by
the client’s internal control.
4
D. Detection Risk – risk of not detecting a material misstatement that exists in an
assertion. A function of the nature, timing, and effectiveness of substantive
audit procedures and how you apply them.
o Financial Statement level risks. May call for:
¾ assigning more experienced personnel to audit team
¾ emphasizing of the application of professional skepticism
¾ providing more supervision and review of the audit work performed
o Assertion-level risks responses will determine the nature, timing, and
extent of your further audit procedures.
Model: AR = RMM X DR
There is an inverse relationship between risk of material misstatement (RMM) and
detection risk (DR) at the assertion level. Which means that the greater the RMM the
lesser the acceptable DR. In other words, the greater the RMM, the more reliable your
substantive tests should be in the audit.
III.
Materiality and Tolerable Misstatement
A. The Concept of Materiality – materiality is influenced by the auditor’s
perception of the needs of financial statement users.
B. Audit Materiality Affects:
1. The nature, timing, and extent of audit procedures
2. The evaluation of audit findings.
C. Quantitative and Qualitative Considerations
D. Tolerable Misstatement
IV.
Financial Statement Assertions
A. Why Financial Statement Assertions are Important
Assertions are management’s implicit or explicit representations regarding the
recognition, measurement, presentation, and disclosure of information in the
financial statements and related disclosures.
Assertion categories:
A. Classes of transactions
B. Account balances
C. Presentation and disclosure
B. How You Use Assertions in Your Audit – Most of your tests of controls and
substantive audit procedures are directed at specific assertions.
I.
II.
V.
Internal Control
A. Definition and Description of Internal Control – Internal control is a process
designed to provide reasonable assurance about the achievement of the
entity’s objectives. Internal control helps the entity achieve its objectives by
mitigating the risk of “what can go wrong” in the pursuit of its objectives. The
auditor’s assessment of internal control is a consideration of whether the
controls mitigate financial reporting risks.
5
B. Controls may be Pervasive to the Entity or Restricted to an Account or
Assertion – Your client’s financial reporting risks (and therefore its controls)
may relate to one of the following:
A. To specific classes of transactions, account balances and disclosures
B. More pervasively to the financial statements taken as a whole (And potentially
the risk may affect many assertions.)
C. Control Design – are controls capable of effectively preventing or detecting
and correcting material misstatements. On every audit you should evaluate
the design of internal control and determine whether controls have been
implemented over all relevant assertions related to each material account
balance, class of transactions, or disclosures.
D. Control Operations – The operating effectiveness of controls involves the
consideration of:
A. How controls were applied during the audit period
B. The consistency with which they were applied
C. By whom they were applied
VI.
Information Technology
A. Implications of IT on Your Understanding of Internal Control
B. How the Client’s Use of IT Affects Audit Planning
VII.
Audit Evidence
A. The Nature of Audit Evidence – Audit evidence is all the information you use
to arrive at the conclusions that support your audit opinion. Audit evidence is
cumulative in nature. The procedures that you perform on your audit provide
audit evidence, but they are not the only source of audit evidence. To
determine whether you have optained persuasive audit evidence, you should
consider:
¾ The consistency of that evidence
¾ Whether the evidence was obtained from different sources or the
performance of procedures that were of a different nature
B. The Sufficiency and Appropriateness of Audit Evidence
1. Sufficiency of Audit Evidence – The sufficiency of audit evidence you need
to support your conclusion is affected by:
¾ The risk of misstatement
¾ The quality of the audit evidence obtained
2. Appropriateness of Audit Evidence – relates to its quality.
¾ Relevance of audit evidence. The results of your audit procedures may
provide audit evidence that is relevant to certain assertions but not
others.
¾ Reliability of audit evidence. The reliability of audit evidence is
influenced by its source and by its nature.
o Audit evidence obtained directly by the auditor is more reliable than
audit evidence obtained indirectly or by inference.
o Audit evidence is more reliable when it exists in documentary form
(whether paper, electron, or other medium).
6
o Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles.
Applying the Audit Risk Model
The following is an overview of how an auditor should apply the audit risk model in
practice.
o Gather information about the entity and its environment, including internal
control.
o Understand the entity and its environment, including its internal control.
o Assess the risk of material misstatement. To assess risks you will need to:
• Identify the risk of material misstatement
• Describe the identified risks in terms of what can go wrong in specific
assertions
• Consider the significance and likelihood of material misstatement for each
identified risk
o Design overall responses and further audit procedures (financial statement level
and assertion-level).
I.
Information Gathering
A. Information Needed About the Client and Its Environment to Identify and
Assess the Risk of Material Misstatement – In general, the information you
should gather about your client is that which allow you to assess the risk that
specific assertions could be materially misstated. (See Table 2)
B. Risk Assessment Procedures – are the audit procedures you perform to
obtain an understanding of the entity and its internal control.
Examples include:
• Inquiries of management and others at the client
• Analytical procedures
• Observation and inspection
It is not acceptable to simply deem control risk to be “at the maximum” without
support.
1. A Mix of Procedures
o Except for internal controls, not required to perform all the procedures
for each of the five aspects of the client and its environment.
o Should perform all the risk assessment procedures.
o Inquiry alone is not sufficient in gaining an understanding of internal
controls.
2. Other Procedures That Provide Relevant Information About the Client
ƒ Assessing the Risk of Material Misstatement Due to Fraud (AU
section 316)
ƒ Other information from your acceptance/continuance process and/or
experience gained on other engagements performed for the entity
7
3. Updating Information From Prior Periods – can use information from prior
periods as long as changes are considered.
II.
Gaining an Understanding of the Client and Its Environment
Must synthesize the information gathered.
A. Evaluating the Design of Internal Control – A sufficient understanding of
internal control is one that allows you to evaluate the design of internal control
and to determine whether controls have been placed in operation.
1. Requirements for Evaluating Control Design
- Sufficient depth to assess the risks of material misstatement o the
financial statements, whether due to error or fraud
- Sufficient depth to design the nature, timing , and extent of further
audit procedures
- You should evaluate the design of controls that are relevant to the
audit and determine whether the control – either individually or in
combination – is capable of effectively preventing or detecting and
correcting material misstatements.
- You should determine that the control has been implemented, that is,
that the control exists and that the entity is using it.
Even if your initial audit strategy contemplates performing only substantive procedures
for all relevant assertions related to material transactions, account balances, and
disclosures, you still need to evaluate the design of your client’s internal control.
2. How to Evaluate Control Design – Consider:
- Whether control objectives that are specific to the unique
circumstances of the client have been considered for all relevant
assertions for all significant accounts and disclosures
- Whether the control or combination of controls would – if operated as
designed – meet the control objective
- Whether all controls necessary to meet the control objectives are in
place
B. Determining If the Control Has Been Implemented – The determination of
whether a control has been put in place and is in use involves obtaining
evidence about whether those individuals responsible for performing the
prescribed procedures have:
¾ An awareness of the existence of the procedure and their responsibility
for its performance
¾ A working knowledge of how the procedure should be performed
¾ Distinguishing Between Evaluation of Design and Tests of Controls.
ƒ Required to understand design and implementation on every audit
ƒ Testing the operating effectiveness is necessary only when controls
are expected to provide sufficient audit evidence
¾ Evaluating Design and Implementation in the Absence of Control
Documentation – procedures limited to inquiry and observation
8
C. Discussion Among the Audit Team – should do to improve understanding of
client and potential for material misstatement
III.
Assessing the Risk of Material Misstatement
A. Considerations at the Financial Statement Level. To make this assessment
you should:
1. Identify risks throughout the process of obtaining an understanding of the
entity, its internal control, and its environment.
2. Relate the identified risk to what can go wrong at the relevant assertion
level.
3. Consider whether the risks could result in a material misstatement to the
financial statements.
4. Consider the likelihood that the risks could result in a material
misstatement of the financial statement.
Financial Statement-Level and Assertion-Level Risks.
How to Consider Internal Control When Assessing Risks.
Identification of Significant Risks – audit procedures should include (but not
be limited to):
- Obtaining an understanding of internal control, including relevant
control activities, related specifically to those significant risks.
- If you plan to rely on the operating effectiveness of controls related to
significant risks, testing the operating effectiveness of those controls
in the current period. That is, using evidence about operating
effectiveness that you obtained in prior periods is not appropriate.
- Substantive procedures specifically designed to address the
significant risk.
B. Considerations at the Assertion Level
AR = RMM X DR
IV.
Determining Materiality and Tolerable Misstatement – usually a percentage of
a benchmark. Can be adjusted during the course of the audit.
V.
Responding to Assessed Risks
A. Linking Assessed Risks to Further Audit Procedures
1. The risk assessment process culminates with your articulation of the
account balances, classes of transactions, or disclosures where material
misstatements are most likely to occur.
2. Forms basis for designing and performing further audit procedures.
3. Two dimensions to risk assessment – direction and amplitude.
4. Amplitude can be either potential significance and likelihood of occurring
B. Further Audit Procedures
1. Need to support audit opinion
2. Consists of either tests of controls or substantive tests
3. Could be a combination of both types of tests
4. Not precluded from a substantive approach – but must document why it’s
appropriate
9
5. Respond to assessed RMM in determining nature, timing, and extent of
audit procedures
6. Must document linkage between procedures and assessed RMM
7. Previous audits can give you ideas, but current year analysis of RMM
should be the basis for audit procedures
VI.
Evaluating Audit Findings
Your consideration and aggregation of misstatements should include both of the
following:
¾ Known misstatements, which are the amount of misstatements specifically
identified
¾ Likely misstatements, which include (1) projected misstatements in the
account balances or classes of transactions that you have examined and
(2) differences between management’s and the auditor’s judgments
concerning accounting estimates that the auditor considers unreasonable
or inappropriate
Before considering the aggregate effect of identified uncorrected misstatements,
the auditor should consider each misstatement separately to evaluate:
¾ Its effect in relation to the relevant individual classes of transactions,
account balances, or disclosures, including qualitative considerations.
¾ Whether, in considering the effect of the individual misstatement on the
financial statements taken as a whole, it is appropriate to offset
misstatements.
¾ The effect of misstatements related to prior periods. In prior periods,
misstatements may not have been corrected by the entity because they
did not cause the financial statements for those periods to be materially
misstated. Those misstatements might also affect the current period’s
financial statements.
Evaluating Whether the Financial Statements Taken as a Whole Are Free of
Material Misstatement
¾ Financial statements taken as a whole should be free of material
misstatement
¾ Consider the evaluation of the uncorrected (known and likely)
misstatements you identified
¾ Relativity matters across entities and time
¾ Materially misstated – give management chance to correct, else adjust
audit report
¾ Not materially misstated – consider what you may have missed (that is, as
the aggregate misstatement approaches materiality the more likely the
financial statements are misstated)
10
VII.
The Iterative Nature of Auditing
¾ Audit is cumulative and iterative process
¾ Audit evidence gathered may lead to modification of nature, timing, and
extent of other procedures
¾ Pay attention to the effect of new information
VIII.
Audit Documentation
A. General Documentation Requirements – clear understanding of the work
performed, the source of the information, and the conclusions reached.
B. Specific Documentation Requirements – SASs require the following matters
be documented:
1. The levels of materiality and tolerable misstatement, including any
changes thereto, used in the audit and the basis on which those levels
were determined.
2. The discussion among the audit tem regarding the susceptibility of the
entity’s financial statements to material misstatement due to error or
fraud, including how and when the discussion occurred, the subject
matter discussed, the audit team members who participated, and
significant decisions reached concerning planned responses at the
financial statement and relevant assertion levels.
3. Key elements of the understanding obtained regarding each of the
aspects of the entity and its environment, including each of the
components of internal control, to assess the risks of material
misstatement of the financial statements, the source of information from
which the understanding was obtained, and the risk assessment
procedures.
4. The assessment of the risks of material misstatement both at the financial
statement level and at the relevant assertion level and the basis for the
assessment.
5. The significant risks identified and related controls evaluated.
6. The overall responses to address the assessed risks of misstatement at
the financial statement level.
7. The nature, timing, and extent of the further audit procedures.
8. The linkage of those procedures with the assessed risks at the relevant
assertion level.
9. The results of the audit procedures.
10. The conclusions reached with regard to the use in the current audit of
audit evidence about the operating effectiveness of controls that was
obtained in a prior audit.
11. A summary of uncorrected misstatements, other than those that are
trivial, related to known and likely misstatements.
12. Your conclusion about whether uncorrected misstatements, individually or
in aggregate, do or do not cause the financial statements to be materially
misstated, and the basis for the conclusion.
11
Uncorrected misstatements should be documented in a manner that allows
the auditor to:
1. Separately consider the effects of know and likely misstatements,
including uncorrected misstatements identified in prior periods.
2. Consider the aggregate effect of misstatements on the financial
statements.
3. Consider the qualitative factors that are relevant to the auditor’s
consideration of whether misstatements are material.
12
Table 1: CATERGORIES OF ASSERTIONS
Description of Assertions
Classes of Transactions
and Events During the
Period
Occurrence/Existence
Transactions and events that
have been recorded have
occurred and pertain to the
entity.
Rights and Obligations
Completeness
Accuracy/Valuation
and Allocation
Cut-off
Classification and
Understandability
All transactions and events that
should have been recorded have
been recorded.
Amounts and other data relating
to recorded transactions and
events have been recorded
appropriately.
Transactions and events have
been recorded in the proper
accounts.
Transactions and events have
been recorded in the proper
accounts.
Account Balances at the
End of the Period
Assets, liabilities, and equity
interests exist.
The entity holds or controls the
rights to assets, and liabilities
are the obligations of the entity.
All assets, liabilities, and equity
interests that should have been
recorded have been recorded.
Assets, liabilities, and equity
interests are included in the
financial statements at
appropriate amounts and any
resulting valuation or allocation
adjustments are recorded
appropriately.
Presentation and
Disclosure
Discloser events and
transactions have occurred and
pertain to the entity.
All disclosures that should have
been included in the financial
statements have been included.
Financial and other information
is disclosed fairly and at
appropriate amounts.
Financial information is
appropriately presented and
described and information in
disclosures is expressed clearly.
13
Table 2: Understanding the Client and Its Environment
On every audit you are required to gather information and obtain an
understanding of the client and its environment. This understanding consists of
the following aspects.
• External factors, including:
o Industry factors such as the competitive environment, supplier and
customer relationship, and technological developments.
o The regulatory environment, which includes relevant accounting
pronouncements, the legal and political environment, and
environmental requirements that affect the industry.
o Other maters such as general economic conditions.
• Nature of the client, which includes its operations its ownership,
governance, the types of investments it makes and plans to make, how it
is financed, and how it is structured.
• Objectives and strategies and related business risks, which may result in
material misstatement of the financial statements taken as a whole or
individual assertions.
• Measurement and review of the client’s financial performance, which tells
you which aspects of the client’s performance that management considers
to be important.
• Internal control, which consists of five components: the control
environment, risk assessment, information and communication ,control
activities and monitoring. These components may operate at the entity
level or the individual transaction level. To obtain an appropriate
understanding of internal control will require you to understand and
evaluate the design of all five components of internal control and to
determine whether the controls are in use by the client.
14
SAS No. 112
Communicating Internal Control Related Matters Identified in an Audit
Issue Date:
Effective Date:
May 2006
Periods ending on or after December 15, 2006
The Auditing Standards Board has issued SAS No. 112, Communicating Internal
Control Related Matters Identified in an Audit, which replace s SAS No. 60,
Communication of Internal Control Related Matters Noted in an Audit.
This SAS established standards and provides guidance on communicating
matters related to an entity’s internal control over financial reporting identified in
an audit of financial statements. It is applicable whenever an auditor expresses
an opinion on financial statements (including a disclaimer of opinion).
Among other things, the SAS:
¾ Requires the auditor to communicate control deficiencies that are significant
deficiencies or material weaknesses in internal control.
o A significant deficiency is a control, or combination of control
deficiencies, that adversely affects the entity’s ability to initiate,
authorize, record, process, or report financial data reliably in
accordance with generally accepted accounting principles such that
there is more than a remote likelihood that a misstatement of the
entity’s financial statements t hat is more than inconsequential will not
be prevented or detected.
o A material weakness is a significant deficiency, or combination of
control deficiencies, that results in more than a remote likelihood that a
material misstatement of the financial statements will not be prevented
or detected.
These definitions are consistent with PCAOB Auditing Standard No. 2, An
Audit of Internal Control Over Financial Reporting Performed in Conjunction
With and Audit of Financial Statements. The term reportable condition is no
longer used.
¾ Provides guidance on evaluating the severity of control deficiencies identified
in an audit of financial statements and requires that the auditor conclude
whether prudent officials, having knowledge of the same facts and
circumstances, would agree with the auditor’s classification of the deficiency.
¾ Identifies areas in which control deficiencies ordinarily are to be evaluated as
at least significant deficiencies, as well as indicators that control deficiencies
should be regarded as at least a significant deficiency and a strong indicator
of a material weakness.
¾ Requires the auditor to communicate significant deficiencies and material
weaknesses identified in the audit, in writing, to management and those
charged with governance. This includes the significant deficiencies and
material weaknesses that were communicated in previous audits if they have
15
not yet been remediated. The SAS recognizes hat the body charged with
governance may take different forms in different entities. for example, a board
of directors, a committee of the board of directors (for example, an audit or
legislative oversight committee), a committee of management (for example , a
finance, budget, or governmental agency executive committee), partners,
equivalent person, or some combination of these parties. It also recognizes
that in some smaller entities, management and those charged with
governance may be the same people, for example, the owner in an ownermanaged entity or a sole trustee.
¾ Indicates that the communication must be in writing and is best made by the
report release date (the date on which the auditor grants permission for the
client to use the auditor’s report in connection with the financial statements),
but should be made no later than 60 days following the report release date.
¾ Contains illustrative written communications to management and those
charges with governance.
Source: AICPA.org
16
STATEMENT ON AUDITING STANDARDS No. 113
OMNIBUS 2006
Issue Date: November 2006
Effective Date: The amendments in paragraphs 1 through 5 of this SAS are effective for audits of
financial statements for periods beginning on or after December 15,
2006. Earlier application is permitted.
The amendments in paragraphs 7 through 14 of this SAS are effective for audits of financial
statements for periods ending on or after December 15, 2006. Earlier
application is permitted.
Product Number: 060708
SUMMARY
The Auditing Standards Board (ASB) has issued Statement on Auditing Standards (SAS) No.
113, Omnibus 2006. This SAS amends the following SASs:
• SAS No. 95, Generally Accepted Auditing Standards;
• SAS No. 99, Consideration of Fraud in a Financial Statement Audit;
• SAS No. 101, Auditing Fair Value Measurements and Disclosures;
• SAS No. 59, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going
Concern;
• SAS No. 57, Auditing Accounting Estimates;
• “Subsequent Events” of SAS No. 1, Codification of Auditing Standards and Procedures;
and
• SAS No. 85, Management Representations.
SAS No. 113:
• Revises the terminology used in the ten standards in SAS No. 95 to reflect the
terminology used in SAS No. 102, Defining Professional Requirements in Statements
on Auditing Standards.
• Adds a footnote to the headings prior to paragraphs 35 and 46 in SAS No. 99 to provide
a clear link between the auditor’s consideration of fraud and the auditor’s assessment
of risk and the auditor’s procedures in response to those assessed risks.
• Replaces, throughout the SASs, the term “completion of fieldwork” with the term “date of
the auditor’s report.”
• Changes the convention for dating the representation letter by requiring that it be dated
as of the date of the auditor’s report.
Source: AICPA.org
17
Statement of Auditing Standards No. 114, The Auditor’s
Communication With Those Charged With Governance
__________________________________________________________________
Issue Date: December 19, 2006
Effective Date: This SAS is effective for periods beginning on or after December 15, 2006.
Early application is permitted.
Product Number: 060709
Executive Summary
Statement on Auditing Standards (SAS) No. 114 supersedes SAS No. 61, Communication With Audit
Committees, as amended. This SAS establishes standards and provides guidance to an auditor on matters
to be communicated with those charged with governance.
In the wake of well-publicized audit failures and emerging best practices in corporate governance,
expectations have increased for auditors to communicate openly and candidly with those charged with
governance regarding significant findings and issues related to the audit. The Auditing Standards Board
(ASB) believes SAS is responsive to the issues and expectations in the U.S. nonissuer community and
will improve audit practice and serve the public interest.
In developing this SAS, the ASB considered the communication requirements of the Proposed
International Standard on Auditing 260 (Revised), The Auditor’s Communication with Those Charged
with Governance, which was issued by the International Auditing and Assurance Standards Board in
March 2005.
SAS No. 61 established communication requirements applicable to entities that either have an audit
committee or that have otherwise formally designated oversight of the financial reporting process to a
group equivalent to an audit committee. SAS No. 114 broadens the applicability of the SAS to audits of
the financial statements of all nonissuers and establishes a requirement for the auditor to communicate
with those charged with governance certain significant matters related to the audit.
The SAS uses the term those charged with governance to refer to those with responsibility for overseeing
the strategic direction of the entity and obligations related to the accountability of the entity, including
overseeing the entity’s financial reporting process. It uses the term management to refer to those who are
responsible for achieving the objectives of the enterprise and who have the authority to establish policies
and make decisions by which those objectives are to be pursued. Management is responsible for the
entity’s financial statements.
The SAS identifies specific matters to be communicated, many of which are generally consistent with the
requirements in SAS No. 61. However, the SAS includes certain additional matters to be communicated
and provides additional guidance on the communication process.
In particular, the SAS:
¾ Describes the principal purposes of communication with those charged with governance and stresses
the importance of effective two-way communication.
¾ Requires the auditor to determine the appropriate person(s) in the entity’s governance structure with
whom to communicate particular matters. That person may vary depending on the nature of the
matter to be communicated.
¾ Recognizes the diversity in governance structures among entities (including the existence of audit
committees or other subgroups charged with governance) and encourages the use of professional
judgment in deciding with whom to communicate particular matters.
18
¾ Recognizes the unique considerations for communicating with those charged with governance when
all of those charged with governance are involved in managing the entity, which may be the case with
some small entities.
¾ Adds requirements to communicate:
o An overview of the planned scope and timing of the audit.
o Representations the auditor is requesting from management.
¾ Provides additional guidance on the communication process, including the forms and timing of
communication. Significant findings from the audit should be in writing when, in the auditor’s
profession judgment, oral communication would not be adequate. Other communications may be oral
or in writing,
¾ Requires the auditor to evaluate the adequacy of the two-way communication between the auditor and
those charged with governance.
¾ Establishes a requirement to document required communications with those charged with governance.
Source: AICPA.org
19
Download