Page 19 - JoFA_2022
P. 19

‘A risk-based methodology also
              racy Harding, CPA, was on his way to work
              and looking forward to completing an audit
                                                    facilitates effective supervision and
          The was working on. But on the way in, he
          heard a news report that changed the objective of
          his day.                                  review by adequately directing and
            A local business was unexpectedly closing its
          doors and happened to be a significant customer of   reviewing areas of greater risk.’
          Harding’s audit client. The plans for Harding’s day
          had changed — he would be revisiting risks associ-
                                                    Maria Manasses, CPA, deputy chief auditor at Grant Thornton LLP and
          ated with receivables and reassessing the allowance
                                                    chair of the ASB Risk Assessment Task Force
          for bad debts.
            “I recognized we’d have to assess the impact
          on the audit,” recalled Harding, a principal with   and at a reasonable cost for the benefit of timely
          BerryDunn in Bangor, Maine, who is chair of the   financial reporting to users.”
          AICPA Auditing Standards Board (ASB).       The following considerations can help audit
            The last-minute change in plans illustrates that   firms succeed in their risk assessment processes as
          from the beginning of the audit until the very   a new standard comes into force and a pandemic-
          end, auditors need to be evaluating the risks in an   fueled shift in risks takes hold.
          engagement. A robust risk assessment is the key to
          creating an audit plan that guides the direction and   INTERNAL CONTROL PROVIDES INSIGHT
          procedures performed during the audit, prompting   SAS 145 clarifies that the overall understanding of   About the
          practitioners to spend their time in the right areas   the entity’s system of internal control is achieved   author
          in the engagement. It also provides the impetus to   through understanding, and evaluating certain   Ken Tysiac is the
          pivot when necessary, even when confronted with   aspects of, each of the following components   JofA’s editorial
          new information on the day that an auditor’s report   of the system of internal control (and perform-  director. To
          is to be issued.                          ing the related requirements to obtain such an   comment on
            In recognition of the foundational role of risk   understanding):                 this article or to
          assessments in the pursuit of quality in engage-  ■    The control environment.     suggest an idea
          ments, the ASB in October issued Statement on   ■    The entity’s risk assessment process.  for another article,
          Auditing Standards (SAS) No. 145, Understanding   ■    The entity’s process to monitor the system of   contact him at
          the Entity and Its Environment and Assessing the   internal control.                Kenneth.Tysiac@
          Risks of Material Misstatement (see the sidebar   ■    The information system and communication.  aicpa-cima.com.
          “New Risk Assessment Standard Has Focus on   ■    Control activities.
          Clarity”). The new standard is designed to address   SAS 145 requires a deeper understanding and
          an area that the peer review program has identified   clearer articulation of the auditor’s evaluation of the
          as challenging for auditors and has been a focus of   design of controls.
          the AICPA’s Enhancing Audit Quality initiative.   An understanding of controls — and the system
          SAS 145 does not fundamentally change the key   of internal control — can provide a window into
          concepts underpinning audit risk. Rather it clarifies   potential fraud risks and gaps in internal control
          and enhances certain aspects of the identification   that could lead to the risk of a material misstate-
          and assessment of the risks of material misstate-  ment. Therefore, this understanding can inform the
          ment to drive better risk assessment and, therefore,   audit response.
          enhance audit quality.                      “One of the legs of the fraud risk triangle is
            “I like to call it spending your time where you   opportunity,” Harding said, “and one of the ways
          need to spend it, looking at and taking time to   you can learn about opportunities is to understand
          make sure that you put more audit effort in the   where there may be inappropriate segregation of
          areas that have greater risk, and reducing the time   duties, for example, and you can only do that if you
          spent in areas that you don’t have a lot of risk in,”   get in there and get an understanding of controls.”
          said Maria Manasses, CPA, deputy chief auditor
          at Grant Thornton LLP in Downers Grove, Ill.,   NEW SIGNIFICANT RISK DEFINITION
          and chair of the ASB Risk Assessment Task Force.   Auditors will hopefully better understand which
          “And it’s important to do that because an audit   risks should be flagged as significant risks thanks
          is performed within a reasonable period of time   to a new definition that’s included in SAS 145.

          journalofaccountancy.com                                                              January 2022    |   17
   14   15   16   17   18   19   20   21   22   23   24