Page 20 - JoFA_2022
P. 20

AUDITING





                                                                    Under previous standards, the definition of signifi-
         New risk assessment standard has                           cant risk focused on risks that require special audit
         focus on clarity                                           considerations (see the sidebar “6 High-Risk Areas
                                                                    That May Merit Extra Auditor Attention”).
         SAS 145 addresses definitions and internal control           Under SAS 145, significant risk is defined to
         responsibilities.                                          encompass identified risks that lie on the upper end
                                                                    of the spectrum of inherent risks. Although the new
         The critically important process of risk assessment in audits was changed in   definition provides more clarity for practitioners to
         October when the AICPA Auditing Standards Board (ASB) issued Statement   help them identify significant risks, one thing does
         on Auditing Standards No. 145, Understanding the Entity and Its Environment   not change: Significant risks still require special
         and Assessing the Risks of Material Misstatement.          audit considerations.
           The new standard, which takes effect for audits of financial statements   “I’m not sure if the standard will result in new
         for periods ending on or after Dec. 15, 2023, is designed to provide   significant risks being identified or fewer significant
         additional clarity for practitioners while considering changes in technology   risks being identified by some firms,” Manasses
         and other areas of the business environment. The new standard:  said. “I believe that it’s just clarifying the definition
         ■  Revises the definition of significant risk, indicating that those risks lie on   in the context of what it’s intended to be, linking it
          the upper end of the spectrum of inherent risks.          to some of the new terminology like inherent risk
         ■  Provides guidance that is intended to enhance the auditor’s application   factors, and then giving a bit more comfort to audit
          of professional skepticism in performing risk assessment procedures.  teams so they know if they are identifying them as
         ■  Includes a new requirement to separately assess inherent risk and control   intended.”
          risk.
         ■  Addresses the auditor’s responsibilities related to the entity’s system of   PANDEMIC CONSIDERATIONS
          internal control.                                         There’s a lot to consider in risk assessment related
         ■  Includes extensive new guidance on information technology (IT) and the   to the pandemic.
          consideration of general IT controls.                       Client-focused concerns include going concern
         ■  Includes a new “stand-back” requirement that is intended to drive an   evaluations; changes to processes and controls
          evaluation of the completeness of the identification of significant classes   related to the pandemic due to personnel working
          of transactions, account balances, and disclosures by the auditor.  from home; availability of skilled labor; and an
           ASB Chair Tracy Harding said some firms may not see a major impact in   altered business environment and new customer
         their procedures as a result of the standard, but everyone can benefit from   demands that may create hazards but also can
         the improved clarity in the standard.                      provide opportunities.
           “While drafting the standard, we kept coming back to, ‘This is how we   Auditors also need to be conscious of the
         do it at our firm, but some people may not take the current standard that   changes to their own processes that have occurred
         way, so let’s improve the clarity,’” Harding said. “That was a big part of    as a result of the pandemic, especially with regard
         the effort.”                                               to remote auditing. Interviews by videoconference,
                                                                    video inventory checks, and remote document veri-
                                                                    fication processes may all work to provide sufficient
                                                                    appropriate audit evidence. But these methods need
                                                                    to be considered carefully for potential risks.



         IN BRIEF                           will challenge firm leaders to take a   related changes in procedures have led
                                            careful look at their methodologies,   to changes in audit risk that will need
         ■  The objective of a new Auditing   processes, and procedures.      to be scrutinized carefully by auditors
          Standards Board standard on     ■  An understanding of internal control   even as some of their own procedures
          risk assessment is to ensure that   is fundamental to a successful risk   have gone remote. In some cases,
          practitioners are spending adequate   assessment process. Gaps in internal   processes that traditionally have been
          time auditing areas of high risk. Along   control can provide auditors with a   handled by junior audit team members
          with changes to the environment   view of potential fraud risks that could   might need extra supervision from
          caused by the coronavirus pandemic,   lead to a material misstatement.  more experienced personnel.
          implementation of the new standard   ■  Economic upheaval and pandemic-



         18    |   Journal of Accountancy                                                          January 2022
   15   16   17   18   19   20   21   22   23   24   25