Assessing risk: AICPA's new risk assessment standards present a sea change for auditors.

• Author: Davis, A. Christine
• Position: PROFESSIONALISSUES

The Panel on Audit Effectiveness issued its "Report and Recommendations" Aug. 31, 2000 after performing a comprehensive review of a sample of audits of public companies by the then-eight largest audit firms. Among the panel's numerous recommendations were those in the area of the "conduct of audits, including the auditor's responsibility for the detection of fraud (including earnings management when it constitutes fraud)."

The panel's recommendations were principally directed to three groups able to influence audit conduct: the Auditing Standards Board, auditing firms and the former SEC Practice Section of the AICPA.

The recommendations addressed to the ASB in part represented a call for auditing standards that provide "more specific and definitive guidance containing imperatives," such as SAS No. 67, The Confirmation Process.

The panel recommended that auditors should be required to possess a "far deeper understanding" of the client's business, risks and controls, in addition to designing and performing substantive tests to detect fraud.

The development and issuance of the new Statements on Auditing Standards Nos. 104-111, discussed below, were primarily in response to the panel's report but also conform to the PCAOB's views.

Issued in March 2006, the new standards are effective for audits of financial statements for periods beginning on or after Dec. 15, 2006, with earlier application permitted. The new standards are expected to enhance the application of the long-standing audit risk model and improve the quality of audits because they specifically require auditors to:

* have a more comprehensive understanding of the client's business and its environment, including its internal control;

* perform a more exacting assessment of the risk of material misstatement resulting from such understanding; and

* perform procedures that more clearly link the risk assessment to the decision of what audit procedures to perform, and when.

Also, the new standards redefine longstanding concepts, such as "reasonable assurance," "financial statement assertions" and "audit evidence." They also set forth provisions that emphasize the planning phase, setting the stage for a more efficient audit engagement while reminding the auditor "planning and supervision continue throughout the audit."

SAS NO. 104

SAS No. 104 amends SAS No. 1 (AU 230 of AICPA Professional Standards) by expanding on what "due professional care" entails and defining "reasonable assurance" to mean "high" level of assurance.

The old version of AU 230, paragraph 10, states, "... due professional care allows the auditor to obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud."

SAS 104 replaces the above with "while exercising due professional care, the auditor must plan and perform the audit to obtain sufficient appropriate evidence so that audit risk will be limited to a low level...." (emphasis added). The phrase "appropriate evidence" is also added.

SAS 104 appears to have conformed to the PCAOB's Auditing Statement No. 2's concept of "reasonable assurance" by stating its use of that phrase in the audit report means a "high" level of assurance was intended to be obtained by the auditor...