|
NEW R=
ISK
ASSESMENT STANDARDS
The A=
ICPA
Auditing Standards Board has issued a series of eight new Statements on
Auditing Standards relating to the auditor’s risk assessment proc=
ess,
which will bring significant changes to existing audit practice. As a r=
esult
of these Standards, the audit process will start with a more robust
understanding of the client and its environment, its business risk
assessment process and its internal control. The auditor then will need=
to
perform a more rigorous assessment of the risks of where and how the
financial statements could be materially misstated. Most importantly, t=
he
auditor must be able to design further audit procedures responsive to t=
he
identified risks and document the linkage between the assessed risks and
the design of further audit procedures.
Under the new standards, the auditor will be required to:
- Gain (and document) a=
more
in-depth understanding of the client’s business risk assessm=
ent
process at the front-end of the audit, including an understanding =
of
how the client responds to identified risks. The auditor will then
need to decide which of those risks directly impact the financial
statements.
- Determine the account=
s,
transactions and assertions that are impacted by these identified
risks. The auditor then focuses on understanding the internal cont=
rols
designed to mitigate the identified risk(s) at the significant acc=
ount
and relevant assertion level. In today’s environment, many of
the controls designed to mitigate such risks are automated or tech=
nology-driven,
and thus, enhanced IT skills will be required of all auditors, not
just internal control specialists. Although the auditor can docume=
nt a
basis for assessing control risk at the maximum, we can no longer
default to that conclusion without a documented basis for that
assessment.
- Determine which furth=
er
audit procedures would be appropriate given the risks identified a=
nd
the controls as we understand them. The auditor should design and
perform substantive procedures for all relevant assertions related=
to each
material class of transactions, account balance, and disclosure to
detect material misstatements at the relevant assertion level. The
auditor must document the linkage between the assessed risks at the
assertion level and the design of further audit procedures.
- Perform tests of cont=
rols
when the auditor’s risk assessment includes an expectation of
the operating effectiveness of controls or when substantive proced=
ures
alone do not provide sufficient appropriate evidence at the releva=
nt
assertion level.
- Consider the risk of
misstatement not only at the level of the financial statements tak=
en
as a whole, and at individual account balance or class of
transactions, but also at the disclosure level as well.
The
standards are effective for audits of financial statement for periods
beginning on or after
December 15, 2006.
|