The New Risk Assessment Standards

The Auditing Standards Board (“ASB”) of the American Institute of Certified Public Accountants (“AICPA”) recently issued eight Statements on Auditing Standards on risk assessment in a financial statement audit (collectively, the “Risk Assessment Standards”). The Risk Assessment Standards are effective for audits of financial statements for periods ending on or after December 15, 2006 (2007 calendar year audits in most cases).

The Risk Assessment Standards establish standards and provide guidance for the auditor’s assessment of risks of material misstatement (whether caused by fraud or error) in a financial statement audit. In developing the Risk Assessment Standards the ASB had the overriding goal of improving audit quality. The ASB strived to accomplish this goal with the following three objectives for auditors:

• obtain a more in-depth understanding of the audited entity and its environment, including internal control;
• complete a more thorough assessment of the risk of where and how the financial statements could be materially misstated;
• improve the relation between the auditor’s assessed risks and the nature, timing and extent of audit procedures performed in response to those risks.

What effect do the Risk Assessment Standards have on your audit?
The objective of the standards is to provide an effective and efficient financial statement audit focused on “identified risks.” The impact of the standards requires more time in the up-front planning phase of the audit to assess the susceptibility of the organization’s financial statements to material misstatement, primarily based on an evaluation of the organization's internal controls. These risk assessment procedures are designed to identify business risks, environmental risks, and internal control risks as areas for focus during the audit. Audit procedures are performed to respond to the risks of misstatements in the financial statements identified during the risk assessment process.

What can organizations do to accommodate the changes?
With a greater emphasis on internal control, organizations should increase their familiarity with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control – Integrated Framework. This is considered the definitive measure of internal control against which the internal control system will be assessed. Understanding COSO will help organizations better understand how to assess internal risks related to internal control. You can expect the auditors to ask about and test the following five interrelated components of the Organization's system of internal control: (1) control environment, (2) the Organization's own risk assessment, (3) information and communication systems, (4) control activities and (5) monitoring.

Back to Audit and Accounting Update Summaries

To contact Feeley & Driscoll, please click here or call us at 1 (800) 392-6192.