AICPA Issues SAS 145 on Auditor’s Risk Assessment
The AICPA’s Auditing Standards Board (ASB) has issued Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
This new standard addresses the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements. New SAS 145 enhances the requirements and guidance on identifying and assessing the risks of material misstatement, particularly the areas of understanding the entity’s system of internal control and assessing control risk.
SAS 145 supersedes SAS 122, Clarification and Recodification, section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and amends various AU-C sections in AICPA Professional Standards.
Risk Assessment Requirements in SAS 145
The enhanced requirements revise the definition of “significant risk,” include new guidance on maintaining professional skepticism, and include a new “stand-back” requirement. As noted in the Executive Summary, the ASB intends this stand-back requirement “to drive an evaluation of the completeness of the auditor’s identification of significant classes of transactions, account balances, and disclosures.”
The SAS also includes extensive guidance regarding the use of information technology (IT) and the consideration of IT general controls.
In addition to the foregoing, SAS 145:
- Revises the requirements to evaluate the design of certain controls within the control activities component;
- Requires separate assessment of inherent risk and control risk;
- Requires assessment of control risk at the maximum level so that, if the auditor does not plan to test the operating effectiveness of controls, the assessment of the risk of material misstatement is the same as the assessment of inherent risk;
- Provides guidance on scalability;
- Revises audit documentation requirements;
- Includes conforming amendments on performance of substantive procedures for each relevant assertion of each significant class of transactions, account balance, and disclosure.
The AICPA also released an “At-a-Glance” summary of SAS 145.
SAS 145 is effective for audits of financial statements for periods ending on or after December 15, 2023. The At-a-Glance summary notes that early implementation is permitted.
The effective date aligns SAS 145 to the effective date of SAS 143, Auditing Accounting Estimates and Related Disclosures, due to the interaction between the two standards.