In the ever-evolving landscape of auditing, the introduction of Statement on Auditing Standards (SAS) No. 145 marks a significant turning point in how auditors define and approach their work.
With a new definition for “significant class of transactions, account balance, or disclosure,” SAS 145 aims to streamline the audit process by sharpening the focus on areas with identified risks of material misstatement. This change not only clarifies the scope of an auditor’s responsibilities but also enhances the efficiency of the audit process itself, ensuring that efforts are concentrated where they are most needed.
As firms adapt to these changes, understanding the implications of SAS 145 becomes crucial. The standard introduces a shift from material to significant, redefining the requirements for substantive testing and emphasizing the importance of scalability based on the complexity of an entity’s activities rather than its size.
In this blog, we’ll discuss the nuances of the new standard, providing insights on how to effectively assess risks and tailor audit procedures to meet the unique needs of each entity, regardless of its complexity or the formality of its internal controls.
Clarifying audit scope
SAS 145 defines significant class of transactions, account balance, or disclosure, which is important for firms as it helps to clarify scope and improve efficiencies.
Although the term significant class of transactions, account balance, or disclosure is not new, it was not previously defined. In SAS 145, this is now defined as: “A class of transactions, account balance, or disclosure for which there is one or more relevant assertions.” A relevant assertion is defined as an assertion for which there is identified risk of material misstatement, even if that risk is low.
Why is this important for firms? It is intended to “clarify the scope of the auditor’s understanding of the entity’s information-processing activities as well as the auditor’s responsibilities related to the identification and assessment of, and responses to, risks of material misstatement,” according to the Executive Summary that prefaces SAS 145. In other words, it tells auditors where to focus.
Many firms may not have identified this as an issue, but ask your audit team if they have ever performed a lot of work around a particular area that didn’t seem significant, and if they were not really certain why they dedicated the amount of work that they did. Maybe it pertained to fixed assets even when there were no material additions, or prepaids even though there weren’t many changes. The point is that clarifying scope and driving efficiencies are key.
A conforming amendment to SAS 145 requires substantive testing for each relevant assertion of each significant class of transactions, account balance, and disclosure, regardless of the assessed level of control risk. Previous guidance required the auditor to design and perform substantive testing for all relevant assertions related to each material class of transactions, account balance, and disclosure, irrespective of the assessed risks of material misstatement. The shift from material to significant presents opportunities for efficiency.
Special reportRisk assessment changes are here. Are you ready? Read our special report on understanding the entity and its environment in SAS 145. |
Complex audits drive scalability
With SAS 145 comes new and enhanced guidance on scalability. Why? Because the size and complexity of an entity don’t always correlate.
Under the new standard, the complexity of an entity’s activities is the primary driver of scalability. Not the size of an entity, as in extant guidance.
SAS 145 recognizes that, although the size of an entity may be an indicator of its complexity, some smaller entities may be complex, and some larger entities may be less complex.
Therefore, when applying SAS 145, it is important to consider such factors as internal controls, including information systems, industry, accounting systems, etc.
Auditors should use their professional judgment to determine the nature and extent of the risk assessment procedures.
There’s also a recognition that some aspects of a less complex entity’s system of internal control may be less formal, but still present and functioning. When there is a lack of formality, the auditor may still be able to perform risk assessment procedures through a combination of inquiries, inspection of documents, and observations.
When working with an entity that has informal controls, say, for instance, a small entity that doesn’t employ many staff and has a lot of owner involvement, it may be helpful for auditors to step back and reframe their questions. Using audit language doesn’t always resonate with people outside of the profession.
To help draw out information on what internal controls an entity may have in place, consider asking questions like the following:
- What do you lose sleep over at night?
- What are you doing about it?
- How do you prevent bad things from happening in your business?
The bottom line: effective risk assessment is achievable even in less complex entities that have informal controls.
Conclusion
In balancing the scope of an audit with the complexity of an entity’s activities, auditors need to use their professional judgment and consider a multitude of factors to ensure a quality audit.
To learn more, view our webinar offering guidance on SAS No. 145.
Your guide to SAS 145Navigate change effectively with expert guidance. Browse our collection of blogs, infographics, and everything you need to stay up to date on SAS 145. |