The AICPA’s Auditing Standards Board has issued SAS 145 to provide additional guidance on a number of audit-related topics. The first blog in this series focused on the new guidance around risk assessment under SAS 145, and the second on improved documentation and skeptical analysis.
In this third blog, we’ll examine balancing the scope of an audit with the complexity of an entity’s activities.
Clarifying audit scope
SAS 145 defines significant class of transactions, account balance, or disclosure, which is important for firms as it helps to clarify scope and improve efficiencies.
Although the term significant class of transactions, account balance, or disclosure is not new, it was not previously defined. In SAS 145, this is now defined as: “A class of transactions, account balance, or disclosure for which there is one or more relevant assertions.” A relevant assertion is defined as an assertion for which there is identified risk of material misstatement, even if that risk is low.
Why is this important for firms? It is intended to “clarify the scope of the auditor’s understanding of the entity’s information-processing activities as well as the auditor’s responsibilities related to the identification and assessment of, and responses to, risks of material misstatement,” according to the Executive Summary that prefaces SAS 145. In other words, it tells auditors where to focus.
Many firms may not have identified this as an issue, but ask your audit team if they have ever performed a lot of work around a particular area that didn’t seem significant, and if they were not really certain why they dedicated the amount of work that they did. Maybe it pertained to fixed assets even when there were no material additions, or prepaids even though there weren’t many changes. The point is that clarifying scope and driving efficiencies are key.
A conforming amendment to SAS 145 requires substantive testing for each relevant assertion of each significant class of transactions, account balance, and disclosure, regardless of the assessed level of control risk. Previous guidance required the auditor to design and perform substantive testing for all relevant assertions related to each material class of transactions, account balance, and disclosure, irrespective of the assessed risks of material misstatement. The shift from material to significant presents opportunities for efficiency.
Complex audits drive scalability
With SAS 145 comes new and enhanced guidance on scalability. Why? Because the size and complexity of an entity don’t always correlate.
Under the new standard, the complexity of an entity’s activities is the primary driver of scalability. Not the size of an entity, as in extant guidance.
SAS 145 recognizes that, although the size of an entity may be an indicator of its complexity, some smaller entities may be complex, and some larger entities may be less complex.
Therefore, when applying SAS 145, it is important to consider such factors as internal controls, including information systems, industry, accounting systems, etc.
Auditors should use their professional judgment to determine the nature and extent of the risk assessment procedures.
There’s also a recognition that some aspects of a less complex entity’s system of internal control may be less formal, but still present and functioning. When there is a lack of formality, the auditor may still be able to perform risk assessment procedures through a combination of inquiries, inspection of documents, and observations.
When working with an entity that has informal controls, say, for instance, a small entity that doesn’t employ many staff and has a lot of owner involvement, it may be helpful for auditors to step back and reframe their questions. Using audit language doesn’t always resonate with people outside of the profession.
To help draw out information on what internal controls an entity may have in place, consider asking questions like the following:
- What do you lose sleep over at night?
- What are you doing about it?
- How do you prevent bad things from happening in your business?
The bottom line: effective risk assessment is achievable even in less complex entities that have informal controls.
In balancing the scope of an audit with the complexity of an entity’s activities, auditors need to use their professional judgment and consider a multitude of factors to ensure a quality audit. To learn more, view our webinar offering guidance on SAS No. 145.
Visit our SAS 145 Hub for more information.
This is the third in a four-blog series about SAS 145 and its impact on tax and accounting professionals. Stay tuned for future posts.