Skip to main content
Rehmann
Pay Bill
Rehmann
Solutions
Audit and AssuranceConsultingFinance and AccountingTaxTechnology ServicesWealth Management View all solutions
No matter the organizational need, our experienced and focused team is ready and eager to help. We invite you to put our expertise to work.
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Article
Welcome to the AI Primer: Unraveling the Tapestry of Artificial Intelligence 
Update: Corporate Transparency Act Reporting Requirements
Article
Update: Corporate Transparency Act Reporting Requirements
Industries
CannabisConstructionFinancial ServicesHealthcareManufacturingPublic SectorPrivate Equity View industries we serve
We understand where you’re coming from. Rehmann professionals provide expertise in a wide range of industries to help you address challenges and seize opportunities.
Resources
ArticlesGuidesPodcastsWebinars View all resources
Our team is focused on helping clients through consultation and connection. We’re also dedicated to sharing our knowledge and insights. Feel free to browse our wealth of information.
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Article
Hold on to Top Talent: Key Strategies That Won’t Break the Bank
Webinar
Series: Thriving with AI
About Us
Who We AreLocationsNewsThe Rehmann TeamEventsThe Rehmann Foundation
Our mission is to bring energy, focus, and integrity to every interaction — relentlessly pursuing expertise to accelerate our clients’ and associates’ goals. Take a look at the world of Rehmann.
Resources  >  Articles

AICPA finalizes auditing standard on risk assessment

Related Solutions: Audit and Assurance

October 25, 2022

Contributors: Thomson Reuters

Abstract: Auditors use risk assessment to determine the nature and scope of confirmation, testing, inquiry and analytical procedures that are appropriate during a company’s external audit. This article highlights key provisions of recently finalized audit standards on risk assessment that aim to improve audit quality. The final standard is expected to come out in October and go into effect for periods on or after December 15, 2023.

In recent years, the business environment has changed dramatically. The AICPA’s Auditing Standards Board (ASB) has responded by updating its risk assessment standards. Auditors use risk assessment to determine the nature and scope of confirmation, testing, inquiry and analytical procedures that are appropriate during your company’s external audit.

Assessing the risks

In August 2020, the ASB issued Proposed Statement on Auditing Standards (SAS), Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. If approved, the proposal would supersede SAS No. 122, Statements on Auditing Standards: Clarification and Recodification, and AU-C Section 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.

Over the last year, this proposal was revised to account for issues identified in public comment letters. In August 2021, the ASB unanimously voted to issue final audit standards on risk assessment. The final standard — SAS No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement — is expected to come out in October and go into effect for periods on or after December 15, 2023.

The updated guidance will enhance the requirements for identifying and assessing risks of material misstatement. In particular, the guidance addresses a company’s system of internal control and information technology.

Updating a key definition

The final standard revises the definition of “significant risk” to help auditors focus on where the risks lie on a spectrum of inherent risk. Under the updated guidance, significant risk is an identified risk of material misstatement “for which the assessment of inherent risk is close to the upper end of the spectrum of inherent risk due to the degree to which inherent risk factors affect the combination of the likelihood of a misstatement occurring and the magnitude of the potential misstatement should that misstatement occur; or that is to be treated as a significant risk in accordance with the requirements of other AU-C sections.” Essentially, the higher on the spectrum of inherent risk that a risk is assessed, the more persuasive the audit evidence needs to be.

By contrast, the current definition focuses on risks that require special audit considerations. This definition has caused inconsistency when determining significant risks. It focuses on the auditor’s response to the risk, rather than the nature of the risk.

Other changes

An executive summary highlights other major changes to the auditing standard on risk assessment, including:

  • Revised requirements to evaluate the design of certain controls within the control activities component and determine whether such controls have been implemented,
  • A new requirement to separately assess inherent risk and control risk,
  • A new requirement to assess control risk at the maximum level such that the assessment of the risk of material misstatement is the same as the assessment of inherent risk, if the auditor doesn’t plan to test the operating effectiveness of controls,
  • New guidance on scalability,
  • New guidance on maintaining professional skepticism,
  • A “stand-back” requirement intended to drive an evaluation of the completeness of the auditor’s identification of significant classes of transactions, account balances and disclosures, and
  • Revised audit documentation requirements.

SAS No. 145 also will require auditors to perform substantive procedures for each relevant assertion of each significant class of transactions, account balance and disclosure. This requirement must be followed regardless of the assessed level of control risk.

Bottom line

Although these changes might initially seem extensive, a draft summary of the final standard says it won’t fundamentally change the key concepts underpinning audit risk. Instead, “SAS No. 145 clarifies and enhances certain aspects of the identification and assessment of the risks of material misstatement to drive better risk assessments and, therefore, enhance audit quality.” For more information on how the updated guidance will affect future audit procedures, contact your auditor.

© 2021