Table of Contents
Introduction
The audit standards offer the structure through which consistency and quality is achieved with regards to the financial statement audits. These standards safeguard the investors and the creditors by providing minimum requirements on audit procedures.
What is SAS 145?
SAS 145 is a most recent standard that enhances risk evaluation during audits of financial statements.
The AICPA Auditing Standards Board released SAS 145 in an attempt to improve on the quality of audits through increasing the identification and evaluation of risk.
SAS 145 was released in October 2021 and became operational in audits of financial statements as of or subsequent to December 15 2023.
SAS 145 does not change the fundamental aspects of audit risk but builds up the process of the auditors to recognize, evaluate and react to the risks of material misstatement.
Its role is to guide and promote the analysis and shaping of risk evaluation and internal control.
SAS 145 is applicable to any GAAS audit; thus, it is necessary to know. This article discusses all the key information to the finance professionals regarding SAS 145.
Key Changes Introduced by SAS 145
Enhanced Risk Assessment
SAS 145 is all about understanding an entity’s IT environment. Auditors are currently expected to be sufficiently familiar with:
- The Business impact of IT
- Effects of IT controls and its financial reporting
- Technology-based risks and data processing
- Automatic controls and their reliability
Understanding of the Entity's IT Environment
SAS 145 is all about understanding an entity’s IT environment. Auditors are currently expected to be sufficiently familiar with:
- The Business impact of IT
- Effects of IT controls and its financial reporting
- Technology-based risks and data processing
- Automatic controls and their reliability
Revised Definitions
The major definition changes are as follows:
- Significant Risk: Reconstructed in order to make auditors concentrate where risks fall on the inherent risk continuum, assisting focus their efforts on audit.
- Relevant Assertion: That assertion is now to mean an assertion that has a specified risk of material misstatement giving finer details.
- Risk of Material Misstatement: The definition of a risk of material misstatement is clarified into two sections: inherent risk and control risk and demanding separate assessment.
Control identification Clarifications
The standard gives a clearer form of identifying and making the evaluation of controls. In case the auditors choose not to test controls they have to estimate the control risk to be maximum and risk of material misstatement must be equal to inherent risk assessment.
Scalability for Different Entity Sizes
SAS 145 provides that auditors adjust the scales of processes in relation to the complexity of the entities. Even the weaker entities the professional judgment in the standard can be efficiently employed to audit formal internal controls framework.
Comparison with Previous Standards
Here is how we compare it with the previous standards
Limitations of Previous Standards
How SAS 145 Improves Quality?
- Aggregation of the risk was covering valuable differences.
- Inadequate IT guidance of contemporary business settings.
- Vague definitions causing discrepancy.
- The lack of concentration on the broad frames of risk factors.
- More stringent documentations requirements
- Improved risk identification due to separated assessment
- Better judgement in professional guidance.
- Extensive requirements of technology integration
Why SAS 145 Matters to Finance Professionals
Effect on Auditors
- Risk assessment methodologies for external auditors are changed.
- The standard demands a more detailed documentation, improved client understanding, and more technology orientation.
- Audit teams should also be trained further and can take longer time to assess risks which improves overall efficiency.
Relevance for Financial Controllers and CFO
- Risk assessment methodologies for external auditors are changed.
- The standard demands a more detailed documentation, improved client understanding, and more technology orientation.
- Audit teams should also be trained further and can take longer time to assess risks which improves overall efficiency.
Benefits for Risk Management
- SAS 145 has its advantages to all stakeholders as it helps to improve risk identification together with better understanding of them.
- More efficient operations, improved communication, and more satisfaction that the audit is high quality.
How to Prepare for SAS 145?
If you are an Audit Firm
For Organizations Being Audited
- Change audit techniques and methodologies to incorporate new industry demands.
- Provide extensive personnel training in the IT evaluation and inherent risk factors.
- Review tools and technologies that are supposed to help with a better documentation.
- Make sure that quality control measures in place are duly updated for compliance.
- Thoroughly document the business processes.
- Make sure that you have well documented IT systems and controls.
- Make sure to prepare risk management procedure discussions.
- Make sure to Document the internal control design and implementation.
Implementation Tips
- Get ready early if you are planning for your organizational audit.
- Consult with auditors on information requirements.
- Concentrate on recording changes since the last audits.
- Prioritize professional training and development.
Key Implementation Steps for SAS 145
From Enhanced risk assessment to procedural documentation here are the key implementation steps
You need to separately examine inherent risk and control risk at the assertion level. Earlier these were evaluated in the combination.
You need to determine general information technology controls that address risks emerging from the use of IT and computer systems and then review their implementation and design.
Make sure to obtain comprehensive understanding of the individual components of the auditee's internal control system with more specific directions on which controls require assessment.
Comprehensively evaluate whether all the substantial risks across the entire financial statement have been identified after completing the initial analysis
Perform additional procedures and potentially consider bringing in experts and specialists for the complex areas.
Frequently Asked Questions
Yes. It is required of all GAAS financial statement audits of financial statements on periods after December 15, 2023
Yes. Though procedures can be scaled down to the complexity of an entity.
Not necessarily, though some firms may upgrade for better documentation support.
Initially, enhanced procedures may require additional time, but improved risk focus should increase efficiency long-term.
Resources and Further Readings
Official Resources:
- AICPA Professional Standards complete text
- AICPA Audit Guide implementation guidance
- AICPA SAS 145 At-a-Glance summary
Professional Development:
- AICPA webinars and training sessions
- State CPA society programs
- Professional development courses
Conclusion
- SAS 145 is an excellent advancement in the auditing and risk assessment procedures that composes foundations of quality audit.
- The standard leads to an increase in audit quality by introducing the requirement of specific assessment of inherent and control risks, importance of understanding the environment the IT operates and making the provisions regarding risk factors more approachable to all stakeholders.
- The main advantages are that there is further sharpening of audit procedures, superior risk identification, increased documentation, and more convenient communication between auditors and the management.
- Although the implementation necessitates an investment of money in training and may mean new procedures, it eventually means better quality audits that can give a stronger assurance to those who read financial statements.
- To the financial expert, knowledge of SAS 145 is important both in the conduct of the audits and when being audited or be employed in places where quality of audit is important.
- The implementation of SAS 145 is not limited to the compliance obligation, but it is more of a chance to improve the quality and value of audit services.
- Improved risk evaluation will offer new evaluation insights on operations and risk management to organizations, which have adapted to these changes and are working closely with auditors.
- Not necessarily many companies do upgrade to get better support on documentations. This is partly because improved procedures might consume more time, but risk orientation should bring effectiveness in the long-term.
- Keep connected with the trend of auditing standards, keep professionally developed, and do not forget which such quality auditing preserves faith in the financial markets and business operation.
Next Step:
- Review the complete standard
- Attend training programs
- Update documentation procedures
- Consult with implementation experts.
