Risk assessment and effective confirmations
While it does not change the confirmation requirements, it prompts auditors to re-examine inherent risk factors closely, particularly for areas like cash and cash equivalents, where fraud can be more prevalent. While it does not change the confirmation requirements, it prompts auditors to re-examine inherent risk factors closely, particularly for areas like cash and cash equivalents, where fraud can be more prevalent.
For audit professionals involved in confirming accounts, understanding the implications of SAS 145 can improve the reliability of audit evidence and strengthen the approach to risk assessment. So, let’s explore the impact of SAS 145 on risk assessment in audits, particularly the importance of understanding inherent risk and its evolving nature.Jump to |
Understanding inherent risk in SAS 145
By definition, inherent risk is the susceptibility of an account balance or assertion to misstatement, irrespective of controls. SAS 145 requires a separate assessment of both inherent risk and control risks, which are both factors in the risk of material omission (RMM). If the auditor does no test controls and rates inherent risk low, the RMM will also be low. This nuance demands careful judgment — assessing inherent risk as low without adequate support can lead to not performing adequate audit procedures, including confirmations, which may be helpful for fraud detection, especially in cash-related accounts.
Inherent and control risks should be assessed individually. When inherent risk is high it increases the RMM. This is especially true if control tests are not conducted. Even in familiar audit areas it is important to be skeptical to avoid bias, which could cause the auditors to understate risks. Control risk is the risk that internal control systems may fail to detect misstatements. Inherent risk is the susceptibility of misstatements. Together, they shape the RMM and influence confirmation decisions.
Inherent risk factors in audits of cash accounts
Cash and cash equivalents are inherently susceptible to misstatement due to the potential for fraud and ease of manipulation. While SAS 145 highlights the importance of vigilance in assessing risks, auditors may independently consider common fraud schemes, such as “kiting,” falsified bank statements, or improper handling of receipts.
Bank confirmations may detect fraud schemes involving cash, like kiting and falsifying statements. Failing to confirm bank balances, especially for small to medium-sized clients, could expose firms to litigation and reputational damage if fraud is later detected.
Professional judgment in assessing inherent risk for cash is also critical, as improper assessments could lead to misstatements that compromise the integrity of financial reporting. Cash transactions can be high volume and obscure fraud. Assessing the risk correctly and testing the existence of cash are crucial to ensure schemes do not go undetected.
Critical thinking in low-risk assessments
SAS 145 emphasizes the importance of critical thinking when assessing risks, particularly when considering low-risk assessments. This approach encourages auditors to continually evaluate the appropriateness of their procedures in light of the specific circumstances of each engagement.
Cash existence serves as an excellent example where critical thinking in risk assessment is crucial. Auditors may question whether this low-risk assessment is always accurate. It’s important to consider the possibility of fraud, even in areas typically deemed low risk.
External confirmations can be a valuable tool in this process, potentially uncovering discrepancies that might not be apparent through other procedures. External confirmations could detect practices such as “kiting” or falsely inflating the cash balances. Confirming cash in the auditor’s toolbox is a powerful technique. Auditors can develop a more robust audit approach by applying critical thinking to these assessments, regardless of the initial risk level. By applying critical thinking to these assessments, regardless of the initial risk level, auditors can develop a more robust audit approach.
This mindset of continuous evaluation and critical thinking, as emphasized in SAS 145, helps ensure that audit procedures remain appropriate and effective for each unique engagement.
Changes in auditing standards and future considerations
While SAS 145 has clarified and modified risk assessment guidance, further revisions to auditing standards may be coming.
The Public Company Accounting Oversight Board (PCAOB), which sets standards for public company audits, has recently issued guidance on cash confirmations. The American Institute of Certified Public Accountants is now considering similar measures for audits of private companies. Cash confirmations for private company audits may change if the AICPA issues new guidance. This is a discussion that is still in its early stages. No formal exposure drafts have been released. This approach could help maintain consistency in audit procedures and potentially ease the transition if new standards are implemented in the future.
Professional judgement and skepticism: The cornerstones of SAS 145
At the heart of SAS 145 is the reaffirmation of professional skepticism and judgment. Auditors might consider challenging assumptions, particularly in areas like cash, where a low-risk label may not reflect the reality of potential risks.
Remaining current on evolving standards and revisiting risk assessments with a critical lens ensures that audit procedures are robust, comprehensive, and attuned to both regulatory expectations and the real-world financial landscape.
An opportunity to refine your approach to inherent risk assessment
SAS 145 provides audit professionals with an opportunity to refine their approach to risk assessment. A robust risk assessment process will guide auditors to more effective audit procedures. Auditor’s ability to detect significant financial misstatements can be improved by a thorough evaluation and tailoring of audit procedures based on the inherent risks. The focus on a well-executed risk assessment allows auditors to adapt their approach to each unique client situation, potentially leading to obtaining more reliable audit evidence and ensuring that their audit opinion is correct.
Staying informed on evolving standards, such as SAS 145, and adapting practices accordingly helps auditors uphold the integrity of financial reporting. These principles are essential for maintaining high-quality audits that meet regulatory requirements and complex client needs. Visit AuditWatch to get additional training and updates.
–
–
– Back on the blog
![[Podcast] AI in the Workplace – Training Data Issues](https://images.bannerbear.com/direct/y0aJ23zRDdqMxX4OGl/requests/000/073/888/505/aMBJ5DWdLYPmyl07zXRNjrp4Z/4c25b0cd2a35d2a5f1daff1dad0443e732b739cf.png "[Podcast] AI in the Workplace – Training Data Issues")
