 |
||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||||||||||||||
 |
 |
||
 |
RISK ASSESSMENT STANDARDS: A CORPORATE VIEW As 2008 begins, many businesses are entering the year-end audit cycle for 2007. The American Institute of CPAs recently issued new Statements on Auditing Standards (SASs), which are collectively referred to as the Risk Assessment Standards. The new Risk Assessment Standards are effective for audits of financial statements for periods beginning on or after December 15, 2006. As a result, those responsible for coordinating their company's audit will likely notice a significant difference in how their auditor approaches the 2007 audit. The basic purpose of the new standards is to require auditors to plan their audit approach to better assess the significant risk areas facing the company under audit. As a result, auditors will focus more than ever on understanding the entity and its operating environment, the competitive factors facing a business or organization, and the depth and quality of internal controls in place. The additional insight gained during the planning process will be used to tailor auditing procedures to focus on those areas which represent the greatest risk of material misstatement. The risk assessment process will be accomplished by gaining a greater understanding of the entity and its environment. This will require additional inquiries and discussions with management and other key accounting and operations personnel. Auditors will then turn their attention to identifying and evaluating the key internal controls at the company that address the areas of significant risk. The evaluation process will include additional observations and inspections of controls and walkthroughs of processes to determine whether key controls have been both properly designed and implemented. Once this is done, the auditor has the option to perform specific tests of controls and to rely on those controls in planning the nature and timing of the substantive tests of account balances. With the implementation of the new standards, auditors are shifting their focus to ensure that audits are appropriately designed based on a comprehensive assessment of significant risks and that companies have designed and implemented controls to address these significant risks. As a result, the new standards will once again put the spotlight on internal controls and build off the momentum created by Sarbanes Oxley and SAS 112, "Communicating Internal Control Related Matters Identified in an Audit." The revised focus on controls will most likely result in additional management comments related to control deficiencies which may not have been identified in previous audits. An audit is and has always been based on samples of transactions, as opposed to reviewing 100% of a company's transactions and balances. Therefore, misstatements could exist and not be detected during the audit. The goal of the new standards is to ensure that audits are effective by better assessing areas of audit risk, concentrating audit procedures on those risks, and evaluating the company's key controls to prevent and detect errors in areas with higher risk. There have been some dramatic changes in the auditing profession in the past few years. Auditing was primarily focused on "what happened": i.e., whether the financial position, operating results, and cash flows from the most recent fiscal period were properly reflected in financial statements and disclosures. Standards recently enacted now require an auditor to raise the level of concern on the processes and procedures followed in generating the financial statements and to provide management with more information about potential internal control weaknesses so that control weaknesses can be addressed before they result in financial misstatements. Thus, the auditor can be a source of invaluable information and recommendations that can be readily tapped by management. Ms. Hollenhorst may be reached directly at ahollenhorst@rubino.com or by calling 301.564.3636. Mr. Curtis may be reached directly at pcurtis@rubino.com or by calling 301.564.3636.For more information about Rubino & McGeehin, please visit www.rubino.com.
|
|
|