The new risk assessment standards are all about getting back to basics, said expert Hiriam Hasty while speaking at the New York State Society of CPAs' annual Accounting and Auditing in the Nonpublic Environment Conference.
Hasty, the technical manager of the American Institute of CPAs Audit and Attest Standards Team and the staff liaison to the Auditing Standards Board, urged the conference attendees to start taking a look at how the changes will affect their work sooner, rather than later. The risk assessment standards include the eight Statements on Auditing Standards numbering 104 to 111 and will take effect for audits of the 2007 fiscal year.
And while Hasty didn't suggest a number for what sort of impact the new standards would have on fees, he did say that it's not too soon to begin having conversations with clients, or mentioning in a letter that the changes will likely have an impact on pricing.
Mostly rooted in research on firm methodology and a study commissioned by the Securities and Exchange Commission, Hasty said the standards make a trio of significant changes to existing practices, including:
- Identifying and assessing the risks of material misstatements at both the financial statement level, and the relevant assertion level, by performing risk assessment procedures;
- Designing and performing tailored further audit procedures responsive to assessed risks at the relevant assertion level; and,
- Linking audit procedures to the risk of material misstatement, meaning that an auditor can no longer just link to the top level of procedures without providing justification.
Throughout his talk, which focused on breaking down each statement in detail, Hasty also warned the CPAs in attendance that they do need to do the legwork still as auditors, including performing plant and facility visits no matter how closely they trust the client. He pointed to one recent scandal in the news, where a company's plant in India didn't actually exist.But at the same time, Hasty noted that SAS No. 107, which focuses on audit risk and materiality and calls for the assessing the risk of misstatement at the "relevant assertion level," does provide some leeway for using intuition and a relationship with the client in setting an actual number.
"It just makes sense," Hasty said. "You need to develop specific approaches to each of a client's businesses and then be able to drill down at the assertion level."
Hasty said that an audit guide is in the process of being developed and will be available sometime this fall, and the AICPA has already released an Audit Risk Alert entitled, "Understanding the New Auditing Standards Related to Risk Assessment," which includes a summary of major changes.
Both Hasty and a number of his colleagues will be traveling around the country this summer, delivering similar presentations to other state societies. He said more news on Auditing Standards Board projects is available at
