Should you’re an audit skilled, you realize that SAS 145 is right here — and it is efficient for audits of economic statements for durations ending on or after December 15, 2023.
What does SAS 145 handle?
At a excessive stage, SAS 145 addresses an organization’s system of inside management and knowledge expertise. It additionally revises the definition of serious danger in order that auditors might be targeted on the place the dangers lie on a spectrum of inherent danger. This new normal supersedes the present steerage in AU-C 315A and amends different sections associated to danger evaluation and assessing management danger.
Whereas SAS 145 doesn’t basically change the important thing ideas underpinning audit danger, it does make clear and improve sure points of the identification and evaluation of the dangers of fabric misstatement to handle gaps and enhance total audit high quality. As auditors, it’s necessary to grasp learn how to successfully apply SAS 145 to make sure compliance and improve the general audit course of.
9 steps to use SAS 145
So now that SAS 145 is right here, what steps ought to auditors take? Let’s have a look.
1. Deal with the danger itself.
SAS 145 revises the definition of serious danger to focus totally on the danger itself moderately than the auditor’s response to the danger. This modification goals to advertise a extra constant and goal method to assessing dangers. Auditors are nonetheless required to reply to important danger appropriately and apply the necessities of the requirements, corresponding to speaking the danger to these charged with governance and testing design and implementation of associated inside controls.
2. Emphasize the inherent danger evaluation.
SAS 145 locations elevated emphasis on the inherent danger evaluation and introduces a spectrum of inherent danger. When management danger is assessed on the most stage as a result of the auditor doesn’t plan to check the working effectiveness of controls, assess the mixed danger of fabric misstatement on the identical stage because the inherent danger evaluation.
3. Improve audit documentation.
Among the many new provisions in SAS 145 is the revision of the audit documentation necessities. Search for alternatives to drive enhanced efficiencies with regard to documentation round design and implementation of your inside controls.
4. Preserve skilled skepticism.
Emphasize to your audit group the necessity to keep skilled skepticism when performing danger evaluation procedures and evaluating the outcomes. SAS 145 highlights the significance of sustaining skilled skepticism and points new and enhanced steerage.
5. Cease and replicate.
SAS No. 145 features a new “stand-back” requirement supposed to drive an analysis of the completeness of the auditor’s identification of serious lessons of transactions, account balances, and disclosures. This requires auditors to cease and replicate on the completeness of their identification of serious lessons of transactions, account balances, and disclosures.
6. Take into account a “top-down” method.
In gentle of the brand new “stand-back” requirement, think about adopting a top-down method when figuring out important lessons of transactions, account balances, and disclosures. Corporations could discover that such an method might help drive extra environment friendly and efficient audits.
7. Improve communication.
SAS 145 emphasizes the significance of efficient communication between the auditor and people charged with governance relating to recognized dangers of fabric misstatement as a result of non-compliance. Auditors ought to be certain that all related events are adequately knowledgeable and conscious of the implications of noncompliance dangers. On persevering with engagements, you have to to rethink prior 12 months danger assessments in gentle of latest and revised necessities.
8. Advanced audits drive scalability.
Underneath SAS 145, the complexity of an entity’s actions is the first driver of scalability. Though the dimensions of an entity could also be an indicator of its complexity, some smaller entities could also be complicated, and a few bigger entities could also be much less complicated. The underside line: efficient danger evaluation is achievable even in much less complicated entities which have casual controls.
9. Consider the dangers of IT controls.
SAS 145 acknowledges the usage of IT by each auditors and purchasers and expressly defines the dangers arising from the usage of IT. Which means auditors want to consider IT use when it comes to assertions and should consider the complexity of a system, even off-the-shelf software program packages, and all that’s included.
Managing SAS 145 compliance
Bear in mind: SAS No. 145 doesn’t basically change the important thing ideas underpinning audit danger. As a substitute, it clarifies and enhances sure points of the identification and evaluation of the dangers of fabric misstatement to drive higher danger assessments and, in the end, improve audit high quality. And therein lies a possibility in your audit agency.
By familiarizing your self with SAS 145 and taking the steps essential to replace your audit processes, you possibly can successfully adjust to the usual, conduct thorough and complete audits, and proactively handle the dangers related to noncompliance. And maybe SAS 145 could possibly be a possibility to raised serve your purchasers and improve your total audit productiveness and effectivity.
To make sure that your agency is totally ready to handle the impression of SAS 145, take a look at our webinar providing steerage on SAS No. 145.
For extra info and finest practices, go to our SAS 145 Hub.