| During 2005 and 2006, the American Institute of | | | | A greater understanding of the entity is required. |
| Certified Public Accountants issued several new | | | | Auditors are no longer able to assess control risk at |
| standards to improve and clarify auditing standards in | | | | maximum without a basis for that determination. |
| general. | | | | There are several steps auditors must take in |
| There were two statements that were issued and | | | | applying the Risk Assessment Standards. |
| became effective upon issuance: | | | | Gathering Information - The auditors must begin with |
| Statement on Auditing Standards (SAS) Numbers 102 | | | | gathering information about the entity and its |
| and 103. | | | | environment, including its internal control. Information |
| SAS No.102, Defining Professional Requirements in | | | | gathering should include at minimum information |
| Statement on Auditing Standards, clarifies steps in | | | | obtained from external factors; information about the |
| auditing standards that are "unconditional | | | | nature of the client; information in connection with |
| requirements" defined by works such as "must" and | | | | the objectives and strategies and related business |
| "is required to"; and steps that are "presumptively | | | | risks of the client; information regarding the client's |
| mandatory requirements" defined by words such as | | | | measurement parameters including a review of the |
| "should". | | | | client's financial performance; and information in |
| SAS No. 103, Audit Documentation, provides guidance | | | | connection with the client's internal controls. |
| on audit documentation as an essential element of | | | | Understand the Entity - The auditor must also |
| audit quality. This standard also gives guidance on the | | | | understand the entity and its environment, including |
| date of the audit report which cannot be earlier than | | | | its internal control. The auditor must anticipate and |
| the date on which the auditor has obtained sufficient | | | | evaluate what could go wrong, and be able to |
| appropriate audit evidence to support the opinion. As | | | | synthesize the information gathered to determine |
| a result, the audit report date will need to be close | | | | how it might affect the financial statements. The |
| to the date the reports are released | | | | auditor must also evaluate the design of the client's |
| The American Institute of Certified Public | | | | controls and determine if those controls have been |
| Accountants also issued the Risk Assessment | | | | implemented (which is different than test of controls). |
| standard in March 2006. The project originated as a | | | | In evaluating whether controls have been |
| joint project with SAS No. 99, Consideration of Fraud | | | | implemented, the auditor should determine if there is |
| in a Financial Statement Audit. These standards were | | | | an awareness of the existence of the procedure in |
| issued because the Accounting Standards Board | | | | question and if the staff implementing the control |
| believes that they will strengthen auditing standards | | | | have a working knowledge of how the procedure |
| and provide a more in depth understanding of the | | | | should be performed. |
| entity and its environment, a more rigorous | | | | Assess Risk - The auditor must assess the risk of |
| assessment of material misstatements and improved | | | | material misstatement by identifying risks throughout |
| linkage between assessed risk and the nature, timing | | | | the process, relate the identified risks to what can go |
| and extent of audit procedures performed. | | | | wrong at the relevant assertion level and consider |
| The following standards are in the suite of SASs | | | | whether the risks could result in a material |
| issued in connection with the Risk Assessment | | | | misstatement to the financial statements. Once |
| standards: | | | | "significant risks" have been identified, the auditor can |
| SAS No. 104 - Amendment to SAS No.1- Codification | | | | then design audit procedures accordingly. |
| of Auditing Standards and Procedures | | | | Design Audit Procedures - The auditor should design |
| SAS No. 105 - Amendment to SAS No.95 - Generally | | | | overall responses and further audit procedures at |
| Accepted Auditing Standards | | | | both the financial statement level, and the relevant |
| SAS No. 106 - Audit Evidence | | | | assertion level. In designing audit procedures, the |
| SAS No. 107 - Audit Risk and Materiality in Conducting | | | | auditor must provide and document a clear linkage |
| and Audit | | | | between the assessment of the risk of material |
| SAS No. 108 - Planning and Supervision | | | | misstatement and the nature, timing and extent of |
| SAS No. 109 - Understanding the Entity and Its | | | | the further audit procedures. |
| Environment and Assessing the Risks of Material | | | | Summary : Caporicci & Larson Report -- During 2005 |
| Misstatement | | | | and 2006, the American Institute of Certified Public |
| SAS No. 110 - Performing Audit Procedures in | | | | Accountants issued several new standards to |
| Response to Assessed Risks and Evaluating the Audit | | | | improve and clarify auditing standards in general. |
| Evidence Obtained | | | | There were two statements, concerning SAS 102 |
| SAS No. 111- Amendment to SAS No. 39 - Audit | | | | and SAS 103. |
| Sampling | | | | |