In the most recent issuance of Statement of Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, the AICPA aimed to target concerns from the 2020 U.S. peer reviews. SAS No. 145 amends various AU-C sections of the AICPA Professional Standards. SAS No. 145 has the goal of enhancing certain aspects of the identification and assessment of the risks of material misstatement to sharpen auditors’ risk assessments and in the end, the overall quality of the audit in a world of evolving business practices.
SAS No. 145 enhances risk assessment through several changes. These include the following: requirements relating to obtaining an understanding of the internal control processes and assessment of control risk and guidance addressing aspects of the markets and environments that the entities and the audit firms operate in. Additionally, the AICPA has revised and added the following new requirements: a revised definition of significant risk; revised requirements on the evaluation of general information technology controls to determine proper implementation; a new requirement to separately assess inherent and control risk; a new requirement to assess maximum control risk in the event of foregoing testing the operating effectiveness of controls and to assess inherent risk at the same level of the risk of material misstatement; a new “stand back” requirement to evaluate completeness of transactions, account balances, and disclosures; audit documentation updates; guidance on scalability; and guidance on maintaining professional skepticism. SAS No. 145 takes effect for financial statement audits for periods ending on or after December 15, 2023, with early adoption permissible.