Category Archives for "Accounting and Auditing"

audit planning
Apr 04

Audit Planning: Develop Your Audit Plan and Strategy

By Charles Hall | Auditing

This article teaches you how to develop your audit plan and strategy. Once you complete your risk assessment, it’s time to build these critical pieces of your audit engagement. 

Effectiveness and efficiently are both possible with a good audit plan. Below I explain how to do this. Additionally, we’ll also take a look at three common mistakes made in planning. See if you make any of these. 

audit planning

To be in compliance with audit standards, we need to develop:

  • Our audit strategy
  • Our audit plan

Developing Your Audit Strategy

What’s in the audit strategy? AU-C 300, Planning an Audit, states that the audit strategy should include the following:

  • The characteristics of the engagement (these define its scope)
  • The reporting objectives (these affect the timing of the audit and the nature of the reports to be provided)
  • The significant factors (these determine what the audit team will do)
  • The results of preliminary engagement activities (these inform the auditor’s actions)
  • Whether knowledge gained on other engagements is relevant (these potentially provide additional insight)

Think of the audit strategy as the big picture.

We are documenting:

  • The scope (the boundaries of the work)
  • The objectives (what the deliverables are) 
  • The significant factors (e.g., is this a new or complex entity?)
  • The risk assessment (what are the risk areas?)
  • The planned resources (e.g., the engagement team) 

Much can be achieved with the right strategy—even walking on the moon.

Strategy for Walking on the Moon

When NASA planned to put a man on the moon, a strategy was created. It could have read as follows:

We will put a man on the moon. The significant factors of our mission include mathematical computations, gravitational pull, thrust, and mechanics. The risks include threats to our astronauts’ lives, so we need to provide sufficient food, air, sound communications, and a safe vessel. The deliverable will be the placement of one man on the moon and the safe return of our three astronauts. The engagement team will include three astronauts, launch personnel at Kennedy Space Center, and mission-control employees in Houston, Texas. 

A sound strategy led to Neil Armstrong’s historic walk on July 20, 1969.

Our audit strategy—in a more pedestrian pursuit—is a summary of objectives, resources, and risk. It’s the big picture. Our strategy leads to the successful issuance of our audit opinion (not quite as exciting as walking on the moon, but still important).

What’s in an Audit Strategy?

The audit strategy doesn’t have to be complicated or long, especially for smaller entities—it can be a short memo. What are we after? A summary of risks, needed resources, and objectives.

My firm uses an internally-developed strategy form—mainly, to ensure consistency. The form contains structure, such as references to risk assessment work and blank boxes in certain areas—such as partner directions—so it is flexible. As a result, the form has structure and flexibility.

Here are the main areas we cover:

  • Deliverables and deadlines
  • A time budget
  • The audit team
  • Key client contacts
  • New accounting standards affecting the audit
  • Problems encountered in the prior year 
  • Anticipated challenges in the current year 
  • Partner directions regarding key risk areas
  • References to work papers addressing risk

Who Creates the Audit Strategy?

Who should create the strategy? The in-charge can create it with the assistance of the engagement partner, or the partner can do so. 

Audit Strategy as the Central Document

If you want to see one document that summarizes the entire audit, this is it. As you can see, the strategy is general in nature, but you also need a detailed plan to satisfy the demands of the strategy—this is the audit plan (commonly referred to as the audit program). NASA had a mission statement for Apollo 11, but—I’m sure—written guidelines directed the step-by-step execution of the project. 

Audit Plan (or Audit Program)

Now we create the detailed planning steps—the audit program. Think of the audit program as the final stage of audit planning. What have we done to get to this stage of the audit? 

  1. Performed risk assessment procedures
  2. Developed our audit strategy

Now it’s time to create the audit plan.

audit plan

The audit plan is the linkage between planning and further audit procedures. What are “further audit procedures”? They are the tactical steps to address risk including substantive procedures and test of controls. The audit program links back to the identified risks and points forward to the substantive procedures and test of controls. Substantive procedures include tests of details and substantive analytical procedures.

Creating the Audit Program

How—in a practical sense—do we create the audit programs? Most auditors tailor the prior year audit programs. That works—as long as we revise them to address the current year risks. Audit programs are not—at least, they should not be—static documents. Even so, the current year audit program can be the same as last year—as long as the risks are the same.

Sufficient Audit Steps

How do we know if we have adequate audit program steps? Look at your risks of material misstatement (RMM)—which, hopefully, are assessed at the assertion level (e.g., completeness). Audit steps should address all high and moderate RMMs. 

Integrating Risk Assessment with the Audit Program

How else can we integrate our documentation? Put the relevant assertions next to each audit step—this makes the connections between the RMMs (at the assertion level) and the audit steps clear.

AU-C 330 says the auditor is required to apply substantive procedures to all relevant assertions related to each material class of transactions, account balance, and disclosure. So, the audit program should reflect steps for all material areas.

Creating Efficiency in the Audit Plan

Once you complete your risk assessment work, you want to ask, “Which is the more efficient route? Testing controls or performing substantive procedures.” Then go with your instincts. 

Generally, I assess control risk at high. While we can’t default to a high control, we can—once the risk assessment work is complete—decide to assess control risk at high as an efficiency measure. Why? If we assess control risk at below high, we must test the controls as a basis for the lower risk assessment. The testing of controls can—sometimes—take longer than substantive procedures. 

For example, is it better to test the controls related to fixed asset additions or is it more efficient to vouch the invoices for significant additions? Usually, the vouching of the invoices will get you to your desired destination quicker than testing controls. Generally—at least in my opinion—this line of reasoning is less true for more complex organizations. Larger organizations process more transactions and tend to have better controls. So it can be better to test controls for larger entities.

There you have it—the creation of the audit strategy and the audit plan. Your strategy includes the risks, needed resources, and objectives. And your audit program contains the tactical steps to address risks. You are set to go. 

I find that auditors usually understand the above, but still make one of the following three audit planning mistakes. 

Three Mistakes in Audit Planning

Auditors make three common planning mistakes: (1) not tailoring audit programs and (2) allowing prior year work papers to drive the audit process, and (3) using a balance sheet audit approach. Let’s see how these happen.

audit planning

1. Not Tailoring Audit Programs

Where do most audit programs come from? They are purchased from forms providers, usually international publishing companies. These purchased programs are useful, but they can become a crutch, leading to canned audit approaches that are not responsive to risks. 

If we use unrevised audit programs and if our audit approach is always the same, what good is risk assessment? Another way to say this is, If audit programs never change, why perform walkthroughs, preliminary analytics, and other risk assessment procedures? 

Canned audit programs are one reason auditors give lip-service to risk assessment. In the auditor’s mind, he may be thinking, I already know what I’m going to do, so why waste time with risk assessment? This cookie-cutter approach is dangerous, but quite common. And why is it dangerous? Because it can lead to an intentional blindness toward internal controls and significant risks. And deficiencies in risk assessment lead to deficiencies in audit procedures. The result: material misstatements are not identified and an unmodified audit opinion is rendered. In other words, audit failure occurs.

Audit programs can be tailored: steps can be added, changed, or deleted. These steps can be amended based on the risk of material misstatement. But some auditors don’t change their audit plan. 

And not tailoring audit programs can lead to several problems such as:

  • Audit team members signing off on steps not performed 
  • Team members typing Not Applicable (N/A) next to several audit steps 
  • Auditors performing unnecessary procedures 
  • Auditors not performing necessary procedures 

In addition to not tailoring audit programs, some auditors hit autopilot and use their prior year work papers as their current year plan. 

2. Prior Year Work Papers as the Audit Plan

Audit documentation should develop sequentially:

  1. Risk assessment
  2. Audit programs
  3. Audit work papers 

But poor auditors tend to follow the prior year work papers and complete the audit program as an afterthought. Worse yet, the risk assessment work is completed at the end of the engagement, if at all. The tail wags the dog. This same-as-last-year approach leads to incongruities in risks of material misstatement and the procedures performed. In effect, the prior year work papers become the current year audit program. 

Another common audit planning mistake is the use of a balance sheet audit approach. 

3. Balance Sheet Audit Approach

Many auditors use a fully substantive approach, meaning they don’t test controls for effectiveness. Moreover, some auditors test balance sheet accounts and little else. But this approach can lead to problems.

I have heard auditors say: If I audit all of the balance sheet accounts, then the only thing that can be wrong is the composition of revenues and expenses. But is this true?

The accounting equation says:

Totals assets = Total liabilities plus Total equity

Another way to say this is:

Total equity = Total assets minus Total liabilities

If we disregard stock purchases and sales, equity is usually the accumulation of retained earnings. And retained earnings comes from the earnings or losses on the income statement. In other words, retained earnings comes from revenues and expenses. So the net income or loss (revenues minus expenses) has to fit into the accounting equation (equity equals assets minus liabilities).

Therefore, if we audit all assets and liability accounts, doesn’t it make sense that the only thing that can be wrong is the composition of revenues and expenses? Mathematically I see why someone might say this, but a flaw lurks in the construct. 

Audit Failure Example

I once saw an audit firm sued for several million dollars. The CPAs audited the company for several years, issuing an unqualified opinion each year, but a theft was occurring all along.

So what were the audit firm’s mistakes? They relied too heavily upon a balance sheet audit approach, and they did not gain an understanding of the company’s key internal controls. 

The auditors used substantive procedures such as:

  • Testing bank reconciliations
  • Sending receivable confirmations and vouching subsequent collections
  • Computing annual depreciation and agreeing it to the general ledger
  • Vouching additions to plant, property, and equipment
  • Performing a search for unrecorded liabilities in payables
  • Confirming debt

The balance sheet accounts reconciled to the general ledger, and no problems were noted in the audit of the balance sheet accounts. But millions were missing. 

So what flaw lies in a balance sheet audit approach? Millions can go missing while the balance sheet accounts reconcile to the general ledger. Consequently, auditing the balance sheet accounts alone may not detect theft. Therefore, gaining an understanding of the internal controls and developing appropriate responses is critical to identifying material misstatements, especially when fraud is possible. 

So as we plan our substantive procedures, we need to avoid the flawed balance sheet approach. Yes, substantive procedures for the balance sheet accounts are important, but fraud detection procedures are necessary when control weaknesses are present. A test of details is necessary when a significant risk (such as a fraud risk) is present. 

In Summary

Develop an audit strategy and plan once you complete your risk assessments procedures. Then link the risks of material misstatement to your further audit procedures. Doing so will help ensure that your audit is successful. In other words, that no material misstatements are present when you issue an unmodified opinion. 

Moreover, don’t make these three audit planning mistakes: (1) not tailoring audit programs and (2) allowing prior year work papers to drive the audit process, and (3) using a balance sheet audit approach.

See my audit series The Why and How of Auditing to learn even more about the full audit process, including how to audit transaction cycles such as cash, receivables, payables, and debt. 

Special purpose reporting framework
Mar 19

Special Purpose Reporting Frameworks

By Charles Hall | Accounting and Auditing , Preparation, Compilation & Review

In this article, I provide information about various special purpose reporting frameworks (e.g., cash basis, modified-cash basis, and income tax basis) and how you can use them to create financial statements for your clients. 

Suppose you’ve been contacted by your client to prepare their financial statements and issue a compilation report. At first, you think, I’ll create the financials in accordance with GAAP, but then you remember there are special purpose reporting frameworks. Maybe the cash basis or income tax basis is a better option.

Special purpose reporting framework

Continue reading

audit assertions
Mar 07

Audit Assertions in Financial Statement Audits

By Charles Hall | Auditing

In this article, I address audit assertions and why they are critical to the audit process. We'll look at assertion examples and how to you can leverage these in your audit plan. Do you desire to stop over auditing? Then read on. 

All businesses make assertions in their financial statements. For example, when a financial statement has a cash balance of $605,432, the business asserts that the cash exists. When the allowance for uncollectibles is $234,100, the entity asserts that the amount is properly valued. And when payables are shown at $58,980, the company asserts that the liability is complete

audit assertions

Reporting Frameworks

Of course assertions derive their meaning from the reporting framework. So before you consider assertions, make sure you know what the reporting framework is and the requirements therein. For example, the occurrence of $4 million in revenue means one thing under GAAP and quite another under the cash basis of accounting

What is a Relevant Assertion?

For an auditor, relevant assertions are those where a risk of material misstatement is reasonably possible. So, magnitude (is the risk related to a material amount?) and likelihood (is it reasonably possible?) are both considered. 

For cash, maybe you believe it could be stolen, so you are concerned about existence. Is the cash really there? Or with payables, you know the client has historically not recorded all invoices, so the recorded amount might not be complete. And the pension disclosure is possibly so complicated that you believe it may not be accurate. If you believe the risk of material misstatement is reasonably possible for these areas, then the assertions are relevant. 

Some auditors refer to auditing by assertions as an assertions audit. Regardless of the name, we need to know what the typical assertions are. 

Audit Assertions

Assertions include:

  • Existence or occurrence (E/O)
  • Completeness (C)
  • Accuracy, valuation, or allocation (A/V)
  • Rights and obligations (R/O)
  • Presentation, disclosure, and understandability (P/D)
  • Cutoff (CU)

Not all auditors use the same assertions. In other words, they might use assertions different from those listed above, or the auditor could list each assertion separately. Regardless, auditors need to make sure they address all possible areas of misstatement. 

Assertions as Scoping Tool

Think of assertions as a scoping tool that allows you to focus on the important. Not all assertions are relevant to all account balances or to all disclosures. Usually, one or more assertions are relevant to an account balance, but not all. For example, existence, rights, and cutoff might be relevant to cash, but not valuation (provided there is no foreign currency) or understandability. For the latter two, a reasonable possibility of material misstatement is not present.

As you consider the significant account balances, transaction areas, and disclosures, specify the relevant assertions. Why? So you can determine the risk of material misstatement for each and create responses. Here’s an example for accounts payable and expenses. 

AssertionInherent RiskControl RiskRisk of Material MisstatementResponse
E/OModerateHighModeratePerform substantive analytics comparing expenses to budget and prior year
CHighHighHighPerform search for unrecorded liabilities
CUModerate HighModerateSubstantive analytical comparison of the payable balance

Inherent Risk Support

Accounts payable is not complex and there are no new accounting standards related to it. There are no subjective judgments. Volume is moderate and directional risk is an understatement. Inherent risk is assessed at high for completeness (client has not fully recorded payables in prior years). Occurrence and cutoff have not been a problem areas in past years.

Inherent Risk as the Driver

Risk of material misstatement is the result of inherent risk and control risk. Auditors often assess control risk at high because they don’t plan to test for control effectiveness. If control risk is assessed at high, then inherent risk becomes the driver of the risk of material misstatement. In the table above, the auditor believes there is a reasonable possibility that a material misstatement might occur for occurrence, completeness, and cutoff. So responses are planned for each. 

Fraud risks and subjective estimates can be (and usually are) assessed at the upper end of the spectrum of inherent risk. They are, therefore, significant risks. When a significant risk is present, the auditor should perform procedures beyond his or her normal approach. As we previously said, when the client’s risk increases, the level of testing increases. 

Significant Risk 

The payables/expenses assessment below incorporates an additional response due to a significant risk, the risk that fictitious vendors might exist.

AssertionInherent RiskControl RiskRisk of Material MisstatementResponse
E/OHighHighHighPerform substantive analytics comparing expenses to budget and prior year; Perform fictitious vendor test
CHighHighHighPerform search for unrecorded liabilities
CUModerate HighModerateSubstantive analytical comparison of the payable balance

Inherent Risk Support

Accounts payable is not complex and there are no new accounting standards related to it. There are no subjective judgments. The company suffered a fictitious vendor fraud during the year, so the occurrence assertion has uncertainty. Volume is moderate and directional risk is an understatement. Inherent risk is assessed at high for occurrence (significant risk) and completeness. Cutoff has not been a problem in past years. 

Significant Risk Example

In auditing expenses, the auditor knows that a risk of fictitious vendors exists. In this scheme the payables clerk adds and makes payments to a nonexistent vendor. Additionally, the payments are usually supported with fake invoices. What is the result? Yes, additional expenses. Those fraudulent payments appear as expenses in the income statement. So the occurrence assertion is suspect. 

If the auditor believes the risk of fictitious vendors is at the upper end of the inherent risk spectrum, then a significant risk is present in relation to the occurrence assertion. And such a risk deserves a fraud detection procedure. In this example, the auditor responds by adding a substantive test for detection of fictitious vendors. More risk, more work.  

Additionally, notice the inherent risk for occurrence is assessed at high. Why? Because it’s at the upper end of the inherent risk spectrum. A significant risk is, by definition, a high inherent risk, never low or moderate.

As you can tell, I am suggesting that risk be assessed at the assertion level. But is it ever acceptable to assess risk at the transaction level

Assessing Risk at the Transaction Level

Is it okay to assess audit risk in the following manner?

AssertionInherent RiskControl RiskRisk of Material Misstatement
E/O; CU; R/O; A/V; P/DHighHighHigh

Yes, but if all assertions are assessed at high, then a response is necessary for each. 

Those who assess risk at the transaction level think they are saving time. But is this a more efficient approach? Or might it be more economical to do so at the assertion level?

Assess the Risk of Material Misstatement at the Assertion Level

If the goal of assessing risk is to quickly complete a risk assessment document (and nothing else), then assessing risk at the transaction level makes sense. But the purpose of risk assessment is to provide planning direction. Therefore, we need to assess risk at the assertion level. 

Why? Let’s answer that question with an accounts payable example. 

Accounts Payable Risk Assessment Example

Suppose the auditor assesses risk at the transaction level, assessing all accounts payable assertions at high. What does this mean? It means the auditor should perform substantive procedures to respond to the high-risk assessments for each assertion. Why? The risk assessment for valuation, existence, rights and obligations, completeness, and all other assertions are high. Logically, the substantive procedures must now address all of these (high) risks.

Alternatively, what if the accounts payable completeness assertion is assessed at high and all other assertions are at low to moderate? How does this impact the audit plan? Now the auditor plans and performs a search for unrecorded liabilities. Additionally, he may not, for example, perform existence-related procedures such as sending vendor confirmations. The lower risk assertions require less work.

Do you see the advantage? Rather than using an inefficient approach—let’s audit everything—the auditor pinpoints audit procedures. 

Once assertions are assessed, it’s time to link them to further audit procedures.

Linkage with Further Audit Procedures

As a peer reviewer, firms say to me, “I know I over-audit, but I don’t know how to lessen my work.” And then they say, “How can I reduce my time without reducing quality?” 

Here’s my answer: Perform real risk assessments and document the risk of material misstatement at the assertion level. Then tailor—yes, change the audit program—to address the risks. Perform substantive procedures or a test of controls for effectiveness related to the identified risk areas—and slap yourself every time you even think about same as last year. (Your substantive procedures can be a test of details or substantive analytics.)

And what are the benefits of assessing risk at the assertion level?

  • Efficient work
  • Higher profits 
  • Conformity with standards

You may be wondering if financial statement level risk can affect assertion level assessments. Let's see. 

Risks at the Financial Statement Level

Financial statements have financial statement level risks such as management override or the intentional overstatement of revenues. These sometimes affect assertion level risk. For example, the intentional overstatement of revenues has a direct effect upon the existence assertion for receivables and the occurrence assertion for revenues. Therefore, even when you identify financial statement level risks, consider whether they might affect assertion level risks as well. 

Now let's talk about homework based on this article. Let's make this useful. 

Your Audit Assertion Documentation

Look at two or three of your audit files and review your risk assessments. Are you assessing risk at the transaction level or at the assertion level? Plan to spend more time in performing risk assessment procedures and documenting your risks at the assertion level—and possibly less time performing further audit procedures.

audit and work paper mistakes
Feb 19

Audit and Work Paper Mistakes: A List of 40

By Charles Hall | Auditing

Today, I offer you a list of forty audit and work paper mistakes.

audit and work paper mistakes

The list is based on my observations from over over thirty-five years of audit reviews (and not on any type of formal study).

You will, however, shake your head in agreement as you read these. I know you’ve seen them as well. The list is not comprehensive. So, you can add others in the comments section of this post.

Here’s the list.

  1. No preparer sign-off on a work paper
  2. No evidence of work paper reviews
  3. Placing unnecessary documents in the file (the work paper provides no evidential matter for the audit)
  4. Signing off on unperformed audit program steps
  5. No references to supporting documentation in the audit program
  6. Using canned audit programs that aren’t based on risk assessments for the particular entity
  7. Not documenting expectations for planning analytics
  8. Inadequate explanations for variances in planning analytics (“revenue went up because sales increased”)
  9. Planning analytics with obvious risk of material misstatement indicators, but no change in the audit plan to address the risk (sometimes referred to as linkage)
  10. Not documenting who inquiries were made of
  11. Not documenting when inquiries were made
  12. Significant deficiencies or material weaknesses that are not communicated in written form
  13. Verbally communicating control deficiencies (those not significant deficiencies or material weaknesses) without documenting the conversation
  14. Performing needed substantive tests with no related audit program steps (i.e., the audit program was not amended to include the necessary procedures)
  15. Assessing control risk below high without testing controls
  16. Assessing the risk of material misstatement at low without a basis (reason) for doing so
  17. Documenting significant risks (e.g., allowance for uncollectible receivable estimates in healthcare entities) but no high inherent risks (when inherent risk are separately documented)
  18. Not documenting the predecessor auditor communication in a first-year engagement
  19. Not documenting the qualifications and objectivity of a specialist
  20. Not documenting all nonattest services provided
  21. Not documenting independence
  22. Not documenting the continuance decision before an audit is started
  23. Performing walkthroughs at the end of an engagement rather than the beginning
  24. Not performing walkthroughs or any other risk assessment procedures
  25. Not performing risk assessment procedures for all significant transaction areas (e.g., risk assessment procedures performed for billing and collections but not for payroll which was significant)
  26. Not retaining the support for opinion wording in the file (especially for modifications)
  27. Specific items tested are not identified (e.g., “tested 25 disbursements, comparing amounts in the check register to cleared checks” — we don’t know which particular payments were tested)
  28. Making general statements that can’t be re-performed based on the information provided (e.g., “inquired of three employees about potential fraud” — we don’t know who was interviewed or what was asked or their responses)
  29. Retrospective reviews of estimates are not performed (as a risk assessment procedure)
  30. Going concern indicators are present but no documentation regarding substantial doubt
  31. IT controls are not documented
  32. The representation letter is dated prior to final file reviews by the engagement partner or a quality control partner
  33. Consultations with external or internal experts are not documented
  34. No purpose or conclusion statement on key work papers

35. Tickmarks are not defined (at all)

36. Inadequately defining tickmarks (e.g., ## Tested) — we don’t know what was done

37. No group audit documentation though a subsidiary is included in the consolidated financial statements

38. No elements of unpredictability were performed

39. Not inquiring of those charged with governance about fraud

40. Not locking the file down within 60 days 

That’s my list of audit and workpaper mistakes. What would you add?

Even if you do all of these, have you documented them properly? See my article If It’s Not Documented, It’s Not Done.

Feb 16

AU-C 315 Exposure Draft Issued by AICPA

By Charles Hall | Accounting and Auditing

The AICPA issued its AU-C 315 exposure draft in August 2020. AU-C 315, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatements, has been with us several years. Now the AICPA is updating it. 

Conceptually the exposure draft is not that different from the extant standard, but the details introduce some interesting changes. The proposed standard, if adopted, will have a significant impact on future audits. 

AU-C 315

Risk Assessment: The Early Years

Risk assessment provides the foundation for planning an audit. So it's critical that an auditor understand the entity and its environment, including controls, prior to assessing the risk of material misstatement. 

The Auditing Standards Board (ASB) issued its original risk assessment standards in 2006 with SAS 109 being a part of that suite. Since that time auditors have done a much better job of understanding the entities they audit prior to planning. Even so, auditors continue to struggle with understanding internal controls. Additionally, some find it difficult to use that information in risk assessment and planning. 

Risk Assessment Confusion

Since the issuance of SAS 109, auditors have asked questions such as:

  • Why do I need to understand the system of internal controls if I am using a substantive approach?
  • What risk assessment procedures are required?
  • When are controls relevant to my audit (in other words, what controls should I pay attention to)?
  • How do I assess the risk of material misstatement?
  • Why is risk assessment not more scalable?
  • When is an account balance, transaction cycle, or disclosure significant (in other words, what accounts balances, transaction cycles, and disclosures should I pay attention to)?
  • What makes an assertion inherently risky?
  • What is a significant risk?

These questions (and related misunderstandings) manifested themselves in peer reviews. 

Peer Review Information

Firms are receiving peer review feedback saying there is a lack of documented understandings of the entity and its controls. Moreover, peer reviewers have found that auditors are, in some cases, not using the information--even when control understandings are documented--as a basis for risk assessment or planning. 

So, the AICPA is, in this update, trying to lend a helping hand. 

Exposure Draft Goals

The ASB is addressing the following with this exposure draft:

  1. The auditor's work to understand an entity's system of internal control
  2. Modernize the standard, particularly in regard to IT
  3. Assist the auditor in determining risks of material misstatements, including significant risks

Risk Assessment Upgrade

This ASB has received feedback from practitioners and firms since the exposure draft was issued. 

One of the things I see in the draft proposal is clarification regarding what's important in an audit (and how certain elements are defined), such as:

  • The reporting framework
  • Relevant assertions
  • Significant account balances, transaction cycles, disclosures
  • Significant risks

As I was reading the draft proposal, I kept thinking, this makes sense. I think you will too. 

Effective Date

The effective date, if the standard is issued, is for periods ending on or after December 15, 2023. 

>