More on the New Risk Assessment Standards and the Effect on Your Audit

The American Institute of Certified Public Accountant’s Auditing Standards Board recently established a number of new auditing standards. Two of the new standards, SAS 103 and SAS 112 are already in effect. The remaining eight standards, SAS 104-111, collectively referred to as the “risk assessment standards”, are required to be implemented for December 31, 2007 audits.

Although the bulk of the new rules do not take effect until the end of the year, the sweeping nature of the changes require most audit firms to make significant changes to their audit procedures. The result will be financial statement audits that require an overall increase in effort by both audit firms and their clients.

The Sarbanes-Oxley auditing rules adopted by Congress to apply to publicly traded companies were in part an extension of the risk-based auditing approach already being used by large audit firms. To make this risk-based audit approach universal for all audits the Auditing Standards Board has issued amendments to existing auditing standards that they feel will improve the quality and effectiveness of audits and enhance the auditors’ application of the risk-based audit model by requiring:

• More in-depth understanding of the entity and its environment, including internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them.
• More rigorous assessment of the risks of material misstatement of the financial statements based on that understanding.
• Improved linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks.

Here is a summary of some of the changes you may see as we plan the next audit of your organization:

Fraud

As we plan audit engagements, we will talk with management and others about the risk of fraud in your organization. We will focus on things such as where and how fraud could occur; what communications have been received from employees, former employees, funding sources, regulators, or others; what internal procedures are in place to identify specific fraud risks; what programs and controls have been established to mitigate specific fraud risks; what communications to employees have been made regarding business practices and ethical behavior; and what communications with audit committees have been made regarding internal controls that prevent and detect fraud. Engagement letters, management representation letters, internal control letters, and management comment letters will include references to audit fraud procedures and management responsibilities regarding fraud. We also may be providing you with recommendations to reduce the risk of potential fraud in your organization.

Internal Control

Fraud usually occurs because of weaknesses in internal control. Auditors are now required to identify significant risks that need special audit consideration. And we are now required to increase our knowledge of control activities that prevent and detect fraudulent financial reporting. As we plan audit engagements, we will be requesting detailed documentation of your accounting systems. We will be testing those systems for gaps in design and weaknesses in operation. Additionally, we will be reporting on the design and operating effectiveness of internal control and will be making recommendations to management on the structure of internal controls. You can depend on our service approach to provide specific ideas for improvements designed to increase operational effectiveness. But we will be stressing the importance of management involvement in creating controls that inhibit fraud, and fostering an institutional intolerance for fraudulent behavior, including the monitoring of management’s override of those controls. One example of an area we will assess is the timeliness of account reconciliations. For instance if all of the bank reconciliations for a year are completed the week before our audit fieldwork this indicates a system weakness even if all of the account balances are correctly stated in the financial statements.

Financial Disclosures

At the root of financial reporting is the availability of timely, reliable and meaningful information. Our society and the nonprofit community depends upon informative, reliable financial reporting – often referred to as “transparency.” The new auditing standards emphasize that risks of material misstatement should be considered for disclosures and require the auditor to test financial disclosures. Assertions about presentation and disclosure have been expanded to include completeness and understandability to users. As auditors we will focus on the selection and application of accounting policies and whether they are appropriate for the organization and consistent with generally accepted accounting principles and with those used in the nonprofit industry. In particular our auditing procedures will test accounting estimates and revenue recognition. Our service approach will consider key performance indicators for your organization not only to assist in the design of our audit approach but also to provide concrete analysis of the strengths and weaknesses of your organization.

All of these changes require increases in time that we will spend on an audit. And we expect that it will also require significant increases in time by your personnel as they provide the requisite information to comply with these new standards. We will discuss with you how, working together, we can control audit costs. However, we do anticipate that our clients will experience an increase in audit fees.

The dynamics of the current economy has challenged all nonprofits. We at Wegner LLP promise the best quality attest services customized to the needs of each of our audit clients. We look forward to working with you during the next financial reporting period.

Again, as with the new auditing standards, please feel free to contact us with any questions you may have.