HomeContact UsOur WritersMedia KitAdvertisersWhite PapersArchives
Main Menu
Issue Archive
Managers Forum
Help Wanted
Used Equipment
Product Directory
Issue Archive Print E-mail


New Auditing Standards Affect All Audits
by Jeff Brandenburg

Several new Statements on Auditing Standards (SAS) have been issued and have, or will, affect your annual audit. In this issue we will summarize the new SAS’s and outline what changes you might be seeing in the audit process.

Audit Report Dating

In the past, auditors have often dated their audit report as of the date the audit work at the client’s premises was completed, which is often called the “end of fieldwork” date. In some cases, this resulted in lengthy time lags between the date of the auditor’s report and the date the financial statements were released. Beginning with audits of December 31, 2006 financial statements, auditors will date their reports much closer to the date the financial statements are released. Auditors have a responsibility to investigate transactions and events that occur through their report date that may affect the financial statements. If there are delays between the end of audit “fieldwork” and the release of the financial statements, it will likely be necessary for your auditor to perform additional updating audit procedures. Your assistance in helping to promptly resolve issues and finalize the audit will help minimize the time and cost of performing those additional updating procedures.

Communicating Internal Control Related Matters

In connection with your audit, the auditor obtains an understanding of your internal control to the extent necessary to plan the audit. If they become aware of reportable conditions or material weaknesses in your internal control as part of that process, they communicate those issues to you. Recent changes in auditing standards expand those communication requirements. Auditors will now be required to communicate significant control deficiencies and material weaknesses. The term “significant control deficiency” is more comprehensive than “reportable condition.” As a result, there is a good chance that your auditor will be communicating more internal control-related conditions to you than they have in the past. Examples of conditions that may indicate the existence of a significant control deficiency or material weakness include —

  • Identification of the need for a material audit adjustment that was not initially identified by your internal control system.
  • An inability by your personnel to prepare the financial statements, including disclosures, without significant auditor assistance.
  • Failure to perform timely reconciliations of significant accounts.
  • Inadequate design of internal control over a significant account or process.
  • Inadequate documentation of the components of your internal control.

These expanded communications will be made beginning with audits of December 31, 2006 financial statements.

Assessing Risk in Financial Statement Audits

Early in 2006, auditing policymakers set new standards that introduced a comprehensive new audit methodology. This new methodology differs significantly from the way audits have been performed for the past three decades.

Although the bulk of the new rules do not become effective until the end of 2007, the sweeping changes require most audit firms to begin revising their processes immediately. Profession-wide training already has begun in earnest and will continue throughout 2007. Without question the changes mandated by the new standards will affect not just audit firms, but their clients as well.

New Standards Strengthen the Audit Process

The Enron scandal and other high-profile business frauds and failures prompted the business community and the auditing profession to re-examine the audit process. In 2002, Congress passed the Sarbanes-Oxley Act, which resulted in greatly expanded audit requirements for public companies. Now, some aspects of Sarbanes-Oxley have been incorporated in auditing standards applicable to nonpublic entities.

The goal of the new standards is simple: to maintain the integrity of the audit process by responding to the evolving needs of financial statement users.

Auditors Adapt to Changing Business Environment

Business models have evolved rapidly in the last decade. For example, the use of e-commerce, the outsourcing of business operations overseas, and the use of complex financing techniques have changed the way businesses operate and the risks they face. These changes are affecting organizations of all types and sizes.

This constantly evolving business environment requires an audit process that can adapt easily to changing circumstances. A fundamental feature of the revised audit process is its ability to adapt to the unique facts and circumstances of individual entities.

Under the new audit process, auditors will —

  • Obtain a thorough understanding of their client’s information processing system,
  • Evaluate the design effectiveness of the controls over that system, and
  • Obtain detailed knowledge of their clients’ operations, their business objectives and strategies, and the risks to achieving these objectives.

Armed with this information, auditors will customize the audit based on their client’s operations and business environment.

Understanding the Client and Internal Control

Auditors have always been required to obtain an understanding of their client’s business, its information system and internal controls. However, the purpose of this understanding was simply to identify the significant classes of transactions, the accounting records used, and the types of accounting errors that may exist. Under the new standards, auditors will gain a more thorough understanding of the client and evaluate the effectiveness of internal control.

Auditors obtain an understanding of internal control by performing a variety of procedures that may include reviewing relevant documentation, observing the performance of a control procedure, and “walkthroughs” of transactions. Information the auditor obtains by performing these procedures must be as rigorous as the procedures to verify an account balance or the existence of inventory. Auditors will be allowed to carry forward knowledge obtained in previous audits. However, the procedures performed to update that knowledge also must be at a high level.

Clarifying Management and Auditor Responsibilities

For many years, auditors have reported internal control deficiencies to their clients. Compared with previous rules, the new standards are much more specific about situations that auditors will report to their clients as internal control deficiencies. Some of those situations include auditor-client arrangements that may have existed for years. Here’s an example —

It is fairly common for management to rely on their auditors to provide some accounting and financial reporting assistance. For example, the auditor may propose standard journal entries, assist in preparing the financial statements, or draft the notes to the financial statements. Under the new auditing standards, auditors can still provide these services. However, auditors will now evaluate the extent of their client’s reliance on its auditor for accounting and financial reporting assistance. Depending on the extent of that reliance, the auditor may need to report these circumstances as an “internal control deficiency” in a written communication to management. Auditors will exercise judgment to make this determination.

Management may have sound business reasons for involving their auditors in maintaining the accounting records or preparing the financial statements. As long as these services are not prohibited by regulatory rules that may apply to the client, it is perfectly acceptable for these arrangements to continue. However, the auditor will now have to communicate these matters in writing.

What the New Rules Mean for Audit Clients

In general, audit clients should expect their auditors to —

  • Perform more work to gather information and form an understanding of the business and its environment.
  • Perform more extensive procedures to evaluate internal control design.
  • In some cases, shift portions of the work relating to understanding the business, its environment, and its internal control to a period of time well in advance of the organization’s year-end.
  • Involve more experienced audit personnel in gathering information about the company and its internal control.

The new standards are the most significant change to auditing in the last thirty years, affecting auditors and clients alike. Over the next year, as implementation takes place, we encourage you to work with your external auditors to make the transition as smooth as possible.

Back to Articles