Evaluate, Test and Report 1(a)(iii) Flashcards
What is SAS 104?
- “Due Professional Care in Performance of Work”
- Amendment to SAS 1, Codification of Auditing Standards and Procedures
How does an auditor apply SAS 104?
- Auditor must plan and perform financial audit to appropriate audit evidence to reduce audit risk to low level so that FS are free of material misstatement, whether caused by error or fraud
- An auditor does not examine all transactions or events and bc of limitations of entity’s IC, absolute assurance cannot be achieved
What is SAS 105?
- Expands scope of 2nd Standard of Fieldwork from “understanding of IC” to “understanding entity and its environment, including its IC”
- Amendment to SAS 95, GAAS
- Standard emphasizes quality and depth of understanding to be obtained by amending purpose from “audit planning” to “assessing RMM of FS whether due to error or fraud and design nature, timing, and extent of FAP”
What is SAS 106?
- Provides auditor w/ definition of Audit Evidence, relevant assertions and guidance on designing audit procedures
- Re-categorized assertions by classes of transactions, acct balances, and presentation and disclosure (expanded guidance)
- Describes how auditor uses relevant assertions to assess risk and design audit procedures
- Introduced concept that risk assessment procedures are necessary to provide basis for assessing RMM
What is SAS 107?
- Audit Risk and Materiality in Conducting Audit
- Describes basis for audit approach or FAP as the RMM
Risk-based standards states Auditor: - Should have and document appropriate basis for audit approach
- Must consider audit risk and determine materiality
- Communicate all known and likely misstatements ID’d during audit to appropriate level of mgmt
What is SAS 108 and its Key Components?
- Planning and Supervision
- Guidance and Key components on:
• Overall audit strategy
• Audit plan
• Determine involvement of professional w/ specialized skills (CITP, CAATs)
What is SAS 109?
- Understanding Entity, Environment and Assessing RMM
- Auditor responsible for obtaining this understanding, including entity’s IC
What are 2 significant IT implications in SAS 107?
To fulfill requirements of this SAS, IT auditor must take steps to understand:
(1) if any IT risks lead to RMM, and
(2) whether there are sufficient controls in existence to timely prevent and detect any
potential errors or fraud
What is SAS 110?
- “Performing Audit Procedures in Response to Assessed Risks and Evaluating Audit Evidence Obtained”
- Auditor should design and perform audit procedures based upon assessment of RMM
- Auditor should perform ToC when auditor’s risk assessment includes expectation of operating effectiveness of controls or when substantive procedures alone do not provide sufficient appropriate audit evidence at relevant assertion level
- Auditor should “link” FAP to risks ID’d by providing type of procedure that can provide level of assurance req’d for the level of risk
What should be considered under SAS 110?
- SAS 110 indicates design of FAP should consider:
• Significance of risks and likelihood that material misstatement will occur
• Characteristics of class of transactions, acct balance or disclosure
• Nature of specific controls used by entity and if manual or automated
• If auditor plans to test controls to modify nature, timing and extent of substantive procedures
What is SAS 111?
- Amendment to SAS 39, Audit Sampling
- Addresses concepts of establishing tolerable deviation rates when sampling ToCs like matching and authorization
What is AS5?
- Same as Risk Standards, plus internal controls over financial reporting (ICFR), integrated audits and SOX 404 requirements
- Assess nature and complexity of entity’s IT relative to business processes, accounting operations and info systems (from simple to sophisticated complexity)
What is the common requirement in the 8 new SAS (104-111)?
- Require both auditor and entity to assess RMM of FS and understand what entity is doing to mitigate them
- Considerations of IT in financial audits and RMM and IT risks, automated
controls and IT General Controls {ITGC}