Ready or Not–Audit Changes Are Around the Corner

By Dan Dangel, CPA
September 10, 2007

The new Statements on Auditing Standards 104-111, also known as the Risk Assessment Standards, are designed to change the way CPAs audit financial statements by changing generally accepted auditing standards.


What? When does this apply? Did they give us enough time? One AICPA document says, “You should not underestimate the standards’ significance and the far-reaching effects they will have on your audits.”

The standards were issued in March 2006 because they were expected to have such impact on accounting procedures, but not be effective until audits of periods beginning on or after Dec. 15, 2006. That means that this is effective for audits of all Dec. 31, 2007 year-ends. Those CPAs who are reading this on or around Sept. 15 and who normally hit the field on year-end audits about 60 days into the year, have 24 weeks to be on top of this material and be ready to implement it in the form of documentation in their workpapers.

Of course, planning would occur long before CPAs hit the field, shortening their actual preparation time. Note that the standards recommend early implementation and certain portions, such as mandatory audit engagement letters, can and should be implanted as soon as possible.

CPAs who have embraced the concepts of risk-based auditing will have less of a learning curve than those who rely on canned checklists to lead them through the audit documentation. And, of course, if CPAs’ peer review year will include those spring season audits, showtime will come very quickly.

CPAs should be aware of the approaching deadline and need to understand the new standards, as well as figure out how they will implement them—all of them—as they apply to all audits. New accounting pronouncements often apply only to certain clients; these new audit standards apply to all audits. When to start? Now.

CPAs should inform their clients about this major change. They will be the ones that these new procedures will impact and, if applicable, they will be faced with a higher audit fee. But the standards are intended to improve the quality of the audit. At this time CPAs may also address the issue of internal control and SAS 112—if they didn’t already send them a management letter this year.

The California CPA Education Foundation has a variety of classes that address the technical aspects of these standards. For the most part, they address the background knowledge CPAs need to implement the standards. Some courses provide updates on the auditing standards, while others focus just on the Risk Assessment Standards to help CPAs understand what they are facing. I am aware of only one course that addresses implementation. Tom Noce and Thad Scott have been teaching classes on the Risk Based Auditing Approach for several years and offer a two-day class on auditing using these new standards (Sept. 19–20 in San Francisco). The course is labeled as an advanced class and a prerequisite is an understanding of the seven new standards.

Limited Trial Implementation
Pick an audit and start implementing certain aspects now. Most likely, CPAs will be meeting the previous standards and picking up some skills (brainstorming, documentation, risk assessment) that will be useful when they attempt their full rollout. CPAs may even develop some documentation tools that can be replicated in other audits.

Full Implementation on an Individual Audit
Taking an off season audit and attempting to fully implement the new standards will help CPAs address what is simple and what is not as a basis for helping that audit team develop ideas and hints to be taught to others. Picking their best team to be early implementers will yield great results for years to come.

Along the way, stop and evaluate how this process is working. CPAs should use all the knowledge from their team members, whether assigned to the early implementation audit or not, and find out what they know and what they still need to know. CPAs should ask themselves whether the procedures they are implementing and documenting are helping them to maximize the quality of their audit. If not, why not?

What Can You Expect as a Result?
I call this new approach “Auditing on Purpose.” CPAs don’t have to do any procedures that don’t get them closer to the goal of a high-level assurance—except, in some cases, documenting why they aren’t doing something else. Their approach will tailor each audit to the situations they face with the specific client. Clients that never require an adjustment will be treated differently than those who need 47 adjustments. When the client engages in out of the ordinary transactions, they will be identified and on a risk basis CPAs will respond with procedures that are targeted at potential errors. No one will be forced to audit low risk immaterial errors as though they were significant. CPA audits will be evaluations and understandings of the client and the risks that their financial statements represent, which are met by CPA responses, all of which is documented so someone else can figure out what you’re the CPA’s decisions/judgments were.

The standards bring us into a new era of auditing. Some people say it is more similar to what they were doing 30 years ago than how their audits had digressed in recent years. A reason to do the right thing or a revolutionary change. Either way, ready or not, here they come.


Click here for more auditing resources from CalCPA