Risk Standards (5 of 6)

In our previous posts we have discussed the new risk standards promulgated by the AICPA affecting audits for years ending beginning on or after 12/15/06. In post #4 we briefly discussed SAS 106 and 107. Now we will discuss SAS 108 and 109.

SAS 108 –requires a more detailed audit plan than what was previously accepted. This standard will require more interaction with clients and it may take the auditor longer to generate the plan.

SAS 109 – requires the auditor to perform “risk assessment procedures” to gather information and gain an understanding of the client and their environment. This can be performed in conjunction with documentational questionnaires, client interviews, and “brainstorming” sessions amongst the auditors. This understanding will help the auditor obtain the evidence necessary to support the auditor’s assessment of risk.

Control Risk Definition: Control Risk (CR) is the level of risk that a misstatement will occur and not be detected by the entity's internal controls.

IR (inherent risk - defined in a previous post) x CR (defined above) = Risk of Material Misstatement