Audit awareness: SAS Nos. 104-111 fundamentally alter
how auditors ply their trade.
* The AICPA developed several courses related to the risk suite.
One specifically addresses internal controls to assist company auditors
in implementing controls documentation for non-issuers. There have also
been several AICPA webcasts.
* The Journal of Accountancy has run two articles directed at the
suite that are designed to communicate an overview of the SASs,
including SAS 103.
* The risk assessment suite was a topic at all major AICPA
conferences in 2006 and again in 2007.
* The major vendors of CPA materials are releasing practice aids
and guidance.
* The AICPA is marketing an internal controls software program
called ControlsDocsm designed around the COSO framework to assist
companies in documenting their controls. ControlsDocsm can also be used
by auditors to document their understanding of client controls. It can
be flexibly and economically used for non-issuer audits or for SOX
engagements in smaller public companies. More information can be
obtained at www.cpa2biz.com or www.cobre.com.
* This summer I have a book coming out, Internal Controls: Guidance
for Private, Government and Nonprofit Entities, which helps companies
understand how to document their controls and helps to bridge the
auditor-client issues in controls assessment and testing. It is
specifically directed to non-issuer entities. I also co-authored with
Xenia Parker the 2007 edition of Information Technology Audits, a
reference work for auditors assessing IT issues, one of the control
elements the new SASs require auditors to include in their controls
assessments. The work was updated to include the new SASs as well as for
audits of internal control (PCAOB Standard No. 5).
Q: What do CPAs need to understand most clearly about the
standards?
A: Many of the new requirements will require a real first-year
effort to get up and running. The maintenance in year two, and beyond,
of well-implemented changes will not be that hard or expensive.
The changes we are talking about will benefit practitioners and
clients in creating value in the audit.
By embracing the requirements and developing a plan for
cost-effective implementation and integration into their practices,
firms will be protecting themselves and the profession--helping third
parties see the value of the audit and preserving the value the audit
brings to the financial reporting process.
And if we do not take up the challenge, further changes in the
profession will be forthcoming.
COPYRIGHT 2007 California Society of Certified
Public Accountants Reproduced with permission of the copyright holder. Further reproduction or distribution is prohibited without permission.
Copyright 2007, Gale Group. All rights
reserved. Gale Group is a Thomson Corporation Company.
NOTE: All illustrations and photos have been removed from this article.