The New Standard for Risk Assessment Called SAS 145

The AICPA® Auditing Standards Board (ASB) recently released the 211-page standard with the following revisions:

  • Separate assessments of inherent risk and control risk are now required
  • An update to the definition of significant risk
  • Information technology-related new application guidance
  • Simplified guidance on scalability
  • An updated definition of “relevant assertions”

As a result of the new auditing standard Statement on Auditing Standards (SAS), audit processes can be streamlined and compliance issues addressed. Understanding the entity and its environment and assessing the risks of material misstatement are addressed in 145. The use of top-down approaches to managing material misstatements and relevant management assertions may also improve audit efficiency.

Although SAS No. 145 does not change the basic concepts of audit risk, it will provide auditors with greater clarity and guidance as they identify and assess risks of material misstatement. By implementing SAS No. 145, audit quality will be improved and risk assessments will be more effective.

The introduction of a “stand-back” requirement allows auditors to review their completed identification of the levels of risk associated with transactions, account balances, and disclosures. In AICPA Professional Standards, SAS No. 145 amends several AU-C sections and supersedes SAS No. 122, Conduct of an Audit in accordance with Generally Accepted Auditing Standards. Financial statements audits after Dec. 15, 2023 are subject to SAS No. 145. This includes audits in January of the following year.

Additionally, while SAS No. 145 is a rewrite of AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, Tom Groskopf, CPA, and director at Cincinnati-based Barnes Dennig clarified that “it doesn’t fundamentally change the overarching concepts of identifying, assessing and responding to those risks.”

SAS No.145 is complex and has many pages, which Grosskopf understands as challenge for everyone to break old habits. “Read it, digest it, learn about it, and ask questions about it.” The standard should be implemented as early as possible to give auditors adequate time to prepare and become familiar with the concepts.

Groskopf stated that the top-down approach helps auditors identify and address material misstatement risks.

As Groskopf noted, adopting a top-down approach to addressing material misstatement risks aligns with SAS No. 145’s new standback requirement and with SAS No. 145’s new guidance on scaling. AU-C section 315 does not contain the term “top-down,” which means that a top-down approach is not explicitly required in SAS No. 145. A top-down approach, however, may result in more efficient and effective audits for organizations.

SAS No. 145 is scalable

Often, smaller companies perceive risk assessment as too difficult, given their limited resources, Groskopf said. SAS No. 145 addresses these concerns and makes quality risk assessments more achievable. Also, the AICPA will release an updated risk assessment guide early this winter to provide clearer guidance on how firms can scale their risk assessments to fit a variety of engagements.

Identify and solve complex business challenges

SAS No. 145 will allow auditors to focus their attention on the most pressing issues, Groskopf said. “The business environment has become so complex,” Groskopf said. “It’s the risk assessment that tells you where to pivot and to focus. Otherwise, how do you know what to draw your attention to in the audit?”

Learn more about SAS No. 145 here and prepare for the Dec. 15, 2023, effective date.



Venteon’s Finance practice is the preferred staffing agency for all audit placements. Get in touch with us today to find out what we can do for you.

Share It