New Risk Assessment Standards in Governmental Audits—Part I

Governmental Update (PPC) / By

Auditors will begin applying the new risk assessment standards in audits of 2023 calendar year-end governmental clients, periods ending on or after December 15, 2023. SAS No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, provides the new guidance.

So, how does SAS No. 145 change your audit processes? We will answer this question in two newsletter articles. This is Part I. Part II will be published next month.

Auditors will continue to focus on the potential for material misstatements. So, conceptually, you will continue to use similar processes, asking yourself, “Where are material misstatements most likely to occur?” Then, plan your audit tests accordingly.

Key Changes Summary

Key changes in the risk assessment standards addressed in Part I of this article include the following:

  • Separate assessments of inherent risk and control risk
  • New definition of significant risk
  • Focus on inherent risk factors and the spectrum of risk

As you read the remainder of this article, pay particular attention to the definitions in SAS No. 145 as they relate to these key changes. Also, notice the emphasis on inherent risk. We’ll explore additional key changes in Part II of this article next month.

Inherent Risk and Control Risk Assessments

SAS No. 145 requires separate assessments of inherent risk and control risk. You may think, “We’ve done this for years,” and you are correct if you have been using our audit guidance. Our risk assessment forms address both inherent and control risk. However, the prior risk assessment standards did not require these separate assessments. Therefore, this change in the standards may not feel like a change.

One noticeable change, however, is in the definition of significant risk. Formerly, the response to risk (an area needing special audit consideration) was the determinant of significant risk. Now, SAS No. 145 defines significant risk in terms of its intrinsic makeup. In other words, the nature of the account or disclosure characterizes significant risk, not the response.

Significant Risk

SAS No. 145 defines significant risk in the following manner:

A significant risk is an identified risk of material misstatement for which the assessment of inherent risk is close to the upper end of the spectrum of inherent risk due to the degree to which inherent risk factors affect the combination of the likelihood of a misstatement occurring and the magnitude of the potential misstatement should that misstatement occur.

Notice the definition focuses on two factors:

  • Likelihood of misstatement
  • Magnitude of misstatement

So, as you define significant risks in your governmental engagements, consider classes of transactions, account balances, and disclosures with high inherent risks—those close to the upper end of the risk spectrum. Additionally, consider those areas where high-magnitude misstatements might occur. For example, a material complex estimate might be a significant risk. Why? Because of its inherent risk factors.

Inherent Risk Factors and the Spectrum of Risk

SAS No. 145 defines inherent risk factors as follows:

Characteristics of events or conditions that affect the susceptibility to misstatement, whether due to fraud or error, of an assertion about a class of transactions, account balance, or disclosure, before consideration of controls. Such factors may be qualitative or quantitative and include complexity, subjectivity, change, uncertainty, or susceptibility to misstatement due to management bias or other fraud risk factors insofar as they affect inherent risk.

An estimate might be complex, subjective, and susceptible to fraudulent manipulation. Such factors cause the inherent risk to be extremely high—or, as SAS No. 145 says, “close to the upper end of the spectrum of inherent risk.” If the estimate is material and has these characteristics, it’s probably a significant risk.

SAS No. 145 does not define “close to the upper end of the spectrum of inherent risk” in terms of low, moderate, or high. Nor does the standard suggest a numerical expression. But it might help to think of inherent risk on a scale of 1 to 10, with a 9 or 10 as “close to the upper end.” You can still document the risk as low, moderate, or high.

For instance, suppose an inmate sues a county government for a significant amount. In this example, it is probable the government will lose the case, but the dollar exposure is unknown. As auditors consider the liability’s valuation assertion, they might assess the inherent risk as “close to the upper end of the spectrum of inherent risk” due to the subjectivity of the amount. If a significant risk is present, valuation is a relevant assertion. We’ll define what a relevant assertion is next month in Part II of this article.

Part II Topics

Part II of this article will address the following topics:

  • Relevant assertion definition
  • Focus on significant classes of transactions, account balances, and disclosures
  • Standback requirement
  • Emphasis on information technology controls

© 2024 Thomson Reuters/PPC. All rights reserved.

SDA helped us put together a successful bid for creating our massive entertainment village in downtown Ft. Lauderdale. They're amazing to work with! Very professional and supportive. We look forward to continuing to work with SDA as we grow.
Jeff John, Damn Good Hospitality Group
JEFF JOHNCEO, Damn Good Hospitality Group
SDA served as a consultant for us while we were doing project management for a construction job. They have excellent business acumen, are highly professional and truly value being a partner with us. We enjoy our relationship with SDA and look forward to continued future success.
MARK BLANCHARD
MARK BLANCHARDVP Strategic Development, AECOM
We’ve worked with SDA for several years on various projects within our legal and finance departments. They also helped us secure a grant for our new practice facility in downtown Fort Lauderdale. SDA really is the smarter way to do business!
Matthew Caldwell
Matthew CaldwellPresident & CEO, Florida Panthers Hockey Club
Tanya and the SDA team have done a great job for us - especially in helping us navigate and resolve some complex issues surrounding our audit work. They've been a consultant for us for a number of years and have also been consistently supportive of our community efforts. We truly value our relationship with SDA.
W. Ajibola Balogun - City Manager, City of West Park
W. Ajibola BalogunCity Manager, City of West Park
SDA has always done excellent work. Our financial auditing and bond control reviews are completed thoroughly and timely, and their team has been very accessible to help us address and analyze key issues whenever they may arise. In short, they’re a solid business partner we’re grateful to have.
Jennifer Andreu
Jennifer AndreuFormer Assist. Super., Miami-Dade County Public Schools
We are so pleased with the experience that we’ve enjoyed over the past 20 years with SDA. All of you were so timely and resourceful, serving as a trusted business partner, assisting with our fiscal controls, handling our financial auditing, smart bonds work and more. We couldn’t be happier with your services.
Torey Alston
Torey AlstonBoard Member, Broward County School Board
As the mayor of one of South Florida’s leading cities, I know it takes an incredible team around you in order to achieve a citywide vision for your constituents. SDA is one of those highly reliable teams I’m proud to say supports us well in our efforts of continuous improvement, accountability and transparency for the people of the city of Miramar.
Mayor Wayne Messam
Mayor Wayne MessamCity of Miramar, Florida
Previous
Next

I’m ready to grow my business the smart way.

CONTACT US

Let's Get Smart:

Sign up for SDA news to see how other organizations are working with us and get great ideas on how you can grow your business the smart way right now.

Resources

Learning Center
Client Portal
Ask An Expert

Soultions

Accounting
Tax
Audit
Consulting

About Us

The Team
Careers
Contact Us

Recent Articles:

Search

© 2023 S. Davis & Associates, P.A. | All Rights Reserved.

Legal Center. Privacy Policy.