Statement on Consideration of Proposing Auditing Standards Related to the Auditor’s Assessment of and Response to Risk
Thank you, Messrs. Goelzer and Niemeier.
The staff recommendation before the Board today is to propose seven auditing standards and several conforming amendments that would collectively update the requirements in the existing interim standards for assessing and responding to risk during an audit. The proposed risk assessment standards before us today have been a high priority for the Board.
For auditors, ”audit risk” can be described as the risk that the auditor will express an inappropriate opinion when the financial statements are materially misstated. Thus, the standards in this area focus on appropriately identifying and responding to the risk of material misstatement.
Some of the interim standards that today’s proposals would supersede have been in place since the 1980s, so while the concepts of risk assessment and response are not new, certainly audit practices have evolved. The proposals seek to capture these advancements.
We are all aware – today, more than ever -- that risk factors can change and sometimes rather quickly. It is, therefore, crucial that an auditor establish and maintain a sound and current understanding of the company and the environment in which it operates. At our Standing Advisory Group discussion on risk assessment a few years ago, investor advocates stressed this as an important factor, and underscored the need to ensure that the auditor maintain an awareness of risks within the client’s industry. The proposed standards that the staff have put before the Board are responsive to this concern. They place an emphasis on establishing an understanding of the company, both from an internal perspective – such as the business processes, risks, and controls of the company -- and an external one – that is, the risks within the company’s environment.
Equally importantly, the standards emphasize that responding to assessed risk in an appropriate manner is key to a high quality audit. Investor advocates at our SAG discussion stressed the importance of the risk assessment having an impact on the audit from the beginning to end. I couldn’t agree more. The best processes to identify risk will be meaningless if the audit procedures are not tailored to respond to those risks. The proposed standards reflect this view.
Keith Wilson noted that a number of the changes to the standards that the Board is considering today are not necessarily novel. As he observed, there were a number of inputs to the development of these proposed standards, including improvements that many firms have made in their audit methodologies; advice from the Board’s SAG; the PCAOB’s Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements; and also observations from the Board’s oversight activities.
In addition, staff carefully considered and utilized to the extent possible the provisions of the risk assessment standards of the International Audit and Assurances Standards Board (IAASB). While certain changes were necessary, the proposed standards reflect a good degree of commonality with the substance of the International Standards on Auditing.
An important improvement contained in today’s proposals is the move to integrate and emphasize the auditor’s responsibilities to consider the risk of fraud during the audit. The purpose of this change is to prompt auditors to make a more thoughtful and thorough assessment of the risks of fraud and to develop appropriate audit responses. We have heard concerns from investors -- and identified issues through our inspections -- that some auditors have appeared to view the consideration of fraud as an isolated, mechanical process rather than an integral part of the audit. Today’s proposals should send an important message that the Board views assessing the risk of fraud as a central part of the audit process, rather than a separate consideration.
Today’s proposals are not designed to be a one-size-fits-all approach. Instead, the proposed standards describe a risk assessment process that should result in audit procedures tailored to the audit client's size and complexity. We encourage commentators to focus on this and other areas that staff have highlighted in the proposing release to ensure, among other things, that the proposals provide a sound framework with an appropriate level of flexibility.
Because these standards are foundational, we are providing a longer than usual 120-day comment period. It is critical that they benefit from a cross-section of comments. Thus, I encourage investors, issuers (in particular audit committee members), auditors, academics and other interested parties to take the time to review and comment on all aspects of this set of standards. I can assure you that we will carefully consider each comment in an effort to improve the final standards.
Before I conclude, I would like to thank Tom Ray, Keith Wilson and their colleagues in the Office of the Chief Auditor for their hard work on these seven proposed standards and conforming amendments before the Board today. I also want to thank Jake Lesser in the Office of the General Counsel, who collaborated with our standards team. It was no easy effort to bring this suite of standards to the proposing stage today, and I thank each of you for your contribution to this important initiative.
I will now turn to my fellow Board members for any discussion.