AICPA Statement on Auditing Standards (SAS) Nos. 104-111 are commonly referred to as the "Risk Assessment Standards". The Center and the AICPA have developed resources to assist auditors in applying these standards.
Audit Risk Alert, Understanding the New Auditing Standards Related to Risk Assessment
This Audit Risk Alert summarizes the eight risk assessment standards, highlights significant new requirements found in the standards, and helps you understand the many new requirements.
Audit Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit. This Guide provides both authoritative and nonauthoritative guidance on applying the risk assessment standards.
Risk Assessment Standards (Nos. 104-111) Technical Practice Aids
AICPA Technical Practice Aids (TPAs) to assist auditors in implementing the Risk Assessment Standards. These TPAs were developed in response to common questions received from members.
Establishing an Understanding with the Client
SAS No. 108, Planning and Supervision, establishes the requirement for a "written" understanding with the client.
Conducting a Risk Assessment/Fraud Specific Audit Team Meeting
SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, requires the auditor to initiate a discussion among members of the engagement team about the susceptibility of the plan to material misstatements of the financial statements.
Estimating Planning Materiality and Tolerable Misstatement
SAS No. 107, Audit Risk and Materiality in Conducting an Audit, addresses materiality considerations in a plan audit.
Performing Preliminary and Substantive Analytical Procedures
SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, states that the auditor should perform analytical procedures to obtain an understanding of the entity and its environment, including its internal control. Such procedures help the auditor determine where there may be potential misstatements.
"What Could Go Wrong" Questions
SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, requires the auditor to assess the risks of material misstatements at the financial statement level and at the assertion level for classes of transactions, account balances, and disclosures. The auditor identifies risks, and then relates the identified risks to what can go wrong at the assertion level. One way an auditor can do this is to ask "what could go wrong" questions.