The Auditing Standards Board (ASB), which issues Statements on Auditing Standards (SAS), recently issued SAS 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements. This new SAS is effective for periods ending after December 15, 2021, meaning that for reporting periods beginning 12/31/21, there will be a different look to the auditor’s report – and there could be some additional changes to the audit as well. This article dives into the most significant and widespread changes that will have an impact on the vast majority of reporting entities; however, there could be additional changes more specific to your entity.
Changes to Auditor’s Report
Prior to SAS 134, the auditor’s report was in a very specific format with sections for management’s responsibility, the auditor’s responsibility, and then the opinion. However, SAS 134 is changing the format by making the opinion paragraph the first section of the auditor’s opinion followed by paragraphs for the basis for opinion, going concern (when applicable), key audit matters, responsibilities of management, and the auditor’s responsibilities. See the excerpts below for a sample comparison of the old auditor’s opinion format and the new format under SAS 134.
Sample Excerpt of Auditor’s Report Under SAS 134
To the Board of Trustees
of Sample Company
Opinion
We have audited the accompanying financial statements of Sample Company, which comprise the statement of financial position as of , and the related statements of activities, functional expenses, and cash flows for the years then ended, and the related notes to the financial statements.
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of as of , and the changes in its net assets and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America.
Basis for Opinion
We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are required to be independent of and to meet our other ethical responsibilities in accordance with the relevant ethical requirements relating to our audits. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Responsibilities of Management for the Financial Statements
Management is responsible for the preparation and fair presentation of the financial statements in accordance with accounting principles generally accepted in the United States of America, and for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is required to evaluate whether there are conditions or events, considered in the aggregate, that raise substantial doubt about ability to continue as a going concern within one year after the date that the financial statements are available to be issued.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not absolute assurance and therefore is not a guarantee that an audit conducted in accordance with generally accepted auditing standards will always detect a material misstatement when it exists. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Misstatements, including omissions, are considered material if there is a substantial likelihood that, individually or in the aggregate, they would influence the judgment made by a reasonable user based on the financial statements.
In performing an audit in accordance with generally accepted auditing standards, we:
- Exercise professional judgment and maintain professional skepticism throughout the audit.
- Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and design and perform audit procedures responsive to those risks. Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements.
- Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. Accordingly, no such opinion is expressed.
- Evaluate the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluate the overall presentation of the financial statements.
- Conclude whether, in our judgment, there are conditions or events, considered in the aggregate, that raise substantial doubt about ability to continue as a going concern for a reasonable period of time.
We are required to communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit, significant audit findings, and certain internal control related matters that we identified during the audit.
Sample Excerpt of Auditor’s Report Before SAS 134
To the Board of Trustees
of Sample Company
We have audited the accompanying financial statements of Sample Company, which comprise the balance sheets as of , and the related statements of income, retained earnings, and cash flows for the years then ended, and the related notes to the financial statements.
Management’s Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of as of , and the results of its operations and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America.
Key Audit Matters
The auditor may be engaged to report on Key Audit Matters (KAMs). Key Audit Matters are matters that, in the auditor’s judgement, were of most significance in the audit of the financial statements and are selected from matters communicated with those charged with governance. Ultimately, KAMs were created to provide more transparency about the audit and give the users of the financial statements additional opportunities to engage with management and governance. It is important to note, the auditor will only report on KAMs if engaged by the reporting entity and only when an unmodified opinion is presented.
Other Changes Included in SAS 134
In addition to the change in format of the auditor’s opinion and potential inclusion of KAMs in the auditor’s report, SAS 134 also modifies the auditor’s responsibility regarding disclosures in the financial statements, information outside of the general ledger/subsidiary ledger, and communication of identified risks to those charged with governance during planning.
Disclosures
The auditor will now need to aggregate any misstatement in disclosures that are clearly more than trivial, similar to the aggregation of misstatements in financial statement accounts. Misstatements could involve inadequate or incomplete disclosures, omission of disclosures, or inappropriate classification, aggregation, or disaggregation of information. Depending on the nature of the disclosures and current state of financial statement disclosures, some disclosures may become more detailed.
Information Outside the General or Subsidiary Ledger
SAS 134 adds a requirement for the auditor to “demonstrate that information in the financial statements agrees or reconciles with underlying accounting records… whether such information is obtained from within or outside of the general or subsidiary ledgers”. If the auditor wasn’t already requesting this information, they may request additional information in order to demonstrate that the underlying accounting records agree or reconcile with the financial information presented. Also, keep in mind, this applies to underlying data such as general or subsidiary ledgers within the accounting system, but also to data outside of these ledgers.
Communications with Governance
One of the last notable changes within SAS 134 is regarding communication of significant risks to those charged with governance (ie Board of Directors, CEO, Audit or Finance Committee, etc.) Prior to SAS 134, when the auditor sends the engagement letter to management for the upcoming audit, another letter, commonly referred to as a Governance at Planning Letter, is also sent to governance. This letter typically discusses, at a high level, the nature and timing of the audit. SAS 134 adds a requirement to communicate with governance the significant risks identified for the audit. For example, in the Governance at Planning Letter, the auditor may communicate that “significant risks identified in the planning phase of the audit were revenue and other inflows and that the audit is designed to provide reasonable assurance that the financial statements are free of material misstatement whether caused by error or fraud”.
As you prepare for your upcoming audit, we encourage you to discuss with the users of the financial statements (banks, investors, owners, parent companies, etc.) their needs, especially as it pertains to KAMs, so you and your CPA can carefully plan for the upcoming 2021 audit. While these changes affect the auditor’s opinion as well as the audit, these changes will ultimately be first seen in the engagement letter sent to the client.
For additional information or guidance related to this article, contact Stephanie Allgeyer at sallgeyer@vlcpa.com or 800.887.0434.
Disclaimer: The information discussed herein is intended for use by non-public business entities as public business entities may have varying requirements and implementation dates.