As a result of its Attestation Clarity Project, the Auditing Standards Board (ASB) has issued Statement on Auditing Standards (SAS) No. 130, An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements (AICPA, Professional Standards, AU-C sec. 940).
The ASB concluded that, because engagements performed under AT section 501, An Examination of an Entity's Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements (AICPA, Professional Standards), as well as related attestation interpretation No. 1, "Reporting Under Section 112 of the Federal Deposit Insurance Corporation Improvement Act" (AICPA, Professional Standards, AT sec. 9501), are required to be integrated with an audit of financial statements, it is appropriate to move the content of AT section 501 from the attestation standards into generally accepted auditing standards (GAAS).
AT section 501 and the related attestation interpretation will be withdrawn when SAS No. 130 becomes effective. The ASB will consider developing, at a later date, an attestation standard addressing examinations of internal control other than internal control over financial reporting that is integrated with an audit of financial statements.
When drafting SAS No. 130, the intention of the ASB was to adhere as closely as possible to AT section 501 and PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated With an Audit of Financial Statements (AICPA, PCAOB Standards and Related Rules, Auditing Standards), while aligning with GAAS and avoiding unintended consequences in practice. SAS No. 130 also amends various sections in SAS No. 122, Statements on Auditing Standards: Clarification and Recodification, in order to integrate the SAS into GAAS.
SAS No. 130 includes the following changes:
The auditor will be required to examine and report directly on the effectiveness of internal control over financial reporting. There is no longer an option to examine and report on management's assertion about the effectiveness of internal control over financial reporting.
The term significant account or disclosure used in AT section 501 has been changed to significant class of transactions, account balance, or disclosure to align with terminology used in existing GAAS and clarify that the risk factors the auditor is required to evaluate in the identification of significant classes of transactions, account balances, and disclosures and their relevant assertions are the same in the audit of internal control over financial reporting as in the audit of the financial statements.
The SAS allows, as does AT section 501, the auditor to use the work of internal auditors and others in obtaining evidence about the effectiveness of internal control over financial reporting. Although AU-C section 610, Using the Work of Internal Auditors (AICPA, Professional Standards), does not discuss "others," the SAS requires the auditor planning to use the work of others in the audit of internal control over financial reporting to adapt and apply, as necessary, the requirements of AU-C section 610, including the need for others to apply a systematic and disciplined approach.
SAS No. 130 is effective for integrated audits for periods ending on or after December 15, 2016.
Founded in 1887, the American Institute of Certified Public Accountants (AICPA) represents the CPA and accounting profession nationally and globally regarding rule-making and standard-setting, and serves as an advocate before legislative bodies, public interest groups and other professional organizations. The AICPA develops standards for audits of private companies and other services by CPAs; provides educational guidance materials to its members; develops and grades the Uniform CPA Examination; and monitors and enforces compliance with the accounting profession's technical and ethical standards.
The AICPA's founding established accountancy as a profession distinguished by rigorous educational requirements, high professional standards, a strict code of professional ethics, a licensing status and a commitment to serving the public interest.