Auditing and Attest Standards Update Everything you want to know Ahava

Auditing and Attest Standards Update Everything you want to know Ahava Goldman, Associate Director, Audit & Attestation Standards

Disclaimer Views expressed by ASB Board members and AICPA employees are expressed for purposes of deliberation, providing member services and other purposes exclusive of practicing public accounting. The views expressed do not necessarily represent the official views of the AICPA unless otherwise noted. Official AICPA positions are determined through certain specific committee procedures, due process and deliberation.

Agenda Introduction Recently issued audit and attest standards Auditor reporting Audit evidence Accounting estimates Step 1 Use of specialists Risk assessment Agreed upon procedures, examinations and reviews Click to edit Master text styles Exposure drafts Quality management NOCLAR Group Audits Strategy and Work Plan Questions Step 3 Supporting copy goes here, Arial Regular Supporting copy goes here, Arial Regular Supporting copy goes here, Arial Regular Supporting copy goes here, Arial Regular

Effective dates of new standards Standard Description SASs Click to edit Master text styles 134 Auditor reporting and amendments level – certain changes to conform to PCAOB 135 – Second Omnibus standards Third level Effective date financial statements for: – Audits Fourthoflevel Periods ending on or after December 15, 2021 » Fifthending level on or after December 15, 2021 Periods (Except amendments to AU-C 930 – effective for interim periods of fiscal years ending on or after December 15, 2021) 136 Auditor reporting on employee benefit plans 137 Other Information included in annual reports 138 Amendments to the description of materiality 139 Amendments to AU-C 800, 805, 810 for auditor reporting changes 140 Amendments to AU-C 725, 730, 935, and 940 for auditor reporting changes Amendments to AU-C 930 Periods ending on or after December 15, 2021 (Except amendments to AU-C930 – effective for interim periods of fiscal years beginning on or after December 15, 2021) 141 Deferral of effective dates for SAS 134-140 Effective upon issuance Early implementation permitted. Periods ending on or after December 15, 2021

Effective dates of new standards (cont.) Standard Description Click to edit Master text styles SASs 142 – SecondAudit levelevidence 143 Auditing accounting estimates and related disclosures 144 145 ThirdUse level of specialists and use of pricing information Risk assessment Early implementation permitted. Effective date – Fourth level Audits of financial statements for: Periods ending » Fifth levelon or after December 15, 2022 Periods ending on or after December 15, 2023

Auditor reporting: SAS No. 134-140

Auditor Reporting Standards SAS No. 134 135 136 137 138 139-140 Topic Auditor reporting, including key audit matters Omnibus SAS addressing related party transactions and significant unusual transactions EBP ERISA audits Other information Description of materiality Conforming amendments to other AU-C sections with reporting requirements AU- C Sec. 700, 701(new), 705, 706 260, 550 703 (new) 720 720, 725, 800, 805, 810, 930, 935, 940 Effective for audits of financial statements for periods ending on or after December 15, 2021. Early implementation permitted. (SAS No. 141)

Significant Changes to the Auditor’s Report Opinion section first “Basis for Opinion” section second and includes a statement that the auditor is required to be independent of the entity and to meet the auditor’s other ethical responsibilities, in accordance with the relevant ethical requirements relating to the audit – Key Audit Matters section (New AU-C section 701) Not Mandatory: only include if engaged to include (agreed in terms of engagement that report will include KAMs) If included, requirements apply “What keeps the auditor up at night” Selected from matters communicated with TCWG

Significant Changes to the Auditor’s Report cont’d Expanded descriptions of the responsibilities of – management relating to going concern evaluation, when required by the applicable financial reporting framework – the auditor, including relating to professional judgment and professional skepticism going concern communications with those charged with governance

SAS No. 138 and SSAE No. 20, Amendments to the Description of the Concept of Materiality Issued December 2019 Amends AU-C section 320 and various other AU-C and AT-C sections – not intended to change US practice Amendments intended to eliminate inconsistencies between the AICPA Professional Standards and the definition of materiality used by the U.S. judicial system and other U.S. standard setters and regulators. Is in the public interest to have a consistent description Prompted by recent FASB amendment of its description of materiality to be more consistent with others in the US Misstatements, including omissions, are considered to be material if they there is substantial likelihood that, individually or in the aggregate, could reasonably be expected to they would influence the economic decisions of users judgment of a reasonable user made based on the basis of the financial statements.

SAS No. 137: Other Information SAS No. 137, The Auditor’s Responsibilities Relating to Other Information Included in Annual Reports Supersedes AU-C section 720, Other Information in Documents Containing Audited Financial Statements Clarifies the auditor is required to apply procedures only to other information included in annual reports (or similar documents). Revises work effort to require the accountant to remain alert for information that is misleading, including because it omits or obscures information necessary for a proper understanding of a matter disclosed in the other information Requires a separate section be included in the auditor’s report addressing OI 11

SAS No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA Final standard approved at July 2018 meeting, subject to revisions to conform to SAS 134; issued July 2019 New AU-C section 703 (AU-C 700 would no longer apply for ERISA plans) Requirements to enhance audit quality and revised auditor’s report on ERISA plan financial statements and provide better insight into responsibilities of management and the auditor If you audit ANY employee benefit plans, you must read and understand SAS No. 136, especially if you perform “limited-scope” audits! 12

SAS 135, Omnibus Statement on Auditing Standards – 2019 Amendments to AU-C 260, Communication with TCWG, and AU-C 550, Related Parties, as well as various other sections Amendments intended to enhance audit quality by heightening the auditor’s focus on related parties and relationships and transactions with related parties Significant unusual transactions ASB considered PCAOB AS 16, AS 17 and AS 18 13

Recently issued auditing standards SAS Nos. 142-145

SAS 142, Audit Evidence Old objective: “The objective of the auditor is to design and perform audit procedures that enable the auditor to obtain sufficient appropriate audit evidence ” New objective: “The objective of the auditor is to evaluate information to be used as audit evidence, including the results of audit procedures, to inform the auditor’s overall conclusion about whether sufficient appropriate audit evidence has been obtained.” Audit Evidence “Information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence is information to which audit procedures have been applied and consists of information that corroborates or contradicts assertions in the financial statements.”

SAS 142, Audit Evidence Develops a framework for evaluating attributes of audit evidence to evaluate – Sufficiency and – Appropriateness relevance and reliability (including its source) – Whether the information is corroborates or contradicts management’s assertions – Whether the information is sufficiently precise and detailed Sufficiency and appropriateness together affect the persuasiveness of audit evidence

SAS 142, Audit Evidence– Sources Management External information sources and other external parties Auditor “Information to be used as audit evidence may be obtained directly or derived individually or in combination from different sources”

SAS 142, Audit Evidence Reliability Accuracy Completeness Authenticity Susceptibility to Management’s Bias “The reliability of information to be used as audit evidence is affected to varying degrees by the following attributes, individually or in combination”

SAS 143, Auditing Accounting Estimates and Related Disclosures Issued July 2020 Effective for audits of financial statements for periods ending on or after December 15, 2023 Supersedes AU-C section 540 Converges with ISA 540 (Revised), Auditing Accounting Estimates and Related Disclosures Addresses the auditor’s responsibilities relating to accounting estimates, including fair value accounting estimates, and related disclosures in an audit of financial statements. Effective for periods ending on or after December 15, 2023

SAS 143, Estimates: Fundamental Aspects Explains the nature of accounting estimates and the concept of estimation uncertainty Address scalability of the SAS for all types of accounting estimates, from relatively simple to complex Requires a separate assessment of inherent risk and control risk Includes risk assessment requirements specific to estimates and addresses the increasingly complex business environment and complexity in financial reporting frameworks Addresses the exercise of professional skepticism when auditing accounting estimates Intended to enable auditors to appropriately address the increasingly complex scenarios that arise from new accounting standards that include estimates

SAS 143, Estimates: Fundamental Aspects – Emphasizes that further audit procedures need to be responsive to the reasons for the assessed risks of material misstatement at the relevant assertion level – Emphasizes the importance of the auditor’s decisions about controls relating to accounting estimates by providing estimatesspecific guidance on relevant requirements in other AU-C sections – Requires the auditor to evaluate, based on the audit procedures performed and the audit evidence obtained, whether the accounting estimates and related disclosures are reasonable in the context of the applicable financial reporting framework. Consistent with the risk assessment project to revise AU-C 315 currently in process

SAS 144 Amendments to AU-C Sections 501, 540, and 620 Related to the Use of Specialists and the Use of Pricing Information Obtained From External Information Sources – Issued June 2021 – Effective for audits of financial statements for periods ending on or after December 15, 2023 – Adapts PCAOB Appendices on pricing sources – Provides additional guidance on the use of specialists, both auditor’s and management’s

SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement Why? Significant area of peer review findings Challenges related to the extent to which understanding of internal control is necessary Scalability concerns and challenges Status Voted final August 2021 Issued October 12, 2021 Effective for audits of periods ending on or after December 15, 2023

SAS 145 Major areas of revision (cont’d) – 5 new inherent risk factors: subjectivity, complexity, uncertainty, change and susceptibility to misstatement due to management bias or fraud. – Requiring separate assessments of inherent and control risk If no tests of controls are performed, RoMM IR – Requiring for “sufficient, appropriate” evidence as basis for risk assessment – Stand-back requirement for material COTABDs not assessed as significant

25 SAS 145: Summary of Significant Changes New and revised risk assessment terminology and concepts, including significant risks Clarified work effort related to understanding each of the components of internal control, including enhanced guidance on information technology (IT) Several new requirements: – Separately assess inherent risk and control risk – “Maximum” control risk when controls are not tested for operating effectiveness – Risk assessment “stand-back” Risk Assessment Auditing Guide being revised with focus on smaller, less complex entities.

SAS 145 Major areas of revision are Concept of spectrum of risk High end (Significant risks) Low end Amended definition of significant risks Significant risk: An identified risk of material misstatement: For which the assessment of inherent risk is close to the upper end of the spectrum of inherent risk due to the degree to which inherent risk factors affect the combination of the likelihood of a misstatement occurring and the magnitude of the potential misstatement should that misstatement occur; or That is to be treated as a significant risk in accordance with the requirements of other AU-C sections.

Exposure drafts, Strategy and workplan

Proposed Statements on Quality Management Standards Proposed Statement on Quality Management Standards (SQMS) 1, A Firm’s System of Quality Management Proposed SQMS 2, Engagement Quality Reviews (New!) Proposed SAS, Quality Management for Engagements Performed in Accordance with Generally Accepted Auditing Standards Related conforming amendments Affects every firm that performs engagements in accordance with SASs, SSAEs or SSARS. SQMS 2 (new) AU-C 220 (Revised) SQMS 1 (Previously SQCS 1)

Proposed Group Audit Standard Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors and Audits of Referred-To Auditors) ED issued March 23, 2022; comment period ends June 21, 2022 Supersedes AU-C section 600, Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors) Clarify that all applicable AU-C sections need to be applied in a group audit Clarify and emphasize the interactions between group engagement team and component auditors 29

Proposed Group Audit Standard Provides considerations for group auditor when component auditors are involved in each section of the proposed standard Revises entry point into AU-C 600 by revising definitions of group financial statements and consolidation process Introduces a principles-based, risk-based approach when component auditors are involved that focuses on identifying, assessing, and responding to the risks of material misstatement Establishes a framework for planning and performing a group audit, including – establishing the overall group audit strategy and group audit plan and involving component auditors throughout all phases of a group audit Group financial statements: financial statements that include the financial information of more than one entity or business unit through a consolidation process. focuses the group auditor’s attention on identifying, assessing, and responding to the risks of material misstatement of the group financial statements, 30

Proposed Group Audit Standard Emphasizes the importance of professional skepticism regarding direction, supervision and review of component auditor’s work and evaluation of sufficient appropriate audit evidence Clarifies how to address restrictions on access to people and information Strengthens and clarifies communications between the group auditor and component auditors, emphasizing the importance of two-way communications. various aspects of the group auditor’s interaction with component auditors Includes all the paragraphs related to making reference together in one section within the proposed SAS 31

Helpful Information and Resources Auditing Standards Board information https://www.aicpa.org/interestareas/frc/auditattest.html Authoritative standards for non-issuers (SASs, SSARSs, SSAEs, SQCSs) as of June 1 are available at http://www.aicpa.org/RESEARCH/STANDARDS/Pages/default.aspx AICPA Accounting and Auditing Technical Hotline (877) 242-7212 - [email protected] http://www.aicpa.org/Research/TechnicalHotline/Pages/TechnicalHotline.aspx

COVID-19 Audit & Accounting Resource Center Free resources at aicpa.org/covidaudit: – FAQs – Illustrative disclosures – Center for Plain English Accounting (CPEA) reports – Videos with AICPA Chief Auditor – Journal of Accountancy articles More at aicpa.org/coronavirus 33

Center for Plain English Accounting (CPEA) Membership includes: Timely written responses to technical inquiries Monthly A&A reports- in plain English 24 hours of CPE via webcast Alerts summarizing new accounting guidance Library of over 400 past reports Learn more at: www.aicpa.org/cpea [email protected]

Thank you