Fast, Clear, and Actionable: A Reimagined Approach to Financial Risk Intelligence 

Financial professionals are inundated with vast amounts of data, making it increasingly difficult for teams to sift through information and identify areas of concern. Our users want a solution that doesn’t just show them the data, they want to be told exactly where risks are lurking and how to act on them. Traditional methods, even … Read more

Revolutionizing accounting oversight: MindBridge’s next-generation anomaly detection 

The accuracy of financial data is not just an operational need but a strategic imperative. Clean financial data is crucial for reliable financial analysis, accurate reporting, and sound decision-making. Finance teams need to be the trusted source of truth. This allows the business to maintain consistent compliance, manage risks, and optimize performance in business operations … Read more

Unleashing the power of AI: MindBridge’s innovative approach to anomaly detection 

As organizations navigate the complexities of financial management, MindBridge's contribution to trust, transparency, and efficiency stands as a testament to the power of AI-driven analytics. By integrating MindBridge's innovative approach, businesses can fortify their financial practices, instill confidence among stakeholders, and pave the way for a more secure and transparent financial future.

In today’s data-driven world, financial professionals grapple not only with vast amounts of data but also with the need for clarity amidst complexity. Leading this charge is MindBridge, which transforms how these professionals uncover insights and manage risks by harnessing the power of artificial intelligence (AI) for anomaly detection. At the heart of MindBridge’s success … Read more

SAS 145: A roadmap towards risk-based auditing

The AICPA Auditing Standards Board (ASB) has recently issued an update to the risk assessment standards, SAS 145, Understanding the Entity and Its Environment and Assessing the Risk of Material Misstatement. This standard was developed to address gaps in risk assessment procedures identified by practice monitoring programs worldwide, and is intended to help auditors focus their time on the areas of greatest risk of material misstatement in an audit engagement.

With the ASB’s strategic objective of converging with the International Standards on Auditing (ISA) SAS 145 used ISA 315 (revised 2019), Identifying and Assessing the Risks of Material Misstatement,  as a starting point.

SAS 145 will likely require firms to take a more data-driven approach to risk assessment and, when coupled with SAS 142, enable firms to rely less on substantive tests of detail and more on analytics. While SAS 145 is effective for audits of financial statements for periods ending on or after December 15, 2023, the standard presents such a fundamental shift in methodology that firms are thinking about their strategy now ahead of the 2022 busy season.

 

Roadmap of activities

Due to the lead time of understanding SAS 145 and the required change management processes to update existing audit methodology, we suggest firms consider the following timeline for implementation:

Graphic showing the SAS 145 implementation timeline

SAS 145 implementation timeline

What’s changing?

The executive summary of the standard outlines several of the substantive changes but here are the three areas that we believe firms will struggle with from a procedural perspective.

The standard itself explains the key areas of enhancement:

  • “Requirements and guidance related to the auditor’s risk assessment, in particular, obtaining an understanding of the entity’s system of internal control and assessing control risk”
  • “Guidance that addresses the economic, technological, and regulatory aspects of the markets and environment in which entities and audit firms operate”

It’s important to note that SAS 145 does not alter the fundamental concepts of audit risk. Rather, the document provides clarification of certain aspects of risk identification and the assessment of material misstatement to improve overall audit quality.

For more information on how AI-enabled audit data analytics supports your team

Download our free audit approach white paper: MindBridge Audit Approach

The spectrum of inherent risk

SAS 145 takes a more granular approach to inherent risk and introduces new concepts to assist auditors in understanding the new requirements. This includes inherent risk factors (events or conditions that influence the susceptibility to misstatement of an assertion, such as fraud or error) and the spectrum of inherent risk:

“Depending on the degree to which the inherent risk factors affect the susceptibility of an assertion to misstatement, the level of inherent risk varies on a scale that is referred to as the spectrum of inherent risk. The spectrum of inherent risk provides a frame of reference in determining the significance of the combination of the likelihood and magnitude of a misstatement.” – SAS 145, page 12

The risk factors require the auditor to look at complexity, subjectivity, change, uncertainty, susceptibility to misstatement due to bias or fraud, qualitative or quantitative significance, and volume or lack of uniformity (ref. SAS 145, paragraphs A10-11). Then, the likelihood and magnitude of a possible misstatement should be assessed to determine where on the spectrum of inherent risk it falls. The higher the combination of likelihood and magnitude, the higher on the spectrum it falls; the lower the combination, the lower it falls.

Spectrum of inherent risk Source: IAASB

According to paragraph A245, these assessments should be done at the assertion level. Firms will need to evolve their methodology to incorporate a fuller assessment of inherent risk, that trigger items such as significant risks and appropriate audit responses.

Enhanced requirements regarding IT general controls

“The auditor should, through performing risk assessment procedures, obtain an understanding of the entity’s information system and communication relevant to the preparation of the financial statements.” – SAS 145, paragraph 25

The standard puts an increased focus on understanding and evaluating IT General Controls (ITGC) as they pertain to financial statement generation. This includes these steps that the auditor must take:

  • Identifying IT applications and other aspects of the environment that are subject to risks arising from the use of IT (ref. SAS 145, paragraph 28)
  • Identifying the related risks arising from the use of IT and the controls to address them (ref. SAS 145, paragraph 29)
  • Evaluating the effectiveness of controls in addressing risks of material misstatement (ref. SAS 145, paragraph 30)
  • Determining whether such controls have been implemented (ref. SAS 145, paragraph 30)

An ITGC example to consider is that many firms have long used data tools to mechanically validate the completeness of their general ledger (GL) and assess their GL platform by comparing the results with their trial balances. As these use cases and complexities grow, validation of data at the beginning of the audit engagement will become critically important in the testing and documentation of a client’s IT environment.


New stand-back provision

The standard has a new provision that supports the evaluation of completeness, referred to as the “stand-back provision”. This provision requires the auditor to evaluate whether their determination of material classes of transactions, account balances, or disclosures as not significant (i.e., no relevant assertions identified) remains appropriate.

While there aren’t any documentation provisions cited specifically for this section, we anticipate firms needing to create procedures and documentation around the stand-back provision.


How MindBridge is helping firms to comply

For the three areas identified above, here’s how MindBridge’s audit data analytics features help firms adapt to SAS 145:

  1. Spectrum of inherent risk – key to this new requirement is identifying, understanding, and evaluating different risk factors. MindBridge control points are designed to compare client data against pre-defined areas of risk, providing visualizations and reports to understand levels of risk (risk scores), identify unusual transactions, and drill-down into the details.
  2. IT general controls – The MindBridge data ingestion process (or extract, transform, and load) includes a series of checks and validation steps that verify the client’s data sets and automatically identify areas that require further information or pose areas of risk.
  3. Stand-back provision – As MindBridge analyzes 100% of the client’s transaction data, assessments and data exploration can be performed on any data subset at any time, including the modification of analysis criteria. This multi-faceted approach means you can re-evaluate prior assessments and adapt to new information quickly.


Conclusion

With the release of SAS 145, firms should plan and implement their strategy now to be compliant by December 15, 2023. The timeline defined here offers a progressive approach to SAS 145 implementation and, combined with the risk assessment capabilities of MindBridge, positions firms towards a stronger audit approach and value for clients.

Assessing audit risk during engagements

Man using MindBridge to access financial risk

Three ways Ai Auditor strengthens your audit planning

The determination of where audit risks of material misstatement lie is a critical output of the audit planning process. Usually, identifying those risks is based on the auditors understanding of their client and the client’s operating environment. Auditors can now rely on a data-driven approach to better understand that environment. And this will positively impact the nature, timing, and extent of the audit procedures which respond to the identified risks.

Below, we’re exploring three ways that our Ai Auditor solution helps you streamline your audit planning, from start to finish.

How to enhance your audit planning using Ai Auditor: 

1. Conduct thorough assessments for better audit planning

Just looking at a balance sheet or income statement at one point in time isn’t enough. Analyzing more financial data during the planning phase allows for a deeper understanding of the client’s operations.

Auditors have long used analytics to help assess a client’s operations. These tools help them gain insights and identify aspects of the entity that were either unknown or unfamiliar to the auditors. These data analytics essentially help them to better assess the risk of material misstatement, as well as provide a basis for designing and implementing responses to the assessed risk.

Working with Ai Auditor, the auditor can select a view of the ending balance or monthly activity. They can also analyze different transactional relationships within the general ledger to ask better questions and make more precise judgement calls.

For example, let’s say an auditor finds out the accounts receivable (AR) has a 10% change from the prior year to this year. The auditor can explore the AR activity and find out if this change was a normal increase or if there was any unusual activity that could indicate a new large customer or purchase at year end.

Another example would be if there was an account that had no significant change from the prior year ending numbers, but the activity was much different. Having more data would provide the auditor with better insight into the client’s operations.

Using Ai Auditor, an audit team can also look at relationships between accounts to identify if there are any unusual patterns. For example, perhaps they’ll notice that the cost of goods sold (COGS) and inventory trends appear to not follow consistent patterns. The auditor can then include a very specific and strategic task in the audit plan — to pinpoint the time when the trend does not follow expectations and investigate further.

2. Quickly identify unusual transactions across all data

The MindBridge Ai auditor solution automatically scores the risk of each transaction using Control Points. These Control Points include tests based on business rules, statistical models, and machine learning to identify the most uncommon and unusual items in the data set.

The machine learning engine in Ai Auditor looks at each unique data set and analyzes the frequency and amounts of the transaction. The engine also explores relationships between the account’s transactions that are being recorded.

Ai Auditor helps automate the analysis by flagging items that just don’t fit typical transaction patterns. It’s then up to the accountant to focus on the most uncommon and unusual items and dig deeper.

For example, Ai Auditor might flag the write-off of inventory because insurance-related payments seem uncommon or unusual. During the audit, the auditor might learn that this was due to a warehouse fire.

Essentially, the platform gives auditors better visibility on these unique circumstances right from the start of the audit. The auditor can then focus on these higher risk transactions, consider the ramifications of the transactions, and understand how those riskier items might impact the financial statements.

 
reasonable assurance definition

 

3. Retrieve and view transactional breakdown by audit area

Using Ai Auditor, an accountant can filter risks by category. This allows them to breakdown risk by account, branch, program, type of transaction, time, monetary value and more.

With this breakdown, the auditor will gain a better understanding of where relative risk lies across operations. They will also be able to see which control points are being triggered within a specific area and consider how that impacts the overall audit risk.

For example, let’s assume an auditor notices that the accounts payable (AP) entries are triggering a significant amount of risky transactions at year end, specifically in the Southwest branch of the operations. This might indicate cutoff issues. Or, if the sequence gap control point is triggered, perhaps the auditor will assume there are completeness issues.

During audit planning, auditors who think critically about how these control points might factor into the assertions for the various accounts will drive stronger results.

 
internal auditing techniques

 

A stronger audit plan leads to stronger audits

A deeper level of critical thinking in the audit planning stage ensures a more efficient and effective audit. Auditors can leverage our MindBridge Ai Auditor solution as a feedback loop to further their understanding of the client’s operations.

Using the AI auditing platform, accountants can then uncover valuable insights to supplement their discussions with management and existing knowledge of the client. Those insights might include uncommon patterns in transactions, abnormal stratifications, unusual relationships between accounts, and breakdowns of trends or ratios. With this information at hand, auditors can ensure a well-planned and successful audit.

Do you think audit analytics make auditors even more relevant? We do. Read this next blog to find out more.