The Auditing Standards Board (ASB) is reviewing the auditor's consideration of the risk assessment process in the auditing standards, including the necessary understanding of the client's business and the relationships among inherent, control, fraud, and other risks. The ASB expects to issue a series of exposure drafts in late 2001 or early 2002. Some participants in the process expect the final standards to have an effect on the conduct of audits that has not been seen since the "Expectation Gap" standards were issued in 1988.

Background
The audit risk model is the principal framework that has been used to conduct audits during the last 20 years. The model describes a process to reduce the risk of material misstatement in the financial statements to an acceptably low level. Audit risk is the risk that the auditor may issue an unqualified opinion on financial statements that are materially misstated and is composed of three risks: (1) inherent risk-the risk that a material misstatement will arise, (2) control risk- the risk that a material misstatement will remain uncorrected as a result of the entity's control procedures, and (3) detection risk-the risk that the audit will fail to detect the material misstatement.

In 1999, a Joint Working Group (JWG) made up of standards setters and academics from Canada, the United Kingdom, and the United States was formed to investigate recent developments in the audit methodologies of major accounting firms. The research was done to enable the group to understand changes in the firms' audit methodologies, and to enable standards setters to consider the need for revision of auditing standards to reflect aspects of the new methodologies. In May 2000, the JWG published the results of the research in the report, Developments in the Audit Methodologies of Large Accounting Firms. ¹

The research indicated that an important trend in the evolution of audit methodologies is a more explicit consideration of the entity's "business risk," which was defined as the risk that the entity will fail to achieve its objectives. This differs from the traditional audit risk model which defines audit risk as the risk of material misstatement of the financial statements. Business risk entails a much broader view of the types of risks to be considered by the auditor and will probably benefit the auditor and the client because

• A broader consideration of risk is more likely to result in an identification of the problems that may cause misstatement in the financial statements.
• Consideration of the business as a whole enables the auditor to better serve the client by providing opportunities to advise the client on the conduct of the business.

It is important to note that a broader consideration of risk does not mean that financial-statement objectives and the risk of material misstatement have been forgotten. The business-risk approach assumes that there is a relationship between business risk and the traditional concept of audit risk, and that the best way to identify financial-statement risk is to consider this broader concept of risk.

At the same time that the JWG was conducting its research, the Public Oversight Board's Panel on Audit Effectiveness (POB Panel) was conducting its own review and evaluation of the way independent audits are conducted. In the highly publicized report issued in August 2000, The Panel on Audit Effectiveness, Report and Recommendations ², the POB Panel expressed its conclusion that the audit risk model is appropriate but needs enhancing and updating. In the report, the POB Panel acknowledged the work of the JWG and suggested that the ASB consider the suggestions of the JWG if it concludes that a wider business-risk orientation by auditors improves audit quality.

The ASB Response
In response to the recommendations of the JWG and the POB Panel, the ASB formed the Risk Assessments Task Force. This task force is reviewing the auditor's consideration of the risk- assessment process in an audit of financial statements, including the necessary understanding of the client's business and the relationships among inherent, control, fraud, and other risks. The rather ambitious goal of this task force is to issue a group of exposure drafts in late 2001 or early 2002.

Some of the more important changes to the standards that are expected to be proposed are:

• A requirement for a more robust understanding of the entity's business and environment that is more clearly linked to the assessment of the risk of material misstatement of the financial statements. Among other things, this will improve the auditor's assessment of inherent risk and eliminate the "default" to assess inherent risk at the maximum.
• An increased emphasis on the importance of entity controls with clearer guidance on what constitutes a sufficient knowledge of controls to plan the audit.
• A clarification of how the auditor may obtain evidence about the effectiveness of controls in obtaining an understanding of controls.
• A clarification of how the auditor plans and performs auditing procedures differently for higher and lower assessed risks of material misstatement at the assertion level while retaining a "safety net" of procedures.

These changes collectively are intended to improve the guidance on how the auditor operationalizes the audit risk model.

International Convergence
Capital is flowing on a global scale more rapidly than ever, and the flow is likely to accelerate. Participants in the auditing standards-setting process believe that the increased globalization of business eventually will necessitate the use of international auditing standards. In order to serve the public interest, these international standards must be of the highest quality. One route to high quality international auditing standards is the convergence of national and international standards, incorporating the best practices of each of the jurisdictions.

At the same time that the ASB has been working on this project, the International Auditing Practices Committee (IAPC) has been working on a similar project. Both the ASB and the IAPC recognized this opportunity to push U.S. and international auditing standards toward convergence. As a result, the two standards-setters have been working in tandem on the projects, with a great deal of cooperation, discussion, and sharing of information. Although there are likely to be some differences between the final U.S. and international standards, it is hoped that the resulting U.S. and international auditing standards will provide auditors in the United States and overseas with similar guidance, and set forth similar basic principles and essential procedures.

What This Means for the Auditor
The ASB believes this new audit approach will result in many benefits to the auditor. Among those benefits are:

• Audit effectiveness. A broader focus on business risk and a more robust understanding of the business is likely to result in a more thorough identification of inherent risk that may affect the financial statements. Similarly, an increased focus on controls that the entity has in place is likely to result in a more thorough identification of control risk that may affect the financial statements.
• Audit efficiency. A more robust assessment of the risk of material misstatement of the financial statements should result in auditors focusing their attention on the sources and consequences of those risks, and at the same time, avoid overauditing in areas of low risk.
• Client service. A greater emphasis on the client's business risk enables the auditor to add value to the audit from the client's perspective. The audit can provide insight and information that is valuable to the entity's management in its goal to successfully manage the business. This provides the auditor with the opportunity to differentiate his or her firm's audit from those offered by competitors.

¹ For more information or a copy of the report, phone ABG Professional Information at +44-20-7920-8991 or go to http://www.abgweb.com/.
² For more information or a copy of the report, write to the Public Oversight Board at One Station Place, Stamford, CT 06902, call 203/353-5300, fax: 203/353-5311 or go to http://www.pobauditpanel.org/.