SAS 130 is closely aligned with the guidance in Statement on Standards for Attestation Engagements (SSAE) No. 15, An Examination of an Entity’s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements, and the related Attestation Interpretation No. 1, Reporting Under Section 112 of the Federal Deposit Insurance Corporation Improvement Act. However, the guidance includes the following changes:
- A requirement for auditors to “examine and report directly on the effectiveness of internal control over financial reporting” and removal of the option to “examine and report on management’s assertion about the effectiveness of internal control over financial reporting.”
- Revision of the term significant account or disclosure to significant class of transactions, account balance, or disclosure.
- Clarification that an auditor should use the same risk factors “to evaluate in the identification of significant classes of transactions, account balances, and disclosures and their relevant assertions are the same in the audit of internal control over financial reporting as in the audit of the financial statements.”
- A requirement for auditors that are planning “to use the work of others in the audit of internal control over financial reporting to adapt and apply, as necessary, the requirements of AU-C section 610, including the need for others to apply a systematic and disciplined approach.”
In addition, SAS 130 amends various sections in SAS 122, Statements on Auditing Standards: Clarification and Recodification.
SAS 130 is effective for integrated audits for periods ending on or after December 15, 2016. Once the new SAS becomes effective, SSAE 15 and the Attestation Interpretation No. 1 will be withdrawn.
For more information, see the executive summary of SAS 130 on the AICPA’s Web site.