By Alex Vuchnich, CPA, CFE - I realize that the risk assessment standards are here to stay as part of our auditing standards, but what I am wondering is whether the impact of the risk assessment standards will virtually disappear by the end of the 2008 calendar year. I believe that for the majority of CPA firms providing audit services that although a 'risk based methodology' has been imposed, the practical methodology still applied to small and medium size business audits will be substantive balance sheet testing, analytical review of the income statement and no reliance placed on internal controls. So now that the audit firms have had a chance to document their clients internal controls (or lack thereof) will the audit process essentially revert back to how it has always been done?
Firms will obviously have to continue to update their files for changes in their clients control and identify new risk factors. But with the limited supply of staffing resources that most firms have at their disposal, it seems that the overall impact of the risk standards will diminish over time. There is certainly an opportunity to be seized here for firms looking to add value to their services by using the risk assessment process to identify risk factors and recommend solutions to their clients. In the end though, will we see much change in how audits are actually conducted going forward.