The International Audit and Assurance Standards Board (IAASB) approved notable amendments to ISA 315 in September 2019, set to be in effect for audits of financial statements starting on or after 15 December 2021. These revisions symbolize a crucial shift in how firms approach risk assessments, impacting audits globally. In this guide, we will go through into the key areas of these revisions and explore their implications for smaller ISA audits.
Key Revisions Disclosed
- Inherent Risk Factors
The updated ISA 315 introduces five new inherent risk factors, providing auditors with valuable insights into risk assessment: subjectivity, complexity, uncertainty, change, and susceptibility to misstatement due to management bias or fraud. This enables auditors to make more informed assessments.
- Spectrum of Risk
The revised standard presents a new spectrum of risk, emphasizing significant risks at the higher end. This helps auditors focus their efforts on areas that constitute the greatest potential impact on financial statements.
- Evidence-Based Risk Assessment
The requirement for “sufficient, appropriate” evidence from risk assessment procedures as the foundation for the risk assessment process is emphasized. This shift emphasizes the importance of robust evidence gathering.
- IT Emphasis
There is a notable emphasis on IT, particularly IT general controls. This reflects the evolving landscape of technology in financial systems and requires an extensive understanding and evaluation of these controls.
- Controls Relevance and Design
The revised standard places greater focus on controls relevant to the audit and the design and implementation work associated with them. This shift attempts to ensure that controls are not only present but also effective in mitigating risks.
- Considerations for Smaller Entities
Considerations specific to smaller entities have been consolidated into the main body of the text, eliminating the separate classification. This accentuates the importance of consistent application across audits of varying sizes.
- Separate Assessment of Inherent and Control Risk
The revised standard designates the separate assessment of inherent and control risk, moving away from the combined assessment permitted in the present standard. This provides a more nuanced understanding of risk factors.
- Direct and Indirect Control Components
A differentiation is made between direct and indirect control components, offering a clearer framework for evaluating controls.
- Stand-Back Requirement
A new stand-back requirement requires reconsideration when material classes of transactions, account balances, and disclosures are not assessed as significant. This ensures a comprehensive evaluation of potential risks.
The revised ISA 315 marks a landmark shift in risk assessment for audits. Its aim is to enhance the quality and consistency of risk assessments, encouraging professional scepticism and eventually strengthening the audit process. However, understanding and implementing these changes will unquestionably be a significant undertaking, particularly for those conducting ISA audits. It is crucial for firms to invest time and resources in adapting to these revisions to ensure compliance and maintain audit quality in the evolving landscape of financial reporting.