ISA 315 (Revised)
The objectives of the project are to:
(a) Propose revisions to ISA 315 (Revised), establishing more robust requirements and appropriately detailed guidance to drive auditors to perform appropriate risk assessment procedures in a manner commensurate with the size and nature of he entity. It is anticipated that these revisions will focus on enhancing the auditor’s approach to understanding the entity, its environment (including its internal control) and risk assessment activities in light of the changing environment.
(b) Determine whether and how ISA 315 (Revised), in its organization and structure, can be modified to promote a more effective risk assessment.
(c) Propose consequential amendments to other standards that may be necessary as a result of revisions to ISA 315 (Revised) (such as ISA 220, ISA 240, ISA 330 ISA 540 and ISA 600).
(d) Determine what non-authoritative guidance and support tools should be developed by the IAASB, or others, to supplement revisions to ISA 315 (Revised) thereby aiding its effective implementation. Non-authoritative guidance and support tools may include International Auditing Practice Notes (IAPNs), Staff publications, project updates, or illustrations / examples to provide assistance on how ISA 315 (Revised) could be applied, in particular to address concerns by auditors of SMEs.
In early 2016 the IAASB established a working group (WG) to explore issues with respect to ISA 315 (Revised). The WG commenced its work in early March 2016, which included consideration of the results of the IAASB's Post-Implementation Review of the Clarified ISAs and outreach activities to identify issues involving ISA 315 (Revised) to further inform its preliminary thinking. These outreach activities included leadership of the WG and staff discussions with representatives of the International Federation of Accountants (IFAC) Small and Medium Practices (SMP) Committee, the International Forum of Independent Audit Regulators’ (IFIAR) Standards Coordination Working Group (SCWG) and the Institute of Chartered Accountants of England and Wales (ICAEW). The consideration of the results of the IAASB's Post-Implementation Review of the Clarified ISA, the results of outreach activities, the input received at the March 2016 and June 2016 IAASB meetings and the March 2016 IAASB Consultative Advisory Group (CAG) meeting, and the WG’s discussions to date, have informed the WG’s thinking through the information gathering stage of the project.
The IAASB approved a project proposal to revise ISA 315 (Revised). Consistent with the Board’s discussions at its September 2016 meeting, the IAASB believes a revision of ISA 315 (Revised) is necessary to revise and enhance specific requirements and revise and develop application material, and develop other non-authoritative guidance, to respond to the issues and concerns raised. Such revisions and enhancements will address matters such as the need for ISA 315 (Revised) to:
(a) Not only reflect the current business and audit environment, but also be sufficiently adaptable to deal with the rapidly changing business and audit environment (in particular the increased use of technology);
(b) Be more effectively applied by auditors in the private and public sectors applying the standard in audits of entities of various sizes;
(c) Set an enhanced foundation for other standards that have more specific risk assessment requirements (such as ISA 540 and ISA 600); and
(d) Enhance the application of professional skepticism by auditors in framing their judgments when performing risk assessment procedures.
While revisions to ISA 315 (Revised) are clearly necessary, feedback has also indicated that more support (such as the development of non-authoritative guidance) would be helpful to achieve the intended objectives of this project. The IAASB will firstly seek to revise and enhance the requirements so that they are robust, yet sufficiently flexible, to drive appropriate risk assessments. The IAASB will also revise and develop appropriate application and other explanatory material to be included in the revised standard. The IAASB recognizes that more specific guidance in particular circumstances (that would not be appropriate to include in a standard intended to apply to audits of all sizes) may be necessary (to be developed by the IAASB or by others (such as national auditing standard setters)). This could include, for example, guidance on using data analytics in performing risk assessments and illustrative examples of how the risk-based approach to the ISAs could be applied to audits of smaller entities. The development of additional guidance is expected to help with the implementation of the standard and will therefore help drive audit quality, which is in the public interest.
MEETING HIGHLIGHTS - OCTOBER 2017
The Board broadly discussed revisions to the definition of ‘controls,’ as well as what it means to obtain an understanding of the five components of internal control. The board also discussed proposed changes in relation to IT aspects when obtaining an understanding of the entity and its environment, the entity’s financial reporting framework and the components of internal control (including in relation to general IT controls). The Board broadly supported the proposed changes but highlighted that the boundary of the auditor’s understanding in relation to financial reporting needed to be clarified.
MEETING HIGHLIGHTS - SEPTEMBER 2017
The ISA 315 Task Force presented proposed changes to the requirements in ISA 315 (Revised) to address identified issues relating to understanding the entity and its environment, including the applicable financial reporting framework, and internal control, including obtaining an understanding of the five components of internal control. The Board broadly supported the proposals, but asked for consideration about some of the proposed changes to the definitions, as well as the perceived focus on controls in obtaining the necessary understanding of the components of internal control.
With regard to proposed changes to the identification and assessment of inherent and control risk, the Board supported a separate assessment of inherent and control risk, but asked that the ISA 315 Task Force further consider how this works practically and highlighted that further clarification is needed relating to the assessment of control risk.
MEETING HIGHLIGHTS - MARCH 2017
Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
The IAASB further discussed possible changes to ISA 315 (Revised), including some of the elements of internal control and the related work effort, as well as provided initial views in relation to the impact of information technology (IT) emphasizing the need for enhanced application material to illustrate the work effort in relation to less complex IT systems. The IAASB were supportive of a separate identification and assessment of inherent and control risk instead of a combined approach. The Board also supported retaining the concept and further exploration of a definition to clarify what a significant risk should be, as well as the interaction of significant risks with a spectrum of risks. The ISA 315 (Revised) Task Force will continue to work with the Data Analytics and Professional Skepticism Working Groups and further progress the project on the aspects discussed at the meeting.