IAASB reviewing ISA 315 and audit risk model

The IAASB is looking to make changes to ISA 315, but what will this mean for the current audit risk model? Most importantly, will it be scalable to the smaller and medium-sized entities?

With the “service engine soon” light flashing for the audit risk model, the International Auditing and Assurance Standards Board (IAASB)’s new project on ISA 315 will answer the key questions: tune up engine, rebuild or trade in for a new one?

The audit risk model is the engine room of the audit. Responding to input from stakeholders, the IAASB is looking to make changes to International Standard on Auditing (ISA) 315, which drives an auditor’s approach to identifying and assessing risks of material misstatement.

What is being considered?

Key considerations include how ISA 315 can:

  • reflect the current business and audit environment, and be sufficiently adaptable to deal with the rapidly changing business and audit environment
  • be more effectively applied by the broad range of firms currently using the standard
  • set an enhanced foundation for other standards that have specific risk assessment requirements — for example, dealing with accounting estimates and group audits

What are the problem areas?

ISA 315 poses challenges for auditors of all entities but it is audits of smaller and medium-sized entities (SMEs) where auditors often struggle to apply it effectively. Some of the things I hear are:

  • The requirements for understanding the entity and its environment are considered onerous when the entity is relatively straightforward, particularly relative to documentation.
  • The requirements to understand internal control and control activities are excessive if, as is the case on many audits of SMEs, a wholly substantive approach to testing is adopted.
  • The concept of “significant risk” (which drives extra work effort) is interpreted differently and, as a result, there are inconsistencies in the number of such risks identified in practice.
  • ISA 315 may also have implications for the fraud standard (ISA 240). Some auditors may address fraud as a separate and distinct part of the audit rather than in combination with the rest of the audit risk model. This may not be the most efficient way to conduct an audit, so perhaps combining the standards should be on the table.
  • The IAASB is also looking to modernize and “future proof” the audit risk model by better reflecting in the ISAs, developments in technology and the complexity of modern information systems. Some believe, for example, that ISA 315 underplays the importance of IT on the audit.
  • ISA 315 also provides a foundation for other standards, for example, dealing with accounting estimates and group audits. These other standards are undergoing their own revisions currently. So there is a need for strong integration with these projects.

Where is the low-hanging fruit?

In my view, the biggest potential for improvement in ISA 315 is having a risk model that is scalable to the small end of the market. This is the concern I hear most when I talk to Canadian practitioners. So those involved in this area need to follow the project closely once it commences later this year, with an exposure draft possible in 2017. Bring your toolbox!

Keep the conversation going

What are the challenges auditors face in applying the audit risk model in today’s environment? How could ISA 315 be improved in your view? Do you agree that it is the smaller end of the market where the biggest gains could be realized?

Post a comment below; or email me directly.

Conversations about Audit Quality is designed to create an exchange of ideas on global audit quality developments and issues and their impact in Canada.

About the Author

Eric Turner, CPA, CA

Director, Auditing and Assurance Standards, CPA Canada