Skip To Main Content
Process flowchart superimposed over computer keyboard.

FAQ – CAS 315 and the Auditor’s Responsibilities for General Information Technology Controls

Learn about General Information Technology Controls (GITCs) as part of the revised Canadian Auditing Standard (CAS) 315, which includes new and updated material about the auditor’s responsibilities and understanding of IT.

Canadian Auditing Standard (CAS) 315, Identifying and Assessing the Risks of Material Misstatement, includes requirements related to the auditor’s understanding of the IT environment and the identification of GITCs. The objective of this publication is to address common questions from auditors about GITCs in the audit of financial statements and the auditor’s responsibilities related to GITCs throughout the audit. 

The FAQs addressed in this publication will help auditors understand the:

  • Risks arising from the use of IT
  • Difference between GITCs and information processing controls
  • Evaluation of design and implementation of GITCs
  • Testing of operating effectiveness of GITCs
  • Impact of inappropriately designed or implemented GITCs or GITCs that are not operating effectively.

Note that the foundation of this FAQ is based on the Australian Auditing and Assurance Standards Board (Australian AUASB) Bulletin: ASA 315 and the Auditor’s Responsibilities for General IT Controls published in June 2022 by the Australian AUASB, and is used with permission of the Australian AUASB.