This article provides an overview of the objectives of the International Auditing and Assurance Standards Board’s project to revise extant ISA 315 (Revised) and changes that auditors can expect to see
International Standard on Auditing (ISA) 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment (ISA 315 (Revised 2019)), was approved at the September 2019 International Auditing and Assurance Standards Board (IAASB) meeting and is effective for audits of financial statements for periods beginning on or after 15 December 2021. The changes to the requirements from extant ISA 315 (Revised) are significant.
Objectives of the ISA 315 (Revised) project
Results of the IAASB’s post-implementation review of the clarified ISAs, together with other outreach activities, indicated that revisions and enhancements were required, in certain instances, to achieve consistent and effective application of the ISAs. Extant ISA 315 (Revised) was one standard identified as requiring revision. This is a foundational standard to auditing. It contains the requirements relating to the process for identifying and assessing the risks of material misstatements (RoMM) that provide the basis for the auditor’s design and performance of further audit procedures.
Concerns noted with the current requirements of extant ISA 315 (Revised) included that several aspects were not understood by auditors and not being implemented in a consistent manner. Also, auditors were experiencing challenges from a scalability point of view, including the level of understanding of an entity’s internal controls that is necessary when the auditor does not intend to rely on the operating effectiveness of internal controls.
In September 2016, the IAASB approved the ISA 315 (Revised) project proposal to revise this standard. The objective of this project was to establish more robust requirements and detailed guidance to drive auditors to perform consistent and effective identification and assessment of RoMM.
Significant matters considered
The significant matters considered by the IAASB in revising extant ISA 315 (Revised) are discussed below.
Scalability
Scalability has been introduced into ISA 315 (Revised 2019) upfront by indicating in the introductory paragraphs that the auditor is able to apply the standard to the audits of financial statements of all entities. The application material contained in ISA 315 (Revised 2019) has been expanded to include considerations for audits of entities that are both smaller and less complex, which are those audits that typically require simpler risk assessment procedures. Examples have also been included that contrast audits of larger, complex entities so that scalability is demonstrated in both directions in relation to nature, timing and extent of risk assessment procedures.
An important point to note is that complexity is not necessarily driven by the size of an entity. Although size does matter in making this assessment, the complexity of an entity is also impacted by the nature of its operations, as well as its financial reporting. Many smaller entities have complexities in their business model and their financial reporting processes and therefore auditors may be required to perform more robust or detailed risk assessments in the audit of these smaller entities.
The auditor is required to exercise professional judgement in determining how the requirements should be scaled for a specific engagement.
Modernising the standard
In revising extant ISA 315 (Revised), the IAASB was mindful of aligning the new and revised requirements with changes to the business environment in which an audit takes place, as well as the use of technology by the auditor performing the audit. To this end, emphasis was placed on enhancing extant ISA 315 (Revised) in relation to automated tools and techniques, including data analytics in the performance of an audit. Examples are now provided in the application material, which aim to provide clarity on the circumstances under which the auditor might make use of automated tools and techniques.
Professional scepticism
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (ISA 200), requires the auditor to plan and perform the audit with professional scepticism, recognising that circumstances may exist that cause the financial statements to be materially misstated. The importance of the appropriate exercise of professional scepticism during the performance of an audit has been emphasised in the introductory paragraphs to ISA 315 (Revised 2019).
Guidance has also been included in the application material for the auditor to frame their judgements when performing risk assessment procedures, with the aim of enhancing the auditor’s exercise of professional scepticism. ISA 315 (Revised 2019) now also contains specific examples of where the engagement team may have the opportunity to exercise professional scepticism in the identification and assessment of risks.
Iterative nature of the standard
Although the ISAs are written in a linear manner, many requirements of ISA 315 (Revised 2019) are interrelated and therefore often performed by auditors in an iterative manner. For example, in looking at the risk assessment process, this is not performed once off but is rather affected by different stages of the audit. To emphasise the iterative nature of the standard, introductory paragraphs have been included in ISA 315 (Revised 2019) that provide a summary of the flow of the auditor’s risk assessment process. The IAASB has also developed flowcharts that provide a visual representation of how ISA 315 (Revised 2019) should be applied, which further aim to demonstrate the iterative nature of the requirements.
New concepts and clarifying existing concepts to enhance the risk assessment process
In revising ISA 315 (Revised), the requirements contained in the extant standard were used as the basis for the redrafting and new concepts added to clarify the requirements and the intended application thereof. The significant new concepts that have been introduced include:
Inherent risk factors, described as characteristics that affect susceptibility of an assertion about a class of transactions, account balance and disclosure to misstatement. The introduction of inherent risk factors is intended to assist the auditor in focusing on aspects that affect an assertion’s susceptibility to misstatement.
Significant class of transactions, account balance and disclosure, and their relevant assertions. This is applicable where there are one or more relevant assertions. An assertion about a class of transactions, account balance and disclosure is relevant when it has an identified RoMM. The introduction of the concept of a significant class of transactions, account balance and disclosure is intended to provide clarity in terms what is required of the auditor in obtaining an understanding of the information systems, as well as to clarify the scope and extent of the auditor’s response to the assessed RoMM.
Spectrum of inherent risk factors, being a framework for the auditor’s consideration of the likelihood and magnitude of possible misstatements. The spectrum of inherent risk factors can also be described as the degree to which inherent risk varies. This concept was introduced to facilitate greater consistency in the identification and assessment of RoMM.
A requirement for the separate assessment of inherent risk and control risk. This was introduced to prevent the auditor from taking controls into account when assessing inherent risk.
The introduction of the stand-back provision, which intends to drive an evaluation of the completeness of the significant classes of transactions, account balances and disclosures identified by the auditor, which in turn confirms the completeness of the identification of RoMM.
In summary
Although ISA 315 (Revised 2019) is only effective for 2022 financial year-ends, the changes to this foundational standard will impact the manner in which auditors perform the risk assessment process. Auditors are urged to familiarise themselves with the revised requirements to ensure a smooth transition to implementing the revised standard.
AUTHOR | Hayley Barker Hoogwerf CA(SA) is Project Director: Assurance, Audit and Assurance at SAICA
