Identifying and Assessing the Risk of Material Misstatement:
ISA 315 has been revised for periods commencing on or after 15 December 2021. The key changes are
highlighted in this document.
Objective:
The objective of revisions to this ISA is to increase quality and drive more consistent and robust risk assessments, as well as promote the exercise of professional scepticism.
Overview of change for auditors:
The changes to the standard require a much more granular based risk identification and assessment process, which means that auditors will have to significantly revise their audit approach in order to meet these comprehensive requirements.
A summary of the key revisions to the standard are as follows:
- The introduction of five new inherent risk factors (subjectivity, complexity, uncertainty, change and susceptibility to misstatement due to management bias or fraud) to aid in the risk assessment.
- An introduction of a new concept of ‘spectrum of risk’ which is the degree to which inherent risk varies. This change is to assist auditors in assessing risk effectively and to ensure the audit focus is given to the areas with most inherent risk.
- The requirement for auditors to obtain a far more detailed understanding of the audited entity’s IT environment and controls, particularly IT general controls that are relevant to the preparation of the financial statements.
- The requirement for auditors to assess inherent and control risks separately rather than a combined assessment as currently allowed
- The requirement for auditors to understand more about the systems and controls relevant to the audit and perform more work on the design and implementation work required for these controls
- A new stand-back provision which requires the auditor to reconsider, when material classes of transactions, account balance and disclosure are not assessed as significant to ensure sufficient evidence is being obtained
Impact on the annual audit:
The focus on the changes to ISA 315 are designed to increase audit quality. The substantial new requirements for auditors will increase the time devoted to audit planning as teams will need to spend additional time completing the risk assessment processes. This will result in more detailed enquiries and requests of management. The new requirements involving a much more comprehensive understanding of internal controls, including those over IT, are likely to result in greater involvement from staff at the audited entity who are outside the finance team. As a firm our aim is to work closely with our clients in light of these changes and ensure that we obtain the necessary new information and audit evidence in a timely manner to ensure an efficient approach to our audit.