In Australia, audit procedures are governed by the directives outlined in the Australian Standards on Auditing (ASA) as set by the Australian Auditing Standards Board (AUASB). These auditing standards are developed by the AUASB using the standards issued by the International Auditing and Assurance Standards Board (IAASB), as appropriate, to strengthen confidence in the assurance provided by audit and assurance engagements undertaken by your audit service provider.
These standards have a legislative mandate under the ASIC Act and the Corporations Act – they therefore have the force of law.
While revisions to standards frequently occur, a recent revision of ASA 315 Identifying and Assessing the Risks of Material Misstatement has brought about some significant changes (and some key clarifications) affecting the extent of procedures and the depth of responsibilities of auditors.
This Standard is more robust than ever and has been revised to elevate the efficacy of our audit procedures – the aim being to strengthen the risk assessment process and improve the quality and relevance of audit evidence. This in turn engenders a higher level of thoroughness when evaluating the risk of material misstatement in relation to the financial report (or relevant financial information) being in the scope of the audit.
The Standard is mandatory and effective for all audits of reporting periods on or after 15 December 2021.
One of the reasons for this revision is a reflection of modern times – a significant volume financial transactions and activities are now conducted electronically, and IT systems play a critical role in processing, storing, and transmitting financial data. As a result of this changing environment, auditors must have, for example, a better understanding of the client’s IT systems and controls, and how they impact the financial statements / financial information.
As an overview, some of the key audit requirements coming from the Standard are considered below:
- More detailed requirements and enhanced documentation around understanding:
- the entity;
- its environment;
- its internal controls;
- the applicable financial reporting framework; and
- its IT systems
- A multi-dimensional approach is required to assessing risks of material misstatement.
- A new definition of “Significant Risk”.
- Specific requirements to exercise and document professional scepticism.
- New ‘stand-back’ requirement requiring the Lead Audit Engagement Partner to evaluate the completeness of the significant classes of transactions, account balances and disclosures at the end of the risk assessment process.
The Standard has also introduced the following new concepts and definitions:
- Significant classes of transactions, account balances and disclosures and ‘relevant assertions’ – To assist with the identification and assessment of the risks of material misstatement.
- Spectrum of inherent risk – To assist the auditor in making a judgement, based on the likelihood and magnitude of a possible misstatement, on a range from higher to lower, when assessing risks of material misstatement.
- Inherent Risk Factors – Focus on the susceptibility of assertions to misstatement. These include complexity, subjectivity, change, uncertainty or susceptibility to misstatement due to management bias or other fraud risk factors.
What does that mean for you, and your audit?
With the implementation of the revised ASA 315, you can expect your auditor to engage in more robust discussions and most likely conduct additional audit procedures and request further audit evidence.
This updated Standard places a stronger emphasis on identifying and evaluating potential errors – the level of work needing to be performed by your auditor therefore will very much increase compared to prior years.
We further explore the key areas of the Standard’s focus below.
Increased focus on understanding the entity and its environment:
Auditors are now expected to obtain a deeper understanding of an entity’s operations and financial reporting. This requires looking into several areas such as the business’ internal controls, financial reporting guidelines, and technological systems. The update recognises the complexity of business environments and calls on auditors to take these aspects into consideration to be able to provide a more reliable and robust opinion on the financial statements.
Auditors are now required to understand the organisation’s industry, competition, market performance, and internal control efficacy. They also need to understand how the business’ technological systems affect its financial reporting and how accounting principles and estimates are being used by Management while preparing financial statements.
Professional Scepticism and Documentation:
A cornerstone requirement for Auditors, the revised standard introduces stricter requirements for practicing and recording professional scepticism. This is a crucial mindset for auditors in the financial world. It entails maintaining a critical and vigilant approach during audits, questioning information, and assumptions. Additionally, auditors are obligated to thoroughly document their audit procedures, observations, and conclusions. This documentation serves as tangible evidence of the careful and cautious approach taken during the audit process, ultimately contributing to the accuracy and credibility of financial reporting.
Enhanced and consideration of the susceptibility to fraud risks:
The revised standard wants auditors to be more thorough in their understanding of the entity’s inherent risk factors. They must understand and consider an entity’s susceptibility to risk of fraud and the impact this may have on the risk of material misstatement in financial statements. Auditors must consider the possibility of fraud at every stage of the audit process, from planning to conclusion. Consideration of such factors are therefore qualitative and quantitative and include complexity, subjectivity, change, uncertainty or susceptibility to misstatement due to management bias or other fraud risk factors insofar as they affect inherent risk.
This will involve more extensive testing and investigation, which can increase the workload and complexity of the audit.
Assessing the IT environment, IT systems and controls:
The revised standard places greater importance on the role of the information technology (IT) environment including systems and controls in financial reporting. Auditors must now have a greater understanding of the client’s IT systems and controls, and how they impact the financial statements. This includes understanding how the client uses IT systems and what data is processed and stored in these systems. This will also include the hardware, software, and network infrastructure that supports financial reporting. Additionally, auditors must also consider the impact of IT on other audit areas, such as revenue recognition, inventory valuation, and accounts payable and receivable. For example, IT systems may automatically record transactions, which can affect the accuracy and completeness of financial data.
These changes will require more time, effort and resources from your audit team needing to identify IT related risks, any controls and the testing of these as appropriate. You will, for example, notice the involvement of an IT specialist as part of the audit team to enable the auditor to meet these obligations under the Standard.
Redefined Significant Risk:
The current change in the Standard has also resulted in a redefining of “Significant Risk,” which emphasises the identification of risks that are of the highest priority and require a thorough review. These are the risks that auditors pay additional attention to and carefully review since they have the potential to significantly affect the reliability and accuracy of financial information.
This assessment of significant risk means auditors are required to have a better understanding of the entity and it’s environment to be able to identify and act upon this new risk categorisation.
A Comprehensive ‘Stand-Back’ Evaluation:
The Standard now asks auditors to take a step back and look at the bigger picture once they have completed assessing the risks. Auditors are required to ensure that all the important transactions, amounts in accounts, and information given out are complete and nothing’s missing. This helps catch any potential gaps or errors that might affect the risk of material misstatement in financial reports.
In Summary…
In light of the revised ASA 315, organisations and those charged with their governance should ready themselves for an increase in auditor engagement, particularly concerning enquiries and documentation across all financial statement areas, and particularly in areas such as IT.
While this change inevitably means additional demands on time, resources, and therefore costs, the ultimate goal is to enhance the quality of audits, and as the Standard’s name suggests, evaluate the risk of material misstatements to a heightened level.
A direct outcome of this is the opportunity for auditors is to add greater value to entities through their observations and recommendations whilst enabling those charged with the governance (Management, Directors, etc) to better meet their obligations in providing financial information that is reliable and free from material misstatement to their stakeholders.
If you have any queries in relation to these changes don’t hesitate to contact your client manager to discuss.
Author: Kamal Thakkar
*Correct as of 31 August 2023
*Disclaimer – this article has been produced by Kreston Stanley Williamson as a service to its clients and associates. The information contained in the article is for general comment only and is not intended to be advice on any particular matter. Before acting on any areas contained in this article, it is imperative you seek specific advice relating to your particular circumstances. Liability is limited by a scheme approved under professional standards legislation.