Audits are performed in accordance with Australian Standards on Auditing (ASA). For 31 December 2022 year-ends onwards, a significantly revised auditing standard comes into effect that will almost certainly lead to your auditor asking more questions and/or requesting additional audit evidence.
The revised ASA in question is ASA 315 – Identifying and Assessing the Risks of Material Misstatement. The Auditing and Assurance Standards Board (AUASB) describes the revised ASA 315 as being “significantly enhanced to require a more robust risk assessment process and to promote consistency in application”.
At a very high level, some of the additional audit requirements coming from the standard include:
- More detailed requirements around understanding and documenting:
o the entity;
o its environment;
o internal controls;
o the applicable financial reporting framework; and
o IT systems.
- A multi-dimensional approach required to assessing risks of material misstatement.
- A new definition of Significant Risk.
- Specific requirements to exercise and document professional scepticism.
- New ‘stand-back’ requirements to evaluate the completeness of the significant classes of transactions, account balances and disclosures at the end of the risk assessment process.
Changes to the requirements in respect of understanding and evaluating an entity’s IT environment (including general IT controls, application controls, etc.) are perhaps those that will be most obvious to entities subject to an audit. Questions, requests and procedures in respect of an entity’s IT environment and related controls are likely to be noticeably greater than in previous years. Other changes (such as those in respect of the multi-dimensional risk assessment) will require greater auditor effort but may be less obvious to the entity being audited.
The changes are significant and will undoubtedly lead to increased audit effort. Whilst audit teams will continue to make use of the latest technological tools to increase audit efficiency (analytics, automation, artificial intelligence, etc.), this is unlikely to outweigh the additional audit effort introduced from the revised ASA 315.
Although more time and effort will need to be expended by both auditors and entities subject to audit, it’s not necessarily bad news, benefits of the new requirements will include:
- A more robust risk assessment, leading to a more focused and risk targeted audit;
- Gaining a deeper understanding of an entity’s business, allowing for a more insightful and value-added audit process; and
- A greater understanding and analysis of an entity’s IT environment and associated controls, allowing for specific recommendations and observations in this increasingly critical business area.
Ultimately the changes are designed to lead to a higher level of audit quality, with a by-product of this being an opportunity for auditors to add greater value to entities through their observations and recommendations.
Contact your auditor should you have any questions or wish to learn more about the revised ASA 315 standard.