ISA 315 Revised - A Guide to Understanding the Changes in the Professional Standard

In September 2019 the International Audit and Assurance Standards Board approved revisions to ISA 315 Identifying and Assessing the Risks of Material Misstatement (“the revised standard”) The effects of these revisions will require firms to rethink their approach to risk assessment. The foundation of the audit is to identify and assess risks of material misstatement, and the revised standard now requires a more resilient and evidence based risk identification and assessment process, which also promotes improvements to the planned responses to those identified risks. The revised standard also establishes more robust requirements and appropriately detailed guidance to drive auditors to perform enhanced risk assessment procedures in a manner commensurate with the size and the nature of the entity. The revised standard focuses on enhancing the auditor’s approach to understanding the entity, its environment (including its internal control) and risk assessment activities in light of the changing environment.

Concisely, the revised standard enables the auditor to more efficiently and effectively focus on:

The revision, reorganization and enhancement of the standard intends to

• Promote consistency in the application of the risk identification and assessment process,
• Create a scalable standard based on revised principle based requirements,
• Make the standard usable by auditors through a reduction in complexity applicable to all entities,
• Stimulate a more robust risk assessment with more focused responses to the identified risks,
• Provide support for auditors using the standard via the application material, which is designed to address the evolving environment, including information technology.

Within the Inflo Digital Audit Methodology we have embedded as part of the risk assessment procedures that the auditor is required to perform, several call outs for the auditor to consider and evaluate inherent risk factors.

‍

This guide will highlight What needs to be done, Why it needs to be done and How it can be done to address the six key revisions to the standard, for which auditors will need to implement new ways of working in order to remain compliant:

NEW – Inherent risk factors

NEW – Spectrum of inherent risk concept

CLARIFICATION – Sufficient & appropriate evidence is required

FOCUS – A focus on IT

FOCUS – A focus on controls

NEW – Additional guidance on scalability

Other changes include:

·       distinguishing between direct and indirect control components

·       a more detailed, comprehensive application material

The aim of these revisions is to drive better quality and a more consistent risk assessment process, as well as encouraging the exercising of professional skepticism.

To dive deeper download our free guide: