As they currently stand, the proposals – intended to update ISA 315, Identifying and Assessing the Risks of Material Misstatement – will cause all sorts of problems. In particular, ICAEW is concerned about the scalability of the proposals to a wide range of sizes and complexity of audits but especially to the smaller end of the audit market.
In its response to the IAASB’s consultation, ICAEW warns that this scalability issue risks not only alienating smaller businesses from remaining in the audit process but also national standard-setters.
“If the IAASB wants to avoid the slow abandonment of international standards of auditing (ISAs) for SMEs at a national level, it will need to do more to make this standard genuinely scalable for smaller entities,” says Katharine Bagshaw, ICAEW manager, auditing standards.
“The belief that standard-setters don’t need to concern themselves with smaller audits is wrong and short-sighted.”
She warns that the proposals are “cumbersome, over-engineered, and written as if they were to be used as a methodology”. This is inappropriate for a supposedly principles-based standard.
As a result, they are likely to lead to confusion and inconsistency of interpretation – not an outcome that is in the public interest.
Bagshaw points out that the changes also matter because ISA 315 is the auditing standard from which all other auditing standards flow. As all ISAs are now risk-based, the effects of the proposed revisions will be “far-reaching”.
ISA 315 has not been revised since 2003 and needs updating to take into account the changes in the business and auditing environment.
Among the key proposals are five new inherent risk factors – subjectivity, complexity, change, uncertainty and susceptibility to misstatement due to management bias or fraud – to be considered in risk assessment, and a new spectrum of risk.
There is a new requirement for “sufficient [and] appropriate” evidence to be obtained from risk assessment procedures as the basis for the risk assessment, a separation of inherent and control risks and a focus on IT, especially IT general controls.
ICAEW says that there are elements among the proposals that it supports, including the introduction of the spectrum of risk, the updated definition of a significant risk and clarification about which controls are relevant to the audit.
But it comes back to the problems that the proposals engender. “We are particularly concerned that the risk assessment process will be exceptionally difficult to navigate without the relevant flowchart, regardless of the size of the audit and that of itself demonstrates the need to revisit the text as a whole. More work is needed to render the proposals more concisely,” Bagshaw says.
The IAASB is intending to finalise these proposals in June next year. This, ICAEW says, is ambitious, given the likely pushback from commentators.
It suggests that if the proposals are finalised too soon, a number of national standard-setters will come under increasing pressure to develop their own auditing standards, particularly for the audit of smaller entities.
“This would mean IAASB would lose its status as the global auditing standard-setter, a highly undesirable outcome,” it says.
“We note the millions companies, many of the small businesses, affected by these proposals and we strongly urge IAASB to take the time necessary to get this linchpin ISA right, rather than consigning the world’s companies and their auditors to consequences of excessive haste for years to come.”
The deadline for comments on the consultation was 2 November.