The International Audit and Assurance Standards board approved major changes to the ISA 315 which will affect the audits of financial periods beginning on or after 15 December 2021 and revises the way auditors assess risk.
The foundation of an audit not only provides credibility to a set of financial statements but also helps improve the company’s internal control and systems. The revised standard is designed for auditors to meet the challenges of an evolving business environment and relates to how risk is identified and assessed as part of the audit, ensuring integrity and financial reliability.
Randall & Payne’s mission is to “make your success our priority” so our audit team proactively worked together to recognise how this revision related to our audit work and our clients. The answer to these points will be covered through looking at the implementation of this standard from the perspective of an Audit Manager and an Audit Senior.
INSIGHTS OF AN AUDIT MANAGER – Process Implementation
To ensure we were ready for this significant revision, we implemented a three-stage process and a separate internal project team. The project was led by Audit Manager Tom Bayliss and involved the following:
- Technical presentations provided by the ICAEW and other third parties were attended by audit managers to gain a thorough understanding of the revisions required and the impact this will have on the audit methodology applied at Randall & Payne. This was supported by a review of various technical papers and guidance.
- Updates to the Randall & Payne audit methodology and templates were developed and internal training sessions held to re-iterate the importance of these revisions, including discussing these changes with our client base.
- Piloting of the audit templates was undertaken before releasing the changes to our full client base.
The main impact on our audit approach was as follows:
- Renewed risk assessment process with a focus on inherent risk factors.
- Considering risks on a spectrum, rather than grouping as high, medium & low.
- Increasing focus on internal controls deemed key to the audit and IT environments.
What does this mean for our clients? With the implementation of ISA (UK) 315 revised our clients can expect:
- Increased time being invested at the audit planning phase.
- Additional audit time applied to understanding your IT environment.
- Changes to the presentation of your audit planning and findings reports in regard to risk classification as well as potential for new and amended risks being scoped into the work.
INSIGHTS OF AN AUDIT SENIOR – Practical Example
We now scale audit risks in a spectrum, providing more room for discussions within the team and moving away from a binary approach to risk classification (High, medium, low).
Practically, we utilise spectrum diagrams as a useful means by which to plot these risks giving a more visual approach to the planning process. This also allows for fluidity of changes, as risks may move on the spectrum as the audit team discusses and assesses the risks identified whilst conducting the audit work.
Our approach was recently implemented on a large Group audit, where the audit team identified a wide range of risks surrounding the client and developed the most direct approach to tackling these risks in an efficient manner. The increased level of discussion within the team was excellent and allowed for further development of ideas and feedback.
We also placed more focus on the client’s IT environment. The starting point for this is an IT questionnaire which we developed as a team, allowing us to gain greater knowledge on how their IT systems work, and where complexities arose, we could consider this in our risk assessment and audit approach.
The assessment of risks was considered throughout the audit to completion and reporting to management. Through using the updated methodology, we were able to give greater insight into the risks, resulting in more meaningful and deeper discussions with management and directors who were very satisfied with our work.
The revision to ISA (UK) 315 impacts all audit engagements. Although it will increase efforts required from both auditors and our clients, it will allow for more targeted and tailored audit testing to be undertaken.