Introduction

The International Audit and Assurance Standards Board (IAASB) has significantly updated ISA 315, with revisions effective for audits of financial statements for periods beginning on or after 15 December 2021​¹​​²​. These changes mark a pivotal shift in audit practices, particularly in risk assessment and the approach to internal control, affecting firms of all sizes in the UK and globally​³​.

Key Changes to ISA 315

1. New Inherent Risk Factors

The revision introduces five inherent risk factors: subjectivity, complexity, uncertainty, change, and susceptibility to misstatement due to management bias or fraud​¹​​³​. These new factors enable auditors to perform more nuanced and informed risk assessments.

2. Spectrum of Risk

A new risk spectrum highlights significant risks at the higher end, guiding auditors to concentrate on areas with the most considerable potential impact​¹​​³​.

3. Emphasis on Evidence in Risk Assessment

The revisions underscore the need for “sufficient, appropriate” evidence from risk assessment procedures, underlining the importance of robust evidence gathering​¹​​³​.

4. Greater Focus on IT Controls

Reflecting the increasing role of technology, there is a stronger emphasis on understanding and evaluating IT general controls within the audit process​¹​​³​​⁴​.

5. Enhanced Controls Relevance and Design

The standard now places greater importance on controls relevant to the audit and on the design and implementation work associated with them​¹​​³​.

6. Adjusted Approach for Smaller Entities

Smaller entities’ considerations have been integrated into the main text, highlighting the importance of consistent application across all audits​¹​​³​.

7. Distinct Assessments for Inherent and Control Risk

The revised standard requires separate assessments for inherent and control risk, moving away from the previously permitted combined assessment​¹​​³​.

8. Clarification of Control Components

There is now a clearer distinction between direct and indirect control components, offering a more structured framework for evaluating controls​¹​​³​.

9. Stand-Back Requirement

A new requirement mandates reconsideration when material transactions, account balances, and disclosures are not deemed significant, ensuring a thorough evaluation of risks​¹​​³​.

Implications for Audits in the UK

The implications of these revisions are profound for UK audits. Firms must invest in understanding and implementing these changes to maintain compliance and audit quality. The revisions aim to promote more consistent and high-quality risk assessments, ultimately strengthening the audit process by fostering professional scepticism​³​.

FAQs

Q: When did the revised ISA 315 become effective? A: The revised ISA 315 became effective for audits of financial statements for periods beginning on or after 15 December 2021​²​.

Q: What are the new inherent risk factors introduced in the revised ISA 315? A: The new inherent risk factors are subjectivity, complexity, uncertainty, change, and susceptibility to misstatement due to management bias or fraud​¹​.

Q: How has the approach to IT controls changed in the revised ISA 315? A: There is a significant emphasis on IT, particularly IT general controls, requiring auditors to have a comprehensive understanding and evaluation of these controls within financial systems​⁴​.

Q: What does the stand-back requirement entail in the revised ISA 315? A: The stand-back requirement entails a reassessment when material classes of transactions, account balances, and disclosures are not assessed as significant, ensuring all potential risks are considered​³​.