IAASB Main Agenda (June 2018) Agenda Item

Transcription

1 Agenda Item 3 Objective f the IAASB Discussin ISA 315 (Revised) 1 Issues and Recmmendatins The bjective f this agenda item is t present the final prpsed changes t ISA 315 (Revised), with cnfrming amendments, fr apprval, as set ut in -A (Intrductry Paragraphs and Requirements), 3-B (Applicatin and Other Explanatry Material, and Appendices) and 3-C (Cnfrming Amendments). I. Structure f this Paper and Frmat f the IAASB Discussin 1. This paper sets ut the ISA 315 Task Frce s (the Task Frce ) views abut prpsed changes t ISA 315 (Revised) Expsure Draft (ED). 2. This Agenda Item is set ut as fllws: (a) (b) Sectin II Describes the verarching cnsideratins related t the revisins t the standard as a whle. Sectin III Describes the substantial changes that have been made since March 2018, and the Task Frce s cnsideratins abut varius matters raised fr further discussin. The prpsed changes t ISA 315 (Revised) have been presented in: A: prpsed changes t the requirements, revised fr cmments frm the March 2018 and May 2018 IAASB discussins (marked t extant ISA 315 (Revised). 2 B: prpsed changes t the applicatin and ther explanatry material, revised fr cmments frm the March 2018 IAASB discussins (marked t extant ISA 315 (Revised)). D: prpsed changes t requirements at June 2018 marked t March 2018 (fr reference nly) -E: prpsed changes t applicatin material at June 2018 marked t March 2018 (fr reference nly) (c) Sectin IV Describes the Task Frce views abut the cnfrming amendments arising frm prpsed changes t ISA 315 (Revised) ( C: sets ut the prpsed cnfrming and cnsequential amendments, revised fr cmments frm the May 2018 Bard discussins). At the Bard meeting, after cvering the general matters set ut in sectin II f this paper (and related questins), the Task Frce Chair will walk thrugh the requirements by sectin, tgether with related applicatin material. The Cnfrming Amendments will be discussed after cmpletin f the requirements and applicatin material. 1 Internatinal Standard n Auditing (ISA) 315 (Revised), Identifying and Assessing the Risks f Material Misstatement thrugh Understanding the Entity and Its Envirnment 2 Supplemental Agenda Items, Prpsed ED marked t March 2018, will als be prvided. Prepared by: Bev Bahlmann and Phil Minnaar (May 2018) Page 1 f 38

2 Hw the Prpsed Changes t ISA 315 (Revised) Address Key Matters f Public Interest and Enhance Audit Quality 3. The fllwing sets ut the key public interest matters that, in the view f the Task Frce, have been prpsed t address the key public interest matters highlighted in the prject prpsal: Key Public Interest Matter 3 Enhancing the auditr s apprach t risk assessment in recgnitin f an evlving envirnment: Well infrmed risk assessment critical t audit quality Understanding what can g wrng and fcusing the auditr s wrk effrt n thse areas Recgnizing evlving envirnment, including the entity s and auditr s use f technlgy (fr example specifically addressing using data analytics fr risk assessment prcedures) Clarifying when cntrls are relevant t the audit Risk assessments need t be mre rigrus and mre cmprehensive Perfrming risk assessment prcedures specific t the entity t supprt apprpriate verall respnses, and further audit prcedures t address the assessed risks f material misstatement Descriptin f Changes made t address identified issues Enhanced requirements and applicatin material related t the auditr s understanding f the entity and its envirnment and its applicable financial reprting framewrk Enhanced requirements and applicatin material related t the auditr s understanding f the system f internal cntrl, including when cntrls are relevant t the audit and the related wrk effrt t btain the understanding Clarificatin f the auditr s requirements relating t identifying and assessing the risks f material misstatement, including clarificatin f the cncept f significant risk Relevant paragraph in this Agenda Item explaining changes, with relevant reference t requirements and applicatin material Paragraphs Data analytics paragraphs 19-21; Appendix 3, Table 4 Paragraphs Paragraph and definitin f internal cntrl 3 As nted in the Prject Prpsal fr the revisins f ISA 315 (Revised) Page 2 f 38

3 Key Public Interest Matter 3 Clarifying significant risks s that they are mre cnsistently identified Clarifying the relatinship between risk assessment and estimatin uncertainty, cmplexity and judgment, and management bias. Emphasis n cnsideratins fr auditing smaller and less cmplex entities Develping cnsideratins relevant t public sectr entities Enhancing the applicatin f prfessinal skepticism Identifying and prpsing cnfrming and cnsequential amendments t ther ISAs Determining whether nnauthritative guidance r ther supprt tls are needed. Descriptin f Changes made t address identified issues The Task Frce has cntinued t fcus its effrts n scalability f the standard. Enhancing the cnsideratins fr auditrs with a brader public remit Enhancements t drive mre skeptical behavir Relevant paragraph in this Agenda Item explaining changes, with relevant reference t requirements and applicatin material Paragraphs 10-13; Appendix 3, Table 1 Paragraphs 16-18; Appendix 3 Table 3 Paragraphs 22-23; Appendix 3, Table 5 Paragraphs Paragraphs In its utreach effrts the Task Frce cntinues t hear that mre is needed in rder t implement the changes effectively. In wrking thrugh the changes t the standard, and taking int accunt the feedback frm the Bard, the ISA 315 Task Frce cntinues t cnsider whether additinal nn-authritative guidance shuld be develped (e.g., an Internatinal Auditing Practice Nte, a Staff Questins and Answers (e.g., setting ut the specific scalability paragraphs within the standard), r a publicatin with the flwcharts described in paragraph 5). In additin t the nature and cntent f further guidance, the Task Frce will als need t cnsider the timing f this as well as wh will develp the material. 5. In the March 2018 IAASB discussins, and in light f the need fr mre regarding implementatin f the changes, the Bard cntinued t emphasize the need fr flwcharts r decisin trees, as it was nted that the linear rder f the requirements and applicatin material culd still be cnfusing, and that the iterative and interactive nature f the varius aspects f the standard may nt be readily understandable. The Task Frce has therefre develped several flwcharts, which can be fund in Appendix 4, 4 as fllws: 4 Appendix 4 t be psted as a supplement t the Agenda Paper after the main psting. Page 3 f 38

4 (a) (b) Flwchart A illustrates the flw f the verall standard. Flwchart B illustrates hw the auditr s understanding f the entity s system f internal cntrl is btained. 6. As it has prgressed the changes thrughut the prcess t develp the prpsed changes t ISA 315 (Revised), the Task Frce has cntinued its utreach with grups representing a wide range f stakehlders, including with the Frum f Firms, the Internatinal Federatin f Accuntants Small and medium practices Cmmittee, natinal standard-setters and the Internatinal Frum f Independent Audit Regulatrs Standards Crdinatin Wrking Grup (IFIAR SCWG). Appendix 1 sets ut upcming planned utreach befre the Bard discussins in June The Task Frce s member activities als included utreach and crdinatin with ther IAASB Task Frces r Wrking Grups, including the ISA 540 Task Frce 5 and Data Analytics Wrking Grup. Further discussin regarding the crdinatin with the ISA 540 Task Frce can be fund in paragraph The revisins as set ut in Agenda Items 3-A and 3-B reflect significant input frm a firm infrmatin technlgy (IT) specialist. 6 In additin, the prpsals have been reviewed by thers wh are als specialists in IT matters, and accrdingly the changes prpsed in respect f IT reflect the brader views f thse invlved with prviding input t this prject. II. General Matters Relating t the Prpsed Changes in ISA 315 (Revised) 8. In cnsidering the changes relating t the verall presentatin f the standard, changes have been made t restructure varius aspects (which are explained further in this paper), as well as making sure that there is cnsistency in the way that the varius aspects are presented. In additin, the Task Frce has cnsidered whether any f the applicatin material is superfluus, and has agreed that tw further paragraphs be mved t the Appendices, 7 because althugh helpful fr the auditr s understanding f the relevant matters, it is nt seen t be essential material fr the implementatin f the requirements. In wrking thrugh the requirements and applicatin material the Task Frce has als made editrials fr clarity r understandability as necessary. 9. The fllwing describes public interest matters that are applicable t the standard mre pervasively. Scalability f ISA 315 (Revised) 10. The Task Frce cntinues t recgnize the need fr balance in the standard, by prviding sufficient guidance fr entities f all sizes t be able t effectively apply the ISA while keeping in mind the purpse f the applicatin and explanatry material in the internatinal standards. 11. As nted in the Appendix f Agenda Item 1 frm the May 2018 Bard Telecnference, the Task Frce cntinued t cnsider hw t illustrate the scalability f the requirements by prviding guidance within the standard fr this purpse, t enable the standard t be applied t a wide variety f entities with different circumstances and cmplexities. 5 ISA 540 (Revised), Auditing Accunting Estimates and Related Disclsures 6 The firm IT specialist has a brad range f IT and auditing expertise, and is well versed in cntent f the ISAs, COSO 2013 and COBiT 7 Extant paragraphs A63 (re IT benefits) and A89b (re business risks arising frm IT) Page 4 f 38

5 12. Based n the fcused effrts f the Task Frce, further changes t the applicatin and ther explanatry material have been prpsed as fllws: (a) (b) (c) The Task Frce has agreed that the term small- and medium-sized entities is nt the nly driver f scalability, and has agreed that cmplexity is als key t scalability. Accrdingly, the Task Frce has agreed t describe matters f scalability as relating t smaller and less cmplex entities. The Task Frce debated whether the term shuld be smaller and less cmplex, r smaller r less cmplex, because there culd be medium t large sized entities that were less cmplex and wuld therefre find the guidance helpful. On balance thugh, the Task Frce agreed that using the term smaller wuld be relative in different jurisdictins (i.e., judgment wuld be required abut hw t apply this) and cnsistent with the descriptin f smaller entity in ISA Of imprtance was adding an explicit reference t cmplexity, and therefre by using the term smaller and less cmplex this captured the intended types f entities. Further prpsed editrial changes have been cnsidered within the examples and illustratins thrughut t cnvey different cmplexities and sizes. The placement f matters related t scalability (i.e., fr thse entities that are smaller and less cmplex) have been advanced t the start f sme sectins s that auditrs in a smaller and less cmplex envirnment are able t better cnsider the material that fllws in cntext. 13. Appendix 3, Table 1, sets ut the paragraphs that in the Task Frce s view demnstrates scalability. Matter fr IAASB Cnsideratin 1. The IAASB is asked whether the changes made relating t scalability, as explained in paragraphs 10 t 13 abve, will adequately illustrate hw the standard is scalable in a wide variety f circumstances. Are there ther changes that shuld be made? 2. What are the Bard s views abut matters relating t further implementatin supprt fr the prpsed changes (as set ut in paragraphs 4 5), and what is the nature f such implementatin guidance? Fraud 14. Sme Bard members and the Public Interest Oversight Bard representative emphasized the need t further cnsider hw the auditr s cnsideratins abut fraud were presented in ISA 315 (Revised), but the Task Frce was als cautined t nt cause cnfusin with the fraud requirements in ISA In additin t adding an explicit reference t fraud in the definitin f inherent risk factrs, (see paragraph 4cb f ISA 315 (Revised)) the Task Frce has cnsidered the extent f current references t fraud r ISA in prpsed ISA 315 (Revised). Appendix 3, Table 2, sets ut the specific references t fraud r ISA 240 in ISA 315 (Revised). Ntwithstanding an explicit reference t fraud as an inherent risk factr, the Task Frce believes that the magnitude f these references apprpriately underscre the imprtance f the cnsideratin f fraud when identifying and assessing risks f material misstatement in accrdance with ISA 315 (Revised). Accrdingly, with the exceptin f changes t paragraphs A1b, A21, A49h, A89a and A100f in ISA 315 (Revised), the Task Frce des nt prpse further changes t emphasize 8 ISA 200, Overall Objectives f the Independent Auditr and the Cnduct f an Audit in Accrdance with Internatinal Standards n Auditing, paragraph A66 9 ISA 240, The Auditr s Respnsibilities Relating t Fraud in an Audit f Financial Statements Page 5 f 38

6 fraud in ISA 315 (Revised), in particular in light f the rbust requirements and guidance set ut in ISA 240. Matter fr IAASB Cnsideratin 3. The IAASB is asked, based n the explanatin in paragraphs 14 t 15 abve, whether further changes in respect f the auditr s cnsideratin f fraud in ISA 315 (revised) is needed? Cnsideratins Specific t Public Sectr Entities 16. The Task Frce has agreed that the separate paragraphs relating t cnsideratins specific t public sectr entities shuld be retained due t the brader remit f sme public sectr audits and the unique nature f sme aspects f these entities, with further cnsideratin given t whether any additinal cnsideratins shuld be added. 17. The Chair f the Task Frce and Staff held a telecnference with representatives frm the Internatinal Organisatin f Supreme Audit Institutins (INTOSAI) Financial Audit and Accunting Sub-Grup (FAAS) in May 2018 t discuss whether extant references t public sectr perspectives in the applicatin and ther explanatry material f ISA 315 (Revised) remain relevant and apprpriate. In additin, matters included in ISSAI 10 Practice Nte 1315 this practice nte prvides supplementary guidance t auditrs f public sectr entities n the applicatin f ISA 315 (Revised) were als discussed fr further cnsideratin f including these matters in the ISA. The Task Frce has therefre prpsed additins r amendments t public sectr specific paragraphs f the standard. The cntent f these paragraphs has als been reviewed by a representative f the INTOSAI FAAS. 18. Appendix 3, Table 3, sets ut the supplementary explanatry material prvided in respect f public sectr audits. Data Analytics 19. At the March 2018 IAASB meeting, the Bard expressed mixed views n whether an explicit reference t data analytics in the standard is apprpriate. In further cnsidering this, the Task Frce retains the view that the term data analytics is ptentially t narrw, has different meanings t different peple and may nt therefre encmpass all the varius frms f emerging technlgies that may be used in perfrming audit prcedures and that are brader than analytics (such as rbtics and drnes). The Task Frce refers t these types f technlgies, cllectively with data analytics, as autmated tls and techniques. The Task Frce als highlighted that the fcus in the prpsed standard shuld be n gathering sufficient apprpriate audit evidence, and nt n being prescriptive r limiting in terms f hw that evidence is necessarily btained. The Task Frce still recgnizes that references t hw audit evidence is btained, i.e., using autmated tls and techniques, is essential t understanding hw t apply the requirements. The Task Frce als ntes that the use f these autmated tls and techniques have brader implicatins fr ther ISAs, especially (but nt limited t) ISA 500, ISA 520 and ISA 530. Accrdingly the Task Frce cntinues t have the view that the terms fr such tls and techniques shuld nt be definitively described by the wrk n this prject alne. 20. Ntwithstanding the Task Frce s views described in the preceding paragraph, the Task Frce als recgnizes the view, as als expressed by the Public Interest Oversight Bard bserver, that the 10 The Internatinal Standards f Supreme Audit Institutins Page 6 f 38

7 term data analytics is being widely used tday and is generally understd t apply in a brader sense than the term may strictly therwise suggest. The Task Frce has therefre acknwledged in the prpsed changes that data analytics is a pssible term that may describe the types f prcedures being perfrmed using autmated tls and techniques. 11 In additin, the Task Frce has recnsidered the prpsals made in March 2018 t mre fully describe the types f autmated tls and techniques used, rather than attempting t label such prcedures (which may be seen as a definitin and may have unintended cnsequences) Appendix 3, Table 4, sets ut the paragraphs where references are made t autmated tls and techniques (including data analytics). Prfessinal Skepticism 22. The Task Frce has recnsidered hw the standard has been revised t drive mre skeptical behavir. The Task Frce is f the view that n further enhancements are necessary, and that the standard reflects sufficient encuragement fr the exercise f prfessinal skepticism when identifying and assessing the risks f material misstatement. 23. Appendix 3, Table 5, sets ut the relevant paragraphs relating t the auditr s prfessinal skepticism. Matter fr IAASB Cnsideratin 4. Des the IAASB believe, based n the explanatin set ut in paragraphs 16 t 23 abve, that changes made in respect f the public sectr cnsideratins, data analytics and prfessinal skepticism are adequately addressed in the prpsed changes? III. Specific Matters Relating t the Prpsed Changes in ISA 315 (Revised) 24. This sectin describes significant changes made t the requirements, and applicatin and ther explanatry material, since the March 2018 Bard Agenda Papers. Intrductry Paragraphs (Requirements: paragraphs 1A 1G f ISA 315 (Revised) 25. At the March 2018 IAASB meeting, the Task Frce prpsed and presented t the Bard the inclusin f intrductry paragraphs t ISA 315 (Revised). The Bard supprted the inclusin f intrductry paragraphs; hwever, cncerns were expressed that these paragraphs were t cmplex and repetitive, and mrever, the paragraphs did nt address key public interest matters such as the auditr s cnsideratin f fraud and the use f data analytics (an example f emerging develpments in the use f technlgy in the perfrmance f audit prcedures, which we nw refer t mre generally as autmated techniques and tls (see paragraph 19 abve)). In additin, incnsistencies with the language in extant ISAs and the mst recent draft f ISA 540 (Revised) were nted The Task Frce agreed that it was imprtant t intrduce key cncepts in these intrductry paragraphs, including describing the spectrum f inherent risk, t help with the understanding f the standard. T 11 See ISA 315 (Revised), paragraph A16a 12 See ISA 315 (Revised), paragraph A16a fr an example 13 The Task Frce cntinues t crdinate with the ISA 540 Task Frce t align the language as much as pssible. As further changes are made t ISA 540 (Revised), the ISA 315 Task Frce will further cnsider whether changes need t be made t ISA 315 (revised), r whether further cnfrming amendments will be needed. Page 7 f 38

8 address cncerns by the Bard, the Task Frce has revised these paragraphs, keeping in mind that it is imprtant t capture the key principles in a clearer and mre succinct manner, whilst still using language that is cnsistent with ther ISAs. Because f the nature f the intrductry paragraphs, and in keeping them fcused n key cncepts in ISA 315 (Revised), the Task Frce did nt believe that autmated tls and techniques (data analytics) shuld be included, as these wuld apply t the ISAs mre bradly. Definitins 27. The Bard indicated general supprt fr the new and revised definitins during the March 2018 meeting and the May 2018 Bard call, with the exceptin f thse described belw and where changes have been made. 28. Althugh Bard members had cmmented n sme f the ther definitins, such as cntrls, relevant assertins and the significant accunt threshld (reasnable pssibility and mre than remte), the Task Frce has further cnsidered whether changes shuld be made, but agreed that n balance n further changes were needed t the definitins. Applicatin Cntrls (Definitin: paragraph 4(a) f ISA 315 (Revised)) 29. In respnse t Bard cmments during the May 2018 Bard call, the definitin has been updated t include the rle f applicatin cntrls t supprt the entity s ability t maintain the cmpleteness and accuracy f infrmatin in the entity s infrmatin system. Assertins (Definitin: paragraph 4(aa) f ISA 315 (Revised); Applicatin Material paragraph A0d A0g f ISA 315 (Revised)) 30. Cncern was expressed at the March 2018 IAASB meeting that the definitin f assertins still didn t distinguish management s assertins frm management representatins in accrdance with ISA Further revisins t the definitin f assertin have been prpsed t make clear that the assertins fr the purpses f the ISAs are inherent in management s representatin that the financial statements have been prepared in accrdance with the applicable financial reprting framewrk, and are nt necessarily made explicitly. Inherent Risk Factrs (IRFs) (Definitin: paragraph 4(cb) f ISA 315 (Revised); Applicatin Material paragraph A0d A0g f ISA 315 (Revised)) 32. At the March 2018 IAASB meeting, Bard members had mixed views abut the inclusin f susceptibility t management bias (instead f susceptibility t fraud) as ne f the IRFs. Sme Bard members supprted the bradening f the cncept t include unintentinal aspects, while thers still had the view that fraud shuld be mre explicitly recgnized in the inherent risk factrs. It was als nted by sme Bard members that fraud des nt necessarily r exclusively result frm management bias. 33. On further reflectin and with further crdinatin with the ISA 540 Task Frce as discussed n the April 2018 Bard call, the Task Frce agreed that the inherent risk factr described as susceptibility t management bias is nt the nly factr that gives rise t fraud. Further, the Task Frce agreed that management bias shuld remain in the descriptin f the factr because althugh intentinal bias gives 14 ISA 580, Written Representatins Page 8 f 38

9 rise t fraud risk, unintentinal bias can give rise t risk f errr. As a result, the Task Frce decided t revise the descriptin f the inherent risk factr as: susceptibility t misstatement due t management bias r fraud. The Task Frce added the wrds susceptibility t misstatement because, in its view, it is imprtant t signal that this nly includes factrs that affect inherent risk. It des s by mirrring language in the definitin f inherent risk, which refers t the susceptibility t misstatement f an assertin befre cnsideratin f cntrls. In cntrast, if the inherent risk factr were t be articulated as the susceptibility t management bias r fraud, it may als be taken t include factrs that affect the cntrl risk cmpnent f risks f material misstatement due t fraud. 34. The Task Frce has als cntinued t crdinate with the ISA 540 Task Frce as t the articulatin f the inherent risk factrs (with particular emphasis n the IRF relating t the susceptibility t misstatement due t management bias r fraud), and changes have been made t the descriptins f the inherent risk factrs in the applicatin material taking int accunt the way that these are described in prpsed ISA 540 (Revised), while acknwledging that the descriptins f these factrs in prpsed ISA 540 (Revised) are prvided in the cntext f accunting estimates nly. 35. Fr discussin in March 2018, the Task Frce had als prpsed changes t the definitin and descriptin f IRFs t incrprate quantitative characteristics f events r cnditins that may increase susceptibility t inherent risk, t respnd t Bard cmments frm the December 2017 IAASB discussins. The Bard had mixed views abut whether the bradening f IRFs t include quantitative aspects was apprpriate r may intrduce cnfusin. On further cnsideratin, the Task Frce agreed that it was imprtant t keep the quantitative aspects as they are relevant t the auditr s cnsideratin f the susceptibility t misstatement f assertins abut classes f transactins, accunt balances and disclsures. Further enhancements have als been made t the explanatry material as apprpriate. Significant Risks (Definitin: paragraph 4(e) f ISA 315 (Revised); Applicatin Material paragraph A0h f ISA 315 (Revised)) 36. The definitin f significant risk is discussed with the requirements and applicatin material in paragraphs Requirements Risk Assessment Prcedures and Related Activities (Requirements: paragraphs 5 10 f ISA 315 (Revised); Applicatin Material paragraphs A1 A23a f ISA 315 (Revised)) 37. The Bard cntinued t supprt the expansin t paragraph 5 being made t the descriptin f the purpse f the risk assessment prcedures, but asked the Task Frce t further cnsider the use f sufficient and apprpriate evidence when describing the utcme f the prcedures. While sme Bard members believed that the intrductin f this cncept wuld help clarify why risk assessment prcedures are perfrmed, thers were nt supprtive f intrducing the cncept f evidence, as well as thers wh did nt think that sufficient and apprpriate was needed. 38. The Task Frce further deliberated the inclusin f sufficient apprpriate audit evidence in paragraph 5, and generally cntinue t have the view that this term is imprtant t clarify that the purpse f btaining the required understanding is t btain sufficient apprpriate audit evidence as the basis fr the identificatin and assessment f risks. The inclusin f this criterin is cnsistent with ISA 500, which makes it clear that risk assessment prcedures enable the auditr t btain audit evidence. This has been highlighted in the applicatin material. The Task Frce believes that it is imprtant fr the auditr t have regard t bth the quantity (sufficiency) and the quality (apprpriateness) f the audit evidence btained thrugh risk assessment prcedures in cnsidering Page 9 f 38

10 whether that evidence prvides a suitable basis fr identifying and assessing risks f material misstatement. Hwever, the Task Frce did agree that this culd be further clarified by highlighting that the sufficient apprpriate audit evidence prvides the basis fr the identificatin and assessment f risks f material misstatement. The Task Frce als agreed that the evidence is btained and nt prvided. Clarificatins have als been made t the applicatin material in relatin t the enhancements made t the requirement. 39. During the March 2018 Bard discussins, cncern was raised abut whether the enhancement t the requirement regarding previus audit evidence, 15 t evaluate whether it nt nly remains relevant but als remains reliable as audit evidence fr the current audit. The cncern was that the enhancement may nt be crrect, as previus audit evidence wuld nly be relevant if it was als reliable. The Task Frce recnsidered this and cncluded that relevance and reliability are independent, but inter-related cncepts. Accrdingly n further change has been made. 40. Other changes have been made t address Bard cmments, in particular in the applicatin material, including: (a) (b) (c) (d) (e) (f) Surces f infrmatin fr the risk assessment prcedures: t include external surces such as publicly available infrmatin. (See paragraph A4c) Analytical prcedures: intrductin f applicatin material t emphasize scalability (see further discussin in paragraphs 10 13)(see ISA 315 (Revised) paragraphs A16-A16a) Observatin and inspectin: adding the bservatin f the behaviurs and actins f management r thse charged with gvernance (See paragraph A18) Clarificatins relating t infrmatin btained frm the client acceptance and cntinuance prcess and ther engagements relating t the entity. (see paragraph A18b) Engagement team discussin: further clarificatins have been made abut the circumstances where the audit is cnducted by a sle practitiner. In additin, the guidance in such circumstances has been rdered in the related applicatin material t address first the simplest circumstances, which may therefre prvide cntext fr the mre detailed discussins where there is a larger engagement team. In additin, the ISA 240 requirement fr the engagement team discussin t place particular emphasis n hw and where the entity s financial statements may be susceptible t material misstatement due t fraud has been highlighted. (See paragraph A21) Prfessinal skepticism: in light f the Bard discussins relating t prfessinal skepticism and hw it shuld be articulated in the ISAs in March 2018, the Task Frce cncluded that the references in prpsed draft ISA 315 (Revised) t incnsistent and cntradictry infrmatin r evidence shuld be t cntradictry and has reflected this thrughut the revised draft. The Required Understanding f the Entity and Its Envirnment, Including the Applicable Financial Reprting Framewrk (Requirements: paragraphs 11 11A f ISA 315 (Revised); Applicatin Material paragraphs A24a A49h f ISA 315 (Revised)) 41. At the March 2018 Bard meeting, the Bard was generally supprtive f the changes prpsed t the requirements, but sme members questined whether the reasn fr btaining the required 15 ISA 315 (Revised), paragraph 9 Page 10 f 38

11 understanding was apprpriately articulated in the requirement. The Task Frce has accrdingly made clarificatins t the lead-in t paragraph 11 f ISA 315 (Revised). It was als suggested that cnsideratin be given t describing hw t undertake the required understanding rather than listing the matters t be understd, but the Task Frce was f the view that the hw was better left t implementatin activities because f the wide variety f circumstances there may be. 42. The Task Frce has prpsed changes in the applicatin material t address Bard cmments, including: (a) (b) (c) (d) Clarifying the fcus fr the auditr when btaining an understanding f the relevant aspects f the entity and its envirnment, and the applicable financial reprting framewrk. The Task Frce has als enhanced the applicatin material in relatin t applying prfessinal judgment when cnsidering the nature and extent f understanding required. (See paragraph A24a) Adding an example f the use f autmated tls and techniques where the utcme f prcedures t understand the infrmatin system may be t btain infrmatin abut the entity s rganizatinal structure r with whm the entity des business (See paragraph A24b) Restructuring and clarificatin relating t what is required t be understd in relatin t the entity s business mdel, and related business risks. (See paragraphs A31c g and A38a)). Making a clearer link between the relevant measures used t assess the entity s financial perfrmance and fraud, (paragraph A44a) and added guidance n inherent risk factrs that address susceptibility t misstatement due t management bias r fraud (paragraph A49h f ISA 315 (Revised)) The Required Understanding f the Entity s Internal Cntrl (Requirements: paragraphs 12 21D f ISA 315 (Revised); Applicatin Material paragraphs A50 A109g f ISA 315 (Revised)) 43. As the prject has prgressed, the Task Frce has cntinued t restructure and refine the sectin n the auditr s understanding f the system f internal cntrl. In particular, the Task Frce has fcused n the flw f the sectin, including cnsistency in addressing different aspects f the system, and eliminating repetitin while striking a balance with the need fr intrductry r explanatry material that helps the auditr t understand what is being referred t and therefre hw t apply the requirements f the ISA. The Task Frce has als develped and enhanced the applicatin material t supprt the effective applicatin f the requirements, by enhancing the nature and sufficiency f guidance addressing the applicatin f new cncepts, in particular arund IT cnsideratins. 16 Further, the Task Frce has cntinued t address, as apprpriate, Bard cmments that have been raised as this sectin has been amended and enhanced. 44. In the March 2018 IAASB discussins, althugh the Bard cntinued t supprt the directin f the changes being made, the Bard nted varius specific cncerns and issues related t the changes that had been prpsed t the required understanding f the system f internal cntrl. This included that further cnsideratin shuld be given t cnslidating the requirement fr addressing cntrl deficiencies identified in the varius cmpnents f internal cntrl, what the auditr has t d t understand that the infrmatin system has been placed in peratin, and further clarifying the guidance relating t varius IT aspects, in particular general IT cntrls relevant t the audit. 16 The Task Frce has cntinued t engage with a firm s IT specialist n the changes, but has als btained input frm ther IT specialists mre bradly n the prpsed changes. Page 11 f 38

12 45. In respnse t Bard cmments, the Task Frce has further restructured and refined this sectin, and: Cnslidated the requirement relating t cntrl deficiencies within the system f internal cntrl, 17 which had previusly been presented as separate requirements in the cntrl envirnment, the entity s risk assessment prcess and the prcess t mnitr the entity s system f internal cntrl cmpnents. In cnsidering the new cmbined requirement, the Task Frce is f the view that cntrl deficiencies culd als arise in the infrmatin and cmmunicatin and cntrl activities cmpnents, and has therefre crafted the requirement t be brader than just the first three cmpnents f the system f internal cntrl, as previusly presented. The related applicatin material has als been cnslidated, and changes made t reflect the auditr s cnsideratins relating t the new cmbined requirement mre apprpriately. Clarified the requirement fr the evaluatin f the design f the entity s infrmatin system and determining whether it has been placed int peratin by changing the phrase placed int peratin t implemented, as n difference in meaning was intended. Clarified the requirement fr evaluating the design and implementatin f cntrls relevant t the audit by separating the requirements fr thse that directly address the risks f material misstatement at the assertin level frm thse that supprt the peratin f ther cntrls (see ISA 315 (Revised) paragraph 21B). In the related applicatin material, it has been clarified that the auditr s prcedures in relatin t evaluating the design and implementatin f a cntrl assist in determining the nature and extent f further audit prcedures designed t address the risks identified, whether related t testing the perating effectiveness f the cntrl r t substantive prcedures. Clarified what needs t be understd relating t the IT envirnment, t be able t apprpriately identify the risks arising frm the use f IT and the general IT cntrls that are relevant t the audit (see ISA 315 (Revised) paragraphs 18(d), 21 and 21A). In effect, the auditr is required t understand the IT envirnment and t identify IT applicatins and ther aspects f the IT envirnment that are relevant t the audit. This prvides the cntext fr identifying the risks arising frm the use f IT and the general IT cntrls relevant t the audit that address thse risks. A summary f the clarified apprach t understanding IT and determining its relevance t the audit was included in Appendix 2 f Agenda Item 1 f the IAASB cnference call held n May 22, 2018 (reference t this agenda item: Ref). Further applicatin material has been added t supprt the auditr s cnsideratins in relatin t understanding the entity s IT envirnment, as part f understanding the infrmatin system cmpnent and significant enhancements were made t the applicatin material addressing cntrls relevant t the audit, t supprt the revised requirements in paragraphs 21 and 21A. In additin, Appendix 4 in ISA 315 (Revised) has been added that includes cnsideratins fr understanding general IT cntrls. Clarified that understanding hw the entity demnstrates thse charged with gvernance are separate frm management, is required when thse charged with gvernance are actually separate frm management, which is ften nt the case in smaller and less cmplex entities. (Paragraphs14(b); A77a) 17 ISA 315 (Revised) paragraphs 21C 21D Page 12 f 38

13 Clarified the interactin between paragraph 13, which requires the auditr t identify cntrls relevant t the audit, evaluate the design f thse cntrls, and determine whether they have been implemented, and paragraph 19A, which sets ut what the auditr is required t d t understand the cntrl activities cmpnent, which is in effect limited t applying the requirement in paragraph 13 t cntrls within that cmpnent. Paragraph 19A, althugh nt strictly a requirement (i.e., there is n shall ), is essential applicatin material that in the view f the Task Frce helps make the link between paragraph 13 (which cntains the shall ) and identifying cntrls relevant t the audit. 18 The requirements relating t the evaluatin f the design f the cntrls, and the determinatin f whether they have been implemented, can be fund in paragraph 21B. Made further enhancements and changes in the applicatin and ther explanatry material as fllws: Further clarified hw t btain the understanding in entities that are smaller and less cmplex, highlighting that prfessinal judgment is needed when applying the requirements f the ISA in circumstances that are simpler and less cmplex (see paragraph A50). In additin, the varius aspects f the system f internal cntrl have been restructured t rder the guidance n each requirement s that it first addresses hw applicatin f the requirement may be accmplished when the entity is smaller and less cmplex (in particular when there is direct management invlvement in relevant aspects f the system f internal cntrl, and when understanding IT envirnments that are simpler and less cmplex) (see further discussin in paragraphs 10 13). Added guidance abut when management is dminated by a single individual and the pssible effects n the cntrl envirnment (ISA 315 (Revised) paragraph A81a) Made a strnger link between cntrls and fraud (see ISA 315 (Revised), paragraph A100f). Clarified that the entity s prcess t mnitr the system f internal cntrl may cnsist f nging activities, separate evaluatins cnducted peridically, r a cmbinatin f the tw (See ISA 315 (Revised) paragraph A89e). Clarified hw the cmpnents, such as the entity s prcess t mnitr the system f internal cntrl, may include cntrls that address risks f material misstatement at the assertin level (i.e., direct cntrls) and the impact theref.(see ISA 315 (Revised) paragraph A89i) Clarified the circumstances under which there may be requirement that the perating effectiveness f cntrls wuld be tested (i.e., when risks fr which substantive prcedures alne d nt prvide sufficient apprpriate audit evidence exist) and added a sectin f guidance n ther circumstances when the auditr may plan t test the perating effectiveness f cntrls. (See ISA 315 (Revised) paragraph A100j-A100l) Enhanced the guidance relating t cntrls relevant t the audit, in particular in relatin t the fact that such cntrls are primarily direct cntrls in the cntrl activities cmpnent and; the factrs that influence the auditr s judgment t determine a cntrl is relevant t the audit; (See ISA 315 (Revised) paragraphs A100 and A100m) 18 There are ther instances within the ISAs that are similar in nature, see ISA 200, paragraph 12 and ISA 610, paragraph 26. Page 13 f 38

14 Highlighted the iterative nature f btaining the understanding, in particular hw btaining an understanding f the entity and its envirnment, may als impact the auditr s understanding f the cmpnents f the system f internal cntrl, such as the infrmatin system. (See ISA 315 (Revised) paragraph A90e) 46. In making revisins t the applicatin material, the Task Frce has deliberated whether there culd be audits where there are n cntrls relevant t the audit (i.e., in terms f the requirements f ISA 315 (Revised) and its definitins). The Task Frce ntes that because cntrls ver jurnal entries are required t be cntrls relevant t the audit, 19 there will always be at least ne cntrl relevant t the audit because even in the simplest infrmatin systems jurnal entries are used t capture an entity s financial infrmatin in its infrmatin system. The applicatin material t ISA 315 (revised) paragraph 20 has been updated accrdingly (see ISA 315 (Revised) paragraph A100a). 47. The Task Frce cnsidered whether changes were required arising frm the recently revised Internatinal Cde f Ethics fr Prfessinal Accuntants (Including Internatinal Independence Standards), as issued by the Internatinal Ethics Standards Bard fr Accuntants, in particular in relatin t the descriptin f ethics in the cntrl envirnment. The Task Frce cntinues t believe that it is apprpriate t base the requirements and guidance in the cntrl envirnment cmpnent n the principles and guidance prvided in COSO The Task Frce therefre agreed that n changes shuld be made because in additin t lsing cnsistency with COSO if such changes were t be made. The Task Frce als ntes that references t ethics in ISA 315 (Revised) are in the cntext f the ethics and values f management and thse charged with gvernance, and these parties may nt be prfessinal accuntants in all circumstances, r, if prfessinal accuntants, they may nt be subject t the requirements f the IESBA Cde. Identifying and Assessing the Risks f Material Misstatement (Requirements: paragraphs f ISA 315 (Revised); Applicatin Material paragraphs A121a A151 f ISA 315 (Revised)) 48. The Task Frce has cntinued t explre hw best t present the requirements related t the identificatin and assessment f the risks f material misstatement, in particular in light f the new cncepts intrduced related t significant classes f transactins, accunt balances and disclsures, and their relevant assertins. In additin, the Task Frce has fcused n hw the spectrum f inherent culd be better described within the standard t help auditrs make mre cnsistent and effective assessments f such risks (including whether they are significant risks), thereby prviding an enhanced basis fr the design and perfrmance f verall respnses t risks at the financial statement level and further audit prcedures (as required by ISA 330) In March 2018, the Bard cautined that the revised structure f paragraphs 25 and 26 f ISA 315 (Revised) was cmplex and cnfusing, and requested that the Task Frce give further cnsideratin t hw the risk identificatin and assessment prcess culd be made clearer. In particular, the Bard did nt supprt the prpsed tw-step prcess, i.e., identifying ptential risks f material misstatement then cnfirming this identificatin, in particular because this was unnecessarily cmplex and culd lead t cnfusin and unnecessary dcumentatin. The Bard als highlighted that further clarificatin was needed in relatin t risks at the financial statement level, in particular hw they 19 ISA 315 (Revised), paragraph 20(c) 20 The Cmmittee f Spnsring Organizatins f the Treadway Cmmissin s (COSO) Internal Cntrl Integrated Framewrk (2013) 21 ISA 330, The Auditr s Respnses t Assessed Risks Page 14 f 38

15 related t risks f material misstatement at the assertin level, and whether they culd be significant risks. Identifying and Assessing the Risks f Material Misstatement 50. The Task Frce has further deliberated hw t present the requirements fr identifying and assessing the risks f material misstatement in paragraphs 25 and 26 f ISA 315 (Revised). The Task Frce agreed t simplify the requirements, and has the view that keeping the identificatin and assessment f risks separate will enhance the understandability f these requirements. 51. The Task Frce als debated the rder in which these requirements shuld be presented, in particular in light f the new cncepts f significant classes f transactins, accunt balances and disclsures, and their relevant assertins. Hwever, the Task Frce als acknwledged that the rder in which these requirements are applied shuld nt be prescribed narrwly. In additin the prcess is iterative and is likely t be applied differently in an initial audit engagement versus a recurring engagement. What matters mst is that each f the relevant requirements is applied but firms may have different methdlgies fr addressing the requirements fr the identificatin and assessment f the risks f material misstatement. 52. The Task Frce has accrdingly simplified the requirements in paragraphs 25 thrugh 26 f ISA 315 (Revised): (a) (b) (c) (d) (e) (f) Paragraph 25 cmprises the requirement fr the identificatin f risks f material misstatement that exist at bth the financial statement level (explained further belw) and at the assertin level. It has als been highlighted that in identifying the risks f material misstatement at the assertin level the IRFs are taken int accunt, t make clear that the IRFs are imprtant in this prcess but als t make the link back t paragraph 11, where the IRF s are first cnsidered as the auditr btains the understanding f the entity and its envirnment. The applicatin material further explains this link. Clarified that the assessments f inherent risk and cntrl risk are nly required at the assertin level. Paragraph 25A relates t the assessment f risks at the financial statement level see explanatin belw. A new heading has been inserted t make clear that paragraphs 25B and 26 relate t the assessment f inherent risk. Paragraph 25B addresses the determinatin f significant classes f transactins, accunt balances and disclsures, and their relevant assertins and is placed here t be the link between the identificatin f the risks f material misstatement at the assertin level and the assessment f these risks t, recgnizing that this is an iterative prcess. It is the view f the Task Frce, taking int accunt the interactin f the definitins f these cncepts, that pssible significant classes f transactins, accunt balances and disclsures, and their relevant assertins, wuld have been inherently identified thrugh the auditr s prcess t identify risks f material misstatement at the assertin level. This requirement wuld effectively cnfirm that prcess (withut requiring a preliminary determinatin, and then cnfirming it at a later stage). As the identificatin and assessment f the risks f material misstatement is a very iterative prcess, the Task Frce is f the view that this is the mst apprpriate way t present this requirement and t acknwledge these new cncepts in the mst apprpriate place in the standard. Paragraph 26 addresses the inherent risk assessment fr the risks f material misstatement at the assertin level, taking int accunt the likelihd and magnitude f misstatement, as well as the Page 15 f 38

16 effect that risks f misstatement at the financial statement level may have n individual risks at the assertin level. Further changes have als been prpsed t the applicatin material further clarifying hw the varius steps interact, in particular in relatin t the assessment f inherent risk n the spectrum f inherent risk. Identified and Assessed Risks f Material Misstatement at the Financial Statement Level 53. The Task Frce has extensively deliberated the nature f risks at the financial statement, reflecting carefully n hw they are described in ISA 200, in rder t adequately describe them in ISA 315 (revised), and help the auditr t design and implement verall respnses t address such risks. 54. In the view f the Task Frce, every risk f material misstatement identified will either relate specifically t an individual assertin, r t a number f assertins (which culd be in ne r mre classes f transactins, accunt balances r disclsures). When the risk relates t a number f assertins (i.e., is mre pervasive) and can t be attributed specifically t an assertin(s), then the risk exists at the financial statement level. 55. In further cnsidering risks f material misstatement at the financial statement level, the Task Frce is als f the view that these risks will ften arise frm the higher-level cmpnents f the system f internal cntrl, in particular the cntrl envirnment, which will likely have a mre pervasive effect n a number f, r all, classes f transactins, accunt balances and disclsures in the financial statements. Accrdingly, the auditr s understanding f these cmpnents and the results f the evaluatins required in paragraphs 14 t 17D f ISA 315 (Revised), as well as the effect f any identified deficiencies in accrdance with paragraphs 21C and 21D, shuld be cnsidered when identifying and assessing the risks f material misstatement at the financial statement level. 56. Taking int accunt the Task Frce s cnclusins n these matters, the relevant requirements in paragraph 25(a) (the requirement fr the identificatin f financial statement level risks) and 25A (the requirement fr assessing the risks at the financial statement level) have been revised. In ding s, the Task Frce has emphasized the need: (a) (b) Fr the risk t relate mre pervasively t many assertins t be cnsidered a financial statement level risk; and T determine hw, and the degree t which, these risks affect the assessment f risks f material misstatement at the assertin level (with a crrespnding change made in relatin t the assessment f inherent risks at the assertin level (see paragraph 26(b)). 57. The related applicatin material in paragraphs A126a A126g f ISA 315 (Revised) has als been updated accrdingly, including prviding: (a) (b) Further descriptins f what pervasive risks culd be, such as thse resulting frm weaknesses in the cntrl envirnment r pervasive risks arising frm the risk f fraud. Examples f specific matters giving rise t risks that may affect a number f assertins, such as prly implemented revenue applicatin systems. Significant Risks 58. The Task Frce cntinues t cnsider hw best t present the requirements and guidance in relatin t significant risks, in light f Bard agreement that the cncept shuld be retained and the ther changes that are being made. In particular, the Task Frce has fcused n the definitin f significant risks t drive a mre cnsistent applicatin. Page 16 f 38

17 59. Hwever, sme Bard members nted, in reference t the changes prpsed in March 2018, that the descriptin f a significant risk, with particular reference t the wrding relative t ther risks f material misstatement, may suggest that because it is a relative cncept n every audit there wuld be at least ne significant risk, which is nt cnsistent with extant, and nt smething that the Task Frce is seeking t change. In additin, it was als nted that by defining significant risks at the highest end f the spectrum f risk als might suggest that there is nly ne significant risk (i.e., that risk that is at the very tp end). 60. On further cnsideratin, the Task Frce is f the view that it is imprtant t describe significant risks in terms f where they are n the spectrum f inherent risk, and cnsidered varius ways f describing this. Althugh there is nt ne distinct descriptin that all f the Task Frce members preferred, n balance the Task Frce has agreed t change the way t describe where they lie n the spectrum as clse t the upper end f the spectrum f inherent risk. Other psitinal terms that the Task Frce discussed included appraching, nearing, r twards the upper end. Additinal applicatin material has been added that is intended t further explain hw significant risks are determined. 61. In determining whether an identified risk is a significant risk, the definitin as currently revised (i.e., as presented t the Bard in March 2018) allws the auditr t take int accunt the likelihd OR the magnitude f the identified risks f material misstatement. Sme Bard members have queried whether the auditr shuld instead make the determinatin as t whether a significant risk exists based n the likelihd AND magnitude f the ptential misstatement. In previus discussins with the Bard (at mre than ne Bard meeting), it was agreed that in instances where there is a very high magnitude, even if there is a lw likelihd, that the related risk culd still represent a significant risk. It has been nted that it wuld nt be in the public interest if a risk with a pssibly very high magnitude f misstatement was nt cnsidered in the auditr s determinatin f significant risks, hwever the standard shuld nt necessarily prescribe that such risks wuld in all cases be significant risks. (see illustratin belw these identified risks relate t thse in the range bx). Magnitude f ptential i t t t Likelihd fr a material misstatement t ccur Page 17 f 38