One of the subjects most frequently raised by regulators and other file reviewers is the work fulfilled by auditors to comply with ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.
The issue was highlighted by the ICAEW Quality Assurance Department in its 2012 report on audit monitoring, which stated: We still come across firms that think that internal controls are irrelevant if they adopt a fully substantive approach: It was also identified by the International Auditing & Assurance Standards Board in its work plan for 2015/16, which highlighted various issues with the implementation of ISA 315.
A number of key problem areas arise, for example: inconsistencies in the number of significant risks identified; lack of documentation of systems; and lack of understanding of the work required in respect of internal controls.
There appears to be a particular problem in smaller audits where typically the auditor would not seek to rely on internal controls as part of the audit process. While this article applies to all audits, its focus is on the audit of smaller entities.
This is an extract from an article in the May 2015 edition of Audit & Beyond, the magazine of the Audit and Assurance Faculty.
Find out more
Members of the Audit and Assurance Faculty and subscribers of Faculties Online
To read the complete article, subscribe to Faculties Online or join the Audit and Assurance Faculty and get access to this article in full, plus all future publications, events, webinars and services.