Audit Risk - Completed
Project completed - October 2003
Objective(s) of project
The IAASB believes the Audit Risk Standards will increase audit quality as a result of better risk assessments through a more detailed understanding of the entity and its environment, including its internal control, and improved design and performance of audit procedures to respond to assessed risks of material misstatements. The improved linkage of audit procedures and assessed risks is expected to result in a greater concentration of audit effort on areas where there is a greater risk of material misstatement.
The approved Standards are:
- ISA 500 (Revised), Audit Evidence
- ISA 315, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement
- ISA 330, The Auditor's Procedures in Response to Assessed Risks
- An addition to ISA 200, Objective and General Principles Governing an Audit of Financial Statements
The approved Standards replace the following existing ISAs:
- ISA 310, Knowledge of the Business
- ISA 400, Risk Assessments and Internal Control
- ISA 401, Auditing in a Computer Information Systems Environment
The scope of each of the Audit Risk Standards is reflected in the introduction to the Standard.
- Addition to ISA 200 - Explains the basic audit risk model.
- ISA 500 (Revised) - Standards and guidance on what constitutes audit evidence, the sufficiency and appropriateness of audit evidence obtained, the auditor's use of assertions, and the auditor's procedures for obtaining audit evidence.
- ISA 315 - Standards and guidance on obtaining an understanding of the entity and its environment, including its internal control, and on assessing risks of material misstatement.
- ISA 330 - Standards and guidance on determining overall responses to assessed risks at the financial statement level and on designing and performing further audit procedures to respond to assessed risks of material misstatements at the assertions level.
The scope of the project also included an explanatory memorandum, which accompanied the exposure drafts, describing the impact of the proposed Audit Risk Standards on the audit process along with background information related to the project.
The scope of the project did not include significant changes to other ISAs. However, as indicated below, certain conforming changes to other ISAs are necessary.
The business environment is subject to continuous change. Auditing practice likewise changes, and there is a need for standard setters to keep standards under review to ensure that they remain appropriate. Recent changes in the business environment include the way entities are organized and conduct their business; the effects of globalization and technology; the increasing use of judgment and estimates, including fair values, required by accounting standards; and increasing pressures that may cause fraudulent financial reporting. The IAASB and the US Auditing Standards Board (ASB) decided that the core auditing standards should be reviewed in the light of these changes.
A significant portion of the results of this review is the Audit Risk Standards referred to above. The Standards include significant changes to improve the standards and guidance on the auditor's performance of audits.
The Audit Risk Standards were heavily influenced by the Joint Working Group (JWG) report and the report of the US Public Oversight Board's (POB) Panel on Audit Effectiveness. Both reports indicated that the fundamental audit risk model was not broken, but certain changes were needed. Where appropriate, the recommendations of the JWG and the POB have been adopted.
By partnering with the US ASB, the IAASB is furthering its goal of integrating the standard setting process with national standard setters in order to promote the convergence and acceptance of an international set of auditing standards. The IAASB believes the Audit Risk Standards are an important step in accomplishing this goal since they establish the basic framework for the audit process.
Task Force progress / Board discussions to date
The joint task force of the IAASB and the US ASB worked on the project for more than two years. The IAASB and US ASB have both deliberated the proposed Audit Risk Standards in various meetings during this period.
The IAASB approved the issuance of the proposed Standards and explanatory memorandum as exposure drafts at its September 2002 meeting.
The IAASB discussed the issues arising from the exposure draft process and the task force's initial reaction and proposed response to the issues at its July 2003 meeting.
Along with the proposed final Standards for IAASB's consideration at its October 2003 meeting, the task force presented a summary of the significant changes made in preparing the final Standards.
Furher changes to the final Standards were made in response to comments by the IAASB in reviewing the Standards. The most significant changes related to ISA 315 and included the following:
- Further clarifying the scope of the auditor's understanding of control activities by adding guidance that the auditor (a) obtains an understanding of control activities that address the primary areas where material misstatements could occur, and (b) when multiple control activities achieve the same objective, it is unnecessary to obtain an understanding of each of the control activities related to such objective.
- For significant risks, clarifying that risks relating to transactions that are subject to systematic or noncomplex processing are not likely to be significant risks.
- Focusing the documentation of the auditor's understanding on key elements of the understanding obtained.
The Audit Risk Standards gave rise to conforming amendments to other ISAs.