15 Feb Changes in Audit Standards for 2023
Audit standards are always changing and 2023 is no exception. Here, we will discuss changes to an important audit standard, how it impacts the audits we perform, and what the implications will be for our clients.
Revised CAS 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Their Environment, is a new auditing standard issued by the Auditing and Assurance Standards Board (AASB). This standard is effective for audits of financial statements for periods ending on or after December 14, 2022. As such, it will impact all audits that we perform for our clients in 2023.
A Deeper Understanding
The revised CAS 315 is intended to improve the quality of auditing by requiring auditors to gain a deeper understanding of their clients’ businesses and the risks that could lead to material misstatements in their financial statements. This is done by requiring auditors to perform a more in-depth assessment of the client’s internal controls, as well as to obtain a better understanding of the client’s business environment and industry-specific risks.
CAS 315 includes requirements for auditors to perform a risk assessment at the start of the audit, before planning the audit. This risk assessment must consider the entity’s internal controls, as well as external factors such as the industry, the economy, and the entity’s business model.
Another important change is that the revised CAS 315 requires auditors to focus on the specific risks that could lead to material misstatements in the financial statements, rather than only identifying the general risks of material misstatement. This means auditors must be more proactive in identifying and assessing risks, and must use their professional judgment to determine which risks are most likely to lead to material misstatements.
The revised CAS 315 also requires auditors to obtain more detailed knowledge of their clients’ businesses, including an understanding of the client’s business model, key performance indicators, and the risks that could affect the client’s ability to achieve its strategic objectives.
Emphasis on Information Technology
In addition to understanding the client’s business and industry risks, the revised CAS 315 also places a greater emphasis on the role of technology and information technology (IT) controls in the audit process. Auditors are now required to understand the client’s IT environment and the risks associated with their IT systems and processes.
One of the key changes in the revised CAS 315 is the requirement for auditors to assess the client’s IT controls as a part of their risk assessment. This includes evaluating the design and effectiveness of IT controls such as access controls, change management procedures, and system monitoring. Auditors must also assess the client’s IT governance framework, including the roles and responsibilities of IT management and staff, and the processes in place for managing IT risks.
The revised CAS 315 also requires auditors to obtain an understanding of the client’s data architecture and data flow, including the systems and processes used to manage, process, and store financial data. This includes assessing the client’s data quality controls and ensuring the data used in the financial statements is accurate and reliable.
The use of technology in the audit process is also addressed in the revised CAS 315. Auditors are now encouraged to use technology-assisted audit techniques (TAAT) to help identify and assess risks, and to improve the efficiency and effectiveness of the audit. Examples of TAAT include data analytics, machine learning, and robotic process automation.
Essentially, revised CAS 315 recognizes the growing role of technology in the business world and the need for auditors to have a comprehensive understanding of the client’s IT environment and controls. Auditors will be required to assess the design and effectiveness of IT controls, understand the client’s data architecture and data flow, and use technology-assisted audit techniques to improve the efficiency and effectiveness of the audit.
The impact of the revised CAS 315 on audit clients is that they can expect to see their auditors spending more time on risk assessment and in understanding their business. Clients should also expect to provide more information to their auditors, and to be more involved in the audit process.
It is important to note that the revised CAS 315 is not only focused on the auditor but also on the audit client—it requires both the auditor and the client to work together to identify and assess the risks of material misstatement. This collaboration will help to improve the quality of the audit and provide assurance that the financial statements are accurate and reliable.
In summary, the revised CAS 315 aims to improve the quality of auditing by requiring auditors to gain a deeper understanding of their clients’ businesses and the risks that could lead to material misstatements in their financial statements. This new standard will require more effort from both the auditor and the client, but the result will be a more accurate and reliable financial statement.