Clarified ISAs – the need to automate

Background

In 2005 the Auditing Practices Board (APB) adopted UK and Irish auditing standards based on the International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). These were supplemented with additional standards and guidance required to maintain the requirements and clarity of the extant UK and Irish auditing standards.

One of the reasons given for adopting ISAs was to enable us to benefit from future improvements in them.

The Clarity Project

In 2004, the IAASB launched a project to improve the clarity of its standards. At the same time as the Clarity Project, ISAs on a number of topics such as auditing groups, estimates (including fair values) and related party transactions were being revised and improved. The Clarity project was completed in March 2009 and resulted in the issue of 36 newly updated and clarified ISAs and a clarified International Standard on Quality Control (ISQC).

One of the major complaints about the existing ISAs was that they were not clear. The wording was ambiguous making it unclear as to what constituted a requirement and what was guidance, not helped by the use of terminology such as “the auditor should”. The new ISAs are divided into 2 sections, the first containing the objectives and requirements and the second the application and other explanatory material. In addition each requirement is introduced by the phrase “the auditor shall” making it clear that it is a requirement.

What does this mean for the UK

The APB has adopted the Clarified ISAs and issued new ISAs (UK and Ireland) which are effective for audits of financial statements for periods ending on or after 15 December 2010. All ISAs have been redrafted, 13 have been revised and there are 2 new standards.

The new ISAs introduce significant changes and will therefore require considerable effort for their successful implementation. There will be a lot of preparatory work needed by audit firms to understand the new requirements, decide on their new procedures and implement new audit methodology. One of the main decisions that they will need to make is whether they can comply with the new ISAs using a paper based approach or whether now is the time to automate.

CCH Survey & Audit Round Table

During March and April this year CCH commissioned a survey and a series of roundtable sessions with industry leaders to find out what the profession thought about Clarity ISAs and how well prepared it was for the change. more »

Now is the time to automate

ISA 315 Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its Environment, 330 The Auditor’s Responses to Assessed Risks and 500 Audit Evidence have all been redrafted but not revised. However, it is clear from comments made in various QAD reports that the requirements of the existing ISAs are not being followed by a large number of practices:

For many practices the clarification of the requirements in these areas will therefore appear closer to a revision!

The good news for CCH Audit Automation (AA) users is that the requirements confirmed in the Clarified ISAs are exactly how we interpreted the original ISAs and formed the basis of the design of the software. Hence no changes are required to our software, apart from minor tweaks, to comply with the new ISAs. The various methodologies available on AA will be changing to reorganize their structure so that it clearly links the work back to the requirements and objectives of the ISAs, but our users will not need to learn new software at the same time as understanding this change.

The risk assessment and audit evidence requirements make it clear that you must assess risks on both a financial statement and an assertion level and link the audit processes that you design to these risks. You must identify and document other risks, highlighting significant risks. For significant risks you must design adequate audit procedures and, where required, document and test the controls that are designed to mitigate the risk.

AA is a true paperless system providing full audit automation including risk assessment and analytical review tools. These allow you to assess risk down to assertion level, record details of identified risks and controls, and link procedures to risks and controls. The reviewer is presented with a clear picture of the work performed in respect of each risk and control from which they can reach and document their conclusion.

All of this is very difficult to document adequately and efficiently in a paper based system. Without automating there is also the risk of over auditing as it is difficult to see all of the procedures that you have planned in one place to assess if work already planned can be used as evidence against other risks assessed or identified.

Conclusion

Don’t underestimate the change or the challenge. When ISAs were introduced in 2005, the Accounting Bodies tried to stress how much was similar as well as the changes. Too much emphasis was given to the “business as usual” message and for some practices the fact that there were some fundamental changes did not get through. They are not making the same mistake again. There are significant changes and it is important that practices realize this sooner rather than later as we understand the QAD are going to take a much tougher line on non compliance as the requirements are now crystal clear!

We are working with our authors to ensure that the methodologies are updated and made available in AA in good time, however it is important for individual auditors to know what the standards actually say and how they can efficiently undertake an audit that complies with them. For practices that currently use paper based methodologies this is likely to involve acquiring audit automation software. Our recommendation is that you do this as soon as possible so that you can learn the software before having to cope with the change to the new ISAs.