The International Auditing and Assurance Standards Board (IAASB) has moved to update its standard on audit risk assessments, to take into account developments arising from IT.
In an exposure draft for the proposed International Standard of Auditing 315 (revised) (ISA-315), the IAASB said that as IT has become the medium through which a significant amount of audit evidence is obtained, it has become increasingly important for auditors to understand an entity’s IT system, including how the integrity of the information is maintained.
As a result, the IAASB has suggested a number of changes to the auditor’s consideration of IT when obtaining an understanding of the entity’s system of internal control. These include:
- Examples of matters to be understood in relation to the IT environment, including the IT applications, IT infrastructure and IT processes;
- Examples of matters within the IT environment that would likely be relevant to determining the IT applications and other aspects of the IT environment that are relevant to the audit; and,
- Contrasting examples of the auditor’s considerations in situations in which the entity’s IT system consists of commercial software and the entity does not have access to the source code, and situations in which the entity has highly customised or highly integrated IT applications.
According to the IAASB, the most significant proposed enhancements to ISA-315 addressing the entity’s use of IT are in the requirements for the information system and communication component, and the identification of controls relevant to the audit.
This is just one are of change suggested in the proposal. It also deals with topics such as identifying and assessing the risks of material misstatement,
Any comments on the draft need to be made by 2 November 2018.