Changes to CAS 315 may affect how your organization prepares for its audit

Canadian Auditing Standard (CAS) 315 has been updated, and this may affect how your organization prepares for its audit and responds to requests from your auditor.

For most entities, these changes are going to result in management having to prepare more robust support for systems, processes and controls that will be needed to provide audit evidence to auditors for their risk assessment. Or in other words, you're most likely going to have to record, prepare, and submit a greater amount of information, both prior to, and during your audit.

And with that, here's what you need to know about the changes to CAS 315 "Identifying and Assessing the Risks of Material Misstatement" and the auditor’s risk identification and assessment process in your statement audit.

Who do these changes apply to?

The changes to CAS 315 apply to:

• audits of financial statements for periods beginning on or after December 15, 2021
• the audit of all entities, regardless of their nature, size or complexity

What are the key changes?

Key Change 1

A more robust risk identification and assessment process with more focused auditor responses to identified risks.

Potential Impact

• You may receive more up-front questions from the auditor as they plan the audit and identify and assess risks of material misstatement
• The auditor may request additional information to enhance their understanding of systems, processes and controls, including
  • a better understanding of your entity’s business model and how it integrates the use of information technology (IT)
  • more information about your entity’s own risk assessment process and process for monitoring the system of internal control
  • more detailed narratives about how transactions are initiated, recorded, processed and reported
  • policies and procedure manuals, flowcharts and other supporting documentation to validate their understanding of the information systems relevant to the preparation of financial statements

Key Change 2

A modernized method to recognize the evolving environment, including in relation to IT.

Potential Impact

• The auditor may involve additional team members, such as IT specialists, who may need to engage with members from your IT team who were not previously involved in the audit process
• You may receive more focused questions and additional requests to better understand the IT environment of your entity, including
  • IT applications, including data warehouses and report writers
  • supporting IT infrastructure (network, operating systems, databases and their related hardware and software)
  • IT processes (managing program changes, IT environment changes, and IT operations)
  • IT personnel involved in the IT processes
  • additional inquiries to understand general IT controls over journal entries (segregation of duties related to parking and posting entries)

Key Change 3

Enhanced requirements relating to exercising professional skepticism.

Potential Impact

• You may receive additional inquiries if the auditors find information that appears to contradict what they have already learned in the audit

Key Change 4

The auditor’s risk assessment can be scaled up or down based on the nature and complexity of the entity being audited.

Potential Impact

• The auditor’s expectations regarding the formality of your entity’s policies and procedures, and processes and systems, will depend on the complexity of your entity

Key Change 5

Recognition of the use of technology by the auditor, in the audit.

Potential Impact

• The auditor may be using automated tools and techniques more frequently or extensively in their audit
• This may mean they will request different information or information in a different format, so that they can execute their audit procedures

Why are these changes being made?

The Standard has been significantly enhanced to evolve with the increasingly complex nature of the economic, technological, and regulatory aspects of the markets and environments in which entities and auditors operate. The key changes require a more robust risk assessment to properly identify risks and promote more focused responses to the identified risks in a manner that is appropriate for the nature, size and complexity of the entity.

Questions?

If you have any questions about this article, the CAS 315 updates, or any of our related services, please contact one of our audit experts or complete the contact form below.