Reading time: 10 minutes
The global financial audit framework is based on the International Standards on Auditing (ISA)developed by the International Auditing and Insurance Standards Board (IAASB), which is the benchmark in over 100 jurisdictions.
ISAs structure a risk-based, rational, proportionate and quality-based audit approach.
Five standards are particularly central to the construction of this approach:
- ISA 315 : Understanding the Entity and Identifying Risks
- ISA 320 : Materiality in Planning and Performing an Audit
- ISA 330 : Responses to Assessed Risks
- ISA 500: Audit Evidence
- ISA 501 : Specific Considerations for Selected Items
These texts form a coherent set that guides the listener from the entity's understanding to the issuance of its opinion.
This article proposes in-depth, popularised and operational reading These standards are intended for audit professionals.
ISA 315 — Understanding the entity and identifying the risks of significant anomalies
ISA 315 is one of the conceptual pillars of ISA. It requires the listener to develop an understanding adequate and appropriate the entity, its environment, its sector, its business processes and its internal control system.
Main objectives
- Identify the risks of material anomalies in the financial statements whether they result from fraud or error.
- Assess these risks at the level of financial statements and assertions.
- Develop a solid basis for designing audit responses (in accordance with ISA 330).
The lines of understanding required
The auditor shall analyse:
The sector and the external environment
- economic, regulatory, technological framework;
- competitive pressure;
- exposure to macroeconomic risks.
The entity's activities
- nature of operations;
- sources of income;
- business models;
- operational and financial processes.
Governance structure
- composition of management bodies;
- supervision;
- culture of control and ethics.
The information system
- accounting systems;
- automation and interfaces;
- IT risks and cybersecurity.
Internal oversight
ISA 315 structure internal control around five components :
- Control environment
- Entity risk assessment
- Monitoring activities
- Information systems
- Monitoring process
The auditor shall determine which controls are relevant to the auditevaluate their design and determine whether they have been implemented.
Knowledge-taking techniques
ISA 315 requires the use of a set of procedures:
- interviews (direction, operational, internal audit);
- preliminary analytical procedures;
- process observation;
- documentary review;
- physical inspection;
- structured exchanges within the audit team.
1.4. Expected result
The auditor shall identify:
- of the High inherent risks,
- of the control risks,
- and risk of significant anomalies.
It must also document these risks and clearly link each risk to the assertions concerned.
ISA 320 — Materiality in planning and carrying out the audit
ISA 320 defines the concept of Materiality as a fundamental element guiding both planning and evaluation of anomalies.
Definition of materiality
Information is material if its omission or inaccuracy is likely to influence the economic decisions of the users of the financial statements.
The three levels of materiality
- Materiality for the financial statements as a whole
(main mission threshold) - Performance materiality
(lower threshold to reduce the risk of undetected or cumulative anomalies) - Specific materiality levels
for certain classes of transactions, balances or sensitive information.
Determination of threshold
The standard requires:
- choice of relevant criterion (net income before taxes, total income, equity),
- a consistent calculation method,
- the context (Volatility of results, ownership structure, nature of operations).
Revision during the mission
ISA 320 plans to adjust materiality if:
- significant events occur,
- The final accounts differ significantly from the estimates.
Links with ISA 450
ISA 450 organises how to aggregate anomalies and evaluate their significance in relation to materiality.
ISA 330 — The auditor's response to identified risks
ISA 330 structure the way in which the auditor should respond to the risks identified in ISA 315, both at the global level and at the level of assertions.
Overall financial statement response
ISA 330 provides for high-level adaptations:
- strengthening supervision;
- use of specialized teams;
- modification of the overall audit approach;
- increased work on fraud.
Responses to assertions
The auditor must design tests:
- of the control,
- and/or substance.
Check tests
Required if:
- The auditor plans to rely on the checks;
- controls are relevant for high inherent risks;
- The mere carrying out of substance tests would not provide sufficient assurance.
The tests must assess:
- design,
- implementation,
- operational efficiency.
Retest tests may be required for automated checks.
Substance testing
They directly target assertions: reality, existence, completeness, evaluation, etc.
ISA 330 requires:
- sufficiently extensive tests on all significant areas;
- mandatory procedures (e.g. review of unusual entries, reconciliations with accounting).
In-year implementation
The listener may test certain intermediate controls or flows under conditions:
- no change in control;
- collection of evidence covering the remaining period.
Ongoing re-evaluation
The conclusions drawn from the tests can lead to:
- adjust the risks,
- extending the work,
- or modify the opinion.
ISA 500 — Audit evidence
ISA 500 is the standard for the central concept ofaudit evidence and principles for judging the quality of the evidence collected.
Characteristics of evidence
- Sufficient (quantity)
- Appropriateness (quality, relevance, reliability)
Reliability depends on:
- source (external > internal),
- nature (documentary, observation, confirmation, calculation),
- the level of internal control.
The assertions
ISA 500 formalizes 13 assertions grouped into 3 categories:
| Flow | Balances | Introduction |
|---|
| Occurrence | Existing | Occurrence |
| Fullness | Fullness | Fullness |
| Accuracy | Rights and obligations | Classification |
| Separation of periods | Evaluation | Intelligibility |
| Classification | Imputation | Evaluation |
The work must be designed to respond to these assertions.
Collection techniques
The standard lists the main procedures:
- documentary inspection;
- physical observation;
- request for information;
- external confirmation (circulalization);
- recalculation;
- reexecution;
- analytical procedures.
ISA 500 stresses the importance of professional scepticism.
ISA 501 — Specific considerations for certain sensitive positions
ISA 501 completes ISA 500 for three audit areas where special due diligence is required.
Inventory
The auditor shall:
- attend physical counts,
- conducting rotating inventory tests,
- or apply alternative procedures where it is impossible to be present.
Objective: to verify existence and completeness.
Trial, litigation, litigation
ISA 501 requires:
- requests for information to management,
- a review of the minutes,
- confirmations to lawyers,
- an analysis of the answers.
Objective: To assess contingent liabilities and provisions.
Financial assets and sector information
For significant positions:
- evaluation;
- classification;
- Impairment tests;
- analysis of the sectoral information provided in the Annex.
Conclusion
ISA 315, 320, 330, 500 and 501 are the fundamental architecture of a modern, rational and documented audit approach.
They require a clear logic:
- Understanding to identify risks (ISA 315)
- Calibrate the audit via a consistent materiality threshold (ISA 320)
- Addressing risks through appropriate procedures (ISA 330)
- Collect quality evidence (ISA 500)
- Increased attention to sensitive areas (ISA 501)
For accountants and their staff, the mastery of ISAs is a major lever of quality, compliance and efficiency. They ensure a robust, internationally comparable and aligned approach to global best practices
Glossary of technical terms in audit
| Term | Professional definition (ISA reference) |
|---|---|
| Significant anomaly (Material Misstatement) | Difference or omission likely to influence the decisions of users of the financial statements. May result from fraud or error. |
| Risk-Based Approach | Central ISA benchmark method of identifying and assessing the risks of significant anomalies to determine the nature, extent and timing of work. |
| Assertion | Implicit or explicit statements by management on which the financial statements are based: existence, completeness, valuation, presentation, rights and obligations, etc. |
| (Appropriateness) | Quality of evidence assessed based on relevance and reliability. |
| Circularization (External Confirmation) | Procedure of obtaining confirmation directly from third parties (banks, lawyers, clients, suppliers). |
| Internal Control | Management process to control operations and make financial information reliable (5 ISA components). |
| Automated Controls | Integrated controls in information systems (engine drives, settings, workflows). Require an understanding of the IT environment. |
| Audit Documentation (Audit Documentation) | All documented evidence demonstrating the procedures performed, the evidence collected and the conclusions. Audit quality basis. |
| Evidence | Information collected by the auditor: documents, confirmations, observations, recalculations. Their sufficiency and quality determine the level of assurance. |
| IT Environment | All the systems, infrastructures, LES, databases and IT processes on which accounting processing is based. Major source of risk. |
| Critical Spirit (Professional Skepticism) | Attitude of reasonable doubt, vigilance and constant questioning in the face of evidence, including the risk of fraud. |
| Risk Assessment | The process of identifying and analysing the risks of material anomalies in financial statements and assertions (ISA 315). |
| Fraud (Fraud) | Intentional act leading to a significant anomaly. May result from manipulations, concealments, false writings, etc. ISA 240. |
| Industry Reviews | Taking into account sector-specific characteristics to identify risks: economic models, margins, regulation, macroeconomic exposure. |
| Physical Inventory Observation | Presence of auditor at stock counts to test existence and completeness. Mandatory procedure ISA 501. |
| Materiality | Threshold beyond which an anomaly is considered significant to users. Central planning component (ISA 320). |
| Performance Materiality | Lower threshold to limit the risk of undetected or accumulated anomalies exceeding the primary threshold. |
| Analytical Procedures | Techniques of comparing data with established expectations (trends, ratios, budgets) to identify inconsistencies or anomalies. |
| Audit procedures | All procedures performed to obtain evidence: inspection, observation, confirmation, re-execution, recalculation, analysis. |
| Business Processes | Business cycles (purchases, sales, payroll, capital assets) analyzed to understand inherent risks and associated controls. |
| Performance | Technique of replicating internal control or calculation to test its accuracy and reliability. |
| Audit Risk | Risk that the auditor expresses an inappropriate opinion while the financial statements have a significant anomaly (inherent + control + non-detection). |
| Inherent Risk | Susceptibility of an assertion to involve a significant anomaly independently of internal control. |
| Control Risk | Risk that internal controls will not detect, prevent or correct a significant anomaly. |
| Risk of non-detection (risk detection) | Risk that audit procedures will not identify an existing significant anomaly. |
| Separation of exercises (Cut-off) | Verification that transactions are recorded in the correct accounting period. |
| Audit survey (Sampling) | Selection of a representative sample of transactions or items to extrapolate a conclusion to the set. |
| Supervision | Guidance, guidance and review of the team's work by the signatory partner. |
| Information Systems | Applications, ERP, databases, interfaces used to produce financial information. Critical area of modern audit. |
| Test of Controls | Audit of the design, implementation and effectiveness of internal control. |
| Substance Test (Substantial Test) | Procedure for direct accounting assertions (verification of a document, recalculation, external confirmation...). Mandatory on significant positions. |
| Calculation verification (Recalculation) | A technique whereby the auditor verifies the arithmetic accuracy of an amount per recommendation. |
