Proportionate Application of ISA™ and ISQC™ 1

| Confidential and Proprietary Information
EMPOWERING ASIA’S SMALL &
MEDIUM BUSINESS HUB
Manoj Fadnis
SMP Committee Member
Proportionate Application of
ISA™ and ISQC™ 1
CA Sri Lanka-SAFA-IFAC SMP
Regional Forum
January 26, 2016

OVERALL OBJECTIVES OF AN AUDITOR
Obtain reasonable
assurance on
Financial Statements
• Free from material
misstatements
• Prepared in accordance
with financial reporting
framework
Report &
Communicate
• Report on financial
statements
• Communicate as
required in ISAs

HOW A STANDARD HELPS THE AUDITOR
express an appropriate opinion
designed to support the auditor in obtaining
reasonable assurance about the financial statements
Objectives, requirements and application and other
explanatory material

WHEN TO APPLY A STANDARD
ISA is effective;
and
The
circumstances
addressed in the
ISA exist
Auditor to have an understanding of the entire text of
an ISA to apply it properly

HOW TO USE ISAs IN AUDIT ENGAGEMENT
• Use the OBJECTIVE/s as base for audit planning
• Understand the link between OBJECTIVE/s and
REQUIREMENTS
• Identify what needs to be accomplished
• Identify the appropriate means of doing so; and
• Evaluate whether more needs to be done to achieve
the Objective
• Understand interrelationship between various ISAs

ISAs vis a vis PROPRTIONAL APPLICATION
Proportional
application is
from the
perspective of
auditee (ie
SME) and not
the auditor (ie
SMP)
Where
relevant, ISAs
contain
additional
considerations
for SMEs
Additional
considerations
DO NOT
override the
OBJECTIVES
of an ISA
Responsibility
of the auditor
to apply and
comply with
the
requirements
of the ISA is
NOT reduced

• ISAs are designed by the IAASB to be usable for entities of all sizes,
all types and in all jurisdictions. Application guidance sets out specific
ways in which relevant standard might be applied to an SME.
• This can be both indicating a simpler approach or a particular
challenge. For instance, ISA 315 on risk assessment points out both
that in a smaller entity the active involvement of an owner-manager
may mitigate certain risks such as those arising from lack of
segregation of duties in a small entity but may increase other risks
such as risk of override of controls.
• Majority of documentation requirements for ISA audits are set out in
ISA 230 with requirements for specific areas set out in specific
standards
Proportionate Application—ISA

• It is possible to take a proportionate approach to documentation of
an audit
• ISA 230 requires documentation should enable an experienced
auditor, having no previous connection with the audit, to understand
what has been done. It does not require documentation of every
matter considered or professional judgment made or every last
thought by the auditor. Test is whether an experienced auditor can
understand what has been done, not whether someone with no
knowledge of auditing can.
• ISA 200 makes it clear there is no requirement to apply an ISA or
those individual requirements of an ISA which are not relevant to the
audit. If he does not use the work of an expert or there is no internal
audit function, then he does not need to justify why he has not
applied ISA 610/620
Proportionate Application—ISA (cont.)

SME—DEFINITION IN ISA 200
One or more of these
Straightf
orward
or
uncompl
icated
transacti
ons
Simple
record-
keeping
Few
business
/product
lines
Few
internal
controls
Few
levels of
manage
ment
Few
employe
es with
wide
range of
duties
Concentration
of ownership
and
management
in a small
number of
individuals
Qualitative
characteristics,
not exhaustive

PROPORTIONALITY IN SPECIFIC ISA
ONWARD SLIDES WILL GIVE AN OVERVIEW OF
PROPORTIONALITY IN VARIOUS ISA
(these slides are not intended to be an
exhaustive list of smaller entity audit
considerations envisaged in ISA)

ISA 230—AUDIT DOCUMENTATION
Pre-conditions for an audit
Requirement—In order to establish whether the preconditions for an audit are
present, the auditor shall, inter alia, obtain the agreement of management that it
acknowledges and understands its responsibility.
Proportional Application—When a third party has assisted with the preparation
of the financial statements, remind management that the preparation of the
financial statements in accordance with the applicable financial reporting
framework remains management’s responsibility.

ISA 230—AUDIT DOCUMENTATION
Form, Content, and Extent of Documentation
Requirement: The auditor shall prepare audit documentation
that is sufficient to enable an experienced auditor, having no
previous connection with the audit, to understand:
(a) The nature, timing, and extent of the audit procedures
performed to comply with the SAs and applicable legal and
regulatory requirements;
(b) The results of the audit procedures performed, and the audit
evidence obtained; and
(c) Significant matters arising during the audit, the conclusions
reached thereon, and significant professional judgments made in
reaching those conclusions.

Proportional Application
• Audit documentation generally less extensive than that for
the audit of a larger entity.
• Where the engagement partner performs all the audit
work, the documentation will not include matters that might
have to be documented solely to inform or instruct
members of an engagement team, or to provide evidence
of review by other members of the team
• It may be helpful and efficient to record various aspects of
the audit together in a single document, with cross
references to supporting working papers as appropriate.

ISA 240: THE AUDITOR’S
RESPONSIBILITIES RELATING TO FRAUD
Evaluation of Fraud Risk Factors
Requirement—The auditor shall evaluate whether the information
obtained from the other risk assessment procedures and related activities
performed indicates that one or more fraud risk factors are present.
While fraud risk factors may not necessarily indicate the existence of
fraud, they have often been present in circumstances where frauds have
occurred and therefore may indicate risks of material misstatement due to
fraud.
Proportional Application—In SMEs, some or all of these considerations
may be inapplicable or less relevant.
In some SMEs, the need for management authorization can compensate
for otherwise deficient controls and reduce the risk of employee fraud.

ISA 265: COMMUNICATING DEFICIENCIES
IN INTERNAL CONTROL
Requirement—The auditor shall communicate in writing
significant deficiencies in internal control identified during the
audit to those charged with governance on a timely basis.
Application—In the case of audits of smaller entities, the
auditor may communicate in a less structured manner with
those charged with governance than in the case of larger
entities.

ISA 300: PLANNING AN AUDIT OF
FINANCIAL STATEMENTS
Planning Activities
Requirement—In establishing the overall audit strategy, the auditor shall
ascertain the nature, timing and extent of resources necessary to perform
the engagement.
Proportional Application—The entire audit may be conducted by a very
small audit team, say, the engagement partner working with one
engagement team member. With a smaller team, co-ordination of, and
communication between, team members are easier.
Establishing the overall audit strategy for the audit of a small entity need
not be a complex or time-consuming exercise; it varies according to the
size of the entity, the complexity of the audit, and the size of the
engagement team.

Direction, supervision and review
Requirement—The auditor shall plan the nature, timing and extent of direction
and supervision of engagement team members and the review of their work.
Proportional Application—When an audit is carried out entirely by the
engagement partner, questions of direction and supervision of engagement team
members and review of their work do not arise.
Forming an objective view on the appropriateness of the judgments made in the
course of the audit can present practical problems when the same individual also
performs the entire audit.
When particularly complex or unusual issues are involved, and the audit is
performed by a sole practitioner, it may be desirable to consult with other suitably-
experienced auditors or the auditor’s professional body

ISA 315: Identifying And Assessing The Risk Of
Material Misstatement Through Understanding The
Entity And Its Environment
Analytical Procedures
Requirements—Risk Assessment procedures shall include
Analytical procedures
Proportional Application—Some SMEs may not have interim or
monthly financial information for analytical procedures. The auditor
may need to plan to perform analytical procedures to identify and
assess the risks of material misstatement when an early draft of
the entity’s financial statements is available

Discussion among engagement team
Requirements—The engagement partner and other key engagement
team members shall discuss the susceptibility of the entity’s financial
statements to material misstatement, and the application of the applicable
financial reporting framework to the entity’s facts and circumstances.
The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the
discussion.
Proportional Application—Many small audits are carried out entirely by
the engagement partner. In such situations, it is the engagement partner
who, having personally conducted the planning of the audit, would be
responsible for considering the susceptibility of the entity’s financial
statements to material misstatement due to fraud or error.

Measurement and review of the entity’s financial
performance
Requirement—The auditor shall obtain an understanding of, inter alia,
the measurement and review of the entity’s financial performance.
Proportional Application—Smaller entities often do not have processes
to measure and review financial performance.
Inquiry of management may reveal that it relies on certain key indicators
for evaluating financial performance and taking appropriate action.
If such inquiry indicates an absence of performance measurement or
review, there may be an increased risk of misstatements not being
detected and corrected.

Limitations of internal control
Requirement—The auditor shall obtain an understanding of internal control
relevant to the audit.
Proportional Application—SMEs often have fewer employees which may
limit the extent to which segregation of duties is practicable. However, the owner-
manager may be able to exercise more effective oversight than in a larger entity.
This oversight may compensate for the generally more limited opportunities for
segregation of duties.

Obtaining understanding of control environment
• Those charged with governance in small entities may not include an
independent or outside member, and the role of governance may be
undertaken directly by the owner-manager where there are no other owners.
• The nature of the control environment may also influence the significance of
other controls, or their absence.
• Audit evidence for elements of the control environment in SMEs may not be
available in documentary form
• Attitudes, awareness and actions of management or the owner-manager are
of particular importance to the auditor’s understanding of a smaller entity’s
control environment.

Obtaining understanding of the information system,
including the related business processes, relevant to
financial reporting, and communication
• Information systems and related business processes relevant to financial
reporting in small entities are likely to be less sophisticated than in larger
entities, but their role is just as significant.
• SMEs with active management involvement may not need extensive
descriptions of accounting procedures, sophisticated accounting records, or
written policies.
• Understanding the entity’s systems and processes may therefore be easier in
an audit of smaller entities, and may be more dependent on inquiry than on
review of documentation.

Obtaining understanding of control activities relevant to
audit
• The concepts underlying control activities in SMEs would be similar to those
in larger entities, but the formality with which they operate may vary.
• Certain types of control activities are not relevant to SMEs because of controls
applied by management.
• Control activities relevant to the audit of a smaller entity are likely to relate to
the main transaction cycles such as revenues, purchases and employment
expenses

Obtaining an understanding—monitoring of controls
Proportional Application—Management’s monitoring of control is often
accomplished by management’s or the owner-manager’s close involvement in
operations. This involvement often will identify significant variances from
expectations and inaccuracies in financial data leading to remedial action to the
control

SA 330: THE AUDITOR’S RESPONSES TO
ASSESSED RISKS
Audit Procedures Responsive to the Assessed Risks of Material
Misstatement at the Assertion Level
Requirement—In designing the further audit procedures to be performed, the
auditor shall consider the reasons for the assessment given to the risk of material
misstatement at the assertion level for each class of transactions, account
balance, and disclosure and obtain more persuasive audit evidence the higher
the auditor’s assessment of risk.
Proportional Application—There may not be many control activities that could
be identified by the auditor, or the extent to which their existence or operation
have been documented by the entity may be limited. In such cases, it may be
more efficient for the auditor to perform further audit procedures that are primarily
substantive procedures. In some rare cases, however, the absence of control
activities or of other components of control may make it impossible to obtain
sufficient appropriate audit evidence.

SA 550: RELATED PARTIES
Understanding the Entity’s Related Party Relationships
and Transactions
• TCWG may not include an outside member, and the role of governance may
be undertaken directly by the owner-manager where no other owner exists.
• Control activities likely to be less formal and undocumented processes for
dealing with related party relationships and transactions.
• An owner-manager may mitigate some of the risks arising from related party
transactions, or potentially increase those risks, through active involvement in
all the main aspects of the transactions.
• Auditor may obtain an understanding through inquiry of management
combined with other procedures, such as observation of management’s
oversight and review activities, and inspection of available relevant
documentation.

Identified Significant Related Party Transactions outside
the Entity’s Normal Course of Business
Proportional application
• SME may not have the same controls provided by different levels of authority
and approval that may exist in a larger entity.
• Auditor may rely to a lesser degree on authorization and approval for audit
evidence regarding the validity of significant related party transactions outside
the entity’s normal course of business.
• Instead, consider performing other audit procedures such as
– inspecting relevant documents,
– confirming specific aspects of the transactions with relevant parties
– observing the owner-manager’s involvement with the transactions

SA 570: GOING CONCERN
The period of Management’s Assessment
Requirement—The auditor shall evaluate management’s assessment of the
entity’s ability to continue as a going concern.
Proportional Application—SMEs may not have prepared a detailed assessment
of the entity’s ability to continue as a going concern, but instead may rely on in-
depth knowledge of the business and anticipated future prospects.
• Auditor may discuss the medium and long-term financing of the entity with
management, provided that management’s contentions can be corroborated
by sufficient documentary evidence and are not inconsistent with the auditor’s
understanding of the entity.
• Continued support by owner-managers is often important to smaller entities’
ability to continue as a going concern. Where a small entity is largely financed
by a loan from the owner-manager, it may be important that these funds are
not withdrawn.

NOT AMENABLE TO PROPORTIONAL
APPLICATION IN SMEs
Include:
• ISA 250—Consideration of Laws and Regulations in an
Audit of Financial Statements
• ISA 450—Evaluation of Misstatements Identified During
the Audit
• ISA 500—Audit Evidence
• ISA 700, 705 & 706 – relating to formation of auditor’s
opinion and contents of an audit report

ISQC 1: PROPORTIONAL APPLICATION TO SMPs
• Applicability of ISQC 1—Compliance not expected for
requirements that do not apply to smaller firms/sole
proprietors
• Documentation of QC Policies—Documentation and
communication of policies and procedures for smaller
firms may be less formal and extensive than for larger
firms
• Human Resources—Smaller firms, in particular, may
employ less formal methods of evaluating the performance
of their personnel

• Consultation—SMP needing to consult externally, for example, a
firm without appropriate internal resources, may take advantage of
advisory services provided by Other firms; Professional and regulatory
bodies; or Commercial organizations that provide relevant quality
control services.
• Engagement QC Reviewer
– Engagement partner in SMP may not to able be avoid involvement
in selecting the engagement quality control reviewer.
– Suitably qualified external persons may be contracted SMP
identifies engagements requiring engagement QC reviews.
Alternatively, some sole practitioners or small firms may wish to
use other firms to facilitate engagement quality control reviews

• Monitoring
– In SMPs, monitoring procedures may need to be performed by
individuals who are responsible for design and implementation of
the firm’s QC policies and procedures, or who may be involved in
performing the engagement quality control review.
– SMP with a limited number of persons may choose to use a
suitably qualified external person or another firm to carry out
engagement inspections and other monitoring procedures.
– Alternatively, SMP may establish arrangements to share resources
with other appropriate organizations to facilitate monitoring
activities.

• Complaints & Allegations
– In SMPs, the partner supervising the investigation not be same as
the engagement partner for the engagement.
– SMPs may use the services of a suitably qualified external person
or another firm to carry out the investigation into complaints and
allegations
– SMPs may use more informal methods in the documentation of
their systems of quality control such as manual notes, checklists
and forms.

Knowledge Sharing—Implementation
ISA Guide Volume 1
• Fundamental concepts of a risk-based
audit in conformance with the ISAs
ISA Guide Volume 2
• Practical guidance on performing SME
audits. Includes two illustrative case
studies—one of an SME audit and one
of a micro-entity audit

Knowledge Sharing—Implementation (cont)
• QC Guide
• Helps SMPs apply ISQC 1
proportionately and
efficiently. Includes
guidance, case study, two
sample QC manuals and
checklists
• Reference, training,
customize manuals and
checklists

• Global Knowledge Gateway
• News, views, resources,
thought leadership—
Knowledge Sharing
• 10 topic areas including Audit &
Assurance, Practice
Management and Ethics
• www.ifac.org/Gateway
IFAC Global Knowledge Gateway I

IFAC Global Knowledge Gateway II

IAASB ENHANCING AUDIT QUALITY ITC
• The IAASB has released
its Invitation to
Comment, Enhancing Audit
Quality in the Public
Interest: A Focus on
Professional Skepticism,
Quality Control and Group
Audits (the ITC).
• The comment period is
open through May 16,
2016.

References—IAASB
• Staff Q&A, Applying ISAs Proportionately with the Size and
Complexity of an Entity: http://www.ifac.org/publications-
resources/staff-questions-answers-applying-isas-proportionately-
size-and-complexity-ent
• Staff Q&A, Applying ISQC 1 Proportionately with the Nature and
Size of a Firm:
http://www.ifac.org/sites/default/files/publications/files/Staff%20QA
%20ISQC%201%20Proportionality_FINAL.pdf
• The Clarified ISAs—Findings from the Post-Implementation
Review: http://www.ifac.org/publications-resources/clarified-isas-
findings-post-implementation-review

References—Knowledge Sharing/Implementation
• Guide to Using International Standards on Auditing in the Audits of Small- and
Medium-Sized Entities (Third Edition) (incl. companion manual and slides):
https://www.ifac.org/publications-resources/guide-using-international-standards-
auditing-audits-small-and-medium-sized-en
• Guide to Quality Control for Small- and Medium-Sized Practices (Third Edition)
(incl. companion manual and slides): www.ifac.org/publications-resources/guide-
quality-control-small-and-medium-sized-practices-third-edition-0
• Boosting the Quality and Efficiency of Smaller Entity Audits article:
https://www.ifac.org/news-events/2013-07/boosting-quality-and-efficiency-
smaller-entity-audits
• Tips for Cost-Effective ISA Application article: https://www.ifac.org/publications-
resources/tips-cost-effective-isa-application
• Tips for Cost-Effective ISQC 1 Application article:
https://www.ifac.org/publications-resources/tips-cost-effective-isqc-1-application

Proportionate Application of ISA™ and ISQC™ 1

More Related Content

What's hot

Similar to Proportionate Application of ISA™ and ISQC™ 1

More from International Federation of Accountants

Recently uploaded

Proportionate Application of ISA™ and ISQC™ 1

Editor's Notes