One of the standards that was revised and redrafted as part of the Clarity Project was ISA 200.
This article was first published in the July 2010 edition of Accounting and Business magazine.
Studying this technical article and answering the related questions can count towards your verifiable CPD if you are following the unit route to CPD and the content is relevant to your learning and development needs. One hour of learning equates to one unit of CPD. We'd suggest that you use this as a guide when allocating yourself CPD units.
The International Auditing and Assurance Standards Board (IAASB) makes it clear that an understanding of this ISA is crucial to auditors, as this ISA sets out how the objectives, requirements, application and explanatory material contained in all ISAs are to be understood and applied.
ISA 200 should be seen as the starting point in developing an understanding of the Clarified ISAs. It contains basic objectives and requirements that should be followed in all audits of historical information. It is such a fundamental standard that all the other ISAs contain a prompt saying they should be read in conjunction with ISA 200. So while some of the points made below will be familiar and should be obvious to the competent auditor, the points are worthy of revision. There are several key elements to ISA 200:
- Objectives that clearly state the overall objectives of the auditor;
- Definitions that clarify key terms relevant to auditing generally; and
- Requirements that set out the conduct of an audit.
ISA 200 also contains a useful introduction that sets out the scope of the standard and explains some of the basic concepts used by auditors. In common with all Clarified ISAs, application and other explanatory material is provided to enhance the understanding and provide suggestions as to how a requirement could be addressed.
ISA 200 states there are two overall objectives of the auditor. First: 'To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.' Secondly: 'To report on the financial statements, and communicate as required by the ISAs in accordance with the auditor's findings.'
In addition, ISA 200 contains an objective relating to situations where reasonable assurance cannot be obtained, in which case the auditor, depending on the circumstances, may qualify the audit opinion, or disclaim an opinion, or withdraw from the assignment.
The IAASB believe these objectives are clearly worded and reflect what the auditor ultimately is responsible for achieving. The achievement of these objectives is supported by the other Clarified ISAs.
ISA 200 contains five separate requirements.
'The auditor shall comply with relevant ethical requirements, including those pertaining to independence, related to financial statement audit engagements.' ISA 200 reminds us that the auditor is bound by one or more ethical codes, depending on the jurisdiction in which the auditor operates. The ethical code, including compliance with quality control measures, therefore underpins the conduct of an audit. Similar wording was used in the old version of ISA 200.
'The auditor shall plan and perform an audit with professional scepticism, recognising that circumstances may exist which cause the financial statements to be materially misstated.' The ISA explains that it is necessary to maintain an attitude of scepticism throughout the audit, and is especially important in the critical assessment of audit evidence. Again, this was a requirement of the old ISA 200.
'The auditor shall exercise professional judgment in planning and performing an audit of financial statements.' The old version of ISA 200, though recognising the need to exercise professional judgment during the audit, did not have a specific requirement in relation to it. The Clarified ISA 200 states that professional judgment is essential to the proper conduct of the audit; for example, in making decisions regarding materiality, the evaluation of management's judgments, and the drawing of conclusions. In fact, professional judgment will be used in almost all key decisions regarding the conduct of the audit.
A definition of professional judgment is provided in ISA 200: 'The application of relevant training, knowledge and experience, within the context provided by auditing, accounting and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement.'
The IAASB considers that this definition explains what is meant by professional judgment and hopes the new requirement will emphasise the importance of sound professional judgment as part of the audit process. ISA 200 also recognises that consultation on contentious matters may assist the auditor in making informed and reasonable judgments. There is also a need for professional judgment to be appropriately documented.
Sufficient appropriate audit evidence and audit risk
'To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion.' This covers old ground and the relevant application material summarises what is meant by sufficient and appropriate evidence, and emphasises the concepts enshrined in the risk-based approach to auditing. The IAASB sees this as augmentation of existing guidance, and does not change the underlying principles relating to the use of the audit risk model.
Conduct of an audit in accordance with ISAs
This is possibly the most significant area of ISA 200, as it contains several requirements specific to ensuring that the auditor complies with the objectives and requirements of the Clarified ISAs. Each requirement relating to the conduct of the audit in accordance with ISAs will be looked at in turn.
- 'The auditor shall comply with all ISAs relevant to the audit.' One of the matters that will need to be addressed in planning an audit is whether there are any ISAs that are not relevant. For example, in the audit of an SME that does not have an internal audit function, the requirements of ISA 610, Using the Work of Internal Auditors is irrelevant.
- 'The auditor shall have an understanding of the entire text of an ISA, including its application and other explanatory material, to understand its objectives and apply its requirements properly.' It is necessary to understand the new structure of the Clarified ISAs in order to appreciate the importance of this requirement. ISA contains an introduction, objectives, definitions (where relevant), requirements, and finally, application and explanatory material. The structure may imply that the application and explanatory material is less important than the rest. However, it should be seen as integral to the standard, and it is necessary to read this material in order to understand and achieve the overall objectives of the standard, and to properly apply the requirements of the standard.
Another important point is that the application and explanatory material often contains guidance aimed at the auditors of SMEs. The IAASB is of the opinion that an SME audit needs to be of the same standard and based on the same ISA requirements as the audit of larger entities. However, it is also recognised that ISAs should be applied proportionately with the size and/or complexity of the entity being audited.
To assist the auditors of SMEs, ISAs contain, where relevant, separate sections entitled Considerations Specific to Smaller Entities, which explain how the requirements of the ISA should be addressed when auditing a smaller entity. ISA 200 also contains a useful summary of the characteristics of the smaller entity (A64) and explains that while the considerations specific to smaller entities have been developed with regard to unlisted entities, the considerations may be helpful in the audit of smaller listed entities (A65).
- 'The auditor shall not represent compliance with ISAs in the auditor's report unless the auditor has complied with the requirements of this ISA and all other ISAs relevant to the audit.' No explanatory material is provided in relation to this requirement, which seems to re-emphasise the point that the auditor must be careful to identify which ISAs are relevant to a particular assignment before stating compliance with ISAs in the audit report.
- 'To achieve the overall objectives of the auditor, the auditor shall use the objectives stated in relevant ISAs in planning and performing the audit, having regard to the interrelationships among the ISAs, to:
Determine whether audit procedures in addition to those required by the ISAs are necessary; and
Evaluate whether sufficient appropriate audit evidence has been obtained.'
Each individual ISA contains objectives that should be seen as a link between the requirements of that ISA and the overall objectives of the auditor; ie, to reach an opinion and to report that opinion. The auditor should understand the specific objective of an ISA in order to decide what needs to be accomplished, and use professional judgment in deciding the extent of work that needs to be carried out in order to achieve objectives. In reviewing the results of audit procedures, the auditor should bear in mind whether the objective of the relevant ISA has been met and, if not, what additional procedures may be necessary.
- 'The auditor shall comply with each requirement of an ISA unless in the circumstances of the audit:
The entire ISA is not relevant; or
The requirement is not relevant because it is conditional, and the condition does not exist.'
Requirements exist to enable the auditor to achieve objectives. The fundamental principle here is that the auditor is only expected to comply with requirements that are relevant to the circumstances of the audit engagement. In some audits, whole ISAs can be deemed not relevant. This may be especially common in the audit of smaller entities as mentioned above. The auditor will need to use professional judgment in deciding whether a requirement within an ISA is relevant to an audit engagement.
ISA 200 also discusses exceptional circumstances in which the auditor may deem it necessary to depart from a relevant requirement. In these cases, the auditor is required to perform alternative audit procedures to achieve the aim of that requirement. In other words, the objective of the ISA should be addressed by using alternative means. It is stated in ISA 200 that this need should only arise where the requirement is for a specific procedure to be performed which, in the specific circumstances of the audit, would be ineffective. In this case, ISA 230, Audit Documentation requires the auditor to document the reason for the departure and how the alternative procedures achieve the aim of the requirement.
- The final requirement of ISA 200 deals with the failure to achieve an objective. To paraphrase this long requirement: when the auditor fails to achieve an objective, the auditor shall evaluate whether this prevents the overall objective of the audit being achieved. In other words, does failing to meet the objective mean the auditor cannot express an unmodified opinion? It is a matter of professional judgment, based on evaluation of evidence obtained and whether the objective of the auditor has been met. Failure to achieve an objective is a significant matter and the situation should be fully documented.
The objectives and requirements of ISA 200 underpin all audits of historical financial statements, regardless of the size or complexity of the entity being audited. The IAASB states that ISA 200 should be read and studied by all auditors, even though many of the concepts are familiar from the previous incarnation of the standard.
Lisa Weaver is ACCA's examiner for advanced audit and assurance