Two of the most important ISAs in any audit are ISA 315 on risk assessment and ISA 540 on the audit of estimates. Exposure Draft (ED) ISA 315 on risk assessment was approved at the September IAASB meeting, as was the final version of ISA 540 on estimates.
In this blog, Katharine Bagshaw FCA takes an in-depth look at ISA 540. See her exploration of ISA 315 in part 1 of this series.
You can learn more about both issues in Katharine’s recent Croner-i eCPD® webinars.
ISA 540: Estimates
ISAs don’t apply automatically in the UK. The FRC has to adopt them. In the case of ISA 540, this is something of a formality and the new standard looks likely to be effective for periods beginning on or after 15 December 2019, which means 2020 year-ends, with early adoption permitted. But this sort of plain sailing wasn’t the case when IAASB originally exposed the new standard back in April 2017.
IAASB tried hard to deal with simple depreciation calculations for an SME at one end of the scale, and the audit of expected credit losses for financial institutions at the other, without overcomplicating the former or dumbing down the latter.
The ED made a valiant attempt to keep the audit of simple estimates simple: low risk estimates were to be treated in a not dissimilar manner to the way they have always been, i.e. by either looking at events up to the date of the audit report (which is almost always the simplest option if it’s available), by testing management’s process and data, or by auditors developing their own point estimate or range.
For all other estimates, there was a fair amount more to be done around complexity, judgement and estimation uncertainty (the new ‘inherent risk factors’) and there was much more than before on methods, models, assumptions and data, which of course is important for complex estimates, particularly in the financial sector.
Sadly – but perhaps not very surprisingly – field-testing demonstrated some inconsistencies in interpretation.
Any sort of ‘bright line’ (such as low/not low, or significant/not significant when it comes to risk) means that some will inevitably tend to put more in one bucket than the other. Putting everything in the low risk bucket clearly reduces work effort, and doing the opposite keeps regulators off your back. This wasn’t the only issue – there were others about the overlap between complexity, judgment and estimation uncertainty, for example – but it was critical.
The final standard approved in June looks somewhat different from the proposals in structure but because most of the material was retained, there was no re-exposure.
There will be more for auditors to do to show that they have properly understood the estimate, there is work on controls, more detail on the inherent risk factors, a new stand-back and of course documentation of all of this. But the low risk / not low risk distinction has gone and instead, as per paragraph 13, when obtaining an understanding, procedures are performed ‘…to the extent necessary to provide an appropriate basis for the identification and assessment of risks of material misstatement’.
How this plays out in practice, and whether auditors do get to grips with estimates better remains to be seen, but audit regulators have been complaining about excessive reliance on management’s estimates in audits of all sizes, for some time.
Katharine Bagshaw FCA has dealt with technical audit issues for nearly 25 years as a practitioner, trainer and writer. She is a regular contributor to Croner-i eCPD®, a former deputy chair of IFAC’s Small and Medium Practices (SMP) Committee, and was a member of IAASB’s Task Force that developed ED-ISA 315.