Page 37 - Internal Auditing Standards
P. 37
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
ISAs do not distinguish the audit approach required for a one-person entity from that required for a national
entity employing thousands of people. An audit is an audit. Consequently, the basic approach to an audit
does not change just because the entity is small.
The word “audit” is intended to convey a clear message to users of financial statements. That message is
that the auditor has obtained reasonable assurance that the financial statements are free from material
misstatements, regardless of the size or type of the entity that has been audited.
This issue of proportionality was addressed by IAASB staff in a Staff Questions and Answers document,
1
entitled Applying ISAs Proportionately with the Size and Complexity of an Entity, issued in August 2009. Its
purpose is to assist auditors in applying the clarified ISAs in a cost-effective manner. The response to the
question “How do ISAs address the different characteristics of a small entity from a larger, more complex
entity” was as follows:
“The auditor’s objectives are the same for audits of entities of different sizes and complexities. This,
however, does not mean that every audit will be planned and performed in exactly the same way.
The ISAs recognize that the specific audit procedures to be undertaken to achieve the auditor’s
objectives and to comply with the requirements of the ISAs may vary considerably depending on
whether the entity being audited is large or small and whether it is complex or relatively simple. The
requirements of the ISAs, therefore, focus on matters that the auditor needs to address in an audit
and do not ordinarily detail the specific procedures that the auditor should perform.
The ISAs also explain that the appropriate audit approach for designing and performing further
audit procedures depends on the auditor’s risk assessment. For example, based on the required
understanding of the entity and its environment, including its internal control and the assessed risks
of material misstatement, the auditor may determine that a combined approach using both tests
of controls and substantive procedures is an effective approach in the circumstances in responding
to the assessed risks. In other cases, for example, in the context of an SME audit where there are not
many control activities in the SME that can be identified by the auditor, the auditor may decide that
it is efficient to perform further audit procedures that are primarily substantive procedures.
It is also important to note that the ISAs acknowledge that the appropriate exercise of professional
judgment is essential to the proper conduct of an audit. Professional judgment is necessary, in
particular, regarding decisions about the nature, timing, and extent of audit procedures used to
meet the requirements of the ISAs and gather audit evidence. However, while the auditor of an
SME needs to exercise professional judgment, this does not mean that the auditor can decide not
to apply a requirement of an ISA except in exceptional circumstances and provided that the auditor
performs alternative audit procedures to achieve the aim of the requirement.”
The key points in the excerpt above can be summarized as follows:
• Audit objectives are the same for any size of audit;
• The specific audit procedures required may vary considerably depending on the size of entity and
the assessed risks;
• The ISAs focus on matters the auditor needs to address—not on the details of specifi c procedures;
• The design of further audit procedures depends on the auditor’s risk assessment;
1 Applying ISAs Proportionately with the Size and Complexity of an Entity is at:
http://web.ifac.org/publications/international-auditing-and-assurance-standards-board/practice-alerts-and-q-as#applying-isas-proportionate
35
