Revised ISA 315 and IT Risks.
Revised ISA 315 and IT risks
This week’s write up on ISA 315 will wrap up our highlights on the standard. Because of time and the need to having first-hand experience of the working other than the expectation of this standards, it is imperative that all audit firm irrespective of their sizes go back to their training room to review carefully the standard and the explicit responsibilities it reposes on them. With this medium, we can only draw your attention to the relevant areas where attention and realignment are crucial.
So finally, the revision of International Standard on Auditing (ISA) 315 has brought about significant changes in the audit approach, particularly in relation to information technology (IT) risks. The previous standards did not consider IT risks and controls as a critical aspect of audits, but the revised ISA 315 now requires auditors to gain an understanding of the IT systems in use and associated risk factors.
The revised ISA 315 acknowledges that IT plays a crucial role not just in the alternative investment sector, where IT platforms are used for calculating the net asset value (NAV) of alternative products, including special purpose vehicles (SPVs) but also in every business process. Auditors are now required to understand the flow of information through the audited entity's information systems, the initiation and documentation of transactions, and the IT environment supporting these processes.
领英推荐
The revised ISA 315 provides guidance on understanding different types of IT risks and typical characteristics of non-complex commercial software, mid-size or moderately complex commercial software or IT applications, and large or complex IT applications (such as ERP systems). The standard also details IT controls related to access management processes, change management processes, and IT operations.
In summary, the revision to ISA 315 introduces a minimum requirement for auditors to document their understanding of the role of IT in transactions and relevant processes. This requirement applies to all business and should be adhere to even by small firms.
To address the increasing IT requests from auditors and demonstrate the appropriate level of assurance to investors and stakeholders, businesses are encouraged to redefine the scope of their existing controls reports, such as the International Standard on Assurance Engagements (ISAE) 3402 report. This will help cover certain aspects of operational and IT processes impacting business processes even of unregulated entities .
It is important that for business to partner with trusted IT experts and proactively adapt to these technological changes to remain competitive and turn challenges into growth opportunities.