ICAEW.com works better with JavaScript enabled.
Exclusive content
Access to our exclusive resources is for specific groups of students, subscribers, users and members.
Peter Herbert highlights the hottest topics for audit in 2023, including ISQM1, ISA 315 revised and ISA (UK) 240 revised, and gives feedback from QAD on audit quality.

With a raft of new and revised auditing standards and the ongoing challenge of a difficult economic climate, there’s much to focus on for audits conducted during 2023. My recent faculty webinar covered some of the key considerations and also provided an opportunity to share some important messages from ICAEW’s Quality Assurance Department (QAD), following my discussions with it in advance of the webinar.

A recording of my November 2022 faculty webinar is available. This article shares some highlights from the event and some timely tips from QAD.


Much has been said (and written) about the steps firms need to take to get to grips with the new quality management standard, ISQM 1, in advance of its implementation. QAD expects that firms will have had a good stab at their risk assessment in advance of the 15 December 2022 deadline, but it also recognises that not all firms will, by then, have in place a system of quality management that is the finished article.

My experience is that some firms have produced detailed papers explaining how what they already do adequately addresses all quality risks (an approach that might reasonably be described as a ‘retrofit’). During the webinar I encouraged firms (that may have taken this approach) to be open to the idea that some further actions will be necessary – especially if cold file reviews and ICAEW inspection visits identify weaknesses. Risks in relation to governance and strategy will be challenging for some firms, as solutions might take a while to formulate and implement. In the current climate it’s not unusual to see mergers between firms and it’s important for such firms to consider whether the related structural and cultural challenges have been adequately thought through and a consistent approach to audit achieved – and to not shy away from difficult questions.

A domineering managing partner or chief executive in a smaller independent firm can definitely be a force for the good, but is audit quality a priority for them and, if not, how can the firm balance commercial considerations and good audit outcomes? Do certain responsible individuals ‘dabble’ in audits or in particular types of audits? If so, should they be doing audits at all? These might be very challenging questions for some, but not ones to duck.

My discussions with QAD in advance of November’s webinar also highlighted the need for audit firms to focus on risks relating to resources. As the climate for accountancy recruitment is difficult and not helped by audit becoming an increasingly specialist area, what steps can firms take to ensure they recruit and retain the right people? Also, do they give appropriate consideration to training requirements?

Comments on root cause analysis in ICAEW’s Audit Monitoring Report 2020-21 (tinyurl.com/AB-Audit-Monitor) highlighted a lack of knowledge of auditing and financial reporting standards as a recurring problem. ISQM 1 gives firms a chance to think afresh about how partners and staff gain the crucial continuing professional development they really need.

ISA 315 revised

Implementation of the revised International Standard on Auditing (ISA) 315 Identifying and assessing the risks of material misstatement for accounting periods commencing on or after 15 December 2021 means substantial changes to proprietary audits systems, so many see its introduction as a burden. The revision of the standard will, however, give some an impetus to refresh their approach to risk assessment to get better quality and more efficient audit outcomes. This is crucial in an environment in which a drift towards the removal of sample size caps makes ‘smart’ auditing very much the order of the day.

For many auditors, the following will be the most significant changes:

During courses, some questions are currently cropping up repeatedly. For example, what should a typical risk schedule look like? Does audit documentation need to consider every assertion for every account balance, class of transaction and disclosure?
The short answer to the latter question is “No”.

Auditors will, however, need to develop a thoughtful list of significant misstatement risks, of which there might be few for straightforward audits. Where risks sit at the higher end of the spectrum, audit testing and documentation will need to be on point, with appropriate and timely review by the engagement partner clearly evident on file.

Many firms are questioning whether additional time invested in planning audits in the light of the changes will result in increased fees. Possibly, and possibly not. Either way, a more thoughtful, focused approach to audit strategy might be a beneficial outcome.

ISA (UK) 240 revised

Many feel that the revision of the fraud standard, ISA (UK) 240, is more about mindset than procedures. The Financial Reporting Council has used the revised UK standard to remind auditors of some crucial steps to take when identifying and assessing the risk of material misstatement due to fraud.

As well as getting their noses into the revised standard, auditors are well advised to take a look at ICAEW’s excellent recent publication Sharpening the Focus on Corporate Fraud (see overleaf). This provides some invaluable insights on tackling fraud risk from experienced auditors within the profession.

Many firms will find that the changes to ISA (UK) 240 are relatively subtle. Key changes that all firms should focus on are:

Some firms will also need to understand the differences between the revised ISA (UK) 240 and ISA 240, the International Auditing and Assurance Standards Board (IAASB) version of the fraud standard on which it is based, and plans for its revision (see ‘Further reading and resources’, below).

QAD top tips

As mentioned earlier, my recent webinar was used to gather feedback from QAD about the issues it most commonly encounters regarding audit quality. What it highlighted was interesting, although not totally unexpected:

Onwards and upwards

So there’s lots of food for thought as we start 2023. In difficult economic times, with a range of regulatory changes about to come into force, auditors need to be on top of their game. However, as many of the changes are more akin to evolution than revolution, firms that already perform and document good quality audits will be well on their way to full compliance.

Further reading and resources

A recording of Peter Herbert’s faculty webinar on Hot topics and tips for 2023 audits.

An Audit & Beyond Q&A on ISQM 1, ISA 315 and ISA (UK) 240 (from the October 2022 edition)

International standards on quality management

There have been a number of recent Audit & Beyond articles to assist smaller firms with ISQM 1 preparations and compliance and to help them understand QAD expectations. These can be found, along with other resources to help audit firms implement the new quality management standards ISQM 1, ISQM 2 and ISA 220 (Revised), through the faculty’s ‘Quality management in audit firms’ hub.

The International Auditing and Assurance Standards Board (IAASB) makes these quality management standards and associated support materials available.

The Financial Reporting Council (FRC) makes the UK versions available

ISA 315 (Revised)

The revised risk assessment standard, ISA 315, provides more material to support auditors in assessing risks relating to IT. It also includes prescriptive requirements for auditors.

A recent Audit & Beyond article on Understanding the entity’s IT systems and related risks highlights changes in the revised ISA 315, its enhanced scalability and points to additional support material the standard offers to assist auditors.

A brief overview of the main revisions in ISA 315 is available from the faculty along with links to other material related to the standard.

A first-time implementation guide for the revised ISA 315 was published in July 2022 by the IAASB.

The IAASB makes ISA 315 (Revised 2019) available.

The FRC makes ISA (UK) 315 (Revised 2020) available.

ISA (UK) 240 (Revised)

During 2022, the faculty has provided a range of resources to assist firms with the preparations for and implementation of ISA (UK) 240.

Audit & Beyond articles include:

‘Fraud risk factors in a financial statement audit’, a faculty webinar recording, offering practical tips on implementing the revised ISA (UK) 240.

Sharpening the Focus on Corporate Fraud: an Audit Firm Perspective, a recent ICAEW report was the subject of a live panel discussion, available now as a recording.

The IAASB is planning to revise ISA 240 and during 2022 published some related resources that firms may find useful. Information on the project and its timeline.

IAASB guidance The fraud lens – interactions between ISA 240 and other ISAs illustrates relationships and linkages between ISA 240 and other ISAs when planning, performing and reporting on an audit engagement, and shows this in a diagram that many auditors may find useful .

About the author
Peter Herbert, Director, Insight Training

Audit & Beyond

This article was first featured in the December 2022/January 2023 edition of Audit & Beyond.

Audit & Beyond Dec/Jan 2022/23