It is timely to draw auditor’s attention to two important developments that have taken place in the audit arena since the beginning of the year.

Updated Audit Programmes

The first of these are the updated Audit Programmes available from the various, well-known sources. Audit Programmes needed to be updated for important changes made to two audit standards in particular, ISA 315 ‘Identifying and Assessing the Risks of Material Misstatementand ISA 240 on ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’.

Both standards became effective for the audits of accounting periods commencing 15 December 2021 or in practical terms, years ended 31 December 2022.

The audits of these periods have already concluded in many cases, but many are still in progress. Auditors please take note that there are significant additional requirements/changes in emphasis in these standards, especially in ISA 315, which has grown to 106 pages (regardless of the size of entity involved)!  Therefore, the need to implement new audit programmes for these audits is imperative. The same applies to specialist audit assignments like charities, multi-unit developments and Central Bank regulated entities, like insurance brokers.

We will be writing more blogs on these changes in the coming months.

ISA 315 IT Controls

One of the significant changes in emphasis in ISA 315 is the additional detail in documentation of IT systems and controls. All audit files, regardless of the size of the audit, need to have sufficient/appropriate evidence on file of testing their internal IT and accounting controls in action.

Where weaknesses are found the implications need to be assessed – for example, weaknesses identified could trigger additional/wider scope audit testing.

Also, management need to be informed, in writing, of significant weaknesses identified and the severity/implications of these weaknesses  – see more in ISA 265.

The purpose is to identify areas where there may be a risk of misstatement due to error or fraud.

This will influence the sample sizes and tailoring of the audit programmes.

So the results of controls testing needs to be assessed before progressing to do substantive testing. This is because the results of substantive tests cannot be used, as the scope and extent of these tests cannot be determined until the risk assessment process is complete.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.