ISA 610 The Auditor's Consideration of the Internal Audit Function
Proposed redrafted International Standard on Auditing issued for comment by the International Auditing and Assurance Standards Board of the International Federation of Accountants
Comments from ACCA
April 2007
Executive Summary
ACCA welcomes the opportunity to comment on the proposed International Standard on Auditing ISA 610 (Redrafted) The Auditor's Consideration of the Internal Audit Function (proposed ISA 610), issued for comment by the International Auditing and Assurance Standards Board of the International Federation of Accountants.
Our comments below are restricted to the changes proposed in applying the Clarity project drafting conventions to extant ISA 610.
We have serious concerns that:
- The Clarity redrafting has disguised a significant change in the scope of the proposed ISA that will add unjustified costs to all audits.
- The terminology has been changed unnecessarily and there is no definition of the new term ‘internal audit function'.
- Many of the proposed requirements are confusingly worded and without sufficient justification.
Objective
The objective of proposed ISA 610 and the introductory text have changed the role of the ISA from that of extant ISA 610. We do not agree with this change. It will add unnecessary costs to audits, which will fall disproportionately on smaller entities.
Paragraph 1 of extant ISA 610 states that ‘The audit procedures noted in this ISA need only be applied to internal auditing activities which are relevant to the audit of the financial statements.'
This wording has been transferred to the section, Application and Other Explanatory Material (A&OEM) of proposed ISA 610, as part of paragraph A4.
Paragraph A4 mixes two types of wording, as it also includes text from extant ISA 610 paragraph 10. Paragraph 10 provides guidance for those circumstances where the auditor has sought to obtain an understanding of an internal audit function, because it's activities appeared to be relevant to the external audit, but decided that no use will be made of it.
The effect of combining these two types of text in paragraph A4, is to change a preliminary test of relevance of the ISA to something that can only be decided after complying with paragraph 7 of proposed ISA 610 in all audits.
This is clearly inappropriate as overall, relatively few of the many thousands of audits around the world may be affected by an internal audit function.
Having obtained an understanding of internal control in accordance with ISA 315 (Redrafted) Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment , the auditor is in a position to determine whether the internal audit function is likely to be relevant to the audit of the financial statements and to decide whether proposed ISA 610 is relevant.
We strongly suggest, therefore, that the public interest is best served by limiting the application of proposed ISA 610 as was done for extant ISA 610. The scope, objective and detail of the ISA should be amended to give effect to this.
There are other ISAs that cover aspects of an audit that arguably also fall to be considered in relation to the ‘core' ISAs, such as ISA 315. Some, such as ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements are generally applicable, but others are similar to proposed ISA 610 in that they are relevant only to a minority of audits, for example, ISA 620 Using the Work of an Expert . The scope paragraph of such ISAs should state that they are only relevant if the circumstances to which they apply are present.
Application of the Clarity Drafting Conventions
Definitions
Proposed ISA 610 uses the term ‘internal audit function' whereas extant ISA 610 refers to ‘internal auditing'. Given the limited redrafting of proposed ISA 610 at this stage of the Clarity project, we question the need for any change to the established term.
Should the new term be retained, we consider that a definition of ‘internal audit function' is necessary. This is because a definition of the term is useful and it may avoid difficulties of translation.
Extant ISA 610 defines internal auditing as follows:
“Internal auditing” means an appraisal activity established within an entity as a service to the entity. Its functions include, amongst other things, monitoring internal control.
The Glossary of Terms in the 2007 IAASB Handbook deals with the term in a slightly different way [ emphasis added ]:
Internal auditing—An appraisal activity established within an entity as a service to the entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control.
A simple substitution of the new term in either extant definition highlights the linguistic difficulty that ‘the internal audit function has functions'.
Without a clear definition, there is also potential for auditors to waste time considering whether the carrying out of any activities listed in paragraph A2 of proposed ISA 610 gives rise to an ‘internal audit function' (perhaps represented by part of the time of a member of management).
Requirements
We challenge the wholesale elevation of guidance material to requirements that has been effected in proposed ISA 610. As set out in our detailed comments below, the result is a confused document that mixes up planning and substantive work and overall and specific considerations.
We recommend adopting a straightforward and simple approach to Clarification by retaining only the requirements from extant ISA 610.
Paragraph 7
Paragraph 7 should be amended to accord with the revised scope of proposed ISA 610 as set out in our comments above on the objective.
The requirement that the understanding including the organisational status and scope of responsibilities is unnecessary as these are fundamental, such that no understanding that meets the requirements of ISA 315 could omit them. The wording would be better presented in the A&OEM section where it would improve the readability of paragraph A5.
Paragraph 8
The requirements in Paragraph 8 are in terms of the whole internal audit function. This is not appropriate to circumstances where the auditor intends to make only limited use the work of the internal audit function.
Even if the requirements were constrained to overall aspects that could affect specific work and aspects directly relevant to specific work they are unnecessary as they duplicate the requirement in paragraph 10. This material should be transferred to the A&OEM section.
Paragraph 9
The requirements in paragraph 9 are in the context of the effect ‘on the external auditor's procedures' . This seems to be a coded way to signify that the requirements are intended to relate to the assertion level.
We see no point whatsoever in listing, as detailed requirements, consideration of materiality, risk and subjectivity. These are fundamental to any consideration and fully covered by the ‘core' ISAs. We recommend transferring the wording to the A&OEM section as introductory wording in paragraphs A7 to A9.
We do not subscribe to the argument that if matters are ‘fundamental' then they must be included as requirements. The only practical effect of doing so is to increase the cost of audits by presenting auditors with more boxes to tick.
Paragraph 11
Paragraph 11 is essentially guidance material for the requirement in paragraph 10. It should be transferred to the A&OEM section.
The first requirement in paragraph 11 refers to considering the scope of the work of the internal function when evaluating the specific work performed. The scope would necessarily have been considered as part of the decision that evaluation was appropriate, hence the requirement is misplaced.
It may be that this was not the intention of the wording but, as drafted, the requirement to revisit the overall understanding of the internal audit function is wrong. In general, a need for reconsideration arises when the auditor becomes aware of circumstances that, had they been known earlier, would have affected the initial understanding. Auditors remain alert for such matters and a specific requirement to reconsider in the absence of any alerting circumstances is unjustified.
The requirement to evaluate a list of matters duplicates the overall requirement in paragraph 10 and is unnecessary. Because the list is closed, there is a risk that auditors will tick the boxes and omit evaluation of other matters that are relevant. Conversely, there is a danger that inefficiencies will be introduced if auditors are required to evaluate all the items on the list. For example, there is no value in the auditor evaluating the resolution of ‘any exceptions or unusual matters disclosed by the internal audit function' if the auditor has already made an evaluation that there was insufficient evidence to support reasonable conclusions.
Special Considerations in the Audit of Small Entities
The Explanatory Memorandum asks no questions in relation to the application of proposed ISA 610 to the audit of small entities. We draw attention to our comments above under the heading of ‘Objective'. If these are not accepted, there will be a need for specific relevant guidance for the audit of small entities.
The ‘core' ISAs are: ISA 300 Planning an Audit of Financial Statements , ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment , and ISA 330 The Auditor's Responses to Assessed Risks .
Other ISAs that are clearly relevant only to a minority of audits are: ISA 402 Audit Considerations Relating to Entities Using Service Organizations and ISA 510 Initial Engagements—Opening Balances .
A new definition should draw on the definition promulgated by the Institute of Internal Auditors : ‘Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.' A definition should also be provided if proposed ISA 610 reverts to the term ‘internal auditing'.