Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

FRC Technology Working Group – Rolling Record of Discussion & Actions

FRC Technology Working Group – Rolling Record of Discussion & Actions

Meeting Date Topic Discussion Action
22nd March 2022 Open Banking & Bank Confirmations Several audit firms queried, given the increased prominence of Open Banking in the UK, if bank confirmations obtained through Open Banking platforms and relevant APIs were compliant with ISA (UK) 505.

ISA (UK) 5051 describes how external confirmations may be obtained in “paper form, or by electronic or other medium.” As such, although much of the material and process in ISA (UK) 505 is predicated on the send and receiving of paper letters, the ISA (UK) does not preclude the use of other mediums to obtain confirmation.

The general consensus was that confirmations obtained through Open Banking platforms could be used to confirm bank balances in a similar way to how more traditional bank letters are used but reminded firms that the requirements in ISA (UK) 500 in relation to sufficient appropriate audit evidence remain relevant. For example, if Open Banking confirmations are not able to provide evidence around the Completeness assertion for liabilities, auditors will need to consider how they are able to collect additional evidence to supplement the confirmation.

Several firms noted that the greatest benefit of Open Banking is likely not the ability to confirm bank balances, but access to transactional data in a format which is consistent and thus facilities more efficient analysis.		 None noted.
9th May 2022 Automated Tools & Techniques for Concurrent Risk Assessment and Substantive Procedures The concept of simultaneously performing both risk assessment and substantive procedures with Automated Tools and Techniques (ATT) is discussed in ISA (UK) 3152 and a detailed example is included within SAS 1423.

The FRC noted that in inspections we had only seen very limited instances of this approach being deployed and that the key issue was documentation rather than if the approach was conceptually sound.

One audit firm described how they had undertaken a significant amount of work to determine a sensible approach to documenting concurrent use of ATT to overcome questions around, for example, if duplication of working papers was necessary in both the risk assessment and substantive procedures sections of audit files to comply with the ISAs (UK).

Another firm noted that they found the concept of concurrent challenging, as the model for audit is built upon the premise that risk is identified first and then procedures are designed to respond to those risks and questioned how a concurrent approach would satisfy this underlying model.

This was discussed in detail and attendees agreed that the concept is logical and suggested that the “concurrent” nature of the procedures could be interpretated to be about achieving objectives. Here, the risk assessment process could be started initially, with the results also being used as part of substantive evidence. Each stage of the process could inform the other, with the risk assessment being used to determine the overall amount of evidence required and the substantive procedure being used to inform the level of risk in the balance.

Ultimately, when the auditor is comfortable that they have both appropriately assessed risk and collected sufficient appropriate audit evidence to address that risk, they may then conclude concurrently on both their risk assessment and evidence collection objectives. This also aligns with the concept that risk assessment is on-going throughout the audit and should be iterative and dynamic, as described in ISA (UK) 3154.

The views expressed during the discussion were that this could be one way to concurrently assess risk and perform substantive procedures and emphasised that the auditor must consider carefully how this process is documented, how the auditor addressed any data quality issues and that auditors must meet the requirements of ISA (UK) 500 in relation to obtaining sufficient appropriate audit evidence5.		 In order to support practical application, the FRCs guidance on Addressing Exceptions in the use of Audit Data Analytics will be updated to include a second example, where an auditor is using an ATT to concurrently assess risk and collect audit evidence.

  1. ISA (UK) 505 (Revised July 2017) External Confirmations, Paragraph 6 

  2. ISA (UK) 315 (Revised July 2020) Identifying and Assessing the Risks of Material Misstatement, Paragraph A19 

  3. SAS 142, July 2020, Audit Evidence, Exhibit A 

  4. ISA (UK) 315 (Revised July 2020), Paragraph 7. 

  5. ISA (UK) 500 (Updated January 2020), Paragraph 4 

File

Name FRC Technology Working Group – Rolling Record of Discussion & Actions
Publication date 27 September 2023
Format PDF, 135.9 KB
Download original
Back to top