Originally Posted by Unregistered

ISA 315 is effective for FY22 audits, so the majority of workload SHOULD have been done in FY22. But unfortunately a lot of auditors have no time to understand the full breadth of the new requirements. And every year there is some top-up work because someone suddenly understands the requirements more, quality reviews say something is lacking, then they top up your knowledge with another training, and because there was a gap in understanding there is suddenly a new form to fill out to make sure you did what was lacking. And the list of mandatory forms just expands y-o-y

I am not an expert, but to summarise, it re-visits how RoMM should be identified, a lot of this has not changed, but there is an extensive new requirement on understanding IT controls and whether you are able to place reliance on it. You can no longer simply say to rely or not rely, you need to do up a bunch of documentation and walkthroughs to say what financial statement captions each IT application affects and whether these IT controls are integral to financial reporting, if yes then if you want to adopt a control reliance strategy, you must test the ITGC and key ITACs. Most people already have a hard time to understand the business / industry they are auditing and wrap their head around the common accounting issues each industry faces and now want to lup this additional layer on top of them is a ridiculous expectation. Plainly put, any engagement without IT specialist just documents a bunch of rubbish to meet the check boxes, and needless to say nobody really knows if its correct.