Moore Stephens
Canadian news

Revised NCA 315 – risk analysis of IT use

Article written by Shayne Huneault,CPA with Marcil Lavallée, in the Quarterly Review of Canadian News, a newsletter published by
Canadian member firms
of
Moore North America
. This article on IT risk analysis is part of our mission to become the partner of choice for your success by keeping you up to date.

To get through the recent pandemic, many companies have had to drastically change their business model and move towards a virtual management mode. Automated bank transfers have replaced the use of cheques, face-to-face meetings have given way to Zoom meetings, and more and more companies are using and developing integrated software and applications to manage financial operations remotely.

While this evolution brings its share of opportunities for SMEs, it remains a major challenge for auditors. To support an audit opinion, it is essential to have a good understanding of the company’s environment and key controls. For the average CPA, it’s much simpler to verify the legitimacy of a cheque by looking at the signatures on it than it is to analyze the string of codes in an automated bank transfer application. Verifying the use of automated controls can quickly become a real headache, especially as most auditors are not IT specialists.

It is against this backdrop that the Auditing and Assurance Standards Board recently amended CICA 315 – Identifying and Assessing the Risks of Material Misstatement, of the CPA Canada Handbook. The amendments to the standard, which will come into force for the audit of financial statements for periods beginning on or after December 15, 2021, affect various aspects of audit planning and, in particular, clarify the requirements relating to the assessment of the IT environment and the risk associated with the use of IT.

IT risk – what are the requirements?

Although the old standard dealt briefly with IT risk, the new revised NCA 315 clarifies and reinforces the requirements in terms of work and documentation. Among others:

  • The revised CAS now requires the auditor to perform procedures to assess the relevance and significance of the use of IT within the entity. When making his assessment, the auditor must take into account, among other things, the automated controls that certain applications may contain, and the use of reports automatically generated by these same applications;
  • The revised CAS requires the auditor to identify IT applications or any other aspect of the IT environment that may involve vulnerabilities, in order to assess the risks arising from their use on financial information;
  • When risks are identified, the revised CAS requires the auditor to assess these risks, as well as the controls within the entity designed to address these risks;
  • The revised NCA also requires the auditor to assess, during the audit, whether certain categories of operations, due to their automation, can only be tested using a control approach.

What impact will this have on your audit files?

The NACC has added an important concept to the revised NCA 315: adaptability. The standard states that the auditor can and must adapt his procedures to the level of complexity of the entity being audited. In other words, the amount of work required to assess the risk associated with the use of IT will be limited for small entities where the use of IT is minimal. Conversely, the assessment of the IT environment will become an important issue for auditors of large entities that develop their own systems, and those where the automation of operations is increasingly present. In such cases, auditors will need to increase their level of work and documentation on file concerning the assessment of the audited customer’s IT structure, the risks identified, and the IT controls in place, which will need to be tested. This is likely to mean the addition of questionnaires and programs to work files for this purpose, and the use of new analysis tools to assess the proper functioning of automated controls.

The development of new technologies and their increasing accessibility to companies, both large and small, will undoubtedly change our old ways of working. It will become increasingly important for auditors to develop and use tools to adequately test different IT controls. To enable firms to carry out quality audits, the hiring of IT specialists is likely to become commonplace. While this phenomenon forces listeners to adapt to a new environment, it also creates new opportunities. The race to develop new automated audit approaches is reaching fever pitch, and some firms could emerge with a major competitive advantage.

Subscribe to receive our advice.

RECENT NEWS

Always well informed

How to prepare for an accounting and financial audit?

Having an audit enables companies with reporting obligations to comply with the laws and regulations in force in Canada. In addition, an audit reinforces a company's financial credibility with investors and creditors, thereby facilitating access to financing. We understand that business leaders often view the audit process with some reluctance, due to the time and [...]
READ

Tax Implications of Teleworking Abroad

The COVID-19 pandemic has turned our lives upside down and reshaped the world of work. Telecommuting has become an integral part of life for many Canadian employers and employees. Not only does it allow you to work from your home office, it also means you can work from anywhere in the world, at any time [...]
READ

Increased Tax Scrutiny for Canada’s High Net Worth: Issues for Wealth Management

The Canada Revenue Agency (CRA) has recently strengthened its monitoring program for High Wealth Tax (HWT) groups. This program targets individuals with a net worth of $50 million or more, representing a significant portion of Canada's private wealth. In 2023-2024, the CRA conducted over 700 tax audits, generating a total tax impact of $1.8 billion. [...]
READ

Maximizing Business Value With EBITDA: Calculation, Finance and Valuation

EBITDA (or Earnings Before Interest, Taxes, Depreciation and Amortization) is a key financial indicator used in the world of business valuation. It is used to assess business performance and plays a crucial role in acquisitions and buyouts, enabling investors to make informed decisions about a company's financial health. In this article, we'll explore EBITDA in [...]
READ

Tax Credit for Charitable Donations

Charitable donations offer significant tax advantages in Canada. In fact, when made by an individual, charitable donations may qualify for a non-refundable tax credit. In the case of a corporation, the tax advantage lies in a deduction in calculating the corporation's taxable income. For individuals, the federal tax credit is 15% on the first $200 [...]
READ

GST/QST Break, the Hidden Consequences

Companies incurring food and beverage expenses during this period will therefore not pay GST/HST on these expenses. They will need to adjust their accounting systems to avoid claiming input tax credits on these categories of expenditure. It’s worth remembering that the treatment of GST/HST is parallel to the treatment of meals and entertainment expenses for income tax purposes.

READ

The Québec agrifood industry: between resilience and challenges

Present in every region of Quebec, the agri-food industry is an essential component of the economy and of people's daily lives. It goes far beyond primary production, encompassing processing, distribution and retailing, supporting a value chain that is vital to local economies. With over 75,000 businesses, this dynamic sector contributes to the province's food self-sufficiency [...]
READ
  • Montréal
  • Brossard
  • Close to you wherever you go
  • Laval
  • Montréal
  • Brossard
  • Close to you wherever you go
  • Laval
  • Montréal
  • Brossard
  • Close to you wherever you go
  • Laval
  • Montréal
  • Brossard
  • Close to you wherever you go
  • Laval