top of page
  • Writer's pictureCCS

ISAs for Smaller Audits

Updated: Dec 28, 2022

ISAs do not distinguish the audit approach required for a one-person entity from that required for a multinational entity employing thousands of people.

An audit is an audit.

Consequently, the basic approach to an audit does not change just because the entity is small.

The word “audit” is intended to convey a clear message to users of financial statements.

That message is that the auditor has obtained reasonable assurance that the financial statements are free from material misstatements, regardless of the size or type of the entity that has been audited.






This issue of proportionality was addressed by IAASB staff in a Staff Questions and Answers document, entitled Applying ISAs Proportionately with the Size and Complexity of an Entity, issued in August 2009.

Its purpose is to assist auditors in applying the clarified ISAs in a cost-effective manner.

IAASB 工作人员在2009年8月发布的题为《根据实体的规模和复杂性适度应用国际审计准则》的工作人员问答文件中讨论了这个比例问题。

其目的是协助审计师以具有成本效益的方式应用明晰化 (Clarity) 的国际审计准则。

The response to the question “How do the ISAs address the fact that the characteristics of an SME are significantly different from those of a larger, more complex entity” was as follows:


“The auditor’s objectives are the same for audits of entities of different sizes and complexities.

This, however, does not mean that every audit will be planned and performed in exactly the same way.

The ISAs recognise that the specific audit procedures to be undertaken to achieve the auditor’s objectives and to comply with the requirements of the ISAs may vary considerably depending on whether the entity being audited is large or small and whether it is complex or relatively simple.




The requirements of the ISAs, therefore, focus on matters that the auditor needs to address in an audit and do not ordinarily detail the specific procedures that the auditor should perform.

The ISAs also explain that the appropriate audit approach for designing and performing further audit procedures depends on the auditor’s risk assessment.

For example, based on the required understanding of the entity and its environment, including its internal control and the assessed risks of material misstatement, the auditor may determine that a combined approach using both tests of controls and substantive procedures is an effective approach in the circumstances in responding to the assessed risks.




In other cases, for example, in the context of an SME audit where there are not many control activities in the SME that can be identified by the auditor, the auditor may decide that it is efficient to perform further audit procedures that are primarily substantive procedures.

It is also important to note that the ISAs acknowledge that the appropriate exercise of professional judgment is essential to the proper conduct of an audit.

Professional judgment is necessary, in particular, regarding decisions about the nature, timing, and extent of audit procedures used to meet the requirements of the ISAs and gather audit evidence.






However, while the auditor of an SME needs to exercise professional judgment, this does not mean that the auditor can decide not to apply a requirement of an ISA except in exceptional circumstances and provided that the auditor performs alternative audit procedures to achieve the aim of the requirement.”


The key points in the excerpt above can be summarised as follows:

  • Audit objectives are the same for any size of audit;

  • The specific audit procedures required may vary considerably depending on the size of entity and the assessed risks;

  • The ISAs focus on matters the auditor needs to address — not on the details of specific procedures;

  • The design of further audit procedures depends on the auditor’s risk assessment;

  • The appropriate exercise of professional judgment is essential in tailoring the procedures to respond appropriately to the assessed risks; and

  • Professional judgment cannot be used to avoid compliance with any ISA requirements except in exceptional circumstances.


  • 审计目标对于任何规模的审计都是一样的。

  • 所需的具体审计程序可能有很大的不同,这取决于实体的规模和所需的具体审计程序可能会有很大的不同,这取决于实体的规模和评估的风险。

  • 《国际审计准则》的重点是审计师需要处理的事项--而不是具体程序的细节。

  • 进一步审计程序的设计取决于审计师的风险评估。

  • 适当行使专业判断对于调整程序以适当应对评估的风险至关重要;以及

  • 除非在特殊情况下,不能用专业判断来避免遵守《国际审计准则》的任何要求。

Some suggestions | 一些建议

In addition, the ISAs contain a number of paragraphs that address considerations specific to audits of SMEs.

Some suggestions for successfully implementing ISAs on smaller engagements are included below.



1. Take time to read the clarified ISAs and to train staff

Failure to understand the requirements can lead to:

  • The entire risk assessment phase of the audit becoming an “add-on” to the other substantive audit work performed.

  • It should be the risk assessment that drives the selection of audit procedures to be performed, not a standardised listing of procedures that could be applied to any entity.

  • The purpose of the risk assessment is to focus the audit effort on areas where there is a greater risk of material misstatement in the financial statements, and away from less risky areas.

  • Turning what should be a simple audit into a complex and time-consuming project. This can arise if efforts are focused on completing needless standard audit forms and checklists, rather than using professional judgment to scale the work according to the size and complexity of the entity being audited and the risks involved.

  • Failure to comply with an ISA (“the auditor shall”) requirement.

1. 花时间阅读澄清后的《国际审计准则》并培训员工。


  • 整个审计的风险评估阶段成为其他实质性审计工作的 "附加 "部分。

  • 应该由风险评估来推动对要执行的审计程序的选择,而不是对任何实体适用的程序的标准化清单。

  • 风险评估的目的是将审计工作集中在财务报表中存在较大的重大错报风险的领域,而不是风险较小的领域。

  • 将本应是简单的审计变成复杂而耗时的项目。如果把精力集中在完成不必要的标准审计表格和核对表上,而不是根据被审计单位的规模和复杂性以及所涉及的风险,利用专业判断来调整工作,就会出现这种情况。

  • 未能遵守国际审计准则("审计师应")的要求。

2. Take time to plan well, no matter how small the engagement

It has been said an hour spent in planning can save many more in execution.

Effective audit planning is often the difference between a quality audit within budget and a poor-quality audit that goes over budget.

This does not necessarily mean holding dedicated team meetings in the office.

On very small engagements, planning can be achieved through brief discussions at the start of the engagement and as the audit progresses.

Key areas to address in planning:-

  • Encourage staff to identify areas where the usual audit procedures seem excessive in relation to the risk of misstatement being addressed.

  • Take time to ensure that each staff member understands the necessity and purpose of the documentation he or she is required to complete. Countless hours can be lost by staff attempting to complete forms they do not understand.

  • Discuss the potential for fraud. Encourage staff to be skeptical and inquisitive, and empower them to raise issues, observations, or unexplained matters.

  • Discuss known related parties and the nature/size of transactions.

  • Consider whether the audit documentation prepared in previous periods can simply be updated for changes that have occurred, rather than be prepared all over again. Documentation and assessment of risk factors and relevant internal controls should be sufficient to enable auditors in subsequent periods to leverage their understanding of the entity and focus attention on new industry trends, key operational changes, new inherent risks, and revised internal controls.

2. 花时间做好计划,无论工作有多小






  • 鼓励员工找出通常的审计程序与所处理的错报风险相比似乎过多的领域。

  • 花时间确保每个工作人员了解他或她需要完成的文件的必要性和目的。由于工作人员试图填写他们不理解的表格,可能会损失无数的时间。

  • 讨论欺诈的可能性。鼓励员工持怀疑态度和好奇心,并授权他们提出问题、意见或无法解释的事项。

  • 讨论已知的关联方和交易的性质/规模。

  • 考虑是否可以简单地更新以前时期准备的审计文件,以适应已经发生的变化,而不是重新准备。对风险因素和相关内部控制的文件和评估应足以使审计人员在随后的时期利用他们对该实体的理解,将注意力集中在新的行业趋势、关键的业务变化、新的固有风险和修订的内部控制上。

3. Evaluate the control environment

Take time to understand the pervasive internal controls that are part of the control environment.

Pervasive controls are quite different from transactional controls; they address such matters such as integrity and ethics, corporate governance, employee competence, management’s attitudes toward control, fraud prevention, risk management, and control monitoring.

If the “tone at the top” is poor, management override can easily occur, and even the very best transactional controls over processes such as purchases and sales could be undermined.

3. 评估控制环境



如果 "高层的基调 "不好,就很容易发生管理层凌驾于人之上的情况,即使是对采购和销售等过程的最好的交易控制也会被破坏。

4. Aim for continual improvement

There is a tendency for some auditors to blindly follow the example of the previous auditor, resulting in a file that mirrors that of the previous year. A much better approach is to continually review/challenge the work performed in previous years, and identify changes that will make the audit more efficient and effective.

4. 以持续改进为目标



Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |


1. Website ✍️ 2. Telegram ✍️ 3. Facebook ✍

4. Blog ✍ 5. Google ✍

6. LinkedIn ✍

138 views0 comments

Recent Posts

See All
bottom of page