ISA (UK) 250A and 250B consultation: A new approach to ‘laws and regulations’ auditing?
Today marks the end of the comments period for the FRC’s proposal to revise ISAs (UK) 250 Section A and Section B. In case this consultation has passed you by in the pre-Christmas rush, we’ll summarise what’s (likely) changing and how it might affect your audits when effective.
Can you remind me what ISAs (UK) 250A and 250B are all about? I’m sure I should know!
ISAs (UK) 250A and 250B both focus on the impact of laws and regulations on an audit. ISA (UK) 250A is based on the international ISA 250 and concerns the audit approach to the risk of material misstatement arising from non-compliance with laws and regulations (‘NOCLAR’). By contrast, ISA (UK) 250B is in fact a UK-specific standard dealing with situations in which auditors have a statutory right and/or duty to report certain matters to a regulator such as the UK Financial Conduct Authority (FCA) or for the audits of public interest entities (PIEs).
So what’s the consultation about? Is this a response to international changes to the ISA?
No – this is a UK-only proposal. The problem with these ISAs (UK) is that they’re not entirely risk-based. In particular, 250A splits important laws and regulations into two categories:
1. Those which directly shape the form and content of financial statements (such as company law); and
2. Those which are fundamental to the entity’s operations (for which NOCLAR could result in material penalties or even force the entity to cease trading altogether).
While current ISA (UK) 250A takes a risk-based approach to the first category – which auditors address by careful completion of an appropriate disclosure checklist, among other things – it only requires auditors to complete a brief list of specified steps for the second category. The FRC express concerns that this is inconsistent with the risk-based nature of other standards and may mean that auditors aren’t tackling NOCLAR risk with enough rigour. Instead, the FRC plans to remove the two-category distinction and to require a risk-based approach to all laws and regulations that could result in material misstatement.
Will this mean more work for auditors?
Not necessarily. Adopting a risk-based approach rather than a set of mandatory procedures could in fact reduce work in some instances where auditors identify few risks. It’s also the case that in many heavily regulated sectors such as financial services, auditors frequently ‘gold-plate’ their work to ensure they cover risks and provide better service. It will, however, require changes to audit methodology which always incurs cost and time to adapt, and for audit teams that have always stuck rigidly to the ISA (UK) 250A procedures for highly regulated businesses, more work should be expected.
What about ISA (UK) 250B – is that changing in a similar way?
No. ISA (UK) 250B reflects statutory rights and/or duties to report that are usually reactive rather than proactive in nature – in other words, they don’t require auditors to seek out reportable matters but instead to respond to any such matters as they are identified. This isn’t expected to change significantly, though the revised ISA (UK) requirements will be divided between those applying to all PIE audits and those that only apply (for other audits) when a reportable issue is discovered.
The proposals include the umbrella phrase ‘reportable matters’ to cover the various differences in underlying terminology, and clarifies that auditors may have a duty to report certain matters in the public interest, even in the absence of specific legislative or regulatory requirements.
Will the revised ISAs (UK) still be called 250A and 250B?
No. The plan is that 250A will drop the ‘A’ and be renamed ISA (UK) 250, and a new reference number will be used for 250B.
When are the new ISAs (UK) likely to apply?
For the audits of periods beginning 15 December 2024 (i.e. mainly for December 2025 year-ends and onwards).
