FAQs: CAS 315 and the Auditor’s Responsibilities for General Information Technology Controls

From CPA Canada

Canadian Auditing Standard (CAS) 315, Identifying and Assessing the Risks of Material Misstatement, includes requirements related to the auditor’s understanding of the IT environment and the identification of GITCs. The objective of this publication is to address common questions from auditors about GITCs in the audit of financial statements and the auditor’s responsibilities related to GITCs throughout the audit.

The FAQs addressed in this publication will help auditors understand the:

Risks arising from the use of IT
Difference between GITCs and information processing controls
Evaluation of design and implementation of GITCs
Testing of operating effectiveness of GITCs
Impact of inappropriately designed or implemented GITCs or GITCs that are not operating effectively.

Note that the foundation of this FAQ is based on the Australian Auditing and Assurance Standards Board (Australian AUASB) Bulletin: ASA 315 and the Auditor’s Responsibilities for General IT Controls published in June 2022 by the Australian AUASB, and is used with permission of the Australian AUASB.

Get your downloadable electronic copy

Download now

Share this page