IAASB Standards Update [2025]: What's New

ISA 570 (Revised 2024): going concern on a gross basis

The IAASB released the final standard on 9 April 2025. The single biggest change is structural: under the current ISA 570, most teams evaluate events and conditions alongside management's mitigating plans in a single combined assessment. ISA 570 (Revised 2024) separates those steps. You identify every event or condition that may cast significant doubt on going concern on a gross basis first, before considering whether management's plans are feasible and sufficient to mitigate.

This matters because the current combined approach often buries genuine risks. A client with a current ratio below 1.0, a €3M debt covenant breach, and declining margins might currently appear as a low-risk going concern because management has a plan to refinance. Under the revised standard, those events and conditions stand on their own in your working paper before any mitigation enters the picture. The auditor's report transparency requirements also change. For publicly traded entities, ISA 570 (Revised 2024) requires entity-specific disclosures about the auditor's work on going concern, regardless of whether a material uncertainty exists.

The effective date is 15 December 2026 (periods beginning on or after). Early adoption is permitted.

The reporting changes deserve attention too. Under the current ISA 570, the auditor's report for a listed entity includes going concern information primarily when a material uncertainty exists or when the going concern basis is inappropriate. ISA 570 (Revised 2024) expands this. For publicly traded entities, the auditor's report will contain entity-specific information about the auditor's going concern work regardless of outcome. Even when no material uncertainty exists, users of the financial statements will see what the auditor did. This changes the reputational calculus around going concern files: every going concern assessment on a publicly traded entity becomes a public-facing document in substance, not just a working paper.

ISA 240 (Revised): the fraud lens requirement

The IAASB approved ISA 240 (Revised) on 8 July 2025, with the same effective date of 15 December 2026. It responds to regulatory pressure about the expectation gap on fraud. The standard doesn't expand the auditor's objective (detecting fraud is still not the primary purpose of an audit), but it changes how you get to your fraud risk conclusions.

The most consequential change is the "fraud lens" concept. ISA 240 (Revised) requires auditors to apply a fraud-specific perspective when identifying and assessing risks. Under the current standard, fraud risk assessment runs parallel to the overall risk assessment process. The revised standard threads it through: when you identify a risk of material misstatement, you now explicitly consider whether that risk involves fraud, with a dedicated requirement to document that consideration.

The revised standard also creates a new section on fraud responses. Instead of the current structure where responses to fraud risk sit within the general response requirements, ISA 240 (Revised) separates them into their own requirement block with clearer, more specific guidance on what constitutes an adequate response.

Communication requirements tighten as well. Timely communication with management and those charged with governance about identified or suspected fraud gets more explicit wording, and the auditor's report for publicly traded entities will include clearer disclosures about the auditor's fraud-related work.

Professional scepticism gets dedicated attention across both revised standards. In July 2025, the IAASB released a non-authoritative publication explaining how ISA 570 (Revised 2024) and ISA 240 (Revised) reinforce professional scepticism requirements. Among the key points: auditors are expected to maintain a questioning mindset throughout the engagement, consider contradictory evidence explicitly, and challenge management assumptions rather than accept them at face value. This is not new in principle, but the revised standards make it harder to demonstrate compliance with a box-ticking approach.

ISSA 5000: sustainability assurance as a standalone standard

The IAASB approved ISSA 5000 in September 2024 and formally published it in November 2024. This is not an amendment to an existing standard. It is the first standard in an entirely new series (the 5000 series) dedicated to sustainability assurance. The effective date is 15 December 2026, with early adoption permitted.

ISSA 5000 replaces ISAE 3000 (Revised) as the applicable standard for sustainability assurance engagements. It is designed as a standalone document: practitioners performing a sustainability assurance engagement under ISSA 5000 do not also need to apply ISAE 3000 (Revised). This is different from how ISAE 3402 or ISAE 3410 currently work, where ISAE 3000 (Revised) sits underneath as the overarching framework.

Four features of ISSA 5000 matter most for non-Big 4 firms:

It is profession-agnostic. Both professional accountant practitioners and non-accountant assurance practitioners can use it, provided they meet the ethical and quality management requirements.

It covers both limited and reasonable assurance. The standard includes separate requirements for each level of assurance, with explicit guidance on the differences in work effort. For firms doing CSRD limited assurance work, this is the operational detail that ISAE 3000 (Revised) never quite provided.

Double materiality is built in. ISSA 5000.A306 notes that not all reporting frameworks require double materiality, but where the framework does (as under the EU's CSRD), the practitioner must assess both financial materiality and impact materiality. A sustainability issue needs to be material from only one perspective to require disclosure.

It is framework-neutral. ISSA 5000 applies to sustainability information prepared under any reporting framework (ESRS, GRI, ISSB, or a combination). It also applies to any sustainability topic, not just climate.

If your firm has been using ISAE 3000 (Revised) for sustainability assurance engagements, start mapping the differences now. The IAASB published an FAQ document in August 2025 addressing applicability questions, and multiple jurisdictions (including Australia, Hong Kong, Malaysia, Pakistan, and Costa Rica) have already adopted or begun adopting the standard locally.

Narrow-scope amendments: publicly traded entity definition

On 1 September 2025, the IAASB released narrow-scope amendments that replace the "listed entity" definition in the ISQMs and ISAs with a new "publicly traded entity" (PTE) definition, aligned with the IESBA Code of Ethics. The effective date is 15 December 2026.

In practice, the impact depends on your jurisdiction. These amendments recognise that local standard setters and regulators define what constitutes a PTE in their markets. For firms operating across European borders, this means checking whether your local adoption of the revised definition changes which of your clients trigger the additional requirements that previously applied only to "listed entities." ISRE 2400 (Revised) also picks up an amendment: a new requirement for public disclosure in the practitioner's review report when independence requirements specific to certain entities (such as public interest entities) were applied.

For most mid-tier Dutch or European firms, the definition change won't add clients to the PTE category. But it will require an update to your firm's quality management documentation under ISQM 1 to reflect the new terminology and confirm the scoping hasn't changed.

ISAE 3410 withdrawal

The IAASB approved the withdrawal of ISAE 3410 (Assurance Engagements on Greenhouse Gas Statements) in March 2025. The withdrawal takes effect when ISSA 5000 becomes effective (15 December 2026). The rationale is straightforward: GHG emissions constitute sustainability information as defined by ISSA 5000, and ISSA 5000 is sufficiently detailed to cover GHG assurance engagements without a separate standard.

If your firm currently performs standalone GHG assurance engagements under ISAE 3410, you will need to transition those engagements to ISSA 5000 from the 2027 reporting cycle onward. This isn't just a relabelling exercise. ISSA 5000 has different risk assessment requirements, different materiality guidance, and a different reporting structure than the combination of ISAE 3000 (Revised) plus ISAE 3410 that you currently apply. The IAASB FAQ from August 2025 addresses edge cases, including what happens when a jurisdiction has adopted ISAE 3410 but has not yet adopted ISSA 5000 by the effective date. In that scenario, ISAE 3000 (Revised) continues to apply until the jurisdiction completes its own adoption process.

Worked example: updating a going concern file for ISA 570 (Revised 2024)

Client: Janssen Bouw B.V., a mid-sized Dutch construction company with €68M revenue, operating on thin margins (2.1% net margin FY2025). The company has a €12M revolving credit facility maturing in October 2027 and a current ratio of 0.87 at year-end.

Step 1: Identify events and conditions on a gross basis (before mitigation)

List every event or condition without reference to management's plans:

• Current ratio 0.87 (below 1.0)
• Revolving credit facility (€12M) matures October 2027 with no signed refinancing agreement at reporting date
• Net margin declined from 3.4% (FY2024) to 2.1% (FY2025)
• Two major project completions in Q1 2026 with no replacement contracts signed

Documentation note: record these in a dedicated working paper section titled "Events and conditions identified (gross basis, ISA 570 (Revised 2024))." Do not include management responses in this section.

Step 2: Evaluate significance of identified conditions

Assess whether the identified events and conditions, taken individually or collectively, may cast significant doubt on going concern. At this stage, Janssen Bouw B.V.'s combination of declining profitability, covenant pressure from the maturing facility, and the pipeline gap constitutes a set of conditions that may cast significant doubt.

Documentation note: record the auditor's assessment of whether significant doubt exists on a gross basis. Cross-reference to ISA 570 (Revised 2024) requirement to evaluate before mitigation.

Step 3: Evaluate management's plans

Now evaluate the mitigating factors: management has a signed term sheet (not binding) for a new €15M facility with ING, a pipeline of €22M in tendered contracts with expected award dates before July 2026, and a board-approved cost reduction programme targeting €1.2M in annual savings.

Documentation note: document each mitigating plan separately, assess its feasibility and sufficiency, and conclude whether significant doubt is mitigated after considering management's plans. Cross-reference the "before" and "after" assessments explicitly.

Step 4: Conclude and determine reporting implications

The signed term sheet is not binding, so the refinancing risk is only partially mitigated. However, the pipeline and cost programme, if both proceed as expected, provide sufficient coverage. The auditor concludes: material uncertainty does not exist, but a close-call rationale must be documented.

Documentation note: record the conclusion and the specific factors that tipped the assessment. Note what would change the conclusion (e.g., if the term sheet falls through or fewer than €15M in contracts are awarded by completion).

Practical checklist for 2026 preparation

1. Map your current going concern template against ISA 570 (Revised 2024) and identify where the gross-basis assessment step is missing. Add it before the 2027 audit cycle begins.
2. Review your firm's fraud risk assessment methodology against the "fraud lens" requirement in ISA 240 (Revised). Confirm that every identified risk of material misstatement has a documented fraud consideration, not just the presumed risks.
3. If your firm performs sustainability assurance engagements, obtain ISSA 5000 and map it against your current ISAE 3000 (Revised) methodology. The IAASB's August 2025 FAQ document covers the most common applicability questions.
4. Check whether the "publicly traded entity" definition change affects your client portfolio under your local adoption of the IAASB standards. Update your ISQM 1 documentation to reflect the new terminology.
5. For GHG assurance engagements currently under ISAE 3410, plan the transition to ISSA 5000 and brief the engagement teams before the 2027 cycle.
6. Build cross-references between going concern files and fraud risk files. ISA 240 (Revised) and ISA 570 (Revised 2024) are explicitly linked, and reviewers will expect the connection to be visible.

Common mistakes to watch for

Merging the gross-basis event identification with management's mitigation assessment. The IAASB designed ISA 570 (Revised 2024) specifically to separate these steps. AFM inspectors are likely to treat a combined assessment as non-compliant from the first inspection cycle under the revised standard.

Continuing to apply ISAE 3000 (Revised) alongside ISSA 5000. ISSA 5000 is standalone. Applying both creates redundant documentation and potential conflicts between the two standards' requirements.

Related Ciferi content

Related guides:

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• IAASB Handbook 2025: The authoritative five-volume source for the complete text of all revised standards, including ISA 570 (Revised 2024), ISA 240 (Revised), and ISSA 5000.
• ISA 570 (Revised 2024): Approved April 2025, effective 15 December 2026. Introduces the gross-basis assessment and enhanced reporting for publicly traded entities.
• ISA 240 (Revised): Approved July 2025, effective 15 December 2026. Introduces the fraud lens, stand-back requirement, and enhanced reporting.
• ISSA 5000: Approved September 2024, published November 2024, effective 15 December 2026. The first standalone standard for sustainability assurance.
• IAASB FAQ on ISSA 5000: Published August 2025. Addresses applicability questions and jurisdictional adoption scenarios.