Key Takeaways
- The IAASB sets the ISAs that form the baseline for national audit standards in most European jurisdictions, including the Netherlands and Germany.
- Its 2025 Handbook spans five volumes covering quality management, auditing, review, other assurance, and related services.
- ISA 240 (Revised) and ISA 570 (Revised 2024) both take effect for periods beginning on or after 15 December 2026.
- Non-Big 4 firms adopting IAASB standards early gain a head start on implementation before national regulators mandate the change.
What is IAASB (International Auditing and Assurance Standards Board)?
The IAASB operates under PIOB oversight to protect the public interest. Its 18-member board (plus a non-voting chair) drafts exposure drafts, receives public comment, and issues final pronouncements. National standard-setters then adopt or adapt these pronouncements. In the Netherlands, the NBA transposes ISAs into NV COS (Dutch Standards on Auditing). In Germany, the IDW maps ISAs into its own standards, though the content aligns closely.
For a non-Big 4 firm, the IAASB matters because its output determines the structure of every engagement file. ISA 315 (Revised 2019) reshaped risk assessment with its spectrum-of-inherent-risk approach. ISQM 1 replaced the old firm-level quality control standard (ISQC 1) with a risk-based quality management system, effective since 15 December 2022. The IAASB's most recent wave of activity targets fraud (ISA 240 Revised), going concern (ISA 570 Revised 2024), sustainability assurance (ISSA 5000), and the related IESBA ethics amendments, all effective for periods beginning on or after 15 December 2026.
Understanding which IAASB pronouncements are current and which have been superseded is not optional. Applying the wrong version of a standard is a finding waiting to happen.
Worked example: Dupont Ingenierie S.A.S.
Client: French engineering services company, FY2026, revenue EUR 92M, IFRS reporter. The engagement partner at a mid-tier Paris firm needs to determine which IAASB standards apply to the FY2026 audit (year ending 31 December 2026).
Step 1 — Identify the effective standards
The engagement team checks the IAASB's 2025 Handbook. ISA 240 (Revised) and ISA 570 (Revised 2024) are effective for periods beginning on or after 15 December 2026. Since Dupont's financial year begins 1 January 2026, these revised standards do not yet apply to the FY2026 audit. The current versions of ISA 240 and ISA 570 remain in force.
Step 2 — Assess ISQM 1 compliance at firm level
ISQM 1 has been effective since 15 December 2022. The firm's quality management system must already reflect its requirements. The engagement partner confirms that the firm completed its initial ISQM 1 evaluation by 15 December 2023 (the one-year implementation window under ISQM 1.3) and that the most recent monitoring cycle identified no systemic deficiencies.
Step 3 — Determine whether ISSA 5000 applies
Dupont falls within the scope of the CSRD (revenue above EUR 50M). The firm has been asked to provide limited assurance on Dupont's sustainability report. ISSA 5000 becomes effective for periods beginning on or after 15 December 2026, so it does not apply to a sustainability report covering FY2026 (period beginning 1 January 2026). The firm applies ISAE 3000 (Revised) for the current engagement.
Step 4 — Plan for transition
The engagement partner prepares a transition impact memo covering the standards taking effect for FY2027. For ISA 240 (Revised), the memo addresses the new requirement to apply a fraud lens throughout risk assessment and the co-ordinated changes in ISA 570 (Revised 2024) around management's going concern assessment. For ISSA 5000, the memo addresses new engagement acceptance criteria for sustainability assurance.
Conclusion: the FY2026 engagement applies current ISA versions and ISAE 3000 (Revised) for sustainability assurance, with a documented transition plan ensuring the firm is ready for the three IAASB standards taking effect in FY2027 periods.
Why it matters in practice
Teams frequently apply paragraph references from superseded versions of ISAs without verifying whether a revised version is in effect. This is not a theoretical risk. When ISA 315 (Revised 2019) replaced ISA 315 (Revised) in December 2022, firms that continued citing old paragraph numbers produced working papers that referenced requirements no longer in force. The same transition risk applies to ISA 240 and ISA 570 once the revised versions take effect.
The IAASB's standards carry no direct legal force. They become binding only when a national standard-setter adopts them. Practitioners in the Netherlands sometimes cite ISA paragraph numbers directly rather than the corresponding NV COS references. While the content is substantively identical, AFM inspectors expect references to the Dutch transposition, and citing the ISA instead of NV COS can flag a documentation gap even when the underlying work is correct.
IAASB vs IFAC
| Dimension | IAASB | IFAC |
|---|---|---|
| Role | Independent standard-setting board for auditing, assurance, and related services | Global umbrella organisation for the accountancy profession |
| Output | ISAs, ISAEs, ISRSs, ISQMs, and ISSA 5000 | Policy positions, advocacy, member body coordination |
| Governance | Overseen by the PIOB to protect public interest independence | Governed by its own board and council of member bodies |
| Membership | 18 board members (plus non-voting chair) appointed through a public nominations process | Over 180 member organisations across 130+ jurisdictions |
| Binding force | Standards have no direct legal force until adopted nationally or regionally | No standard-setting authority; supports adoption of IAASB and IESBA standards |
The distinction matters because practitioners sometimes treat IAASB and IFAC as interchangeable. They are not. IFAC is the parent structure; the IAASB is the operationally independent board within it. Criticisms directed at IFAC (governance, conflicts of interest) do not automatically apply to IAASB pronouncements, which are developed under PIOB oversight with public exposure and comment periods.
Related terms
Frequently asked questions
Are IAASB standards mandatory for European auditors?
Not directly. The IAASB issues international standards, but they become binding only when adopted by a national standard-setter or required by EU regulation. In most EU member states, national auditing standards are based on or identical to the ISAs. The EU Audit Regulation (537/2014) requires statutory auditors to apply ISAs as adopted at EU level, though formal EU-wide ISA adoption remains pending.
When do the revised ISA 240 and ISA 570 take effect?
Both ISA 240 (Revised) and ISA 570 (Revised 2024) are effective for audits of financial statements for periods beginning on or after 15 December 2026. For a calendar-year entity, this means the FY2027 audit is the first engagement under the revised standards. Early adoption is permitted.
What is ISSA 5000 and how does it relate to the IAASB?
ISSA 5000, International Standard on Sustainability Assurance, is the IAASB's first standalone sustainability assurance standard. It becomes effective for periods beginning on or after 15 December 2026. The standard applies to assurance engagements on sustainability information reported under any framework, including ESRS under the CSRD.