- Updated 8 April 2026
The new Less Complex Entities Auditing Standard has at last been approved for NZ. This represents the biggest change in the audit landscape since the ISAs (NZ) were adopted in 2009, potentially with a great impact for a fit-for-purpose standard for the great majority of NZ entities requiring audit.
In this article we consider who the new standard applies to, when it applies, and what Audit Assistant is planning to do to release templates to carry out this work.
I have written about this a lot in the past, starting in 2021 with hot anticipation, then again with some impatience back in 2023. I was dismayed when it was rejected by the Australians and wrote a pleading submission back in 2024 – summarised here.
So who can be an LCE?
Our previous articles discussed the content, but there were a few questions unanswered such as the potential inclusion of Public Sector and Tier 2 entities. As it turns out that there are certain prohibited classes, then some broad common-sense guidance around qualitative factors.
Part A of the standard sets out the authority for determining the appropriate use of the ISA (NZ) for LCE. This includes both the specific prohibitions – very high level entities as you would expect – and qualitative characteristics. Significantly, quantitative characteristics are not a factor (e.g. level of income, expenditure or assets). Public Sector audits may use the LCE standard if they meet the Part A requirements.
Entities that are prohibited (Para A.1) are:
-
- Listed entities and FMC reporting entities;
-
- Deposit takers (banks etc.);
-
- Insurance providers;
-
- Those prohibited by legislation or regulation;
-
- Jobs carried out in a jurisdiction that does not recognise the standard;
-
- A group where Component auditors are involved (except where a physical presence is needed for a specific audit procedure – like attending a physical inventory count or physically inspecting assets or documents).
Qualitative characteristics (Para A3):
The standard provides a list of characteristics which are to be considered together to assess the entity’s suitability to use the standard. It stresses that this is not absolute, but just indicators. These include:
-
- Whether the entity’s business activities, business model, or the industry in which the entity operates, gives rise to significant pervasive business risks;
- Whether specific laws or regulations that govern the business activities that add complexity;
- The number of lines of business or revenue streams represented;
- The complexity of the organisational structure and size of management team (5 individuals or less is considered as guidance);
- The ownership structure complexity and transparency of control;
- Whether it has a centralised finance function;
- Whether key IT functions are straightforward (using commercial rather than complex custom software);
- No complex judgements required in applying the reporting framework;
- No estimates involving the use of methods, models, assumptions, or data, that are complex;
- Group audits with 5 or fewer business units, a simple consolidation process, with the same or similar accounting policies, and unrestricted access to the auditor of the group.
We get a sense of scope by identifying what ISAs do not get any equivalent treatment in the LCE standard. There are no equivalents to ISA 810 (Summary financial statements), ISA 600 (concerning work of component auditors), ISA 610 (Internal auditor assessment), ISA 701 (Key audit matters).
What about the Service Report issue?
The issue of relying on Type 1 and 2 service reports is mentioned in the explanatory material on para A2 as follows:
When the auditor intends to use a report provided by a service auditor of a service organisation either as audit evidence about the design and implementation of controls at the service organisation (i.e., a type 1 or type 2 report), or as audit evidence that controls at the service organisation are operating effectively (i.e., a type 2 report), as this would ordinarily not be applicable to an audit of an LCE.
This was discussed at our recent conference. It was noted that many smaller entities have investments through brokers, and type 1 and 2 reports were often used as evidence of the efficacy of the broker’s systems.
Subsequent discussion suggests a common-sense approach is best. This is not a blanket prohibition but just a factor to be taken into account. Where there is significant reliance of part of the business model that falls outside of the view of the engagement auditor this is an indicator that the entity is not less complex. Entities that use brokers are not by default disqualified as LCEs.
Where are the time savings?
The planning area many of the details in ISA 315 (revised 2019) have been consolidated into fewer, more appropriate questions – proportional to the scope of these entities. This should relieve much frustration for auditors explaining why the less formal controls are appropriate for the entity. The lesser requirements for simpler entities are baked in rather than in the fine print about scaleability. Overall, there are far less work-steps required to be addressed individually.
The standard draws the auditor to focus on common risk areas for smaller entities: controls over journals, related parties, unusual transactions and general IT controls. While there is provision for controls testing, the focus is more on controls around significant risk areas and areas where substantive testing alone cannot reduce risk of material misstatement to an acceptable level. This slightly more prescriptive approach should make these audits more efficient. Obviously professional judgement is still required, but the scope is reduced for the auditor to just think about what is appropriate for this kind of entity.
For the small practitioner there are significant savings in that many parts that involve teams can simply be filtered out.
What are we doing in terms of development?
It is unfortunate (or perhaps fortunate in the long term) that the new standard release has coincided with a major development of both our software platform and our ISA content. This means that our resources have been stretched to the maximum to get the new LCE templates out. We have, however, been prototyping an LCE template based on our current simplified templates. We have debated whether to release this as is, but as our new platform and ISA content is very close to completion, we have decided to also use this new architecture as the basis for the LCE template. This includes our new trial balance and risk library and associated tools.
Our goal is to have specific LCE templates for all our current entities that are likely to qualify, including schools (applicability still to be confirmed by the OAG at the time of writing). We estimate that within a short time the majority of our NZ clients will adopt the LCE templates as their defaults. Adoption is, of course, optional, but I can see no reason not to use the LCE templates. The result is still a reasonable assurance report, but just arrived at by a less circuitous route.
