This document outlines the auditor's responsibilities for identifying and assessing risks of material misstatement in an entity's financial statements. It details the risk assessment procedures auditors must perform, including understanding the entity and its environment, internal controls, financial reporting processes and assessing risks at the assertion level. The auditor aims to identify significant risks and document the risk assessment process.
This document outlines the auditor's responsibilities for identifying and assessing risks of material misstatement in an entity's financial statements. It details the risk assessment procedures auditors must perform, including understanding the entity and its environment, internal controls, financial reporting processes and assessing risks at the assertion level. The auditor aims to identify significant risks and document the risk assessment process.
This document outlines the auditor's responsibilities for identifying and assessing risks of material misstatement in an entity's financial statements. It details the risk assessment procedures auditors must perform, including understanding the entity and its environment, internal controls, financial reporting processes and assessing risks at the assertion level. The auditor aims to identify significant risks and document the risk assessment process.
IDENTIFYING AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT
THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (1) Abbreviations Used: FS Financial Statements ROMMs Risks of Material Misstatements Mgmt. Management TCWG Those Charged with Governance RAP Risk Assessment Procedures EP Engagement Partner ET Engagement Team MM Material Misstatement FRF Financial Reporting Framework (2) Deals with <SA’s Title> (3) Objective of auditor is to identify & assess ROMMs at assertion level, cause of fraud or error. (4) Definitions: (a) Assertion: Representations by Mgmt. that are embodied in FS. (b) Business Risk: Risk of not achieving Business Objective & Goal. (c) Internal Control: Controls on preparation of FS by Mgmt. (d) Risk Assessment Procedures: Audit procedures to <SA’s Title> (e) Significant Risk: ROMMs which in auditors judgment requires special consideration. (5) Auditor shall perform RAP to provide basis for ROMM at Assertion Levels. (6) RAP shall include: (a) Inquiries of Mgmt. and Others (b) Analytical Procedures (c) Observation and Inspection (7) Auditor shall consider if info. from client acceptance or continuation process is relevant in identifying ROMM. (8) If EP has performed other engagements for the entity, then consider if that info. is relevant in identifying ROMM (9) When auditor uses info. from previous audit experience, he shall evaluate if any changes thereto. (10) EP & ET shall discuss the susceptibility of FS for MM. (11) Auditor shall obtain understanding of following: (a) Relevant industry, regulatory factors of FRFs, (b) Nature of entity including: (i) its operations, (ii) its ownership and governance structures, (iii) the types of investments that the entity is making and plans to make (iv) the way that the entity is structured and how it is financed, (c) The entity’s selection and application of accounting policies, (d) The entity’s objectives and strategies, and those related business risks that may result in ROMM, (e) Measurement & Review of entity’s Financial Performance. (12) Obtain an understanding of internal control relevant to audit. (13) Auditor shall evaluate the design of those controls and determine whether they have been implemented, by performing procedures (14) As part of understanding the control environment auditor shall evaluate if: (a) Mgmt. with oversight of TCWG has created and maintained a culture of honesty and ethical behavior, (b) Strengths of control provide foundation for other components of internal controls, (15) Obtain an understanding if the entity has a process for: (a) Identifying business risks relevant to financial reporting objectives, (b) Estimating the significance of the risks, (c) Assessing the likelihood of their occurrence, (d) Deciding about actions to address those risks. (16) If such a process is established, auditor shall obtain an understanding of such process and the results thereof. (17) If such process has not been established, auditor shall discuss with mgmt. the business risks relevant to financial reporting objectives and how mgmt. has addressed such issues. (18) Obtain understanding of Information system related to business process relevant for financial reporting including following areas: (a) Classes of Transactions significant to FS, (b) Procedures within IT and manual systems by which initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in FS (IRPCTR), (c) Related accounting records and other supporting information, (d) How the information system captures events & conditions, (e) The financial reporting process used to prepare FS, (f) Control surrounding journal entries. (19) Understand how entity communicates financial reporting roles and responsibilities to team. (20) Understanding of control activities relevant for audit. (21) Understanding of Control activities entity has taken in response to risks from IT. (22) Obtain an understanding of the major activities that the entity uses to monitor internal control over financial reporting. (23) If there is internal audit function, Auditor shall determine if: (a) NT&E of internal audit function, (b) Activities performed in internal audit function, (24) Understand the sources of info used in monitoring activities. (25) Assess the ROMM at: (a) FS level & (b) Assertion level for Class of transaction, Account Balances and Disclosures. (26) Auditor shall: (a) Identify risks thought-out process by understanding, (b) Assess the identified risks, (c) Related the identified risks to what can go wrong, (d) Consider the likelihood of what can go wrong, (27) As part of identifying the risk under point 25, auditor shall determine whether in auditor’s professional judgment they are significant risk. (28) In exercising the Professional Judgement, auditor shall consider the following: (a) Is the risk being of fraud, (b) Is it relating to recent significant economic, accounting developments or changes. (c) Complexity of transactions, (d) Whether transactions with related parties involved. (e) Degree of subjectivity involved (f) Whether it involves significant transactions outside normal business. (29) When Auditor determines that risk exists then, he shall understand the entities controls relating to the risk. (30) For some risk, it may not be possible to obtain sufficient & appropriate audit evidence due to in routine nature of transaction, in such cases auditor shall obtain understanding of them. (31) Auditor’s assessment of ROMMs shall change during the audit. (32) Document: (a) Discussions done with ET, (b) Key elements of understanding obtained regarding each aspect of entity, (c) Identified and assesses ROMM, (d) Risk identified and related controls.