SA 315

IDENTIFYING AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT

THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
(1) Abbreviations Used:
FS Financial Statements
ROMMs Risks of Material Misstatements
Mgmt. Management
TCWG Those Charged with Governance
RAP Risk Assessment Procedures
EP Engagement Partner
ET Engagement Team
MM Material Misstatement
FRF Financial Reporting Framework
(2) Deals with <SA’s Title>
(3) Objective of auditor is to identify & assess ROMMs at assertion level, cause of
fraud or error.
(4) Definitions:
(a) Assertion: Representations by Mgmt. that are embodied in FS.
(b) Business Risk: Risk of not achieving Business Objective & Goal.
(c) Internal Control: Controls on preparation of FS by Mgmt.
(d) Risk Assessment Procedures: Audit procedures to <SA’s Title>
(e) Significant Risk: ROMMs which in auditors judgment requires special
consideration.
(5) Auditor shall perform RAP to provide basis for ROMM at Assertion Levels.
(6) RAP shall include:
(a) Inquiries of Mgmt. and Others
(b) Analytical Procedures
(c) Observation and Inspection
(7) Auditor shall consider if info. from client acceptance or continuation process is
relevant in identifying ROMM.
(8) If EP has performed other engagements for the entity, then consider if that info.
is relevant in identifying ROMM
(9) When auditor uses info. from previous audit experience, he shall evaluate if any
changes thereto.
(10) EP & ET shall discuss the susceptibility of FS for MM.
(11) Auditor shall obtain understanding of following:
(a) Relevant industry, regulatory factors of FRFs,
(b) Nature of entity including:
(i) its operations,
(ii) its ownership and governance structures,
(iii) the types of investments that the entity is making and plans to make
(iv) the way that the entity is structured and how it is financed,
(c) The entity’s selection and application of accounting policies,
(d) The entity’s objectives and strategies, and those related business risks that
may result in ROMM,
(e) Measurement & Review of entity’s Financial Performance.
(12) Obtain an understanding of internal control relevant to audit.
(13) Auditor shall evaluate the design of those controls and determine whether they
have been implemented, by performing procedures
(14) As part of understanding the control environment auditor shall evaluate if:
(a) Mgmt. with oversight of TCWG has created and maintained a culture of
honesty and ethical behavior,
(b) Strengths of control provide foundation for other components of internal
controls,
(15) Obtain an understanding if the entity has a process for:
(a) Identifying business risks relevant to financial reporting objectives,
(b) Estimating the significance of the risks,
(c) Assessing the likelihood of their occurrence,
(d) Deciding about actions to address those risks.
(16) If such a process is established, auditor shall obtain an understanding of such
process and the results thereof.
(17) If such process has not been established, auditor shall discuss with mgmt. the
business risks relevant to financial reporting objectives and how mgmt. has
addressed such issues.
(18) Obtain understanding of Information system related to business process
relevant for financial reporting including following areas:
(a) Classes of Transactions significant to FS,
(b) Procedures within IT and manual systems by which initiated, recorded,
processed, corrected as necessary, transferred to the general ledger and
reported in FS (IRPCTR),
(c) Related accounting records and other supporting information,
(d) How the information system captures events & conditions,
(e) The financial reporting process used to prepare FS,
(f) Control surrounding journal entries.
(19) Understand how entity communicates financial reporting roles and
responsibilities to team.
(20) Understanding of control activities relevant for audit.
(21) Understanding of Control activities entity has taken in response to risks from IT.
(22) Obtain an understanding of the major activities that the entity uses to monitor
internal control over financial reporting.
(23) If there is internal audit function, Auditor shall determine if:
(a) NT&E of internal audit function,
(b) Activities performed in internal audit function,
(24) Understand the sources of info used in monitoring activities.
(25) Assess the ROMM at:
(a) FS level &
(b) Assertion level for Class of transaction, Account Balances and Disclosures.
(26) Auditor shall:
(a) Identify risks thought-out process by understanding,
(b) Assess the identified risks,
(c) Related the identified risks to what can go wrong,
(d) Consider the likelihood of what can go wrong,
(27) As part of identifying the risk under point 25, auditor shall determine whether in
auditor’s professional judgment they are significant risk.
(28) In exercising the Professional Judgement, auditor shall consider the
following:
(a) Is the risk being of fraud,
(b) Is it relating to recent significant economic, accounting developments or
changes.
(c) Complexity of transactions,
(d) Whether transactions with related parties involved.
(e) Degree of subjectivity involved
(f) Whether it involves significant transactions outside normal business.
(29) When Auditor determines that risk exists then, he shall understand the entities
controls relating to the risk.
(30) For some risk, it may not be possible to obtain sufficient & appropriate audit
evidence due to in routine nature of transaction, in such cases auditor shall obtain
understanding of them.
(31) Auditor’s assessment of ROMMs shall change during the audit.
(32) Document:
(a) Discussions done with ET,
(b) Key elements of understanding obtained regarding each aspect of entity,
(c) Identified and assesses ROMM,
(d) Risk identified and related controls.