Professional Documents
Culture Documents
Exam Technique 1 - Planning Questions and Risk (Part 1) - Business Risk
Exam Technique 1 - Planning Questions and Risk (Part 1) - Business Risk
Menu
Home / Students / Study resources / Advanced Audit and Assurance (AAA) / Technical articles
/ Exam technique 1 – planning questions and risk (part 1)
Business risk
Candidates will be tasked with a question set at the planning stage of an engagement in section A. This will require candidates to
evaluate risks relevant to an audit or assurance engagement. This article is intended to help candidates to achieve both the technical
ISA315 (Revised), Identifying and Assessing the Risks of Material Misstatement gives extensive guidance on the need to understand
the client’s business, controls and operating environment in order to assess the risks on the engagement. Audit risk arises through
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 1/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
these risks of material misstatement but also assess the risk that these may not be detected during the audit process. Candidates
ISA315 (Revised) explains that understanding the entity’s objectives, strategy and business model helps the auditor to understand
the entity at a strategic level, and to understand the business risks the entity takes and faces. An understanding of the business risks
that have an effect on the financial statements assists the auditor in identifying risks of material misstatement, since most business
risks will eventually have financial consequences and, therefore, an effect on the financial statements.
ISA315 (Revised) defines business risk as a risk resulting from significant conditions, events, circumstances, actions or inactions that
could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate
objectives and strategies.
A typical requirement in section A with a focus on business risk would be 'Using the exhibits provided, evaluate the significant
business risks facing the company/group'. The key elements to consider for this requirement to note are as follows:
Candidates are not required to have any industry specific knowledge. There will be sufficient detail in the scenario to allow
candidates to identify the key risks which should be evaluated. Candidates should focus on the risks arising from the information
provided and not speculate on additional risks which might arise.
• Evaluate
In order to evaluate effectively, Candidates will initially need to identify the risk arising from the information provided and illustrate
the impacts of the risk on the client. Candidates should make use of specific points that are relevant to the client in the question
Candidates should then expand on this issue in order to fully evaluate a point. There needs to be an assessment of the scale of the
risk in the context of the scenario. For example, an illustration of why this risk is particularly significant for this client or discussing
how the impact may be increased in the light of other risks and information relevant to the scenario.
• Significant
In the context of the AAA exam, it is essential that candidates assess the significant business risks within the scenario. These
should be assessed as those issues which are a medium to high likelihood of occurrence and impact, after consideration of any
mitigation which is described in the scenario.
• Risk
Business risks, in the context of the AAA exam, are areas of uncertain occurrence and outcome, not factual statements of something
which has already happened and, therefore, is already fully quantified in the scenario.
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 2/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
Consider the example below from the September 2022 published question Winberry Co, a listed food delivery company whose sales
In this question, there are several different related risks which a candidate might identify. This topic will only be treated as one risk
regardless of which of those are developed and marks will be available for many alternative development points.
Data breach may become public The company will suffer The fact that the company did not
knowledge reputational damage and lose report the breach themselves may
customers increase the reputational damage
which would have occurred had
Or this been disclosed immediately
(considering severity in the
Customers will no longer trust context of the delay to reporting
Winberry Co to protect their online described in the scenario)
data.
Or
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 3/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
The company might be fined for This will put pressures on cash These may be higher as a result
data breaches flow and reduce profits of Winberry Co not reporting the
breach themselves (considering
severity in the context of the delay
to reporting described in the
scenario)
Further data weaknesses may These may be more serious These will lead to more severe
exist and have not yet been breaches where customer credit fines and bad publicity if this is the
identified card or identity details are lost case. (considering severity)
These examples are indicative not exhaustive, and candidates will be awarded credit for valid evaluation points which relate to the
scenario.
In most cases, the professional marks available for the evaluation of business risk will be commercial acumen. These will be awarded
in addition to the technical marks. Candidates will be awarded credit for professional skills when answers demonstrate an awareness
of potential commercial.
Examples where commercial acumen could be demonstrated in response to the above scenario
• Management’s failure to report the breach may lead to more serious consequences
• There is the additional risk of specific reputational damage which could impact share price as well as profits
• Linking the impact of any fine to the debt covenants on interest cover
• Linking the severity of the risk to the company being online only and, therefore, more exposed to the consequences of data risk
than a traditional retail outlet for groceries
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 4/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
It is possible to evaluate a risk severity in relation to the scenario without demonstrating commercial acumen and it is also possible to
demonstrate acumen in a risk not considered fully evaluated. Where a single response does provide evaluation and demonstrate
commercial acumen, credit will be awarded for both. The professional marks are additional to, rather than, in place of technical
marks.
Candidates should also note the following will not obtain marks for the identification and development of a risk.
Facts given in the question – there has been a data breach/credit card details may be lost – these are known and therefore, not a
risk. The risk is something uncertain as a result of the event or an uncertain event.
Risks which are flagged as mitigated in the scenario In the case of Winberry Co, the scenario was clear that specialised staff
were employed to ensure food safety legislation was complied with as part of the company risk management strategy. These are
likely to be easily replaceable given the ubiquitous nature of food. This might be different in a particularly niche industry where
Extreme outcomes which are not likely – for example, 'the data breach will mean fines the company cannot afford to pay and it will
be bankrupt'. Whilst worst case scenarios exist, if this is not likely in the context of the specific scenario, then it’s not necessarily a
significant risk or an appropriate evaluation in this case. This outcome might be valid in a different scenario, perhaps where the
company has a history of severe data protection breaches, with total disregard for data protection, and the company was already loss
making, and experiencing cash flow issues. Candidates are expected to tailor their answers to the specific scenario in the question.
Summary
Candidates preparing for the AAA exam should be mindful that they will be required to evaluate risks in the context of specific
information provided in a scenario in the exam. The examining team are looking for depth of evaluation of significant risks, rather
than brief and untailored answers covering large numbers of risks. Candidates are recommended to use past published questions to
practice evaluation skills. Exam question practice is essential, but candidates should remain mindful that they should not try and
apply rote learnt or generic responses in the real exam. They should ensure that their answer in the actual exam is tailored to the
specific information provided in the question, otherwise little credit will be awarded. Well prepared candidates using good technique
often achieve full marks in risk questions and this is often indicative of those candidates demonstrating the requisite professional
skills of an auditor.
Related Links
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 5/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
• Exam technique 2 – planning questions and risk (part 2): Risks of material misstatement
(RoMM) and audit risks
Advertisement
Our sites
myACCA
ACCA mail
ACCA Careers
Your Future
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 6/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
Useful links
Make a payment
Find an accountant
ACCA Rulebook
News
Work for us
Most popular
Professional insights
ACCA Qualification
Supporting Ukraine
Contact us
Send us a message
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 7/8
2/12/23, 2:28 PM Exam technique 1 – planning questions and risk (part 1) | ACCA Global
Accessibility Legal policies Data protection & cookies Advertising Site map
Contact us
https://www.accaglobal.com/gb/en/student/exam-support-resources/professional-exams-study-resources/p7/technical-articles/exam-tech1-planning-qu… 8/8