ISA 315 Flashcards
Risk Assessment Procedures and Related Activities:
Auditor shall perform risk assessment procedures to obtain understanding of Entity, and Internal control to
identify and assess the risk of material misstatement, at assertion level and financial statement level.
Benefits of obtaining understanding of entity and its internal control:
o To assess Inherent Risk and Control Risk (i.e. Risk of material misstatement)
o To identify Significant Risks (i.e. risks which require special audit considerations)
o To determine materiality
o To determine nature, timing and extent of further audit procedures
o To determine appropriateness of accounting policies and estimates
Extent and Depth of understanding required:
Extent and depth of understanding to be obtained depends on professional judgment of auditor. It may be
less than that possessed by management but should be sufficient enough to identify and assess the risk of
material misstatement.
Extent and Depth of understanding required:
Extent and depth of understanding to be obtained depends on professional judgment of auditor. It may be
less than that possessed by management but should be sufficient enough to identify and assess the risk of
material misstatement.
Risk Assessment Procedures:
o Inquiries of management, internal audit function and others within the entity
o Observation, and Inspection
o Analytical procedures
Related Activities:
o Information obtained from client acceptance and continuance process
o Information obtained from other engagement for the entity
o Information obtained from previous audits
o Discussion among engagement team
Inquiry of management
Much of the information obtained by the auditor’s inquiries is obtained from management and those
responsible for preparation of financial statements.
Inquiry of Internal audit function:
Auditor may inquire of chief internal audit executive or others within internal audit function to obtain
information about entity’s risk assessment process, control deficiencies, and matters raised with TCWG.
Auditor may also consider to reading reports of internal audit function.
TCWG
To understand environment in which financial statements are prepared.
Employees
To understand process of initiation and recording of transactions
Marketing /Sales Personnel
To understand sales trends and contractual agreements with customers
In-House Legal Counsel
To understand compliance with laws/regulations, litigation and fraud
Production Department
To understand operations and productions
Risk management function
To obtain information about operational and regulatory risks affecting financial
statements.
Information system personnel
To obtain information about system changes, system or control failures or other
risks
Observation and Inspection
Observation and Inspection support inquiries and also provides further information about entity. Examples
include:
Observation of Entity’s Premises and Plant facilities
Observation of Entity’s operations
Inspection of documents (e.g. Business Plans, Strategies, SOPs, Internal Controls, etc.)
Inspection of Reports by Management (e.g. Interim financial statements and minutes of meetings)
Analytical Procedures:
Analytical procedures performed as risk assessment procedures identify Unusual or Unexpected
relationships and amounts which may indicate existence of error/fraud. Analytical procedures performed as
risk assessment procedures may include both financial and non-financial information
Information Obtained in Prior Periods:
nformation obtained in prior periods may also be relevant and may be used by auditor in current period e.g.
information about following matters:
Use of risk assessment procedures performed last year
Use of tests of controls performed last year
Use of substantive procedures performed last year
ISA – 330 provides guidance on use of information obtained in prior periods.
Discussion among the Engagement Team:
Objectives/Benefits:
1. More experienced members share their insights based on their knowledge of the entity.
2. Team members exchange information about the business risks of entity and how financial
statements may be misstated.
3. Team members gain a better understanding of audit risk in specific areas assigned to them, and how
the results of their work can affect other aspects of audit.
4. Team members communicate and share new information obtained throughout the audit that may
affect the audit risk or audit procedures
What is discussed among engagement team
Business Risks, Audit Risks, Professional Skepticism, Fraud consideration, application of AFRF on entity, New
information during audit affecting risk and audit procedures
When is discussed among engagement team
It also depends on professional judgment. Usually this discussion starts from planning phase and there may
be further discussions throughout the audit to exchange ongoing information.
Who is involved in discussion among Engagement Team
It is a matter of professional judgment as to which members to include. Usually Key members of engagement
teams are included. All members are not necessary. Involvement of Expert and auditors of components is also
considered.
The Entity and Its Environment:
Auditor is required to obtain understanding of entity. This understanding shall cover following:
1) Entity’s Environment
2) Nature of entity
3) Entity’s Selection and Application of Accounting Policies
4) Objectives, Strategies and related Business Risks
5) Measurement and Review of entity’s Financial Performance
Industry, Regulatory and Other External Factors:
Auditor shall consider following factors in obtaining understanding of entity’s environment:
Industry Factors
*Market and Competition
*Seasonal activity
*Product technology
*Energy supply and cost
Regulatory Factors
*Applicable legislation and regulation
*Taxation laws
*AFRF
*Industry specific practices
*Government policies (monetary
policy, fiscal policy, foreign
exchange policy)
Other External Factors
*General economic conditions
*Interest rates
*Inflation rates
*Availability of financing
*Currency revaluation
Nature of the Entity:
Examples of matters that the auditor may consider when obtaining an understanding of the nature of the
entity include:
IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT:
There are two levels of risk of material misstatement i.e. at Financial Statement Level and at Assertion Level.
Assessment of Risks of Material Misstatement at the Financial Statement Level
Risks at the financial statement level refer to risks that affect financial statements pervasively and potentially
affect many assertions.
Consideration of Risk at Financial Statement Level assists an auditor to:
Determine overall Audit Strategy
Assessment of Risks of Material Misstatement at the Assertion Level
Risk at assertion level refers to risks that do not affect financial statements pervasively and affect only
specific identifiable assertions.
Consideration of Risk at Assertion Level assists an auditor to:
Determine Audit Plan/Audit Program/Audit Procedures
Examples At Financial Statements Level
Due to
Inherent
Risk
-Adverse economic and competitive conditions
-Hi-tech, complex industry
-Liquidity or Going concern problem
Due to
Control Risk
-Weak control environment.
- High turnover of senior finance team members
Examples at Assertion level
Due to
Inherent
Risk
-Complex transactions and calculations
-Estimates, judgments, uncertainties in
account balance or classes of transactions
Due to
Control Risk
-Not preparing BRS
-Not sending monthly statements to
debtors
Examples at Assertion level
Due to
Inherent
Risk
-Complex transactions and calculations
-Estimates, judgments, uncertainties in
account balance or classes of transactions
Due to
Control Risk
-Not preparing BRS
-Not sending monthly statements to
debtors
- Existence i.e. recorded assets, liabilities, and equity actually exist.
- Rights and obligations i.e. entity holds or controls the rights to assets, and liabilities are obligations
of entity. - Accuracy, Valuation and allocation i.e. assets, liabilities, and equity are included in the financial
statements at appropriate amounts; and adjustments relating to valuation/allocation have been
recorded. - Completeness i.e. all assets, liabilities and equity that should have been recorded, have been
recorded. - Classification i.e. assets, liabilities and equity have been recorded in the proper accounts.
- Presentation i.e. assets, liabilities and equity are appropriately aggregated or disaggregated, and
disclosures are according to AFRF.
Assertions about classes of transactions and events for the period:
- Occurrence i.e. all transactions and events, that have been recorded, have actually occurred and
pertain to the entity (i.e. there is no overstatement). - Accuracy i.e. amounts and other data relating to transactions and events have been recorded
appropriately. - Cutoff i.e. transactions and events have been recorded in correct accounting period.
- Completeness i.e. all transactions and events, that should have been recorded, have been recorded
(i.e. there is no understatement). - Classification i.e. transactions and events have been recorded in the proper accounts.
- Presentation i.e. transactions and events are appropriately aggregated or disaggregated, and
disclosures are according to AFRF.
Identifying Significant Risks:
“An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special
audit consideration.”
Factors to consider in exercising judgment as to which risks are significant risks:
Significant non-routine transactions
Judgmental Matters
Risk of material misstatement due to fraud
Risk related to recent economic, accounting or other development
Complexity of transactions
Significant related parties’ Transactions
Significant risks are assessed before consideration of any mitigating controls so they are based on the
inherent risk only