ISA 315 - Risk Assessment Flashcards
ISA 315
ISA 315
Identifying and Assessing the Risks of Material Misstatement (Revised 2019)
- Risk Assessment Procedures
- Areas to obtain understanding
- Internal Control categories
- Evaluation of risks
ISA 315
Risk Assessment Procedures
AEIO + Data Analytics
Analytical Procedures
Analytical procedures at risk assessment stage are known as Preliminary Analytical Procedures.
Enquiries
An audit planning meeting with management is often the starting point in gaining understanding about all of the aspects of the company and its environment. However, inquiries can also be made of others (like client staff, entity’s lawyers) who may be able to provide a different perspective or provide specific insights into certain matters. Eg: internal auditors would be able to comment, specifically on ICs.
Inspection
This will include inspection of documents (such as business plans & strategies), internal control manuals AND reading quarterly management reports, interim financial statements & minutes of board of directors’ meetings
Observation
This will include observation of entity activities & operations by visiting the entity’s premises & factories
ISA 315
Preliminary Analytical Procedures
AEIO
An important technique for understanding the client and the industry is analytical procedures.
‘Analytical procedures’ refers to the investigation and analysis of fluctuations and relationships
to determine whether there are inconsistencies with other relevant information or deviations from predicted amounts.
A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist & continue in the absence of conditions to the contrary.
Purpose of Preliminary Analytical Procedures
- To identify FS items that may be misstated
- To identify the pressures faced by the company
- To identify whether client is facing going concern problems
Benefits of using analytical procedures @ interim:
− Identifies anomalies in relationships
Limitations:
−
−
Analytical procedures often have to be performed on management accounts.
These figures have yet to be audited.
Year-end adjustments will also not have been put through.
As such, the figures in the FS at interim may not be as reliable.
A prior & proper understanding of the business is needed to interpret the results of analytical procedures. Without this, the auditor may be tempted to accept the results of analytical procedures that show no unusual variations as evidence that there is nothing wrong, which may not be the case if there have been significant changes in the business of which the auditor is unaware (and which management may wish to hide from the auditors).
ISA 315
ANALYTICS are common for identifying audit risks / ROMM
- Trend
- Comparison
- Ratio
ISA 315
ANALYTICS are common for business risk questions
Analytics explaining REVENUE STREAMS
Potential loss of revenue streams E.g. product A represents 70% ½ of total revenue
Analytics explaining PROFITABILITY
Margins (have they deteriorated) by 30% ½
Analytics explaining LIQUIDITY … ( “Liquidity” is ALWAYS the FINAL POINT in your exam answer)
Revenue reduced by ___ % ½
Cash BALANCE reduced by___ % ½
Monthly operating EXPENSES is $XXX ½
Cash reserves CAN LAST FOR ___ months ½ (Cash balance / monthly operating expenses)
ISA 315
Areas to obtain understanding
i.e. FBI
The auditor shall perform Risk Assessment Procedures to obtain an understanding of:
1. Entity & Its Environment
1. Financial Reporting Framework
1. Entity’s System of Internal Control
ISA 315
Areas to obtain understanding
Entity & Its Environment (1)
- The entity’s organizational structure,
ownership & governance, and
its business model.- Nature of business
- Products or services & markets
* Joint ventures &outsourcing activities- Method of selling :
- Geographic dispersion -
- the extent to which the businessmodel integrates the use of IT.
- Investments & investment activities
Planned or recently executed
acquisitions or divestitures - Financing & financing activities
Leasing arrangements- Industry.
The competitive environment &
technological developments
- Industry.
- Regulatory environment.
Legislation, tax rules - Other external factors.
General level of economic conditions
(for example, inflation, recession,
growth), interest rates & availability
of financing - Business Risks.
PESTEL factors which affect the survival of the entity.
- The measures used,
internally & externally, to assess the entity’s financial performance
ISA 315
Areas to obtain understanding
Financial Reporting Framework
- The applicable Financial Reporting
Framework (FRF) - Whether the entity’s accountingpolicies are appropriate andconsistent with the applicable FRF.
- The reasons for any changes inaccounting policies
- How inherent risk factorsaffect susceptibility of assertions tomisstatementSubjectivity,Uncertainty,Complexity,Change, orSusceptibility to misstatementdue to management bias
or other fraud risk factors
insofar as they affect inherent risk.
Related Party Transactions
Revenue
ISA 315
Areas to obtain understanding
Entity’s System of Internal Control (3)
Internal controls exist to provide
reasonable assurance
about the achievement of the entity’s
objectives with regard to:
▪ Reliability of financial reporting
Fraud & error prevented & detected
Accounting records complete & accurate
Timely & reliable info for decisions
▪ Effectiveness & efficiency of
operations
Safeguarding of assets
Operations efficient & effective
Management policies adhered to
▪ Compliance with applicable
laws & regulations
The entity may, may not have strong ICs.
However, understanding the nature and
extent of controls should themselves
provide some clue as to the risks they are
intended to mitigate.
Therefore, regardless of the audit
approach (whether COMBINED or
SUBSTANTIVE) the auditor shall
UNDERSTAND the entity’s ICs
to identify & assess the ROMM.
ISA 315 (Revised 2019) indicates that the
auditor is only required to
ASSESS control risk IF there are plans to
test the operating effectiveness of
controls.
ISA 315
How poor INTERNAL CONTROLS can give rise to misstatements.
▪ Lack of personnel with appropriate accounting and financial reporting skills or even the departure of key management like the Finance Director or Accountant can result in many FS items being misstated.
▪ Deficiencies in internal control - can result in related FS item being misstated.
▪ Installation of significant new IT systems related to financial reporting
can result in many F/S items being misstated if the old balances are not accurately carried over
▪ Insufficient supervisors in the company can result in errors or fraud not being detected or corrected
▪ Poor segregation of duties can result in errors or fraud.
▪ Inadequate credit control may result in receivables overstated
▪ Bank accounts not reconciled may result in bank balance misstated
▪ No inventory count held at the year-end. Therefore valuation based on quantities in inventory records. Inventory may be misstated
▪
▪
No Non-Current Asset Register to list individual non-current assets. PPE may be overstated No official price list. Revenue may be misstated
ISA 315
INTERNAL CONTROLS
Internal controls
Based on the understanding of the 5 components of IC [C R I M E ], auditor to determine whether control deficiencies have been identified and consider the implications the audit, including the requirement to communicate significant deficiencies in IC to TCWG in accordance with ISA 265
ISA 315
INTERNAL CONTROLS - Direct & Indirect
DIRECT control components
Direct controls are controls that are precise enough to
address ROMM at the assertion level.
Example:
Control Activities (P A I P S)
Information Systems & Communication
How to assess control risk
Ascertain the ICs & Accounting System
Document (Permanent Audit File)
Confirm the ICs & Accounting System (mandatory)
(Using Walk Throughs)
Assess Control Risk
Test of Controls
ISA 315 (Revised 2019) indicates that the auditor is only
required to assess control risk if there are plans to test the operating effectiveness of controls.
INDIRECT control components
Indirect controls are controls that support direct controls.
Example:
Control Environment
Risk Assessment processes
Monitoring
Ascertain the ICs & Accounting System
Document (Permanent Audit File)
onfirm the ICs & Accounting System (Walk Through)
ssess Control Risk
est of Controls
ISA 315
INTERNAL CONTROLS
PAPIS
P A I P S = Physical controls Authorization controls Information & processing controls Performance reviews like variance analysis Segregation of duties
ISA 315
WHY obtain an UNDERSTANDING of
entity & environment, applicable FRF & internal controls (i.e. FBI)
TO IDENTIFY RISK
* To identify risks at the FS level. (E.g., where FS have been manipulated, entity is no longer a going concern)
* To identify risks at the Assertion level.
* To identify the SIGNIFICANT CLASSES of Transactions, Account balances & Disclosures for which there is one or more assertions which are most likely to be materially misstated.
TO ASSESS RISK To assess risks at the FS level so that, OVERALL RESPONSE can be planned.
(The likelihood To assess risks at the Assertion level so that SPECIFIC RESPONSE can be planned.
& the magnitude)
To assess which risks are SIGNIFICANT RISKS so that attention can be focused.
TO PROVIDE A To help in setting appropriate materiality levels FRAME OF To help in the development of an appropriate audit approach (combined or substantive) REFERENCE The most appropriate team can be selected with more experienced staff allocated to higher risk audits and high risk balances.
ISA 315
Risk @ FS level & Assertion levels
ISA 315 The auditor shall identify & assess ROMM at TWO levels:
Risk @ FS level
These refer to risks of material misstatement that relate pervasively to the FS as a whole & potentially affect MANY
assertions across the FS.
Assertion levels
These refer to risks of material misstatement that relate to SPECIFIC assertions.
WHY?
So that the auditor can RESPOND appropriately to those risks (ISA 330)
