ISA 315 - Risk Assessment Flashcards
ISA 315
ISA 315
Identifying and Assessing the Risks of Material Misstatement (Revised 2019)
- Risk Assessment Procedures
- Areas to obtain understanding
- Internal Control categories
- Evaluation of risks
ISA 315
Risk Assessment Procedures
AEIO + Data Analytics
Analytical Procedures
Analytical procedures at risk assessment stage are known as Preliminary Analytical Procedures.
Enquiries
An audit planning meeting with management is often the starting point in gaining understanding about all of the aspects of the company and its environment. However, inquiries can also be made of others (like client staff, entity’s lawyers) who may be able to provide a different perspective or provide specific insights into certain matters. Eg: internal auditors would be able to comment, specifically on ICs.
Inspection
This will include inspection of documents (such as business plans & strategies), internal control manuals AND reading quarterly management reports, interim financial statements & minutes of board of directors’ meetings
Observation
This will include observation of entity activities & operations by visiting the entity’s premises & factories
ISA 315
Preliminary Analytical Procedures
AEIO
An important technique for understanding the client and the industry is analytical procedures.
‘Analytical procedures’ refers to the investigation and analysis of fluctuations and relationships
to determine whether there are inconsistencies with other relevant information or deviations from predicted amounts.
A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist & continue in the absence of conditions to the contrary.
Purpose of Preliminary Analytical Procedures
- To identify FS items that may be misstated
- To identify the pressures faced by the company
- To identify whether client is facing going concern problems
Benefits of using analytical procedures @ interim:
− Identifies anomalies in relationships
Limitations:
−
−
Analytical procedures often have to be performed on management accounts.
These figures have yet to be audited.
Year-end adjustments will also not have been put through.
As such, the figures in the FS at interim may not be as reliable.
A prior & proper understanding of the business is needed to interpret the results of analytical procedures. Without this, the auditor may be tempted to accept the results of analytical procedures that show no unusual variations as evidence that there is nothing wrong, which may not be the case if there have been significant changes in the business of which the auditor is unaware (and which management may wish to hide from the auditors).
ISA 315
ANALYTICS are common for identifying audit risks / ROMM
- Trend
- Comparison
- Ratio
ISA 315
ANALYTICS are common for business risk questions
Analytics explaining REVENUE STREAMS
Potential loss of revenue streams E.g. product A represents 70% ½ of total revenue
Analytics explaining PROFITABILITY
Margins (have they deteriorated) by 30% ½
Analytics explaining LIQUIDITY … ( “Liquidity” is ALWAYS the FINAL POINT in your exam answer)
Revenue reduced by ___ % ½
Cash BALANCE reduced by___ % ½
Monthly operating EXPENSES is $XXX ½
Cash reserves CAN LAST FOR ___ months ½ (Cash balance / monthly operating expenses)
ISA 315
Areas to obtain understanding
i.e. FBI
The auditor shall perform Risk Assessment Procedures to obtain an understanding of:
1. Entity & Its Environment
1. Financial Reporting Framework
1. Entity’s System of Internal Control
ISA 315
Areas to obtain understanding
Entity & Its Environment (1)
- The entity’s organizational structure,
ownership & governance, and
its business model.- Nature of business
- Products or services & markets
* Joint ventures &outsourcing activities- Method of selling :
- Geographic dispersion -
- the extent to which the businessmodel integrates the use of IT.
- Investments & investment activities
Planned or recently executed
acquisitions or divestitures - Financing & financing activities
Leasing arrangements- Industry.
The competitive environment &
technological developments
- Industry.
- Regulatory environment.
Legislation, tax rules - Other external factors.
General level of economic conditions
(for example, inflation, recession,
growth), interest rates & availability
of financing - Business Risks.
PESTEL factors which affect the survival of the entity.
- The measures used,
internally & externally, to assess the entity’s financial performance
ISA 315
Areas to obtain understanding
Financial Reporting Framework
- The applicable Financial Reporting
Framework (FRF) - Whether the entity’s accountingpolicies are appropriate andconsistent with the applicable FRF.
- The reasons for any changes inaccounting policies
- How inherent risk factorsaffect susceptibility of assertions tomisstatementSubjectivity,Uncertainty,Complexity,Change, orSusceptibility to misstatementdue to management bias
or other fraud risk factors
insofar as they affect inherent risk.
Related Party Transactions
Revenue
ISA 315
Areas to obtain understanding
Entity’s System of Internal Control (3)
Internal controls exist to provide
reasonable assurance
about the achievement of the entity’s
objectives with regard to:
▪ Reliability of financial reporting
Fraud & error prevented & detected
Accounting records complete & accurate
Timely & reliable info for decisions
▪ Effectiveness & efficiency of
operations
Safeguarding of assets
Operations efficient & effective
Management policies adhered to
▪ Compliance with applicable
laws & regulations
The entity may, may not have strong ICs.
However, understanding the nature and
extent of controls should themselves
provide some clue as to the risks they are
intended to mitigate.
Therefore, regardless of the audit
approach (whether COMBINED or
SUBSTANTIVE) the auditor shall
UNDERSTAND the entity’s ICs
to identify & assess the ROMM.
ISA 315 (Revised 2019) indicates that the
auditor is only required to
ASSESS control risk IF there are plans to
test the operating effectiveness of
controls.
ISA 315
How poor INTERNAL CONTROLS can give rise to misstatements.
▪ Lack of personnel with appropriate accounting and financial reporting skills or even the departure of key management like the Finance Director or Accountant can result in many FS items being misstated.
▪ Deficiencies in internal control - can result in related FS item being misstated.
▪ Installation of significant new IT systems related to financial reporting
can result in many F/S items being misstated if the old balances are not accurately carried over
▪ Insufficient supervisors in the company can result in errors or fraud not being detected or corrected
▪ Poor segregation of duties can result in errors or fraud.
▪ Inadequate credit control may result in receivables overstated
▪ Bank accounts not reconciled may result in bank balance misstated
▪ No inventory count held at the year-end. Therefore valuation based on quantities in inventory records. Inventory may be misstated
▪
▪
No Non-Current Asset Register to list individual non-current assets. PPE may be overstated No official price list. Revenue may be misstated
ISA 315
INTERNAL CONTROLS
Internal controls
Based on the understanding of the 5 components of IC [C R I M E ], auditor to determine whether control deficiencies have been identified and consider the implications the audit, including the requirement to communicate significant deficiencies in IC to TCWG in accordance with ISA 265
ISA 315
INTERNAL CONTROLS - Direct & Indirect
DIRECT control components
Direct controls are controls that are precise enough to
address ROMM at the assertion level.
Example:
Control Activities (P A I P S)
Information Systems & Communication
How to assess control risk
Ascertain the ICs & Accounting System
Document (Permanent Audit File)
Confirm the ICs & Accounting System (mandatory)
(Using Walk Throughs)
Assess Control Risk
Test of Controls
ISA 315 (Revised 2019) indicates that the auditor is only
required to assess control risk if there are plans to test the operating effectiveness of controls.
INDIRECT control components
Indirect controls are controls that support direct controls.
Example:
Control Environment
Risk Assessment processes
Monitoring
Ascertain the ICs & Accounting System
Document (Permanent Audit File)
onfirm the ICs & Accounting System (Walk Through)
ssess Control Risk
est of Controls
ISA 315
INTERNAL CONTROLS
PAPIS
P A I P S = Physical controls Authorization controls Information & processing controls Performance reviews like variance analysis Segregation of duties
ISA 315
WHY obtain an UNDERSTANDING of
entity & environment, applicable FRF & internal controls (i.e. FBI)
TO IDENTIFY RISK
* To identify risks at the FS level. (E.g., where FS have been manipulated, entity is no longer a going concern)
* To identify risks at the Assertion level.
* To identify the SIGNIFICANT CLASSES of Transactions, Account balances & Disclosures for which there is one or more assertions which are most likely to be materially misstated.
TO ASSESS RISK To assess risks at the FS level so that, OVERALL RESPONSE can be planned.
(The likelihood To assess risks at the Assertion level so that SPECIFIC RESPONSE can be planned.
& the magnitude)
To assess which risks are SIGNIFICANT RISKS so that attention can be focused.
TO PROVIDE A To help in setting appropriate materiality levels FRAME OF To help in the development of an appropriate audit approach (combined or substantive) REFERENCE The most appropriate team can be selected with more experienced staff allocated to higher risk audits and high risk balances.
ISA 315
Risk @ FS level & Assertion levels
ISA 315 The auditor shall identify & assess ROMM at TWO levels:
Risk @ FS level
These refer to risks of material misstatement that relate pervasively to the FS as a whole & potentially affect MANY
assertions across the FS.
Assertion levels
These refer to risks of material misstatement that relate to SPECIFIC assertions.
WHY?
So that the auditor can RESPOND appropriately to those risks (ISA 330)
ISA 315
Risks @ the FS level
Risks @ the FS level
Management bonus based on revenue
Revenue overstated
Assets (Receivables) overstated
Management bonus based on PBT
Entity is listed & eps
Entity is desperate for financing
Revenue overstated
Assets (Receivables, PPE, Intangibles) overstated
Expenses understated
Liabilities understated
Risk @ FS level potentially affects MANY assertions
Revenue - Occurrence, Cut-off, Accuracy
Receivables - Existence, Valuation
Tangible - Existence, Valuation
Intangibles - Valuation
Expenses - Completeness, Cut-off, Accuracy
Liability - Completeness, Valuation
ISA 315
Fraudulent financial reporting (manipulation of FS involving MANAGEMENT override)
THE EARNINGS MANAGEMENT CONTINUUM
Savvy transaction timing
Earlier recognition of revenue
Delaying recognition of expenses
Unrecorded liabilities
Aggressive accounting
Change in methods or estimates with full disclosure
(Improper asset valuations)
Deceptive accounting
Change inmethods or estimates with little or no disclosure
Fraudulent reporting
Outright violationof IFRS
Fraud
Recording fictitious sales
Record fictitious journal entries near the end of a
reporting period to ‘window dress’ the year-end figures
ISA 315
The degree to which inherent risk varies is referred to in ISA 315 ( R ) as the ‘spectrum of inherent risk.’
SUCCS-R+R
- Subjectivity
- Uncertainty
- Complexity
- Change
- Susceptibility to misstatement due to management bias
- Related party transactions
- Revenue
The determination of which of the assessed ROMM
are close to the upper end of the spectrum of inherent risk, and are therefore significant risks, is a matter of professional judgment.
ISA 315
The degree to which inherent risk varies is referred to in ISA 315 ( R ) as the ‘spectrum of inherent risk.’
SUCCS-R+R
-
Subjectivity - Transactions for which there are multiple acceptable accounting treatments such that subjectivity is
involved.
E.g. IAS 16 permits a choice between - straight line or reducing balance to calculate depreciation.
E.g. IFRS 15 permits a choice between output & input method to calculate construction income.
E.g. IAS 40 permits a choice between FV model & cost model -
Uncertainty - Accounting estimates that have high estimation uncertainty.
E.g. Provision for decommissioning in 100 years; court case will only be finalised in 2 year’s time. -
Complexity - Accounting estimates that have complex models.
Complexity in data collection and processing to support account balances.
E.g. In calculating supplier rebate provisions because it may be necessary to take into account
different commercial terms with many different suppliers, or many interrelated commercial terms that
are all relevant in calculating the rebates due.
Account balances or quantitative disclosures that involve complex calculations.
Operations that are subject to a high degree of complex regulation.
E.g. client is listed on several stock exchanges
The existence of complex business alliances - Change -
- Change may result from developments in the requirements of the applicable financial reporting framework
- Changes in the entity’s business that involve changes in accounting, for example, mergers and acquisitions.
- Changes in the entity’s business model (like from brick & mortar to online sales)
- Changes in the environment in which the entity operates.
Such change may affect management’s assumptions and judgments, including as they relate to management’s selection of accounting policies or how accounting estimates are made or related disclosures are determined.
- Susceptibility to misstatement due to management bias - High susceptibility to misstatement due to management bias - Manipulation of FS
- **Related party transactions & Revenue **- FS items which are to be treated as a significant risk in accordance with the requirements of other ISAs E.g. Related Party Transactions (ISA 550), Revenue (ISA 240)
