risk and understanding of entity Flashcards
ISA 315
-Identifying and Assessing the Risks of Material Misstatement
assertions
auditor needs to obtain SAE to support assertions and disclosures in FS made by management
assertions are used by auditor when assessing risks of MM on an engagement
objective of the audit and the assessment of risk
objective of auditor is to identify and assess ROMM, whether due to fraud or error, at the FS and assertion level, providing a basis for designing and implementing responses to the assessed risks of MM.
audit risk
the risk that the auditor expresses an inappropriate opinion when the financial statements are materiality misstated.
risk of material misstatement comprises of
Audit risk = inherent risk * control risk * detection risk
latest requirement of how to evaluate risks
understand the audit risk of the client by obtaining an understanding of the entity and its environment, the applicable financial reporting standards (inherent risk) and the entity’s system of internal control. (control risk)
define inherent risk
the susceptibility of an assertion about a class of transaction, balance or disclosure to a misstatement that could be material, either individually or in aggregation, before consideration of any related controls
qualitative and quantitave inherent risk factors are
-complexity
-subjectivity
-change
-uncertainty
-management bias or fraud risk factors
IR is considered before any controls
IR and CR are both at assertion level
understanding the financial reporting framework
-consider accounting policies, FR requirements, industry requirements
-some accounting standards can be misapplied either by error or deliberately, for eg. IFRS 15, IAS 37, and FOREX.
-new issues like crypto and environment are also subjective to management
evaluating financial reporting is part of overall assessment of inherent risk
after risks have been identified auditor must
do a separate assessment of inherent and control risk
-inherent risk will be higher for some A,B,C,D (assertions, balances, classes, disclosures) than others and will require exercise of professional judgement
the degree to which inherent risk varies is called spectrum of inherent risk
purpose of spectrum of inherent risk
helps determine if identified risk is significant or not
significance depends on likelihood and magnitude of potential misstatement
risks need to be prioritised so we can plan procedures accordingly
The higher on the spectrum of inherent risk a risk is assessed, the more persuasive the audit evidence needs to be.
what is control risk
Control risk is the risk that the entity’s system of internal control will not prevent or detect and correct a misstatement on a timely basis. This can be due to weak or absent internal controls.
components of the entity’s system of internal control
indirect controls: (affects risk of MM at financial statement level)
-control environment
-entity’s risk assessment process
-entity’s process to monitor the system of internal control
direct controls: auditor’s understanding affects risk of MM at assertion level
-information system and communication
-control activities
If the auditor does not plan to test the operating effectiveness of the entity’s internal controls,
the risk of material misstatement is the same as the assessment of inherent risk. In other words, if the auditor is not planning on testing the controls, they assume there are no controls present in their risk assessment.
planning stage
-consider whether the audit procedures will include planned reliance on the operating effectiveness of controls.
-Reliance on an entity’s system of internal control can reduce the level of substantive procedures the auditor performs.
-the auditor’s assessment of the risks is affected by their understanding of each of the components of the entity’s system of internal control.
