Categories
Audit International Auditing Standards

ISA 315 Summary

Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

This standard is the property of IAASB and this summary is only for educational purposes. For some sections where summary may not give exact meaning, extracts of the standard are posted here.

ISA 315 definitions

ISA 315 Assertions definition

Assertions as management representations that are either explicit or otherwise which are embodied in the financial statements. Auditor use these assertions to consider the different type of potential misstatements that may occur.

Business risk definition

Business risk as risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s abilities to achieve its objective and execute its strategies, or from setting of inappropriate objectives and strategies.

Internal control definition

ISA 315 defines internal control as

  • those charged with governance, management and other personnel design, implement and maintain the process;
  • to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations

The term “controls” refers to any aspects of one or more of the components of internal control.

ISA 315 Risk assessment procedures definition

ISA 315 defines risk assessment procedures as audit procedures performed to obtain;

  • Understanding of entity and its environment
  • including the entity’s internal control

To identify and assess the risk of material misstatement, whether due to fraud or error at financial statement and assertion levels.

Significant risk definition

Significant risk as identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration.

Scope of the standard

ISA 315 deals with the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements, through understanding the entity and its environment, including the entity’s internal control.

ISA 315 Objective

Auditors’ objective is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

ISA 315 Requirements

Risk Assessment Procedures and Related Activities

This standard requires that auditor for risk assessment should;

  • perform risk assessment procedures and related activities. These activities shall be Inquires (from management or others), analytical procedures, observation and inspection;
  • consider information obtained during client acceptance or continuance process;
  • Information from other engagements
  • While using previous year information consider if there is any change in circumstances that may impact that information

Engagement partner and engagement team shall discuss the susceptibility of the entity’s financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances

The Required Understanding of the Entity and Its Environment, Including the Entity’s Internal Control

This standard requires that auditor should;

  • Get understanding of entity and its environment (these include and not limited to understanding relevant industry, regulatory requirements, reporting requirements, operations, ownership, entity’s selection of accounting policies, business risk that may result in material misstatement and measurement of entity’s performance)
  • Get understanding of internal control relating to audit (these include and not limited to understanding and evaluating design of internal control, components of internal control that are control environment, the entity’s risk assessment process, the information system, including the related business processes, relevant to financial reporting, and communication, Control activities relevant to the audit and monitoring of controls)

Identifying and Assessing the Risks of Material Misstatement

Auditor should identify the risk at financial statement and assertion level. for this the audit shall;

  • Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements;
  • Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions
  • Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test; and
  • Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement.

Risks That Require Special Audit Consideration

The auditor shall determine whether any of the risks identified are, in the auditor’s judgment, a significant risk. In order to ascertain any risk as significant risk the auditor shall consider at least following;

  • Whether the risk is a risk of fraud;
  • Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention;
  • The complexity of transactions;
  • Whether the risk involves significant transactions with related parties;
  • The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and
  • Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

Auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit Evidence

Auditor may judge that it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. In such cases, the entity’s controls over such risks are relevant to the audit and the auditor shall obtain an understanding of them.

Revision of Risk Assessment

The auditor shall revise risk assessment and modify the audit procedures during the course of the audit, if they come across any new information that is inconsistent with the original information.

ISA 315 Documentation requirements

The documentation shall include;

  • Discussion among the engagement team members and significant decision
  • Key elements of understating that is gained through this standard, including the sources and risk assessment procedure performed
  • The identified and assessed risks of material misstatement at the financial statement level and at the assertion level
  • The risks identified, and related controls about which the auditor has obtained an understanding (significant risk)