PSA 315

IDENTIFYING AND ASSESSING THE

RISKS OF MATERIAL MISSTATEMENT
THROUGH UNDERSTANDING THE
ENTITY
AND ITS ENVIRONMENT
 PSA 315
Risk Assessment Procedures and Related Activities
1. Required Understanding of the Entity and Its Environment
2. Identifying and Assessing the Risk of Material Misstatements
3. Material Weakness in Internal Control
4. Documentation
Risk assessment procedures
What is a Risk Assessment Procedure?

The audit procedures performed to obtain an understanding of the entity and its
environment, including the entity’s internal control, to identify and assess the
risks of material misstatement, whether due to fraud or error, at the financial
statement and assertion levels.
Risk Assessment Procedures

• Obtaining an understanding of the entity and its environment,

including the entity’s internal control

Evaluating Design of Control Determining whether it has

been implemented

Walk through test

Risk Assessment Procedures

• Obtaining an understanding of the entity and its environment,

including the entity’s internal control

• Used by the auditor as audit evidence to support assessments of

the risks of material misstatement.
Risk Assessment Procedures

• Obtaining an understanding of the entity and its environment,

including the entity’s internal control

• Used by the auditor as audit evidence to support assessments of

the risks of material misstatement.

• Uses professional judgment to determine the extent of the

understanding required.
 Risk Assessment Procedures

The auditor shall consider:

• Whether changes have occurred since the previous audit that may affect its relevance
to the current audit.
The risk assessment procedures shall include
the following:

(a) Inquiries of management

The risk assessment procedures shall include
the following:

(a) Inquiries of management

(b) Analytical procedure

The risk assessment procedures shall include
the following:

(a) Inquiries of management

(b) Analytical procedure

(c) Observation and inspection

 The Required Understanding of
(1)the Entity and its Environment,
Including
(2) the Entity’s Internal Control
 Why understanding the entity and its
environment is important?
a. It is used in assessing the risk of material misstatements of Financial Statements
b. It establishes materiality
c. It is used in considering the appropriateness of the selection and application of accounting
policies
d. It aids in identifying areas in which special audit consideration may be necessary
e. It is used in developing expectations for use when performing analytical procedures
f. It helps in responding to the assessed risk of material misstatements,
g. It aids in evaluating the sufficiency and appropriateness of audit evidences obtained
Entity and its environment
The Entity and Its Environment
The auditor shall obtain an understanding of the following:

(a)Relevant industry, regulatory, and other external factors including the

applicable financial reporting framework.
The Entity and Its Environment
The auditor shall obtain an understanding of the following:

(a)Relevant industry, regulatory, and other external factors including the

applicable financial reporting framework.

(b) The nature of the entity.

1. Business Operations
The Entity and Its Environment
The auditor shall obtain an understanding of the following:

(a)Relevant industry, regulatory, and other external factors including the

applicable financial reporting framework.

(b) The nature of the entity.

1. Business Operations
2. Investments and investment activities
The Entity and Its Environment
The auditor shall obtain an understanding of the following:

(a)Relevant industry, regulatory, and other external factors including the

applicable financial reporting framework.

(b) The nature of the entity.

1. Business Operations
2. Investments and investment activities
3. Financing and financing activities
The Entity and Its Environment
The auditor shall obtain an understanding of the following:

(a)Relevant industry, regulatory, and other external factors including the

applicable financial reporting framework.

(b) The nature of the entity.

1. Business Operations
2. Investments and investment activities
3. Financing and financing activities
4. Financial Reporting
The Entity and Its Environment
(c) The entity’s selection and application of accounting policies, including the
reasons for changes thereto.
The Entity and Its Environment
(c) The entity’s selection and application of accounting policies, including the
reasons for changes thereto.

(d) The entity’s objectives and strategies, and those related business risks that
may result in risks of material misstatement.
The Entity and Its Environment
(c) The entity’s selection and application of accounting policies, including the
reasons for changes thereto.

(d) The entity’s objectives and strategies, and those related business risks that
may result in risks of material misstatement.

(e) The measurement and review of the entity’s financial performance.

Entity’s internal control
What is Internal Control?

(c) Internal control is the

(1) process designed, implemented and
(2) maintained by those charged with governance, management and other
personnel to
(3) provide reasonable assurance about
(4) the achievement of an entity’s objectives with regard to
• reliability of financial reporting,
• effectiveness and efficiency of operations, and
• compliance with applicable laws and regulations.
Types of Internal Control
ADMINISTRATIVE ACCOUNTING
• Decision processes leading to • Safeguard of Assets and reliability
managements authorization of of financial record
transaction • Provide reasonable assurance
• Promotes operational efficiency 1. Transaction executed are necessary and
and encourages adherence to with accordance with management
managerial policies 2. Access to assets is in accordance with
management authorization
The Entity’s Internal Control
• Although most controls relevant to the audit are likely to relate to financial
reporting, not all controls that relate to financial reporting are relevant to the
audit.

• It is a matter of the auditor’s professional judgment whether a control,

individually or in combination with others, is relevant to the audit.
Factors relevant to the auditor’s judgment

• Materiality.

• The significance of the related risk.

• The size of the entity.

• The nature of the entity’s business, including its organization and ownership
characteristics.

• The diversity and complexity of the entity’s operations.

Factors relevant to the auditor’s judgment

• Applicable legal and regulatory requirements.

• The circumstances and the applicable component of internal control.

• The nature and complexity of the systems that are part of the entity’s internal
control, including the use of service organizations.

• Whether, and how, a specific control, individually or in combination with others,

prevents, or detects and corrects, material misstatement.
Components of Internal Control

1. The control environment;

2. The entity’s risk assessment;

3. The information system;

4. Control activities; and

5. Monitoring of controls.
CONTROL ENVIRONMENT:

The control environment talks about the attitudes, awareness, and actions of
those charged with governance and management concerning the entity’s
internal control and its importance in the entity.

The control environment sets the tone of an organization, influencing the

control consciousness of its people.
CONTROL ENVIRONMENT

Factors Reflected in the Control Environment

(a)Communication and enforcement of integrity and ethical values

(b) Commitment to competence
(c) Participation by those charged with governance
(d) Management’s philosophy and operating style
(e) Assignment of authority and responsibility
(f) Human resource policies and practices
RISK ASSESSMENT:
the entity’s risk assessment process is the process employed by an
entity in for anticipating , identifying , and responding to business
risk and the results thereof.
RISK ASSESSMENT
Business risk may arise from
• Changes in operating
environment • Corporate restructuring
• New personnel • Expanded foreign operations
• Revamped information system • Geographical Separation
• Rapid growth • New accounting
pronouncement
• New technology
• New business models, products
and activities
RISK ASSESSMENT
The auditor shall obtain an understanding of whether the entity has a process
for:

(a) Identifying business risks relevant to financial reporting objectives;

(b) Estimating the significance of the risks;
(c) Assessing the likelihood of their occurrence; and
(d) Deciding about actions to address those risks.
INFORMATION AND COMMUNICATION
SYSTEM:
An information system consists of infrastructure (physical and hardware
components), software, people, procedures, and data. Many information systems
make extensive use of information technology (IT).
INFORMATION AND COMMUNICATION
SYSTEM:
Information systems encompasses methods and records that:
1.Identify and record all valid transactions
2.Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting
3.Measures the value of transactions in a manner that permits recording their
proper monetary value in the FS
4.Determine the time period in which transactions in the proper accounting period
5.Present properly the transactions and related disclosures in the FS.
INFORMATION AND COMMUNICATION
SYSTEM:
Communication involves providing an understanding of individual roles and
responsibilities pertaining to internal control over financial reporting.

It can be made electronically, orally, and through the actions of management.

It can take such forms as policy manuals, accounting and financial reporting
manuals, and memoranda.
 INFORMATION AND
COMMUNICATION SYSTEM
The auditor shall obtain an understanding of how the entity communicates
financial reporting roles and responsibilities and significant matters relating to
financial reporting, including:

(a) Communications between management and those charged with governance;

and
(b) External communications, such as those with regulatory authorities.
CONTROL ACTIVITIES:
This refers to the policies and procedures that help ensure that management
directives are carried out.
CONTROL ACTIVITIES: Control
Procedures
• Performance reviews.
CONTROL ACTIVITIES: Control
Procedures
• Performance reviews.
• Information processing.
CONTROL ACTIVITIES: Control
Procedures
• Performance reviews.
• Information processing.
• Physical controls.
CONTROL ACTIVITIES: Control
Procedures
• Performance reviews.
• Information processing.
• Physical controls.
• Segregation of duties.
MONITORING
Monitoring of controls is a process to assess the effectiveness of internal control
performance over time. It involves assessing the effectiveness of controls on a
timely basis and taking necessary corrective actions.

It is done to ensure that controls continue to operate effectively.

MONITORING

Ongoing Monitoring Separate Evaluation

• Activities are built into the normal

◦ Activities that are performed on a
recurring activities of an entity and
include regular management and non-routine basis.
supervisory activities .
Documentation the auditors understanding of
Internal Control
• Need not be in any particular form
• The extend of the documentation may vary depending on the size
and complexity of the entity’s internal control system
• Some commonly used form of documentation include
1. Narrative description of the entity’s internal control
2. Flowchart that diagrams the flow of transactions and documents
3. Internal control questionnaire providing management’s response to
questions about internal control
end