The auditor's goal is to detect and analyze the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, so that responses to the estimated risks of material misstatement can be designed and implemented. ISA 315 (Revised) outlines the reasons "why" risk assessment processes should be performed, as well as "what" has to be evaluated and "how" it should be assessed.
The
following steps for risk assessment must be followed:
(a) Inquiries of management, suitable personnel within the
internal audit function (if one exists), and others inside the organization
who, in the auditor's opinion, may have knowledge that can help detect
substantial misstatement risks due to fraud or error.
(b) Analytical
procedures.
c) Inspection
and observation
In
September 2019, the International Audit and Assurance Standards Board (IAASB) authorized
major revisions to ISA 315. The modifications will apply to financial statement
audits for periods beginning on or after December 15, 2021. The adjustments
will have far-reaching consequences, requiring businesses of all kinds to
rethink their risk-assessment strategies. The key areas of the revisions are
shown below.
§ Subjectivity, complexity, uncertainty,
change, and susceptibility to misstatement due to managerial bias or fraud are
five new inherent risk characteristics that have been introduced to aid in risk
assessment.
§ A new risk spectrum has emerged, with
major dangers at the higher end.
§ The risk evaluation must be based on
"adequate, appropriate" evidence acquired via risk assessment
methods.
§ There will be a lot greater emphasis on
IT, particularly on IT general controls.
§ More on audit-relevant controls, as well
as the design and implementation effort that goes into them.
§ The removal of smaller entity
considerations as a separate category of paragraph and the inclusion of that
content inside the main body of the text, as well as the addition of new
material.
Practice:
The
improvements attempt to improve the quality and consistency of risk evaluations
while also encouraging professional skepticism. Understanding the nature and
scope of the required modifications will be a major task for those conducting
ISA audits. ISA 315 (Revised) contains new and updated content for
understanding IT and general IT controls, as well as expanded auditor concerns
relating to IT. The auditor must be aware of how the entity handles data and
how it is used within the organization. The accounting records, how information
is gathered and maintained, and how these flow into the accounts in the
financial statements should all be understood.
References:
https://bit.ly/3vRIswE
