Bangladesh Standard on Auditing- 315 Identifying and Assessing the Risk of Material Misstatement through Understanding the Entity and Its Environment
Scope of this BSA and Objective It deals with the auditors responsibilities- • To identify and assess the risk of material misstatements Through • Understanding the entity • Its environment and • Entity’s internal control systems Above scope helps the auditor by providing a basis for designing and implementing response to the assessed risk of material misstatements.
Risk Assessment Procedures and Related Activities It includes the following Inquiries with Management (A6) Analytical Procedure (A7) Observation and Inspection (A11)
Risk Assessment Procedures and Related Activities- Con---d Here Auditor shall also consider- • The information gathered at the time of client acceptance or continuance process • The information gathered by virtue of other engagement activities (Say Tax services) of the same entity • Changes happened from previous audit if it is recurring audit • Discussion among the engagement team (A14)
What is Risk Assessment Procedures: The procedure performed to obtain an understanding of the entity and its environment, including the entity’s internal control systems To identify and assess the risks of material misstatements whether due to fraud or error At Financial Statements levels and Assertion levels
Understanding of the Entity The Entity and its Environment Following understanding shall require: • Relevant industry, regulatory and other external factors including applicable financial reporting framework • The nature of the entity where includes- • Its operation • Ownership and governance structure • Type of investments • Its structure and financing mode
Understanding of the Entity Con----d The Entity and its Environment c) Adopted accounting policies of entity (A28) d) Entity’s objectives and strategies, mission, vision and goal etc. (A29 to A35) e) Measurement and review of financial performance (A38 )
The Entity and Its Environments • Industry, Regulatory and other External Factors: Industry Factors Include: • Industry condition i.e competitive environments, demand, supply, price, capacity etc • Suppliers and customer relationships • Technological developments • Cyclical or seasonal activities • Energy supply and cost
The Entity and Its Environments Con----d Regulatory Factors include: • Regulatory environments • Applicable financial reporting framework • Legal and political environments • Accounting principles and industry specific practices • Taxation • Govt. policies (monetary, fiscal, financial incentives, tariff restrictions etc) • Environmental requirements
The Entity and Its Environments Con----d Other External Factors include: • General economic condition • Interest rate • Availability of financing • Inflationary trends • Currency devaluation and • Any other factor seems relevant to the auditor.
The Entity and Its Environments Con----d b) Nature of the Entity (A23): Here need to consider- • Nature of revenue source, product or service and market and involvement of technology • Conduct of operation • Alliance, joint venture, and outsourcing activities • Geographic dispersion and segmentation • Location of production facilities, warehouse, office • Key customers, suppliers • Employment arrangements • R&D activities • Related party transactions
The Entity and Its Environments Con----d b) Nature of the Entity (A23): • Investment and investment activities • Financing and financing related activities • Financial reporting such as- • Accounting principles and industry practice • Revenue recognition practices • Accounting of fair value • Foreign currency assets, liabilities and transactions • Accounting for unusual and complex transactions
Understanding of the Entity Con----d Understanding the Entity’s Internal Control Systems Components of Internal Control Systems: • Control environment • The entity’s risk assessment process • Control activities relevant to the audit • Information and communications and • Monitoring of controls
Understanding the Entity’s Internal Control Systems What is ICS? ICS is a set of interrelated activities which consists of policies and procedures to provide management with reasonable assurance that the company achieve its objectives and goals. These policies and procedures are often called controls and collectively they comprise the entity’s internal control Auditor must obtain an understanding of internal control systems and gathered related evidence to support that assessment.
Understanding the Entity’s Internal Control Systems Con---d Purpose of Internal Control (A44): It is designed, implemented and maintained to address identified business risks that threaten the achievement of the following concern: 1. reliability of entity’s financial statements 2. effectiveness and efficiency of business operation and 3. compliance with the applicable laws and regulations.
Understanding the Entity’s Internal Control Systems Con---d Limitation of Internal Control (A46): • Inherent limitation for weak designing and implementing • Management override control by collusion • Lack of understanding and commitment
Understanding the Entity’s Internal Control Systems Con---d Auditor’s Concern • Control related to the reliability of Financial Statements • Controls over Classes of Transactions
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control (Appendix-1, Text Chp-10): • Control Environment-Whereincludes • Communication and enforcement of integrity and ethical values • Commitment to competence • Participation by those charged with governance • Mgt philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resource policies and practices
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 2. Entity’s Risk Assessment Process: Risk can arise or change due to following circumstances: • Changes in operating environments • New personnel • New or revamped information systems • Rapid growth and new technology • New business model, product or activities • Human resource policies and practices • Corporate restructuring and expanding • New accounting pronouncements.
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 3. Information systems including the related business process, relevant to financial reporting and communication The auditor determines- • Major class of transactions • Initiation of transaction • Accounting record exist • Transaction passes from initiation to completion • The nature and detail of financial reporting It to be documented by 1. Narrative or 2. Flow chart by Walkthrough test
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 4. Control Activities: It is pertinent to • Adequate separation of duties: Here includes- • Separation of custody of assets from accounting • Separation of authorization from custody of assets • Separation of operational responsibilities from record keeping responsibilities • Separation of IT duties from key users outside IT
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 4. Control Activities: It is pertinent to b. Proper authorization of transaction and duties c. Adequate documents and records: It should be: • Pre numbered • Timely preparation • Understandable • Designed for multiple use • Simple in form
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 4. Control Activities: It is pertinent to d. Physical control over assets and records and e. Independent check on performance
Understanding the Entity’s Internal Control Systems Con---d Components of Internal Control 5. Monitoring of Controls May consider internal audit functions
Identifying and Assessing the Risks of Material Misstatements The above function shall be done- • At the financial statement level as well as • At the assertion level for classes of transactions, account balances and disclosures It will provide a basis for designing and performing audit procedures
Assessment of Risks of Materials Misstatements at the Financial Statements level (A105 to A108) It refers to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. Actually this type of risk is highly related with fraud, mgt integrity, reliability etc. Example- Mgt’s lack of competency may have a more pervasive effect on the financial statements
Assessment of Risks of Materials Misstatements at the Assertion level Here Auditor uses the Management’s assertions regarding classes of transaction, account balances and disclosures. What is assertion: Assertion means representation of management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur. (also see Page-115, chp-6, Leobbecke)
Assessment of Risks of Materials Misstatements at the Assertion level Assertion about Classes of Transactions (A111) • Occurrence • Completeness • Accuracy • Cutoff • Classification Assertion about Account Balances at Period end (A111) • Existence • Right and obligations • Completeness • Valuation and allocation
Assessment of Risks of Materials Misstatements at the Assertion level Assertion about Presentation and Disclosures (A111) • Occurrence • Completeness • Classification and understandability • Accuracy and valuation
Process of Identifying Risks of Materials Misstatements Appendix-2 Appendix- 2 provides examples of conditions and events that may indicate the existence of risk of material misstatements The risk assessment determines the nature, timing and extent of further audit procedure to be performed.
Process of Identifying Risks of Materials Misstatements Appendix-2 • Operations in region that are economically unstable • Operation exposed to volatile markets • Going concern and liquidity issue • Loss of significant customer • Constraints on the availability of capital and credit • Changes in the industry • Changes in the supply chain • New product or market • Expanding into new location • Changes in the entity as acquisition, merger etc • Segment likely to be sold.
Appendix-2 • Existence of complex alliance and joint venture • Use of off balance sheet item and SPU • Significant transaction with related parties • Lack of appropriate personnel in required position • Changes of key personnel • Deficiency of internal control • Inconsistency in strategy • Changes of IT environment • Significant non routine transactions • Application of new accounting pronouncements • Accounting measurement that involves complex process • Involve accounting estimates, litigation, claim etc
Identifying and Assessing the Risks of Material Misstatements Con---d The whole process is as follows: Identify risks by the process as discussed Assess and evaluate the identified risks Relate the risks with assertions Consider the likelihood of misstatements
Special Consideration to Assess Significant Risks (A119 to A126): Whether the risk • is a risk of fraud • related to the recent significant economic, accounting and other developments • arise from the complexity of transactions • arise from related party transactions • arise for high degree of subjectivity and judgments • involves unusual transactions For significant risk auditor shall obtain understanding of the ICS of the entity including control activities relevant to that risk
Revision of Risk Assessment Auditor’s risk assessment may change during the course of audit for obtaining additional audit evidence. What shall auditor do- • Shall revise the assessment and • Modify further planned audit procedures
Documentation Audit documentation shall include: • The discussion among the engagement team • Key elements of understanding obtained from environment analysis and internal control systems • Identified and assessed risk of material misstatements • The risk identified and related control regarding significant risks