Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 4

AU-C 315 on Risk Assessment:

The following requirements are paraphrased from AU-C 315 for identifying and assessing the risks of material misstatement (RMM) as a basis for designing audit responses:

• RMM should be identified at the financial statement level and the relevant assertion level for classes of transactions, account balances, and disclosures.
• RMM should be identified when obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks.
• The identified risks should be evaluated to determine if they relate to the financial statements as a whole and if they may affect many assertions.
• The identified risks, and the potential for errors or fraud, should be evaluated at the relevant assertion level, considering any internal controls for which the auditor may gather substantive evidence.
• After considering the likelihood of misstatements, the magnitude of the misstatements should be considered to determine appropriate responses.

 Practically What Auditors Need to Know about a Client’s Internal Control

• Identifying the risks of material misstatements at the financial statement level and at the assertion level for relevant assertions in significant account classifications. Relevant assertions synthesized from AU-C 315 are:

o       Completeness

o       Occurrence and cutoff

o       Valuation and accuracy

o       Existence

o       Rights

o       Obligations

o       Disclosure and presentation

• Identifying the controls that mitigate the RMM and determining design and implementation of the controls.
• Using this understanding to assess and document control risk.
• Determining reductions in substantive tests of balances that can be achieved by relying on internal controls, i.e., by performing tests of controls or systems walk-through procedures.

In this process, auditors need to understand the client’s financial reporting system and the significance of key or entity-level controls. The financial reporting system understanding includes:

• The flow of information through significant transactions cycles that affect material financial statement classifications:

o       Sales and collections—cash, accounts receivable, sales

o       Payments and acquisitions—cash, accounts payable, purchases, fixed assets, expenses

o       Payroll—salaries and wages, payroll expense, payroll withholdings and accruals

• Understanding other transactions cycles such as inventory and warehousing, fixed assets and long-term debt may be necessary for larger entities.
• The flow of information that includes data, documents, source records and journals, accounting system procedures and internal control activities.

In addition, auditors are required to document their understanding of an audit client’s IT system, accounting records and supporting information, as well as significant general ledger account activity. Analyzing the general ledger, performing system’s walk-through procedures, and preparing efficient internal control documentation may satisfy the requirements in AU-C 315 to understand a small- or medium-sized audit client’s business and environment.

  

Practical Risk Assessment Procedures that Satisfy the Requirements of AU-C 315

Risk assessment procedures normally include all engagement activities from the planning phase up to the development of the audit plan or detailed audit program. Below is an outline of common risk assessment procedures and related documentation.

1. Creating and documenting client acceptance or continuance decisions.
2. Reviewing prior year audit documentation; considering findings and conclusions; adjusting journal entries and uncorrected audit differences; and assessing their impact on the current year’s risk assessment.
3. Reading the current year’s general ledger activity and preparing a spreadsheet or memo documenting parameters and findings.
4. Performing and documenting other preliminary analytical procedures such as comparing the current year’s unadjusted account balances with prior year adjusted balances.
5. Preparing flowcharts or memos documenting the client’s accounting and internal control systems and the performance of systems walk-through procedures for major transactions cycles.
6. Calculating tolerable misstatement (performance materiality) by financial statement classification based on risk.
7. Completing applicable practice aids and other documentation according to CPA firm policy.
8. Preparing a linking working paper combining risk of misstatements due to error and fraud to determine the level of risk of material misstatement for relevant assertions in material financial statement classifications.
9. Designing a detailed audit plan/program that links significant risks with appropriate procedures, i.e., tests of controls, systems walk-through procedures, analytical procedures and/or detailed tests of balances.

 AU-C 315 makes it clear that all risk assessment procedures produce substantive evidence that, when considered along with evidence from other auditing procedures, enables the auditor to evaluate relevant assertions. When considering the evidence necessary to decrease detection risk to an acceptably low level, obtaining evidence from the performance of risk assessment procedures will reduce the evidence required from other auditing procedures. This is a basic principle underpinning increased efficiency on all audits.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :

• Small Audits Made Easy and Profitable
• Performing Auditing Tests of Balances Procedures
• Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
• Key Accounting Issues for Non-Profit Organizations
• A Practical Potpourri of Time Savings on Audits
• The Financial Reporting Framework for Small- and Medium-Sized Entities