Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 2

Understanding the Entity and Its Environment

The standard requires an auditor to obtain an understanding of these issues that are applicable to each engagement:

• Industry, regulatory, and other factors, including management’s selection of the applicable financial reporting framework.
• The organization, nature and operation of the entity, including:
• Operations process.
• The ownership structure and design of its governance body.
• The nature of investments that the entity has made or makes, including those in which the entity has significant influence or it uses to accomplish other objectives..
• The management and operational structures of the entity.
• Sources of financing used by the entity.
• An understanding of the entity’s transactions, account balances, and financial statement disclosures.
• The appropriateness of the entity's selection of an applicable financial reporting framework, the application of accounting policies within the framework and any changes made in the financial statements presented currently.
• Risks of material misstatement that may result from the entity’s operations, strategies and business.
• The entity's financial performance, including potential threats to its operation as a going concern.

Practical Issues

AU-C 315 provides the framework for these practical issues:

·        The purpose of obtaining an understanding of the entity and its environment, including its internal control, is to identify and assess risks of material misstatement and to design and perform procedures that respond to such risks.

·        Risk assessment procedures include inquiries of management and client personnel, observation and inspection procedures and various analytical procedures.

·        The auditor is required to obtain a sufficient understanding of the five elements of internal control to evaluate their design and operation.

·        Substantive procedures must be performed for significant risks.

·        Tests of controls are required only when other substantive procedures alone are not sufficient to test financial statement assertions, such as the completeness assertion for revenues.

For smaller audit engagements, understanding the entity and its environment may be achieved by obtaining appropriate substantive evidence and preparing this minimum documentation:

1. Completing an appropriately designed Client Acceptance and Continuance Form to provide a basic understanding of the client’s business, industry and environment.
2. Reading, analyzing and documenting significant transactions in the general ledger account activity for support tests, unusual transactions, general journal entries, errors, etc. (a multi-column spreadsheet is usually most efficient for this purpose).
3.  Preparing financial reporting and internal control systems flowcharts for major transaction cycles.
4. Documenting the auditor’s systems walk-through procedures for major transactions cycles (usually sales and collections, payments and acquisitions and payroll).
5. Preparing a Planning Document summarizing all engagement risk assessment and planning procedures, along with planned audit strategies and plans.

 The next article will discuss requirements in AU-C 315 for understanding an entity’s internal control.

More Information

These eBook resources, without CPE credit, can be obtained from my website:

• Small Audits Made Easy and Profitable
• Performing Auditing Tests of Balances Procedures
• Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
• Key Accounting Issues for Non-Profit Organizations
• A Practical Potpourri of Time Savings on Audits
• The Financial Reporting Framework for Small- and Medium-Sized Entities