SA 315 deals with the responsibility of auditor in identifying and assessing the risk of material misstatement through understanding the entity and its environment
SA 315 is effective for audits of financial statements for the period beginning on or after April 1, 2008.
The objective of the auditor is to identify and assess the risk of material misstatement in an entity’s financial statement and implement appropriate responses (Refer SA 330) & procedures which will reduce such risk to an acceptably low level.
“Representations by the management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur”
“A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and excludes strategies, or from the settling of inappropriate objectives”
“An identified or assessed risk of material misstatements that, in the auditor’s judgment requires special audit consideration”
The auditor should obtain an understanding of the following:
The auditor should understand the relevant internal control for the audit. Professional judgment is to be applied by the auditor to identify such relevant controls (individually or combined):
The auditor should obtain an understanding of whether the entity has a process of:
When understanding the entity’s risk assessment process, if the auditor identifies any new risk then it has to be evaluated whether there was an underlying risk of a kind that would have been identified by the entity’s risk assessment process. If there is such a risk, then the reason for the non-identification by risk assessment process should be understood and evaluate the process is appropriate or determine if there is a significant deficiency in internal control.
If there is no such process, the auditor has to discuss with the management whether business risk relevant to financial reporting objectives have been identified and addressed. Auditor has to evaluate whether an absence of a documented risk assessment process is appropriate or determine whether it represents a significant deficiency in internal control.
Auditor to obtain an understanding of how the entity communicates financial reporting roles & responsibilities including:
Auditor to understand the control activities relevant to the audit through which the risk at the assertion level can be assessed and design further audit procedures responsive to assessed risk. Only those control activities related to the significant class of transactions, account balance and disclosure in the financial statements relevant to the assessed risk:
In order to provide a basis for designing and performing further audit procedures, the auditor has to identify and assess the risk of material misstatement at:
In Auditor’s opinion, if any of the identified risks is a significant risk, the auditor has to obtain an understanding of the entity’s control, including control activities relevant to that risk. Following are to be considered to identify a risk as significant:
During an audit, if the auditor obtains additional audit evidence or new information which changes the level of risk assessed then auditor should revise the assessment and modify the further planned audit procedures accordingly