Risk Assessment Procedures & Sources of Information

<< Business Operations

Measurement and Review of the Entityâ€™s Financial Performance >>

Fundamentals of Auditing ACC 311

Lesson 13

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT

RECAP

Sources of Obtaining Understanding

Auditor obtains an understanding of the entity and environment, including its internal control through:

1. Risk assessment procedures and sources of information about the entity and its environment

including its internal control.

2. Understanding the entity and its environment, including its internal control.

3. Assessing the risk of material misstatement.

4. Communicating with those charged with governance and management.

5. Documentation

Risk Assessment Procedures & Sources of Information

Risk assessment procedures to obtain an understanding

a) Inquiries directed towards:

· Those charged with governance

· Internal audit personnel

· Middle management (employees)

· Legal counsel

· Marketing or sales personnel

b) Analytical procedures

· Financial

· Non financial

c) Observation and inspection of:

· Observations of Activities and operations

· Inspection of Documents and records

· Reading Management reports

· Visit to premises and plant facilities

Understanding the Entity and Its Environment, Including Its Internal Control

The auditor's understanding of the entity and its environment consists of an understanding of the following

aspects:

a) External Factors:

· Industry conditions

· Regulatory environment

· Macro economic level factors

b) Nature of the entity:

· Business operations

· Investments

· Financing

· Financial reporting

c) Objectives and strategies and the related business risks

· Potential related business risk at existence of objective:

a) Industry developments

b) New products and services

c) Expansion of the business

d) New accounting requirements

e) Regulatory requirements

f) Current and prospective financing requirements

g) Use of IT

· Potential related business risk at implementing a strategies:

a) Effects leading to new accounting requirements

Fundamentals of Auditing ACC 311

d) Measurement and review of the entity's financial performance.

e) Internal control.

Understanding the Entity and Its Environment, including Its Internal Control

The auditor's understanding of the entity and its environment consists of an understanding of the

following aspects:

(a)

Industry, regulatory, and other external factors, including the applicable financial reporting

framework (like; insurance companies, leasing companies, banking companies, textile

industry etc.).

(b)

Nature of the entity, including the entity's selection and application of accounting policies

(like; sugar, textile, hotel, tourism, services, etc.).

(c)

Objectives and strategies and the related business risks that may result in a material

misstatement of the financial statements (like; growth maximization, cost effectiveness,

quality leadership, downsizing, etc.).

(d)

Measurement and review of the entity's financial performance.

(e)

Internal control.

Objectives and Strategies and Related Business Risks

The auditor should obtain an understanding of the entity's objectives and strategies and the related

business risks that may result in material misstatement of the financial statements.

Business Risk is the risk that objectives and strategies would not be met

Examples of matters an auditor may consider include the following:

· Existence of objectives with reference to:

Industry developments (a potential related business risk might be, for example,

that the entity does not have the personnel or expertise to deal with the changes

like technological changes in the industry).

New products and services (a potential related business risk might be, for example,

that there is increased product liability).

Expansion of the business (a potential related business risk might be, for example,

that the demand has not been accurately estimated).

New accounting requirements (a potential related business risk might be, for

example, incomplete or improper implementation, or increased costs).

Regulatory requirements (a potential related business risk might be, for example

that there is increased legal exposure).

Current and prospective financing requirements (a potential related business risk

might be, for example, the loss of financing due to the entity's inability to meet

requirements).

Use of IT (a potential related business risk might be, for example, that systems and

processes are incompatible).

· Effects of implementing a strategy, particularly any effects that will lead to new accounting

requirements (a potential related business risk might be, for example, incomplete or

improper implementation)

The auditor should keep in mind that business risk is broader than the risk of material misstatement.

Business risks, at times, do not cause any misstatement in the financial statements but affect the going

concern.

Conditions and events that may indicate risks of material misstatements are as follows:

The following are examples of conditions and events that may indicate the existence of risks of material

misstatement. The examples provided cover a broad range of conditions and events; however, not all

conditions and events are relevant to every audit engagement and the list of examples is not necessarily

complete.

· Operations in regions that are economically unstable, for example, countries with significant

currency devaluation or highly inflationary economies.

· Operations exposed to volatile markets, for example, futures trading.

· High degree of complex regulation.

· Going concern and liquidity issues including loss of significant customers.

· Constraints on the availability of capital and credit.

Fundamentals of Auditing ACC 311

Changes in the industry in which the entity operates.

Changes in the supply chain.

Developing or offering new products or services, or moving into new lines of business.

Expanding into new locations.

Changes in the entity such as large acquisitions or reorganizations or other unusual events.

Entities or business segments likely to be sold.

Complex alliances and joint ventures.

Use of off-balance-sheet finance, special-purpose entities, and other complex financing

arrangements.

Significant transactions with related parties.

Lack of personnel with appropriate accounting and financial reporting skills.

Changes in key personnel including departure of key executive.

Weaknesses in internal control, especially those not addressed by management.

Inconsistencies between the entity's IT strategy and its business strategies.

Changes in the IT environment.

Installation of significant new IT systems related to financial reporting.

Inquiries into the entity's operations or financial results by regulatory or government bodies.

Past misstatements, history of errors or a significant amount of adjustments at period end.

Significant amount of non-routine or non-systematic transactions including inter-company

transactions and large revenue transactions at period end.

Transactions that are recorded based on management's intent, for example, debt refinancing, assets

to be sold and classification of marketable securities.

Application of new accounting pronouncements.

Accounting measurements that involve complex processes.

Events or transactions that involve significant measurement uncertainty, including accounting

estimates.

Pending litigation and contingent liabilities for example, sales warranties, financial guarantees and

environmental remediation.

Table of Contents: