PSA315
PSA315
PSA315
PSA 315: IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
Objective:
Identify and assess risks of material misstatement, whether due to fraud or error, at the financial
statement and assertion levels, through understanding the entity and its environment, including the
entity’s internal control, thereby providing a basis for designing and implementing responses to the
assessed risks of material misstatement.
Definitions:
Requirements
(c) The entity’s selection and application of accounting policies, including the reasons for changes
thereto.
(d) The entity’s objectives and strategies, and those related business risks that may result in risks of
material misstatement.
(e) The measurement and review of the entity’s financial performance.
1. Control Environment
Sets the tone of an organization, influencing the control consciousness of its people
The existence of a satisfactory control environment can be a positive factor when the auditor
assesses the risks of material misstatements. However, it is NOT an ABSOLUTE deterrent to
fraud.
Elements of Control Environment:
a. Commitment to competence
b. Human resource policies and practices
c. Organizational structure
d. Participation by those charged with governance
e. Philosophy and management style
f. Ethical values and integrity
g. Responsibility and authority assignment
Risk Assessment Process
Information System
Monitoring of Controls
Process to assess the effectiveness of controls on a timely basis and taking necessary remedial
actions
Includes considering whether controls are operating as intended and that they are modified as
appropriate for changes in conditions
Management’s monitoring activities may include using information from communications from
external parties such as customer complaints and regulator comments that may indicate
problems or highlight areas in need of improvement.
Policies and procedures that help ensure that management directives are carried out, includes:
Authorization
Performance reviews
Information processing
Application controls
- Apply to the processing of individual applications
General IT controls
- Relate to many applications and support the effective functioning of
application controls
Physical controls
Segregation of duties
Control activities that are relevant to the audit are:
Those that are required to be treated as such, being control activities that relate to
significant risks and those that relate to risks for which substantive procedures alone do
not provide sufficient appropriate audit evidence, as required by paragraphs 29 and 30,
respectively; or
Those that are considered to be relevant in the judgment of the auditor.
Identifying and Assessing the Risks of Material Misstatements
- Identify and assess the risks of material misstatement at:
a. The financial statement level - risks of material misstatement at the financial statement level refer to
risks that relate pervasively to the financial statements as a whole and potentially affect many
assertions; may derive in particular from a weak control environment
b. The assertion level for classes of transactions account balances, and disclosures - directly assists in
determining the nature, timing, and extent of further audit procedures at the assertion level necessary
to obtain sufficient appropriate audit evidence.
In determining risks are significant risks, the auditor shall consider at least the following:
a. Discussion among the engagement team, and the significant decisions reached;
b. Key elements of the understanding obtained regarding each of the aspects of the entity and its
environment, internal control components, the sources of information from which understanding was
obtained; and the risk assessment procedures performed;
c. Identified and assessed risks of material misstatement at the financial statement level and at the
assertion level
d. Risks identified, and related controls about which the auditor has obtained an understanding