Importance of risk assessment as required in auditing standard

, Last updated: 31 May 2019
Share

Developments in business, regulation, corporate governance and user expectations drive change in auditing standards and methodologies, as do changes to the content of financial statements. Auditing standards have developed in two ways to tackle uncertainty attaching to financial statements and the range of possible outcomes they reflect. Firstly, there is the increasing focus on audit risk, so that more work is done during audit planning to assess those areas that require most attention. Secondly, auditing standard setters have developed new auditing standards and provided more detailed guidance on specific aspects of financial reporting. The importance of risk assessment in the auditing cannot be underestimated in the auditing of financial statement.

Following are the auditing standards, the documentation requirements and the documents which are needed to be maintained to comply with the Auditing Standard.

General Principals and responsibilities of Auditor

Auditing Standard	Documentation Requirement	Templates (which can be used)
SA 240 – The Auditor’s responsibilities relating to Fraud in an Audit of Financial Statements	Identified and assessed risk of material misstatement due to fraud at financial statement level & assertion level Audit procedure applied on identification of fraud risk Decision reached on performance of the audit procedures and the discussion with the engagement team Communication of fraud to management / Those Charged with Governance If revenue recognition is not subjected to fraud, the reason for the sam	Risk assessment template / Fraud risk assessment template
SA 250 – Considerations of Laws and Regulations in an Audit of Financial Statements	Details of the suspected non-compliance Minutes of discussion with management regarding non-compliance	Risk assessment template Minutes of meeting with management
SA 260 – Communication with Those Charged With Governance	Includes all the matters as discussed in the individual Auditing Standard	All the minutes of meeting with management
SA 265 – Communicating Deficiencies in Internal Control to Those Charged with Governance & Management	Communicating through writing / minutes of meeting in fulfilling the overall responsibilities Impact of the deficiencies in the financial statement. Impact on the legal or regulatory requirements regarding specific type of deficiencies	Minutes of meeting with management Final observation sheet Note: Documents to be used for reporting of “Key Audit Matters” as per SA 701

Risk assessment and response to assessed risk

Auditing Standard	Documentation Requirement	Templates (which can be used)
SA 300 Planning an Audit of Financial Statement	Overall scope, timing and Conduct of audit Audit plan containing the risk assessment procedure / Standard audit program Any significant changes made to the overall audit strategy or the audit plan	Audit planning document Risk assessment template
SA 315 Identifying and Assessing the risks of material misstatement through understanding the entity & its environment	Significant decisions taken during the discussion with engagement team Risk assessment at the financial statement level & assertion level and the audit procedure performed Note: Depending on the complexity of the audit, documentation requirement of SA 300 & SA 315 can be combined	Audit planning document Risk assessment template Note: Documents to be used for reporting of “Key Audit Matters” as per SA 701
SA 320 Materiality in Planning & Performing an Audit	Materiality of financial statement as a whole Materiality levels for particular classes of transactions, account balance or disclosures Performance materiality based on the risk of material misstatement	Materiality template Note: Documents to be used for reporting of “Key Audit Matters” as per SA 701
SA 330 The Auditor’s response to Assessed Risk	Audit procedures adopted to address the risk Linking of procedures with the risk identified at the assertion level Results of audit procedure including the conclusions where these are otherwise not clear.	Risk assessment template
SA 402 Audit considerations Relating to an Entity Using a Service Organization	Obtaining understanding of service provided by service organization Responding to the assessed risk of material misstatement	Risk assessment template
SA 450 Evaluation of misstatements Identified during the Audit	The amount below which misstatements would be regarded as clearly trivial All misstatements accumulated during the audit and whether they have been corrected Conclusion whether uncorrected misstatements are material	Materiality template Final observation sheet with management comments

Audit Evidence

Auditing Standard	Documentation Requirement	Templates (which can be used)
SA 505 External Confirmations	Details of external confirmation sent & received Reconciliation of confirmation with books of accounts	Template for external confirmation
SA 570 (Revised) Going Concern	Risk assessment procedure Additional audit procedure when events / conditions are identified	Risk assessment template
SA 600 Using work of Another Auditor SA 610 (Revised) Using work of Internal Auditors SA 620 Using work of an Auditor’s expert	Conclusion regarding adequacy of work and reliance Audit procedure performed by external auditor	Details of observation and audit procedure followed Observations can be included in Risk assessment template

Risk Assessment Template

The risk assessment template consists of:

The audit areas and the assertions to be evaluated
For each audit area, the risk has to be assessed and record the risk (high, medium or low)
Risk which can be categorized into inherent risk, analytical risk and control risks

Inherent risk = misstatement assuming that there are no related internal control

Analytical risk = Analytical procedure adopted as substantive procedure fail to detect material misstatement

Control risk = The risk cannot be prevented, detected and corrected on timely basis by entity’s internal control.

After analyzing the risk, the audit approach / audit program to mitigate the risk has to be stated (The risk and procedure has to be specified in reporting Key Audit Matters as per SA 701 – Communicating Key Audit Matters in Independent Auditor’s report).

Format of risk assessment template

Audit area / Assertions	Inherent risk	Analytical risk	Control risk	Sample taken	Audit procedure
Property, Plant & Equipment
Existence
Rights & obligation
Completeness
Valuation & Allocation
Classification

The risk assessment can be done based on the “Risk Control matrix” prepared by the management as per S.134 and Rule 8(5)(vii) of Companies Act, 2013. The Risk Control Matrix would be generally prepared in the following format. However, it may differ as per the nature and size of the company. Risk assessment would be done by testing of controls for each assertion level.

Format of Risk Control Matrix

Process / sub-process

Risk description

Key controls

Control No.

Manual/ automatic/ semi-automatic

Operational / financial/ compliance

Property, Plant & Equipment

Capitalization accounting & process

The process of capitalization may not be adequate for different categories of fixed asset

a. Building will be capitalized on receipts of completion/possession certificate from the departments concerned

b. Equipment will similarly be capitalized on receipt of commissioning/ completion certificate from the departments concerned.

c. Furniture, office equipment and vehicles will be capitalized on receipt of certificates for the assets having been put to use.

C_FA_01

Semi-automatic

Operational & financial

The author has helped many service and manufacturing organizations in risk analysis and risk assessment by checking the design and operating effectiveness of the controls. She can be contacted at amritac80@gmail.com

Published by

CA Amrita Chattopadhyay
(Audit & Assurance)
Category Audit Report

Importance of risk assessment as required in auditing standard

Related Articles

Popular Articles

Trending Online Classes

Browse by Category