Bangladesh Standard on Auditing- 315

Bangladesh Standard on Auditing- 315

Identifying and Assessing the Risk of Material Misstatement

through Understanding the Entity and Its Environment

1

Scope of this BSA and ObjectiveIt deals with the auditors responsibilities-•To identify and assess the risk of material

misstatements Through •Understanding the entity •Its environment and •Entity’s internal control systems

Above scope helps the auditor by providing a basis for designing and implementing response to the

assessed risk of material misstatements.

2

Risk Assessment Procedures and Related Activities

Inquiries with Management

(A6)

Analytical Procedur

e (A7)

Observation and Inspection (A11)

It includes the following

3

Risk Assessment Procedures and Related Activities- Con---dHere Auditor shall also consider-

•The information gathered at the time of client acceptance or continuance process

•The information gathered by virtue of other engagement activities (Say Tax services) of the same entity

•Changes happened from previous audit if it is recurring audit

•Discussion among the engagement team (A14)

4

What is Risk Assessment Procedures:

The procedure performed to obtain an understanding of the entity and its environment, including the entity’s

internal control systems

To identify and assess the risks of material misstatements whether due to fraud or

error

At Financial Statements levels and Assertion levels

5

Understanding of the EntityThe Entity and its Environment

Following understanding shall require:a) Relevant industry, regulatory and other

external factors including applicable financial reporting framework

b) The nature of the entity where includes- Its operation Ownership and governance structure Type of investments Its structure and financing mode

6

Understanding of the Entity Con----d

The Entity and its Environment

c) Adopted accounting policies of entity (A28)

d) Entity’s objectives and strategies, mission, vision and goal etc. (A29 to A35)

e) Measurement and review of financial performance (A38 )

7

The Entity and Its Environments a) Industry, Regulatory and other External

Factors:

Industry Factors Include: Industry condition i.e competitive

environments, demand, supply, price, capacity etc

Suppliers and customer relationships Technological developments Cyclical or seasonal activities Energy supply and cost

8

The Entity and Its Environments Con----dRegulatory Factors include: Regulatory environments Applicable financial reporting

framework Legal and political environments Accounting principles and industry

specific practices Taxation Govt. policies (monetary, fiscal, financial

incentives, tariff restrictions etc) Environmental requirements

9

The Entity and Its Environments Con----dOther External Factors include:General economic conditionInterest rateAvailability of financing Inflationary trendsCurrency devaluation and Any other factor seems relevant to the

auditor.

10

The Entity and Its Environments Con----db) Nature of the Entity (A23): Here need to consider-Nature of revenue source, product or service

and market and involvement of technologyConduct of operation Alliance, joint venture, and outsourcing

activitiesGeographic dispersion and segmentationLocation of production facilities, warehouse,

officeKey customers, suppliers Employment arrangementsR&D activities Related party transactions

11

The Entity and Its Environments Con----db) Nature of the Entity (A23): Investment and investment activitiesFinancing and financing related activitiesFinancial reporting such as-

Accounting principles and industry practiceRevenue recognition practicesAccounting of fair valueForeign currency assets, liabilities and

transactionsAccounting for unusual and complex

transactions

12

Understanding of the Entity Con----d

Understanding the Entity’s Internal Control Systems

Components of Internal Control Systems:

1. Control environment2. The entity’s risk assessment process3. Control activities relevant to the audit4. Information and communications and 5. Monitoring of controls

13

Understanding the Entity’s Internal Control Systems

What is ICS?ICS is a set of interrelated activities which

consists of policies and procedures to provide management with reasonable assurance that the company achieve its objectives and goals. These policies and procedures are often called controls and collectively they comprise the entity’s internal control

Auditor must obtain an understanding of internal control systems and gathered related evidence to support that assessment.

14

Understanding the Entity’s Internal Control Systems Con---d

Purpose of Internal Control (A44):

It is designed, implemented and maintained to address identified business risks that threaten the achievement of the following concern:1. reliability of entity’s financial statements2. effectiveness and efficiency of business operation and 3. compliance with the applicable laws and regulations.

15

Understanding the Entity’s Internal Control Systems Con---d

Limitation of Internal Control (A46):

1. Inherent limitation for weak designing and implementing

2. Management override control by collusion

3. Lack of understanding and commitment

16

Understanding the Entity’s Internal Control Systems Con---d

Auditor’s Concern

1. Control related to the reliability of Financial Statements

2. Controls over Classes of Transactions

17

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control (Appendix-1, Text Chp-10):

1. Control Environment-Where includes Communication and enforcement of

integrity and ethical values Commitment to competence Participation by those charged with

governance Mgt philosophy and operating style Organizational structure Assignment of authority and responsibility Human resource policies and practices

18

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control2. Entity’s Risk Assessment Process: Risk can arise or change due to following

circumstances: Changes in operating environments New personnel New or revamped information systems Rapid growth and new technology New business model, product or activities Human resource policies and practices Corporate restructuring and expanding New accounting pronouncements.

19

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control3. Information systems including the

related business process, relevant to financial reporting and communication

The auditor determines-a. Major class of transactionsb. Initiation of transactionc. Accounting record exist d. Transaction passes from initiation to completione. The nature and detail of financial reporting It to be documented by1. Narrative or 2. Flow chart by Walkthrough test

20

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control4. Control Activities: It is pertinent toa) Adequate separation of duties: Here includes- Separation of custody of assets from

accounting Separation of authorization from custody

of assets Separation of operational responsibilities

from record keeping responsibilities Separation of IT duties from key users

outside IT

21

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control4. Control Activities: It is pertinent to

b. Proper authorization of transaction and dutiesc. Adequate documents and records: It should be:

• Pre numbered• Timely preparation• Understandable• Designed for multiple use• Simple in form

22

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control4. Control Activities: It is pertinent to

d. Physical control over assets and records and

e. Independent check on performance

23

Understanding the Entity’s Internal Control Systems Con---d

Components of Internal Control

5. Monitoring of Controls

May consider internal audit functions

24

Identifying and Assessing the Risks of Material MisstatementsThe above function shall be done-1. At the financial statement level as well

as

2. At the assertion level for classes of transactions, account balances and disclosures

It will provide a basis for designing and performing audit procedures

25

Assessment of Risks of Materials Misstatements at the Financial Statements level (A105 to A108)It refers to risks that relate pervasively to

the financial statements as a whole and potentially affect many assertions.

Actually this type of risk is highly related with fraud, mgt integrity, reliability etc.

Example- Mgt’s lack of competency may have a more pervasive effect on the financial statements

26

Assessment of Risks of Materials Misstatements at the Assertion levelHere Auditor uses the Management’s

assertions regarding classes of transaction, account balances and disclosures.

What is assertion: Assertion means representation of

management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur. (also see Page-115, chp-6, Leobbecke)

27

Assessment of Risks of Materials Misstatements at the Assertion levelAssertion about Classes of Transactions

(A111)OccurrenceCompletenessAccuracyCutoffClassificationAssertion about Account Balances at Period

end (A111)ExistenceRight and obligationsCompletenessValuation and allocation

28

Assessment of Risks of Materials Misstatements at the Assertion levelAssertion about Presentation and Disclosures

(A111)OccurrenceCompletenessClassification and understandabilityAccuracy and valuation

29

Process of Identifying Risks of Materials Misstatements

Appendix-2

Appendix- 2 provides examples of conditions and events that may indicate

the existence of risk of material misstatements

The risk assessment determines the nature, timing and extent of further audit procedure to be performed.

30

Process of Identifying Risks of Materials Misstatements

Appendix-2Operations in region that are economically

unstableOperation exposed to volatile marketsGoing concern and liquidity issueLoss of significant customerConstraints on the availability of capital and

creditChanges in the industryChanges in the supply chainNew product or marketExpanding into new locationChanges in the entity as acquisition, merger

etcSegment likely to be sold.

31

Appendix-2Existence of complex alliance and joint ventureUse of off balance sheet item and SPUSignificant transaction with related partiesLack of appropriate personnel in required

positionChanges of key personnelDeficiency of internal controlInconsistency in strategyChanges of IT environmentSignificant non routine transactionsApplication of new accounting

pronouncementsAccounting measurement that involves

complex processInvolve accounting estimates, litigation, claim

etc

32

Identifying and Assessing the Risks of Material Misstatements Con---d

The whole process is as follows:

Identify risks by

the process as discussed

Assess and

evaluate the

identified risks

Relate the risks with assertions

Consider the likelihood of

misstatemen

ts

33

Special Consideration to Assess Significant Risks (A119 to A126):Whether the risk 1. is a risk of fraud2. related to the recent significant

economic, accounting and other developments

3. arise from the complexity of transactions4. arise from related party transactions5. arise for high degree of subjectivity and

judgments6. involves unusual transactionsFor significant risk auditor shall obtain understanding of

the ICS of the entity including control activities relevant to that risk

34

Revision of Risk AssessmentAuditor’s risk assessment may change

during the course of audit for obtaining additional audit evidence.

What shall auditor do- Shall revise the assessment and Modify further planned audit procedures

35

DocumentationAudit documentation shall include:a. The discussion among the engagement team

b. Key elements of understanding obtained from environment analysis and internal control systems

c. Identified and assessed risk of material misstatements

d. The risk identified and related control regarding significant risks

36

Thanks every one.

37