Risk assessment lies at the heart of every successful audit, serving as the foundation for a more targeted and efficient approach. it is not just about compliance; it is about sharpening the audit process to uncover potential risk ahead of the audit. However with the introduction of ISA315 (Revised), the landscape has evolved. The standard now demands a more deeper, more tailored understanding of each entity, making the process both more time-intensive and highly specific. Yet, this shift presents an opportunity for auditors to refund their strategy and deliver greater value through enhanced risk-focused insights.
In a practical environment ISA315R can get quite complex however to avoid getting overwhelmed Accounting Warriors has developed several structured steps you can follow to identify your entity specific risks.
As a starting point you will need to get an understanding of the macro environment in which your entity operates. This understanding can be aided by the PESTLE analysis as taught in the PGDA curriculum. This model can be applied as follows:
Political: Identifying the political environment will help identify risks pertaining to regulations and political policies that could impact the financial reporting of your entity.
Economy: The economic conditions directly impact a company's financial performance and strategy and therefore economic conditions will help identify risks pertaining to the direction of testing for account balances and transactions as well as potential going concern risks.
Social: The social environment direct impacts a company's reputation and therefore consumer demand. The social environment and the company's impact on it will help identify specific risks pertaining to going concern.
Technology: The technological environment directly affects the majority of industries and developments in technology could indicate risks in property, plant and equipment, intangible assets, inventory and going concern.
Legal: The legal environment will help identify risks pertaining to compliance and potential fines and penalties that could indicate increased going concern risk.
Environmental: With the introduction of sustainability reporting the environmental impact of a company will identify risks pertaining to going concern, reputation and specific financial provisions.
By applying the above model you will be able to easily identify inherent risks at financial statement level as well as link them to the 6 inherent risk indicators namely change, subjectivity, complexity, uncertainty and susceptibility to management bias due to fraud or error.
Through your assessment performed in the above model you will begin to form an expectation for specific account balances and transactions which will be used in your assessment of risk at an assertion level.
However, the first step to risk assessment at an assertion level is to determine a materiality level in order to assess the quantitative significant of account balances and transactions under assessment.
In terms of IAS315R all material account balances and transactions shall be assessed for risks at assertion level and therefore these balances should be your starting point. The steps to follow is as follows:
Identify your horizontal risk: This risk pertains to movement between the current and the prior year. It is used as the first indicator for your direction of testing namely over or under statement.
Link your horizontal risk to a specific industry condition: Generally horizontal movements can be explained by results from your PESTLE analysis and if this is the case a risk does not necessarily exists as movement would be "within expectations".
Determine your vertical risk: This risk pertains to relationships between the current financial account balances and transactions compared to the historical relationship trends. This is assessment consists out of 3 steps:
(i) Calculate the applicable ratio for your account balance / transaction such as debtors days for a historical period of 5 years.
(ii) Calculate the average ratio for the ratio's identified in (i).
(iii) Compare the average to the actual for your current period and assess the direction based on whether the actual is more / less than the average.
Lastly assess your account balance or transaction for any inherent risk factor that could potentially lead to a misstatement. However, this should always be entity specific and not a "blanked" risk.
Once your material balances has been assessed you need to assess whether you have an expectation that specific immaterial balances should in fact have material balances. If this is the case an understatement risk affecting the completeness assertion will need to be assessed.
It is important to note that during your assessment above you will also be required to select a level of risk between low, medium and high. This is usually determined by assessing the likelihood and magnitude as follows:
Likelihood: Based on the IFRS requirements for your account balance / transaction, management competence and past experience with the client what is the likelihood of an error
Magnitude: Based on the monetary value, materiality and whether the amount is actual cashflow how big will the impact be if there is an error identified.
By using the above metrics you will be able to assess your risk on the appropriate level. However it should be noted that it is required to assess your high risks for significant risks. This is usually performed by considering:
Is there a specific risk pertaining to this account balance or transaction which will have a specific significant impact on the financial statements.
Is a specific response required to address this risk
Would high risk performance materiality be sufficient to identify misstatements that could have a material impact on the users decisions regarding the financial statements.
Through applying the above Accounting Warrior tricks you can be sure that your next risk assessment will be ISA315R compliant and will be performed efficiently and effectively.
Accounting Warriors.
Comments