What is Risk Assessment In Audit? How To Perform the Assessment

The auditor’s risk assessment procedures should be performed enough to provide a reasonable basis for identifying and assessing the risk of material misstatement at the financial statements and assertion level, whether due to fraud and error.

ISA 315 outlines the procedures that the auditor should follow to obtain an understanding enough to assess audit risk, and these risks must be considered in the audit plan.

Performing Risk Assessment in the Audit

Risks of material misstatement will arise from various sources, which incorporate external factors, which incorporate things inside the company’s enterprise and surroundings, and company-specific components, which incorporate the character of the corporate, its activities, and control over financial coverage.

Thus, the audit procedures that are essential to become aware of and correctly confirm the risks of material misstatement consist of consideration of every external factor and company-specific factors. ISA 315 goes on to become alert to the subsequent risk assessment procedures:

  • Auditors need to have discussions with the client’s management just about its targets and expectations, and its plans for achieving those goals. The auditor shall consider whether information received from the auditor’s client reputation or continuance method is applicable to distinguishing risks of material misstatement. Inquiries of management, applicable people inside the internal audit function, others inside the entity, within the auditor’s professional judgment, can also have the knowledge this is often presumed to help in distinguishing risks of material misstatement due to fraud or error.
  • If the engagement partner has completed different engagements for the entity, the engagement partner shall consider whether information received has relevancy to distinguishing risks of material misstatement.
  • Wherever the auditor intends to use information obtained from the auditor’s previous expertise with the entity and from audit procedures performed in previous audits, the auditor shall decide whether or not modifications have passed off since the previous audit that will additionally have an effect on its connectedness to the present audit.
  • The engagement partner and completely different engagement team members shall discuss the status of the entity’s financial statements to material misstatement, and therefore the application of the relevant financial reporting framework to the entity’s facts and circumstances. The engagement partner shall decide which matters are to be communicated to engagement team members not involved inside the discussion.
  • Analytical procedures performed as risk assessment procedures should facilitate the auditor in identifying unusual transactions. They may identify aspects of the entity that the auditor was unaware of and may help in assessing the risks of material misstatement to supply a basis for planning and implementing responses to the assessed risks. The auditor should perform the analytical procedure that is designed to reinforce the auditor’s understanding of the client’s business and the important transactions and events that have occurred since the previous year-end and determine areas that may represent risks relevant to the audit. In applying analytical procedures as risk assessment procedures, the auditor should perform analytical procedures with the target of distinguishing unusual transactions, which may indicate a material misstatement. Once the auditor has reviewed the interim financial report, the analytical procedure applied in that review should be considered in planning and implementing risk assessment procedures.
  • Observation and inspection may give records concerning the entity and its surroundings. Examples of such audit techniques will cover a large area, like a remark or examination of the entity’s operations, documents, and reports organized by the method of management.
Related article  Internal Audit Confidentiality - What Is It? & Why Is It Importance?

The auditor should obtain an understanding of the information system, as well as the connected business processes, applicable to financial coverage, such as:

  • The classes of transactions inside the company’s operations that are important to the financial statements; The procedures, inside each machine-driven and manual systems, by that those transactions are initiated, authorized, processed, recorded, and reported;
  • The related accounting records, supporting facts, and accounts in the financial statements which could be used to initiate, authorize, process, and record transactions;
  • The information system and its way of capturing events and conditions, except transactions, that are important to the financial statements; and the period-end financial reporting method.
  • The auditor should additionally acquire an understanding of how information technology affects the company’s flow of transactions.

ISA 315 needs that the risk assessment procedure comprises a combination of the above procedures and the standard. The engagement partner and other key engagement team members should discuss the status of the entity’s financial statements to material misstatement.