A0aa. Assertions that the auditor may use in addressing the requirements of this ISA are further described in paragraph A121c.

Transcription

1 Agenda Item 3-B ISA 315 (Revised), 1 Identifying and Assessing the Risks f Material Misstatement thrugh Understanding the Entity and Its Envirnment Applicatin and Other Explanatry Material Prpsed changes Definitins Assertins (Ref: Para. 4(aa)) A0a. Representatins by management with respect t the recgnitin, measurement, presentatin and disclsure f infrmatin in the financial statements f classes f transactins, accunt balances and disclsures differ frm written representatins prvided t the auditr by management, as required by ISA 580, 2 t cnfirm certain matters r supprt ther audit evidence. A0aa. Assertins that the auditr may use in addressing the requirements f this ISA are further described in paragraph A121c. Cntrls (Ref: Para. 4(ca)) A0b. Plicies are implemented thrugh the actins f persnnel within the entity, r thrugh their restraint frm taking actins that wuld cnflict with such plicies. A0c. Prcedures may be mandated, thrugh frmal dcumentatin r ther cmmunicatin by management r thse charged with gvernance, r may result frm behavirs that are nt mandated but are rather cnditined by the entity s culture. Prcedures may be enfrced thrugh the actins permitted by the IT applicatins used by the entity r ther aspects f the entity s IT envirnment. Inherent Risk Factrs (Ref: Para. 4(cb)) A0d. Inherent risk factrs may be qualitative r quantitative and affect the susceptibility t misstatement f financial statement items. Qualitative inherent risk factrs relating t the preparatin f infrmatin required by the applicable financial reprting framewrk (referred t in this paragraph as required infrmatin ) include: Cmplexity arises either frm the nature f the infrmatin r in the way that the required infrmatin is prepared, including when such preparatin prcesses are mre inherently difficult t apply. Fr example, cmplexity may arise: In calculating supplier rebate prvisins because it may be necessary t take int accunt different cmmercial terms with many different suppliers, r many interrelated cmmercial terms that are all relevant in calculating the rebates due; r When there are many ptential data surces, with different characteristics used in making an accunting estimate, the prcessing f that data invlves many inter-related steps, and the data is therefre inherently mre difficult t identify, capture, access, understand r prcess 1 Internatinal Standard n Auditing (ISA) 315, Identifying and Assessing the Risks f Material Misstatement thrugh Understanding the Risks f Material Misstatement thrugh Understanding the Entity and its Envirnment. 2 ISA 580, Written Representatins Prepared by: Bev Bahlmann and Phil Minnaar (May 2018) Page 1 f 74

2 Subjectivity arises frm inherent limitatins in the ability t prepare required infrmatin in an bjective manner, due t limitatins in the availability f knwledge r infrmatin, such that management may need t make an electin r subjective judgment abut the apprpriate apprach t take and abut the resulting infrmatin t include in the financial statements. Because f different appraches t preparing the required infrmatin, different utcmes culd result frm apprpriately applying the requirements f the applicable financial reprting framewrk. As limitatins in knwledge r data increase, the subjectivity in the judgments that culd be made by reasnably knwledgeable and independent individuals, and the diversity in pssible utcmes f thse judgments will als increase. Change results frm events r cnditins that, ver time, affect the entity s business r the ecnmic, accunting, regulatry, industry r ther aspects f the envirnment in which it perates, when the effects f thse events r cnditins are reflected in the required infrmatin. Such events r cnditins may ccur during, r between, financial reprting perids. Fr example, change may result frm develpments in the requirements f the applicable financial reprting framewrk, r in the entity and its business mdel, r in the envirnment in which the entity perates. Such change may affect management s assumptins and judgments, including as they relate t management s selectin f accunting plicies r hw accunting estimates are made r related disclsures are determined. Uncertainty arises when the required infrmatin cannt be prepared based nly n sufficiently precise and cmprehensive data that is verifiable thrugh direct bservatin. In these circumstances, an apprach may need t be taken that applies the best available knwledge t prepare the infrmatin using sufficiently precise and cmprehensive bservable data, t the extent available, and reasnable assumptins supprted by the best available data, when it is nt. Cnstraints n the availability f knwledge r data, which are nt within the cntrl f management (subject t cst cnstraints where applicable) are surces f uncertainty and their effect n the preparatin f the required infrmatin cannt be eliminated. Fr example, estimatin uncertainty arises when the required mnetary amunt cannt be determined with precisin and the utcme f the estimate is nt knwn befre the date the financial statements are finalized. Susceptibility t misstatement due t management bias r fraud results frm cnditins that create susceptibility t intentinal r unintentinal failure by management t maintain neutrality in preparing the infrmatin. Management bias is ften assciated with certain cnditins that have the ptential t give rise t management nt maintaining neutrality in exercising judgment (indicatrs f ptential management bias), which culd lead t a material misstatement f the infrmatin that wuld be fraudulent if intentinal. Such indicatrs include inherent incentives r pressures (fr example, as a result f mtivatin t achieve a desired result, such as a desired prfit target r capital rati), and pprtunity, nt t maintain neutrality. Factrs relevant t the susceptibility t fraud f assertins abut classes f transactins, accunt balances and disclsures are described in paragraphs A1 t A5 f ISA A0e. Other inherent risk factrs, that affect susceptibility t misstatement f an assertin abut a class f transactins, accunt balance r disclsure include: The quantitative r qualitative significance f the class f transactins, accunt balance r disclsure, and f the items in relatin t perfrmance materiality; The cmpsitin f the class f transactins, accunt balance r disclsure, including whether the items they are cmpsed f r are subject t differing risks; 3 ISA 240, The Auditr s Respnsibilities Relating t Fraud in an Audit f Financial Statements Page 2 f 74

3 The vlume f activity and hmgeneity f the individual transactins prcessed thrugh the class f transactins r accunt balance r class f transactins, r reflected in the disclsure; r The existence f related party transactins in the class f transactin r accunt balance, r that are relevant t the disclsure. IT Envirnment (Ref: Para 4(cbb) A0f. A reprt-writer is an IT applicatin that is used t extract data frm ne r mre surces (such as a data warehuse, a database r an IT applicatin) and present the data in a specified frmat. A data warehuse is a central repsitry f integrated data frm ne r mre disparate surces (such as multiple databases) frm which reprts may be generated r that may be used by the entity fr ther data analysis activities. A0g. A netwrk is used in the IT infrastructure t transmit data and t share infrmatin, resurces and services thrugh a cmmn cmmunicatins link. The netwrk als typically establishes a layer f lgical security (enabled thrugh the perating system) fr access t the underlying resurces. The perating system is respnsible fr managing cmmunicatins between hardware, IT applicatins, and ther sftware used in the netwrk. Databases stre the data used by IT applicatins and may cnsist f many interrelated data tables. Data in databases may als be accessed directly thrugh database management systems by IT r ther persnnel with database administratin privileges. Significant Risk (Ref: Para. 4(e)) A0h. Significance can be described as the relative imprtance f a matter, taken in cntext. The significance f a matter is judged by the auditr in the cntext in which the matter is being cnsidered. The significance f a risk f material misstatement at the assertin level is cnsidered in the cntext f the implicatins f the assessment f its inherent risk fr the perfrmance f the audit, including the nature, timing and extent f the auditr s further audit prcedures and the persuasiveness f the audit evidence that will be required t reduce audit risk t an acceptable level. Significance can be cnsidered in the cntext f hw, and the degree t which, the susceptibility t misstatement is subject t, r affected by, the inherent risk factrs, which affect the likelihd that a misstatement will ccur, as well as the ptential magnitude f misstatement were that misstatement t ccur. System f Internal Cntrl (Ref: Para. 4(f)) A0i. The entity s system f internal cntrl may be reflected in plicy and prcedures manuals, systems and frms, and the infrmatin embedded therein, and is effected by peple. The system f internal cntrl is implemented by management, thse charged with gvernance, and ther persnnel based n the structure f the entity. The system f internal cntrl can be applied, based n the decisins f management, thse charged with gvernance and ther persnnel and in the cntext f legal r regulatry requirements, t the perating mdel f the entity, the legal entity structure, r a cmbinatin f these. Risk Assessment Prcedures and Related Activities (Ref: Para. 5 10) Risk Assessment Prcedures (Ref: Para. 5) A1. Obtaining an understanding f the entity and its envirnment, the applicable financial reprting framewrk and including the entity s system f internal cntrl (referred t hereafter as an understanding f the entity ), is a cntinuus, dynamic and iterative prcess f gathering, updating and analyzing infrmatin and cntinues thrughut the audit. As the auditr perfrms audit prcedures, the audit evidence btained may cause the auditr t update the understanding n which the risk assessment was based and the nature, timing r extent f ther planned audit prcedures in accrdance with ISA 330. Fr example, infrmatin gathered in understanding the Page 3 f 74

4 entity s system f internal cntrl assists the auditr in assessing cntrl risk at the assertin level, such that cntrl risk may be assessed at less than maximum based n an expectatin abut the perating effectiveness f the cntrl(s) and the planned testing f such cntrl(s). Infrmatin gathered when testing the peratin f the cntrl(s) as part f perfrming further audit prcedures may indicate that the cntrl(s) are nt effective, and as a result the auditr s riginal assessment is updated in accrdance with paragraph 31. (Remaining mved t A1b) A1a. (previusly A4) The risks f material misstatement t be identified and assessed include bth thse due t errr and thse due t fraud, and bth are cvered by this ISA. Hwever, the significance f fraud is such that further requirements and guidance are included in ISA 240 in relatin t risk assessment prcedures and related activities t btain infrmatin that is used t identify the risks f material misstatement due t fraud. 4 In additin, the fllwing ISAs prvide further requirements and guidance n identifying and assessing risks f material misstatement in regard t specific matters r circumstances: ISA in regard t accunting estimates; ISA in regard t related party relatinships and transactins; ISA in regard t ging cncern; and ISA in regard t grup financial statements. A1b. (previusly in A1) The understanding f the entity and its envirnment, the applicable financial reprting framewrk and the entity s system f internal cntrl als establishes a frame f reference within which the auditr plans the audit and exercises prfessinal judgment thrughut the audit, fr example, when: Identifying and aassessing risks f material misstatement f the financial statements (e.g., relating t risks f fraud in accrdance with ISA 240 r when identifying r assessing risks related t accunting estimates in accrdance with ISA 540); Determining materiality r perfrmance materiality in accrdance with ISA 320; 9 Cnsidering the apprpriateness f the selectin and applicatin f accunting plicies, and the adequacy f financial statement disclsures; Identifying areas relating t amunts r disclsures in the financial statements where special audit cnsideratin may be necessary, fr example: related party transactins r management s assessment f the entity s ability t cntinue as a ging cncern; r when cnsidering the business purpse f transactins; Develping expectatins fr use when perfrming analytical prcedures in accrdance with ISA 520; 10 Respnding t the assessed risks f material misstatement, including designing and perfrming further audit prcedures t btain sufficient apprpriate audit evidence in accrdance with ISA 330; 11 and 4 ISA 240, paragraphs ISA 540 (Revised), Auditing Accunting Estimates and Related Disclsures 6 ISA 550, Related Parties 7 ISA 570, Ging Cncern 8 ISA 600, Special Cnsideratins Audits f Grup Financial Statements (Including the Wrk f Cmpnent Auditrs) 9 ISA 320, Materiality in Planning and Perfrming an Audit, paragraphs ISA 520, Analytical Prcedures, paragraph 5 11 ISA 330, The Auditr s Respnses t Assessed Risks Page 4 f 74

5 Evaluating the sufficiency and apprpriateness f audit evidence btained (e.g., relating t such as the apprpriateness f assumptins and f r management s ral and written representatins). A2. Infrmatin btained by perfrming risk assessment prcedures and related activities in accrdance with paragraphs 5 t 10 f this ISA is may be used by the auditr as audit evidence t that supprts the identificatin and assessments f the risks f material misstatement. In additin, the auditr may btain sme audit evidence abut classes f transactins, accunt balances, r disclsures, and related assertins, and abut the perating effectiveness f cntrls, even thugh such risk assessment prcedures were nt specifically planned as substantive prcedures r as tests f cntrls. The auditr als may als chse t perfrm designed substantive prcedures r tests f cntrls cncurrently with risk assessment prcedures because it is efficient t d s. Fr example, thrugh the use f technlgy the auditr may perfrm prcedures n large vlumes f data, and audit evidence may be btained that prvides infrmatin that is useful fr the identificatin and assessment f risks f material misstatement, as well as prviding sufficient apprpriate audit evidence t supprt the cnclusin that such risks have been reduced t an acceptably lw level. A3. The auditr uses prfessinal judgment t determine the nature and extent f the required understanding required. The auditr s primary cnsideratin is whether the understanding that has been btained is sufficient t meets the bjective stated in this ISA. The auditr s risk assessment prcedures t btain the verall understanding may be less extensive in audits f smaller and less cmplex entities. The depth f the verall understanding that is required by the auditr is less than that pssessed by management in managing the entity. A4. [MOVED t A1a] Types f Risk Assessment Prcedures and Surces f Infrmatin (Ref: Para. 6) A4a. ISA explains the types f audit prcedures that may be perfrmed in btaining audit evidence frm risk assessment prcedures and further audit prcedures. The nature and timing f the audit prcedures may be affected by the fact that sme f the accunting data and ther infrmatin may nly be available in electrnic frm r nly at certain pints in time. 13 A4b. Sme f the infrmatin used by the auditr when perfrming risk assessment prcedures may be electrnic data available frm the entity s infrmatin system, fr example the general ledger, sub-ledgers r ther peratinal data. In perfrming risk assessment prcedures, the auditr may use autmated tls and techniques t perfrm the risk assessment prcedures, including fr analysis, recalculatins, reperfrmance r recnciliatins. A4c. Surces f infrmatin available t the auditr may include: Infrmatin btained thrugh interactins with management and thse charged with gvernance, as well as frm ther key entity persnnel, such as internal auditrs, and directly r indirectly frm certain external parties such a regulatrs. Infrmatin btained frm the auditr s previus experience with the entity and frm audit prcedures perfrmed in previus audits, updated as apprpriate. Infrmatin frm surces ther than management. Publicly available infrmatin abut the entity, fr example entity-issued press releases, and materials fr analysts r investr grup meetings, analysts reprts r infrmatin abut trading activity. 12 ISA 500, Audit Evidence, paragraphs A14 A17 and A21 A ISA 500, paragraph A12 Page 5 f 74

6 These surces may prvide ptentially cntradictry infrmatin t that prvided by management, which may assist the auditr in exercising prfessinal skepticism in identifying and assessing the risks f material misstatement. Regardless f the surce f infrmatin, the auditr cnsiders the relevance and reliability f the infrmatin t be used as audit evidence in accrdance with ISA A5. Althugh the auditr is required t perfrm all the risk assessment prcedures described in paragraph 6 in the curse f btaining the required understanding f the entity and its envirnment, the applicable financial reprting framewrk, and the entity s system f internal cntrl (see paragraphs D), the auditr is nt required t perfrm all f them fr each aspect f that understanding. Other prcedures may be perfrmed where the infrmatin t be btained therefrm may be helpful in identifying risks f material misstatement. Examples f such prcedures may include Mmaking inquiries f the entity s external legal cunsel r external supervisrs, r f valuatin experts that the entity has used. (Other previus bullet mved t A18) Inquiries f Management, the Internal Audit Functin and Others within the Entity (Ref: Para. 6(a)) A6. Much f the infrmatin btained by the auditr s inquiries is btained frm management and thse respnsible fr financial reprting. Infrmatin may als be btained by the auditr thrugh inquiries with f the internal audit functin, if the entity has such a functin, and thers within the entity. A7. The auditr may als btain infrmatin, r a different perspective in identifying risks f material misstatement, thrugh inquiries f thers within the entity and ther emplyees with different levels f authrity. Fr example: Inquiries directed twards thse charged with gvernance may help the auditr understand the envirnment in which the financial statements are prepared. ISA 260 (Revised) 15 identifies the imprtance f effective tw-way cmmunicatin in assisting the auditr t btain infrmatin frm thse charged with gvernance in this regard. Inquiries f emplyees invlved in initiating, prcessing r recrding cmplex r unusual transactins may help the auditr t evaluate the apprpriateness f the selectin and applicatin f certain accunting plicies. Inquiries directed twards in-huse legal cunsel may prvide infrmatin abut such matters as litigatin, cmpliance with laws and regulatins, knwledge f fraud r suspected fraud affecting the entity, warranties, pst-sales bligatins, arrangements (such as jint ventures) with business partners and the meaning f cntractual terms. Inquiries directed twards marketing r sales persnnel may prvide infrmatin abut changes in the entity s marketing strategies, sales trends, r cntractual arrangements with its custmers. Inquiries directed twards the risk management functin (r thse perfrming such rles) may prvide infrmatin abut peratinal and regulatry risks that may affect financial reprting. Inquiries directed twards infrmatin systems persnnel may prvide infrmatin abut system changes, system r cntrl failures, r ther infrmatin system-related risks. A8. As btaining an understanding f the entity and its envirnment is a cntinual, dynamic prcess, the auditr s inquiries may ccur thrughut the audit engagement. 14 ISA 500, paragraph 7 15 ISA 260 (Revised), Cmmunicatin with Thse Charged with Gvernance, paragraph 4(b) Page 6 f 74

7 Cnsideratins Specific t Public Sectr Entities A8a. When making inquiries f thse wh may have infrmatin that is likely t assist in identifying risks f material misstatement, auditrs f public sectr entities may btain infrmatin frm additinal surces such as frm the auditrs that are invlved in perfrmance r ther audits related t the entity. Inquiries f the Internal Audit Functin A9. If an entity has an internal audit functin, inquiries f the apprpriate individuals within the functin may prvide infrmatin that is useful t the auditr in btaining an understanding f the entity and its envirnment, the applicable financial reprting framewrk and the entity s system f internal cntrl, and in identifying and assessing risks f material misstatement at the financial statement and assertin levels. In perfrming its wrk, the internal audit functin is likely t have btained insight int the entity s peratins and business risks, and may have findings based n its wrk, such as identified cntrl deficiencies r risks, that may prvide valuable input int the auditr s understanding f the entity and its envirnment, the applicable financial reprting framewrk and the system f internal cntrl, the auditr s risk assessments r ther aspects f the audit. The auditr s inquiries are therefre made whether r nt the auditr expects t use the wrk f the internal audit functin t mdify the nature r timing, r reduce the extent, f audit prcedures t be perfrmed. 16 Inquiries f particular relevance may be abut matters the internal audit functin has raised with thse charged with gvernance and the utcmes f the functin s wn risk assessment prcess. A10. If, based n respnses t the auditr s inquiries, it appears that there are findings that may be relevant t the entity s financial reprting and the audit, the auditr may cnsider it apprpriate t read related reprts f the internal audit functin. Examples f reprts f the internal audit functin that may be relevant include the functin s strategy and planning dcuments and reprts that have been prepared fr management r thse charged with gvernance describing the findings f the internal audit functin s examinatins. A11. In additin, in accrdance with ISA 240, 17 if the internal audit functin prvides infrmatin t the auditr regarding any actual, suspected r alleged fraud, the auditr takes this int accunt in the auditr s identificatin f risk f material misstatement due t fraud. A12. Apprpriate individuals within the internal audit functin with whm inquiries are made are thse wh, in the auditr s judgment, have the apprpriate knwledge, experience and authrity, such as the chief internal audit executive r, depending n the circumstances, ther persnnel within the functin. The auditr may als cnsider it apprpriate t have peridic meetings with these individuals. Cnsideratins specific t public sectr entities A13. Auditrs f public sectr entities ften have additinal respnsibilities with regard t internal cntrl and cmpliance with applicable laws and regulatins. Inquiries f apprpriate individuals in the internal audit functin can assist the auditrs in identifying the risk f material nncmpliance with applicable laws and regulatins and the risk f cntrl deficiencies in internal cntrl ver related t financial reprting. Analytical Prcedures (Ref: Para. 6(b)) A14. Analytical prcedures perfrmed as risk assessment prcedures may identify aspects f the entity f which the auditr was unaware and may assist in identifying and assessing the risks f material misstatement in rder t prvide a basis fr designing and implementing respnses t the assessed risks. Analytical prcedures perfrmed 16 The relevant requirements are cntained in ISA 610 (Revised 2013). 17 ISA 240, paragraph 19 Page 7 f 74

8 as risk assessment prcedures may include bth financial and nn-financial infrmatin, fr example, the relatinship between sales and square ftage f selling space r vlume f gds sld. A15. Analytical prcedures may help identify the existence f unusual transactins r events, and amunts, ratis, and trends that might indicate matters that have audit implicatins. Unusual r unexpected relatinships that are identified may assist the auditr in identifying risks f material misstatement, especially risks f material misstatement due t fraud. A16. Hwever, when such a Analytical prcedures perfrmed as risk assessment prcedures may use data aggregated at a high level (which may be the situatin with analytical prcedures perfrmed as risk assessment prcedures), and accrdingly the results f thse analytical prcedures may nly prvide a brad initial indicatin abut whether a the likelihd f a material misstatement may exist. Fr example, in the audit f many entities, including thse with less cmplex business mdels and prcesses, and a less cmplex infrmatin system, the auditr may perfrm a simple cmparisn f infrmatin, such as the change in accunt balances frm interim r mnthly reprting with balances frm prir perids, t btain an indicatin f ptentially higher risk areas Accrdingly, in such cases, cnsideratin f ther infrmatin that has been gathered when identifying the risks f material misstatement tgether with the results f such analytical prcedures may assist the auditr in understanding and evaluating the results f the analytical prcedures. A16a.Analytical prcedures can be perfrmed using a number f tls r techniques, which may be autmated. Applying autmated analytical prcedures t the data may be referred t as data analytics. Fr example, the auditr may use a spreadsheet t perfrm a cmparisn f actual recrded amunts t budgeted amunts, r may perfrm a mre advanced prcedure by extracting data frm the entity s infrmatin system, and further analyzing this data using visualizatin techniques t identify mre specific areas f pssible misstatement. A16b. This ISA deals with the auditr s use f analytical prcedures as risk assessment prcedures. ISA 520 deals with the auditr's use f analytical prcedures as substantive prcedures ( substantive analytical prcedures ). Accrdingly, analytical prcedures perfrmed as risk assessment prcedures are nt required t be perfrmed in accrdance with the requirements f ISA 520. Hwever, the requirements and applicatin material in ISA 520 may prvide useful guidance t the auditr when perfrming analytical prcedures as part f the risk assessment prcedures. Cnsideratins Specific t Smaller Entities A17. Sme smaller entities may nt have interim r mnthly financial infrmatin that can be used fr purpses f analytical prcedures. In these circumstances, althugh the auditr may be able t perfrm limited analytical prcedures fr purpses f planning the audit r btain sme infrmatin thrugh inquiry, the auditr may need t plan t perfrm analytical prcedures t identify and assess the risks f material misstatement when an early draft f the entity s financial statements is available. Observatin and Inspectin (Ref: Para. 6(c)) A18. Observatin and inspectin may supprt inquiries f management and thers, and may als prvide infrmatin abut the entity and its envirnment. Examples f such audit risk assessment prcedures include bservatin r inspectin f the fllwing: The entity s peratins. Internal Ddcuments (such as business plans and strategies), recrds, and internal cntrl manuals. Reprts prepared by management (such as quarterly management reprts and interim financial statements) and thse charged with gvernance (such as minutes f bard f directrs meetings). Page 8 f 74

9 The entity s premises and plant facilities. (frm previus A5) Reviewing iinfrmatin btained frm external surces such as trade and ecnmic jurnals; reprts by analysts, banks, r rating agencies; r regulatry r financial publicatins; r ther external dcuments abut the entity s financial perfrmance (such as thse referred t in paragraph A47). The behavirs and actins f management r thse charged with gvernance (such as the bservatin f an audit cmmittee meeting). Cnsideratins specific t public sectr entities A18a. Risk assessment prcedures perfrmed by auditrs f public sectr entities may als include bservatin and inspectin f dcuments prepared by management fr the legislature, fr example as dcuments related t mandatry perfrmance reprting. Infrmatin frm Client r Engagement Acceptance r Cntinuance (Ref: Para. 7) A18b. In accrdance with ISA 220, the engagement partner is required t be satisfied that apprpriate prcedures regarding the acceptance and cntinuance f client relatinships and audit engagements have been fllwed, and t determine that cnclusins reached in this regard are apprpriate. 18 Infrmatin btained in the client and engagement acceptance r cntinuance prcess may be relevant t the identificatin and assessment f the risks f material misstatement. Examples may include: Infrmatin abut the nature f the entity and its business risks. Infrmatin abut the integrity and ethical values f management and thse charged with gvernance, which may be relevant t the auditr s understanding f the cntrl envirnment, and may als affect the auditr s identificatin and assessment f the risks f material misstatement at the financial statement level. The applicable financial reprting framewrk and infrmatin abut its applicatin t the nature and circumstances f the entity. Infrmatin frm Other Engagements Perfrmed fr the Entity (Ref: Para. 8) A18c. The engagement partner may have perfrmed ther engagements fr the entity and may thereby have btained knwledge relevant t the audit, including abut the entity and its envirnment. Such engagements may include agreed-upn prcedures engagements (e.g., agreed-upn prcedures relating t an entity s debt cvenant cmpliance) r ther audit r assurance engagements (e.g., audits f special purpse financial statements r reviews f interim financial infrmatin). Infrmatin Obtained in Prir Perids (Ref: Para. 9) A19. The auditr s previus experience with the entity and audit prcedures perfrmed in previus audits may prvide the auditr with infrmatin abut such matters as: Past misstatements and whether they were crrected n a timely basis. The nature f the entity and its envirnment, and the entity s system f internal cntrl (including cntrl deficiencies in internal cntrl). 18 ISA 220, Quality Cntrl fr an Audit f Financial Statements, paragraph 12 Page 9 f 74

10 Significant changes that the entity r its peratins may have undergne since the prir financial perid, which may assist the auditr in gaining a sufficient understanding f the entity t identify and assess risks f material misstatement. Thse particular types f transactins and ther events r accunt balances (and related disclsures) where the auditr experienced difficulty in perfrming the necessary audit prcedures, fr example, due t their cmplexity. A20. The auditr is required t determine whether infrmatin btained in prir perids remains relevant and reliable, if the auditr intends t use that infrmatin fr the purpses f the current audit. This is because changes in the cntrl envirnment entity s system f internal cntrl, fr example, may affect the relevance and reliability f infrmatin btained in the prir year perid. T determine In evaluating whether such infrmatin remains relevant and reliable fr the current audit, the auditr may cnsider whether changes have ccurred that may affect the relevance r reliability f such infrmatin,. Fr example, the auditr may make inquiries and perfrm ther apprpriate audit prcedures, such as walk-thrughs f relevant systems. Discussin Amng the Engagement Team (Ref: Para. 10) Cnsideratins Specific t Smaller Entities A20a. (previusly paragraph A24) Many small audits are carried ut entirely by the engagement partner (wh may be a sle practitiner). In such situatins, it is the engagement partner wh, having persnally cnducted the planning f the audit, wuld be respnsible fr cnsidering Paragraph 10 requires the engagement partner and ther key engagement team members t discuss the applicatin f the applicable financial reprting framewrk in the cntext f the nature and circumstances f the entity and its envirnment, and the susceptibility f the entity s financial statements t material misstatement due t fraud r errr. When the engagement is carried ut by a single individual (such as a sle practitiner) i.e., where an engagement team discussin wuld nt be pssible, cnsideratin f the matters referred t in paragraphs A21 and A22 nnetheless may assist the auditr in identifying where there may be risks f material misstatement. A21. The discussin amng the engagement team abut the susceptibility f the entity s financial statements t material misstatement: Prvides an pprtunity fr mre experienced engagement team members, including the engagement partner, t share their insights based n their knwledge f the entity. Sharing infrmatin cntributes t an enhanced understanding by all engagement team members. Allws the engagement team members t exchange infrmatin abut the business risks t which the entity is subject, hw the inherent risk factrs may affect the classes f transactins, accunt balances and disclsures, and abut hw and where the financial statements might be susceptible t material misstatement due t fraud r errr. Assists the engagement team members t gain a better understanding f the ptential fr material misstatement f the financial statements in the specific areas assigned t them, and t understand hw the results f the audit prcedures that they perfrm may affect ther aspects f the audit, including the decisins abut the nature, timing and extent f further audit prcedures. In particular, the discussin assists engagement team members in further cnsidering cntradictry infrmatin based n each member s wn understanding f the nature and circumstances f the entity. Prvides a basis upn which engagement team members cmmunicate and share new infrmatin btained thrughut the audit that may affect the assessment f risks f material misstatement r the audit prcedures perfrmed t address these risks. Page 10 f 74

11 ISA 240 requires the engagement team discussin t place particular emphasis n hw and where the entity s financial statements may be susceptible t material misstatement due t fraud, including hw fraud may ccur prvides further requirements and guidance in relatin t the discussin amng the engagement team abut the risks f fraud. 19 A22. As part f the discussin amng the engagement team required by paragraph 10, cnsideratin f the disclsure requirements f the applicable financial reprting framewrk assists in identifying early in the audit where there may be risks f material misstatement in relatin t disclsures, even in circumstances where the applicable financial reprting framewrk nly requires simplified disclsures. Examples f matters the engagement team may discuss include: Changes in financial reprting requirements that may result in significant new r revised disclsures; Changes in the entity s envirnment, financial cnditin r activities that may result in significant new r revised disclsures, fr example, a significant business cmbinatin in the perid under audit; Disclsures fr which btaining sufficient apprpriate audit evidence may have been difficult in the past; and Disclsures abut cmplex matters, including thse invlving significant management judgment as t what infrmatin t disclse. A22a. In additin t the intended benefits f the engagement team discussin included in paragraph A21, the engagement team may als have an pprtunity t exercise prfessinal skepticism while perfrming risk assessment prcedures, such as thrugh identifying and discussing cntradictry infrmatin btained in perfrming thse prcedures, as well as in cnsidering whether there are indicatrs f pssible management bias (bth intentinal and unintentinal). Prfessinal skepticism is necessary fr the critical assessment f audit evidence, and a rbust and pen engagement team discussin, including fr recurring audits, may lead t imprved identificatin and assessment f the risks f material misstatement. Anther utcme frm the discussin may be that the auditr identifies specific areas f the audit fr which exercising prfessinal skepticism may be particularly imprtant, which may in turn drive the cnsideratin f thse engagement team members wh are apprpriately skilled t be invlved in the perfrmance f audit prcedures related t thse areas. A23. It is nt always necessary r practical fr the discussin t include all members in a single discussin (as, fr example, in a multi-lcatin audit), nr is it necessary fr all f the members f the engagement team t be infrmed f all f the decisins reached in the discussin. The engagement partner may discuss matters with key members f the engagement team including, if cnsidered apprpriate, thse with specific skills r knwledge, and thse respnsible fr the audits f cmpnents, while delegating discussin with thers, while taking int accunt f the extent f cmmunicatin cnsidered necessary thrughut the engagement team. A cmmunicatins plan, agreed by the engagement partner, may be useful. Cnsideratins Specific t Public Sectr Entities A23a. As part f the discussin amng the engagement team, as required by paragraph 10, by auditrs f public sectr entities, cnsideratin may als be given t any additinal brader bjectives, and related risks, arising frm the audit mandate r bligatins fr public sectr entities. A24. [MOVED TO A20a] 19 ISA 240, paragraph 15 Page 11 f 74

12 The Required Understanding f the Entity and Its Envirnment and the Applicable Financial Reprting Framewrk, Including the Entity s Internal Cntrl (Ref: Para A) A24a. The auditr s understanding f the entity and its envirnment, and the applicable financial reprting framewrk, establishes a frame f reference within which the auditr identifies and assesses risks f material misstatement, and plans and perfrms audit prcedures. Specifically, the auditr applies prfessinal judgment in determining whether the understanding required by paragraph 11 is sufficient t prvide an apprpriate basis fr the auditr t understand the classes f transactins, accunt balances and disclsures t be expected in the entity s financial statements. This understanding assists the auditr in identifying areas in the financial statements where material misstatements may be mre likely t arise and assists the auditr in in exercising prfessinal skepticism thrughut the audit. The nature and extent f the understanding required will likely depend n the nature, size and cmplexity f the entity. The Entity and Its Envirnment (Ref: Para 11(a)) A24b. In btaining an understanding f the entity and its envirnment, the auditr may be able t enhance the understanding by using autmated tls and techniques. Fr example, the auditr may use autmated techniques t understand flws f transactin and prcessing as part f the auditr s prcedures t understand the infrmatin system. An utcme f these prcedures may be that the auditr btains infrmatin abut the entity s rganizatinal structure r with whm the entity cnducts business (e.g., vendrs, custmers, related parties). Nature f the Entity The Entity s Organizatinal Structure, Ownership and Gvernance, and Business Mdel (Ref: Para. 11(ba)(i)) [A25 A30 MOVED t A43a A43f] The entity s rganizatinal structure and wnership A31. An understanding f the nature f an entity s rganizatinal structure and wnership may enables the auditr t understand such matters as: Whether the entity has a cmplex structure, The cmplexity f the entity s structure. Ffr example, the entity may be a single entity r the entity s structure may include with subsidiaries, divisins r ther cmpnents in multiple lcatins. Further, the legal structure may be different frm the perating structure. Cmplex structures ften intrduce issues factrs that may give rise t increased susceptibility t risks f material misstatement. Such issues may include whether gdwill, jint ventures, investments, r special-purpse entities are accunted fr apprpriately and whether adequate disclsure f such issues in the financial statements has been made. The wnership, and relatinships between wners and ther peple r entities, including related parties. This understanding may assists in determining whether related party transactins have been apprpriately identified, accunted fr, and adequately disclsed in the financial statements. 20 The distinctin between the wners, thse charged with gvernance and management. In sme entities, particularly smaller and less cmplex entities, wners f the entity may be invlved in managing the entity, r thse charged with gvernance may be invlved in managing the entity ISA 550 establishes requirements and prvide guidance n the auditr s cnsideratins relevant t related parties. 21 ISA 260, paragraphs A1 and A2, prvides guidance n the identificatin f thse charged with gvernance and explains that in sme cases, sme r all f thse charged with gvernance are invlved in managing the entity. Page 12 f 74

13 The entity s IT envirnment. Fr example, an entity s IT envirnment may be relatively simple because it cnsists nly f cmmercial sftware fr which the entity des nt have access t the underlying surce cde t which n changes have been made. Alternatively, an entity may have grwn thrugh extensive merger and acquisitin activity and have multiple legacy IT systems in diverse businesses that are nt well integrated resulting in a cmplex IT envirnment. Cnsideratins specific t public sectr entities A31a. In btaining an understanding f the entity s rganizatinal structure and wnership, auditrs f public sectr entities may cnsider the relevance f wnership f a public sectr entity (i.e., wnership f a public sectr entity may nt have the same relevance as in the private sectr because decisins related t the entity may be initiated utside f the entity as a result f plitical prcesses and therefre management may nt have cntrl ver decisins that are made), Matters related t understanding the legal structure f the entity may include applicable laws and regulatins, and the classificatin f the entity (i.e. whether the entity is a ministry, department, agency r ther type f entity). Gvernance A31b. Respnsibilities f management and thse charged with gvernance are brader than respnsibilities fr the versight f the system f internal cntrl, but are generally prerequisites fr an effective system f internal cntrl. The respnsibilities f thse charged with gvernance in relatin t the cntrl envirnment are further discussed in Appendix 3. Deficient gvernance prcesses may limit an entity s ability t prvide apprpriate versight f its system f internal cntrl, which may increase the entity s susceptibility t risks f material misstatement. Matters that may be relevant fr the auditr t cnsider in btaining an understanding f the gvernance f the entity include: Whether any r all f thse charged with gvernance are invlved in managing the entity. The existence (and separatin) f a nn-executive Bard, if any, frm executive management. Whether thse charged with gvernance hld psitins that are an integral part f the entity s legal structure, fr example as directrs. The existence f sub-grups f thse charged with gvernance such as an audit cmmittee, and the respnsibilities f such a grup. The respnsibilities f thse charged with gvernance fr versight f financial reprting, including apprval f the financial statements. The Entity s Business Mdel A31c. The auditr s understanding f the entity s business mdel, and hw it is affected by its business strategy and business bjectives, may assist the auditr in identifying business risks that are relevant t the audit. Furthermre, this may assist the auditr in identifying risks f material misstatement, fr example, incentives and pressures n management may result in intentinal r unintentinal management bias, which may affect the reasnableness f key assumptins and expectatins f management r thse charged with gvernance thereby increasing the susceptibility t risks f material misstatement. A31d. An entity s business mdel describes hw an entity cnsiders, fr example its rganizatinal structure, peratins r scpe f activities, business lines (including cmpetitrs and custmers theref), prcesses, grwth pprtunities, glbalizatin, regulatry requirements and technlgies. The entity s business mdel describes Page 13 f 74

14 hw the entity creates, preserves and captures financial r brader value, such as public benefits, fr its stakehlders. A31e. Strategies are the appraches by which management plans t achieve the entity s bjectives, including hw the entity plans t address the risks and pprtunities that it faces. An entity s strategies are changed ver time by management, t respnd t changes in its bjectives and in the internal and external circumstances in which it perates. A31f. A descriptin f a business mdel typically includes: The scpe f the entity s activities, and why it des them. The entity s structure and scale f its peratins. The markets r gegraphical r demgraphic spheres, and parts f the value chain, in which it perates, hw it engages with thse markets r spheres (main prducts, custmer segments and distributin methds), and the basis n which it cmpetes. The entity s business r perating prcesses (e.g., investment, financing and perating prcesses) emplyed in perfrming its activities, fcusing n thse parts f the business prcesses that are imprtant in creating, preserving r capturing value. The resurces (e.g., financial, human, intellectual, envirnmental and technlgical) and ther inputs and relatinships (e.g., custmers, cmpetitrs, suppliers and emplyees) that are necessary r imprtant t its success. Hw the entity s business mdel integrates the use f IT in its interactins with custmers, suppliers, lenders and ther stakehlders thrugh IT interfaces and ther technlgies A31g. Understanding the entity s bjectives, strategy and business mdel helps the auditr t understand the entity at a strategic level and t understand the business risks the entity takes and faces. Nt all aspects f the business mdel are relevant fr the auditr s understanding, but thse aspects that give rise t business risks, which are relevant t the identificatin and assessment f risks f material misstatement, are likely t be mre relevant fr the auditr s understanding. A31h. Appendix 1 prvides examples f matters that may be cnsidered when btaining an understanding f the activities f the entity, as well as ther matters that may be cnsidered when auditing financial statements f special purpse entities. A32. [MOVED t Appendix 1 and A49b] A33. Significant changes in the entity frm the prir perids may give rise t, r change, risks f material misstatement. A34-A35 [MOVED t Appendix 1] A36. [MOVED t A49b] Cnsideratins specific t public sectr entities A36a. Entities perating in the public sectr may create and deliver value in different ways t thse creating wealth fr wners, but will still have a business mdel t prmte value in the public interest. Matters public sectr auditrs may btain an understanding f that are relevant t the business mdel f the entity, include: Knwledge f relevant gvernment activities, including related prgrams. Prgram bjectives and strategies, including public plicy elements. Page 14 f 74

15 Objectives and Strategies and Related Business Rrisks in the cntext f the entity s business mdel (Ref: Para. 11(d)) A37. The entity cnducts its business in the cntext f industry, regulatry and ther internal and external factrs. T respnd t these factrs, the entity s management r thse charged with gvernance define bjectives, which are the verall plans fr the entity. Strategies are the appraches by which management intends t achieve its bjectives. The entity s bjectives and strategies may change ver time. A38. In btaining an understanding f the business mdel, it is likely that the auditr als btains an understanding f the business risks. (Part frm Para. A39) An understanding f the business risks that have an effect n the financial statements assists the auditr in identifying risks f material misstatement, since mst business risks will eventually have financial cnsequences and, therefre, an effect n the financial statements. Business risks are is brader than the risks f material misstatement f the financial statements, althugh it business risks includes the latter. The auditr des nt have a respnsibility t identify r assess all business risks because nt all business risks give rise t risks f material misstatement. Business risk may arise frm, amng ther matters, inapprpriate bjectives r strategies, ineffective executin f strategies, r change r cmplexity. A failure t recgnize the need fr change may als give rise t business risk. Business risk may arise, fr example, frm: The develpment f new prducts r services that may fail; A market which, even if successfully develped, is inadequate t supprt a prduct r service; r Flaws in a prduct r service that may result in legal liability and reputatinal risk. A38a. (previusly A41) A business risk may have an immediate cnsequence fr the risk f material misstatement fr classes f transactins, accunt balances, and disclsures at the assertin level r the financial statement level. Fr example, the business risk arising frm a cntracting custmer base significant fall in real estate market values may increase the risk f material misstatement assciated with the valuatin f receivables assertin fr a lender f medium-term real estate backed lans. Hwever, the same risk, particularly in cmbinatin with a cntracting ecnmy, severe ecnmic dwnturn that cncurrently increases the underlying risk f lifetime credit lsses n its lans, may als have a lnger-term cnsequence which the auditr cnsiders when assessing the apprpriateness f the ging cncern assumptin. The resulting net expsure t credit lsses may cast significant dubt n the entity s ability t cntinue as a ging cncern. If s, this culd have implicatins fr management s and the auditr s cnclusin as t the apprpriateness f the entity s use f the ging cncern basis f accunting and determinatin as t whether a material uncertainty exists. Whether a business risk may result in a risk f material misstatement is, therefre, cnsidered in light f the entity s circumstances. Examples f events and cnditins and events that may indicate risks f material misstatement are indicated in Appendix 2. A39. An understanding f the business risks facing the entity increases the likelihd f identifying risks f material misstatement, since mst business risks will eventually have financial cnsequences and, therefre, an effect n the financial statements. Hwever, the auditr des nt have a respnsibility t identify r assess all business risks because nt all business risks give rise t risks f material misstatement. A40. Examples f matters that the auditr may cnsider when btaining an understanding f the entity s business mdel, bjectives, strategies and related business risks that may result in a risk f material misstatement f the financial statements include: Industry develpments (a ptential related business risk might be, fr example, that the entity des nt have the persnnel r expertise t deal with the changes in the industry). New prducts and services (a ptential related business risk might be, fr example, that there is increased prduct liability). Page 15 f 74