Risk assessment procedures



            AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material
            Misstatement (AICPA, Professional Standards), links the understanding of the entity and its environment,
            including internal control, with the assessment of risk and design of additional audit procedures. The
            auditor is required to perform the following three risk assessment procedures:

              Inquiries of management and others within the entity who, in the auditor’s professional judgment,
               may have information likely to assist in identifying risks of material misstatement due to fraud or
               error
              Analytical procedures
              Observation and inspection

            AU-C section 315 notes that inquiry alone is not sufficient to satisfy the requirements to evaluate the
            design of internal control and to assess whether the controls have been implemented. The auditor should
            also consider performing other procedures (as provided previously), such as tracing transactions through
            the information system relevant to financial reporting, when appropriate.

            The auditor is not required to perform all three procedures to each factor listed in exhibit 1-1. Rather, the
            auditor should perform procedures for factors that are appropriate to the entity being audited. All three
            procedures should be used at some point during the auditor’s risk assessment. These procedures also
            are appropriate for audits of both large and small publicly held companies. Because the auditor is
            required to use these procedures when assessing risk, it is important to discuss them in depth.










































            © 2020 Association of International Certified Professional Accountants. All rights reserved.    1-8