Page 98 - Internal Auditing Standards
P. 98
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
The auditor needs to perform sufficient risk assessment procedures to identify the business and fraud risk
factors that could result in material misstatement. This includes consideration of any events or conditions that
may cast significant doubt on the entity’s ability to continue as a going concern.
The required scope or depth for understanding the entity is set out in paragraphs 11 and 12 of ISA 315
(reproduced above). This depth of overall understanding by the auditor will be less than that possessed by
management in managing the entity.
CONSIDER POINT
When designing the nature and extent of risk assessment procedures to be performed, remember that
some ISAs outline specific matters to be considered. Some examples are included below:
ISA 240.16 Fraud in an audit of fi nancial statements
When performing risk assessment procedures and related activities to obtain an understanding
of the entity and its environment, including the entity's internal control, required by ISA 315, the
auditor shall perform the procedures in paragraphs 17-24 (of ISA 240) to obtain information for use in
identifying the risks of material misstatement due to fraud.
ISA 540.8 Auditing accounting estimates
When performing risk assessment procedures and related activities to obtain an understanding
of the entity and its environment, including the entity's internal control, as required by ISA 315,
the auditor shall obtain an understanding of the following in order to provide a basis for the
identification and assessment of the risks of material misstatement for accounting estimates:
(a) The requirements of the applicable financial reporting framework relevant to accounting
estimates, including related disclosures.
(b) How management identifies those transactions, events and conditions that may give rise to
the need for accounting estimates to be recognized or disclosed in the financial statements. In
obtaining this understanding, the auditor shall make inquiries of management about changes in
circumstances that may give rise to new, or the need to revise existing, accounting estimates.
(c) How management makes the accounting estimates, and an understanding of the data on
which they are based, including:
(i) The method, including, where applicable, the model, used in making the accounting estimate;
(ii) Relevant controls;
(iii) Whether management has used an expert;
(iv) The assumptions underlying the accounting estimates;
(v) Whether there has been or ought to have been a change from the prior period in the
methods for making the accounting estimates, and if so, why; and
(vi) Whether and, if so, how management has assessed the effect of estimation uncertainty.
ISA 550.11 Related Parties
As part of the risk assessment procedures and related activities that ISA 315 and ISA 240 require
the auditor to perform during the audit, the auditor shall perform the audit procedures and related
activities set out in paragraphs 12-17 (of ISA 550) to obtain information relevant to identifying the
risks of material misstatement associated with related-party relationships and transactions.
ISA 570.10 Going Concern
When performing risk assessment procedures as required by ISA 315, the auditor shall consider
whether there are events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern.
96
