## Risk Assessment Procedures (RAP)

### Definition

Risk Assessment Procedures (RAP) are audit procedures performed:

To obtain an understanding of the entity and its environment (including internal control)
To identify and assess the Risks of Material Misstatement (ROMMS)
Whether due to fraud or error
At both the Financial Statement (FS) level and the assertion level

> RAP are not substantive procedures — they do not directly detect misstatements. They build the foundation for designing the audit response.

---

### Three Components of RAP

#### (A) Inquiries of Management and Others Within the Entity

The auditor directs targeted inquiries to different functions — each yields specific intelligence:

Target	Information Obtained
Internal Audit Personnel	Design and effectiveness of internal controls; procedures performed during the year
Employees handling complex/unusual transactions	Appropriateness of accounting policies selected and applied
In-house Legal Counsel	Litigation status, compliance with laws and regulations
Marketing / Sales Personnel	Changes in marketing strategies, revenue trends
Risk Management Function	Operational and regulatory risks affecting financial reporting
Information Systems Personnel	IT-related risks and system controls

#### (B) Analytical Procedures

May identify aspects of the entity of which the auditor was unaware
Helps assess ROMMS and provides a basis for designing audit responses
Example: comparing current-year gross margin % to prior years — an unexpected drop may indicate revenue recognition risk

#### (C) Observation and Inspection

Direct physical or documentary review:

The entity's operations (watching processes in action)
Documents — business plans, strategies, internal control manuals, records
Management reports — quarterly management reports, interim financial statements
Governance reports — minutes of Board of Directors' meetings
Physical premises and plant facilities

---

### How the Three Work Together

```

Inquiries ──┐

├──► Combined picture of entity risk ──► Identify & Assess ROMMS

Analytical ─┤

│

Observation ┘

```

No single procedure is sufficient alone — the auditor uses all three to triangulate risk.

Worked example

### Example 1

Example — Inquiry revealing risk:

During inquiry of the sales manager, the auditor learns the company shifted from a fixed-price model to variable pricing in Q3. This is a change in marketing strategy that creates revenue recognition risk. The auditor now plans additional substantive procedures around revenue cut-off and contract terms.

### Example 2

Example — Analytical procedure as RAP:

The auditor computes the inventory turnover ratio and finds it dropped from 8x to 4x year-over-year. This unexpected finding (the entity is in a fast-moving consumer goods industry) raises a risk of obsolete inventory. The auditor adds a specific risk of material misstatement for inventory valuation and plans targeted substantive procedures.

### Example 3

Example — Observation revealing control gap:

While observing warehouse operations, the auditor notices inventory is not segregated by product type and access is unrestricted. This is inconsistent with what management described in their internal control documentation. Control risk for inventory existence is reassessed upward.

⚠️ Common exam mistakes

Treating RAP as optional background work — they are mandatory under SA 315 and directly drive the entire audit plan
Directing all inquiries only to management — SA 315 requires inquiries of OTHERS within the entity (legal, IT, internal audit, sales) for a complete risk picture
Confusing analytical procedures performed as RAP (risk identification) with analytical procedures performed as substantive procedures (evidence gathering) — the objective and rigor required differ
Forgetting that RAP alone do not provide sufficient appropriate audit evidence — they must be supplemented by further audit procedures

Reference: SA 315 — SA 315 — Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →