## SA-315: Identifying and Assessing Risks of Material Misstatement

### Objective

The auditor must identify and assess the risks of material misstatement (RMM) — due to fraud or error — at two levels:

1. Financial Statement level

2. Assertion level

The assessment provides a basis for designing and implementing further audit procedures (FAP).

---

### Risk Assessment Procedures (RAP)

RAP is a dynamic process requiring professional judgment in:

Materiality
Risk of material misstatement
Response to risk (designing FAP)
Sufficiency & appropriateness of audit evidence
Evaluating reasonableness of management's judgments
Developing expectations for Analytical Review Procedures

Three types of RAP:

Procedure	Key Constraints
Inquiry	Cannot be performed alone — must be combined with another method
Analytical Procedures	Financial and non-financial data; provides broad initial indication only
Inspection & Observation	Operations, documents, management reports, TCWG minutes, premises

> Rule: Inquiry + Observation provides higher assurance than other combinations.

---

### Sources of Inquiry During RAP

Person Inquired	What They Provide
TCWG	Environment in which FS are prepared
Internal Audit Personnel	Design & effectiveness of ICS
IT Personnel	Changes in information systems
In-house Legal Counsel	Litigations / compliance of law
Sales & Marketing Personnel	Changes in marketing strategy, sales trends
Employees in Complex Transactions	Accounting policies applied

---

### Analytical Procedures During RAP

May identify aspects of the entity the auditor was unaware of
Include both financial and non-financial information
Help identify unusual transactions, amounts, and trends
Unusual/unexpected relationships may indicate RMM due to fraud
Results provide only a broad initial indication — other information must be considered alongside

---

### Understanding the Entity and Its Environment

Five key dimensions:

1. Industry, Regulatory & External Factors

Competitive, environmental, technological requirements
FRF, legal and political environment (e.g., taxation laws, government policies)
Macro factors: inflation, interest rates, availability of finance

2. Nature of Entity

Operations (suppliers, key customers, location of facilities)
Types of investments (capital expenditure, recent acquisitions)
Financing structure (equity vs. debt)
Financial reporting policies (revenue recognition, accounting policies)

3. Accounting Policies

Examine selection, application, and consistency of policies

4. Objectives, Strategies & Business Risks

Situation	Business Risk Created
Industry development without relevant competence	Entity lacks expertise
New products/services with product liability	Potential liability exposure
Business expansion	Wrongly estimating customer demand

5. Measurement & Review of Financial Performance

Reviews create pressure on management
Pressure may motivate improved performance OR lead to misstatement in FS
Examples: KPIs, ratios, trends; period-on-period comparison; budgets vs. actuals; credit rating reports

---

### Significant Risk

> A Significant Risk is an identified and assessed RMM that, in the auditor's judgment, requires special audit consideration.

Indicators that a risk is significant:

It is a risk of fraud
It relates to Related Party Transactions (RPTs)
It involves complexity of transactions
Transactions are of an unusual nature
Related to recent significant economic developments
Involves a high degree of subjectivity in measurement (e.g., estimates with high uncertainty)

---

### To Achieve the Objective, Auditor Shall:

a. Identify risks by understanding entity, environment, and ICS (covering account balances, classes of transactions, disclosures)

b. Assess whether identified risks are pervasive (affecting many assertions)

c. Relate identified risks to the assertion level

d. Consider the likelihood of misstatement (including possibility of multiple misstatements and their magnitude)

---

### Audit Strategy — Resource Deployment

Question	Guidance
Who	Experienced team members for high-risk areas; experts for complex areas
How much	Number of ETMs for inventory count; hours assigned to high-risk areas
When	Interim vs. year-end; cut-off procedures
How	Team briefing/debriefing; Engagement Partner review on-site or off-site

---

### Matters Considered in Planning (Context from Summary)

Category	Factors
Matters Considered	Volume of transactions; recent industrial/regulatory developments; significant changes in FRF (e.g., new Accounting Standards); other significant developments (e.g., change in legal framework)
Result of Prior Audit	Experience from previous audit; requirement to maintain professional skepticism
NTE of Resources	Experienced team members and experts assigned where there is high risk of material misstatement

Worked example

### Example 1

A manufacturing company recently migrated from a legacy system to an ERP platform. During RAP, the auditor inquires with IT personnel about the nature and extent of system changes. The auditor also inspects the data migration documentation. Inquiry alone would not suffice — the combination of inquiry + inspection provides evidence about whether data integrity was maintained and whether new RMMs (e.g., incorrect data migration, lapses in access controls) have arisen.

### Example 2

An entity in the pharmaceutical sector is expanding into a new product line with significant product liability exposure. Under SA-315, the auditor identifies this as a business risk that creates an RMM around provisions and contingent liabilities. The auditor then assesses whether this constitutes a significant risk requiring special audit consideration (e.g., direct confirmation from external legal counsel).

### Example 3

During analytical procedures in RAP, the auditor notices that revenue in Q4 is 40% higher than the quarterly average without a corresponding increase in orders or cash collections. This unusual trend — identified through non-financial data comparison — assists in identifying a possible RMM related to revenue recognition (potential premature recognition), which the auditor then addresses through targeted further audit procedures.

⚠️ Common exam mistakes

Confusing RAP (Risk Assessment Procedures) with FAP (Further Audit Procedures) — RAP identifies and assesses risk; FAP responds to assessed risk
Believing inquiry alone constitutes sufficient RAP — inquiry must always be combined with at least one other procedure (inspection, observation, or re-performance)
Treating 'significant risk' as synonymous with 'high risk' — significant risk specifically requires SPECIAL audit consideration and must be evaluated against the six indicators in SA-315
Forgetting that understanding the entity covers all five dimensions — students commonly overlook objectives/strategies and measurement of financial performance
Not distinguishing between financial-statement-level risk (pervasive, affects many assertions) and assertion-level risk (specific to a particular assertion for an account balance or class of transactions)

Bare-Act text Objective (Para 3) · SA 315 · click to expand

The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →