SA 315 – Identifying and Assessing the Risk of Material Misstatement

## SA 315 – Identifying and Assessing the Risk of Material Misstatement

---

### Building Blocks: Concepts Before SA 315

#### I. Audit Risk

Audit Risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements (FS) are materially misstated.

$$\text{Audit Risk} = \text{Risk of Material Misstatement (ROMM)} \times \text{Detection Risk}$$

Expanding ROMM:

$$\text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk}$$

> Note: SAs do not refer to Inherent Risk and Control Risk separately; they use a combined assessment of ROMM.

---

#### II. What is a Misstatement?

A misstatement is the difference between the reported amount/classification/presentation/disclosure of a FS item and the required amount under the applicable financial reporting framework.

Misstatements can arise from fraud or error.

---

#### III. Components of Risk of Material Misstatement

```

ROMM

├── Inherent Risk

└── Control Risk

```

Inherent Risk (IR)

The susceptibility of an assertion to a material misstatement before considering any internal controls. It is inherent to the nature of the transaction, balance, or disclosure.

Control Risk (CR)

The risk that the entity's internal controls (IC) will fail to prevent or detect and correct a material misstatement. There is an inverse relationship between the efficiency of controls and control risk.

Detection Risk (DR)

The risk that the audit procedures performed will not detect a material misstatement that exists.

• Sampling Risk: The auditor's conclusion based on a sample differs from the conclusion that would be reached if the entire population were tested. (The sample was not representative.)
• Non-Sampling Risk: The auditor reaches an erroneous conclusion for any reason unrelated to sampling – e.g., using an inappropriate audit procedure.

> Critical point: The auditor can only influence Detection Risk. Inherent Risk and Control Risk belong to the entity. Therefore, to keep overall Audit Risk low, the auditor must reduce Detection Risk.

How to reduce Detection Risk:

• Increase the area of checking
• Test larger samples
• Include competent and experienced personnel in the engagement team (ET)

---

### Objective of SA 315

To identify and assess the risk of material misstatement at:

• (a) The FS level, and
• (b) The assertion level for Account balances, Balances class, Classes of transactions, and Disclosures (ABCD)

…so as to provide a basis for designing and performing further audit procedures.

For this purpose, the auditor shall:

1. Identify risks throughout the process of obtaining an understanding of the entity and its environment.

2. Assess identified risks; evaluate whether they relate more pervasively to the FS as a whole.

3. Relate identified risks to what can go wrong at the assertion level.

4. Consider the likelihood of misstatement, including multiple misstatements, and whether the potential misstatement is of a magnitude that could be material.

---

### Risk Assessment Procedures (RAP)

RAP are audit procedures performed to obtain an understanding of the entity and its environment, including its IC, to identify and assess ROMM (due to fraud or error) at the FS and assertion level.

$$\text{RAP} = \text{Inquiries} + \text{Analytical Procedures} + \text{Observation and Inspection}$$

---

### Understanding the Entity and Its Environment

• Understanding the entity includes understanding its IC.
• This understanding is critical for planning the audit and identifying areas requiring special attention.
• Gaining knowledge of the client's business is one of the most important principles in developing an overall audit plan.
• Understanding IC and the entity is a continuous, dynamic process of gathering, updating, and analysing information throughout the audit.