Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / AUDIT
Microlesson · 5-min read

SA 315 - Identifying and Assessing ROMM through Understanding the Entity and Its Environment

# SA 315 — Identifying & Assessing the Risks of Material Misstatement (ROMM)

## Objective of the Auditor

To identify and assess ROMM — whether due to fraud or error — at both:

  • The Financial Statement (FS) level, and
  • The Assertion level

This is done through understanding the entity, its environment and its Internal Control (IC) — these are called Risk Assessment Procedures (RAP). The result provides a basis for designing responses to assessed ROMM (as required by SA 330).

For this purpose, the auditor shall:

  • Identify risks throughout the process of obtaining understanding of the entity
  • Assess identified risks and evaluate whether they relate pervasively to FS as a whole
  • Relate identified risks to what can go wrong at assertion level
  • Consider the likelihood of misstatement, including possibility of multiple misstatements

## What Is Included in RAP?

### 1. Inquiries of Management and Others

Much information comes from management, but the auditor should also inquire from others within the entity:

SourceInformation sought
Marketing/sales personnelChanges in marketing strategies, sales trends
Information System (IS) personnelSystem changes, control failures, risks
Employees in complex/unusual transactionsAppropriateness of a/cing policy selection & application
Risk management functionOperational and regulatory risks affecting FR
In-house legal counselLitigation, compliance with L&R, knowledge/suspicion of fraud
Internal Audit (IA) personnelIA procedures, design & effectiveness of IC, mgt's response

### 2. Analytical Procedures (AP) as RAP

  • May identify aspects of the entity of which the auditor was unaware
  • Cover both financial and non-financial info
  • Unusual relationships identified assist in detecting ROMM, especially due to fraud

### 3. Observation and Inspection

Examples — observing/inspecting:

  • Entity's premises and plant facilities
  • Entity's operations
  • Documents and Records
  • Reports prepared by Management and TCWG

## Understanding the Entity & Its Environment

The auditor shall obtain understanding of:

### (a) Nature of the Entity

  • Ownership and governance structures
  • Operations
  • How the entity is structured and financed
  • Types of investments — current and planned

Examples of matters:

  • Business operations: nature of revenue sources, products/services, key customers and suppliers
  • Financing activities: subsidiaries, debt structure
  • Investing activities: capital investment, planned acquisitions
  • FR: a/cing principles, revenue recognition practices

### (b) Entity's Objectives, Strategies & Related Business Risks

Business risk is broader than ROMM — it includes ROMM. Examples:

  • Industry developments
  • New products/services
  • Expansion of business

### (c) Relevant Industry, Regulatory & Other External Factors (including AFRF)

  • Industry factors: competitive environment, supplier/customer relationships, technological developments
  • Regulatory factors: AFRF, legal and political environment
  • Other external factors: general economic conditions, interest rates, availability of financing, inflation

### (d) Selection & Application of Accounting Policies

Including reasons for changes in a/cing policies.

### (e) Measurement & Review of Financial Performance

  • Key Performance Indicators (KPIs) and key ratios
  • Period-on-period performance analyses
  • Budgets, forecasts, variance analyses
  • Credit rating agency reports

## Understanding the Entity — A Continuous Process

This is continuous and dynamic — identifying, updating and analysing info throughout the audit. It establishes a frame of reference for professional judgment, for example when:

  • Assessing ROMM
  • Determining Materiality
  • Identifying areas requiring special audit consideration
  • Evaluating sufficiency and appropriateness of evidence
  • Developing expectations for AP
  • Considering appropriateness of selection/application of a/cing policies

## Identifying Significant Risks (Risks Requiring Special Audit Consideration)

In judging which risks are significant, the auditor shall consider:

  • Whether risk is a risk of fraud
  • Complexity of transactions
  • Degree of subjectivity in measurement
  • Whether risk involves significant transactions with Related Parties (RP)
  • Whether risk involves non-routine or unusual transactions
  • Whether risk relates to recent significant economic, a/cing or other developments

### Always Significant Risks

  • ROMM due to fraud
  • Significant transactions with RP outside normal course of business

### Non-Routine Transactions

Defined as transactions that are unusual due to size or nature, occurring infrequently.

## Why ROMM is Greater for Significant Non-Routine Transactions

  • Greater management intervention to specify a/cing treatment
  • Greater manual intervention in data collection/processing
  • Nature of the transaction itself
  • Complex calculations or a/cing policies

## Why ROMM is Greater for Significant Judgmental Matters

  • A/cing policies for estimates may have different interpretations
  • Required judgments may be subjective or concern future events

## Documentation Requirements

Auditor shall document:

  • Understanding obtained regarding the entity, its environment, and RAP performed
  • Risks identified and related controls about which understanding was obtained
  • Identified and assessed ROMM at FS and assertion levels
  • Discussion among engagement team and decisions taken

Worked example

### Example 1

Example 1 — Inquiry of various personnel: During audit of PQR Ltd, in addition to inquiring from the CFO, the auditor inquires from the in-house legal counsel about pending litigations (revealing a ₹2 cr GST dispute), from the IS personnel about a recent ERP migration (revealing data conversion errors), and from the internal audit head about IA findings on procurement controls. Each inquiry surfaces ROMM the CFO had not flagged.

### Example 2

Example 2 — Significant risk identification: XYZ Ltd entered into a ₹50 cr loan transaction with its parent company on terms substantially different from market. Apply SA 315: this is a (i) significant transaction with a Related Party, and (ii) outside the normal course of business — therefore it is ALWAYS a significant risk requiring special audit consideration, even without further analysis.

### Example 3

Example 3 — AP as RAP: While performing RAP on a textile company, the auditor finds that GP margin jumped from 18% to 32% while sales grew only 5% and raw material prices were stable. This unusual relationship triggers fraud risk consideration — possibly inflated closing stock or fictitious revenue.

⚠️ Common exam mistakes

  • Treating understanding of the entity as a one-time activity at planning stage — it is a CONTINUOUS, dynamic process throughout the audit.
  • Confining inquiries to only management — SA 315 expects inquiries of 'management AND OTHERS' (legal counsel, IA, IS personnel, sales staff, etc.).
  • Forgetting that 'business risk is BROADER than ROMM' — not every business risk translates to ROMM, but every ROMM connects to some business risk.
  • Failing to identify the TWO categories that are ALWAYS significant risks: (i) ROMM due to fraud, and (ii) significant transactions with RP outside normal course of business.
  • Ignoring non-financial information in analytical procedures used as RAP — AP includes both financial AND non-financial info.
  • Documenting only ROMM at FS level and ignoring ROMM at assertion level — both must be documented along with the engagement team discussion.
  • Treating ALL related party transactions as significant risks — only those that are SIGNIFICANT and OUTSIDE THE NORMAL COURSE of business are always significant risks.
Bare-Act text SA 315 — Identifying and Assessing the Risks of Material Misstatement · Standards on Auditing (SA) issued by ICAI · click to expand
SA 315 — Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment: The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures shall include the following: (a) Inquiries of management and of others within the entity; (b) Analytical procedures; and (c) Observation and inspection. The auditor shall determine whether any of the risks identified are, in the auditor's judgment, a significant risk.
← Previous
SA 300 - Planning an Audit of
Next →
SA 320 - Materiality in Planni
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic