## SA 315 — Identifying and Assessing Risks of Material Misstatement

Full title: Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment

---

### Objective of the Auditor

To identify and assess the risks of material misstatement — whether due to fraud or error — at:

1. The financial statement level, and

2. The assertion level (for classes of transactions, account balances, and disclosures)

...through understanding:

The entity and its environment, and
The entity's internal control

This provides the basis for designing and implementing responses to assessed risks, reducing RMM to an acceptably low level.

---

### Two Levels of Risk Assessment

Level	Purpose
Financial statement level	Identifies pervasive risks affecting the statements as a whole and potentially many assertions
Assertion level	Determines the nature, timing, and extent of further audit procedures for specific transactions, balances, and disclosures

---

### Four Steps for Identifying and Assessing RMM

Step	Action
(a) Identify	Identify risks throughout the process of understanding the entity, its environment, and relevant controls
(b) Assess	Evaluate whether each identified risk relates pervasively to the financial statements as a whole and potentially affects many assertions
(c) Relate	Relate identified risks to what can go wrong at the assertion level, considering relevant controls the auditor intends to test
(d) Consider	Consider the likelihood of misstatement (including multiple misstatements) and whether the potential magnitude could result in a material misstatement

---

### Key Takeaway

SA 315 is not a one-time exercise — understanding the entity and assessing risks is a continuous process throughout the audit. As the auditor learns more, risk assessments must be updated.

Worked example

### Example 1

Applying all four steps: A fast-growing e-commerce company has rapidly rising revenue. (a) Identify: Risk of revenue overstatement to meet investor targets. (b) Assess: Pervasive financial-statement-level risk — affects revenue, receivables, and potentially disclosures. (c) Relate: At assertion level — completeness and cut-off of sales transactions; occurrence of recorded revenue. (d) Consider: Likelihood is high given management pressure; magnitude is high given the large revenue base. Conclusion: significant risk requiring tailored substantive procedures.

### Example 2

Manual journal entries at year-end: (a) Identify: Risk of management override via manual journal entries. (b) Assess: Pervasive — could affect multiple account balances. (c) Relate: Existence and accuracy assertions for any account touched by year-end journals. (d) Consider: Even a single large fraudulent entry could be material; likelihood is moderate but consequence is high. Auditor responds by testing all significant manual journal entries posted at year-end.

⚠️ Common exam mistakes

Stopping at risk identification without formally assessing whether each risk operates at the financial statement level or the assertion level — both levels require distinct responses.
Considering magnitude without likelihood (or vice versa) — SA 315 requires evaluating both: a high-magnitude risk with near-zero likelihood has a different audit response than a moderate risk with high likelihood.
Treating risk assessment as a one-time exercise at the planning stage — SA 315 requires a continuous process; new information during fieldwork may change the assessment.
Ignoring the entity's internal controls when relating risks to the assertion level — effective controls reduce RMM and may reduce the extent of substantive procedures needed.

Bare-Act text Objective (Para 3) · SA 315 — Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment · click to expand

The objective of the auditor is to identify and assess the risks of material misstatement whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →