Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Risk Assessment and Internal Control
Microlesson · 5-min read

Inquiries of Management and Others Within the Entity

## Inquiries of Management and Others Within the Entity

Inquiry is a key risk assessment procedure. The auditor directs inquiries at different people within the entity to gather different types of information.

### Information Obtained from Different Sources

#### Internal Audit Personnel

  • Internal audit procedures performed during the year
  • Design and effectiveness of the entity's internal control
  • Whether management has satisfactorily responded to internal audit findings

#### In-House Legal Counsel

  • Litigation and legal proceedings
  • Compliance with laws and regulations
  • Knowledge of fraud or suspected fraud
  • Warranties and post-sales obligations
  • Arrangements with business partners (e.g., joint ventures)
  • Meaning and interpretation of contracts

#### Marketing or Sales Personnel

  • Changes in the entity's marketing strategies
  • Sales trends
  • Contractual arrangements with customers

#### Information Systems Personnel

  • System changes
  • System or control failures
  • Other IT-related risks

### Key Insight

Different personnel have different vantage points. Limiting inquiry to management alone can miss important information available from operational staff.

Worked example

### Example 1

Scenario: CA Q is auditing a departmental store and wants to inquire about fraud risks and litigation. Whom should he approach?

Answer: In-house legal counsel — they have information about litigation, compliance issues, knowledge of fraud or suspected fraud, warranties, and contractual matters.

### Example 2

Scenario: The auditor suspects that the entity recently changed its revenue recognition policy due to a shift in sales strategy. Whom should the auditor inquire with to understand this?

Answer: Marketing or sales personnel — they can provide information about changes in marketing strategies, sales trends, and contractual arrangements with customers that may have triggered the accounting change.

⚠️ Common exam mistakes

  • Directing all inquiries only to management — SA 315 specifically requires inquiries of others within the entity (internal audit, legal, sales, IT) to get a complete picture.
  • Treating inquiry as a standalone sufficient procedure — inquiry must be corroborated by other evidence (inspection, observation, re-performance).
  • Forgetting IT/information systems personnel as a source — they are specifically relevant for identifying IT-related risks and control failures.
Reference: — SA 315 – Identifying and Assessing the Risk of Material Misstatement through Understanding the Entity and its Environment
← Previous
IT-Related Risks and Their Imp
Next →
Internal Control Questionnaire
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic