SA 315 — Identifying and Assessing the Risks of Material Misstatement — CA Inter Microlesson

Before you can audit anything, you need to figure out where things can go wrong — and how badly. That's exactly what SA 315 is about. Think of it as the auditor's detective work before the real testing begins. Without this, you're just randomly checking vouchers and hoping for the best.

SA 315 requires you to identify and assess the Risks of Material Misstatement (RMM) — at two levels: the financial statement level (something broad, like weak management integrity that could affect everything) and the assertion level (specific claims like 'all debtors actually exist'). RMM = Inherent Risk × Control Risk in concept — the higher both are, the more audit work you must do.

To assess these risks, you perform Risk Assessment Procedures (RAPs) — these are NOT substantive tests, they're just information-gathering: (1) Inquiries of management and staff (ask the warehouse manager if inventory counts were done properly), (2) Analytical Procedures (compare Rajesh & Co.'s gross margin this year vs. last — a sudden jump raises a flag), and (3) Observation & Inspection (walk through the factory floor, glance at board minutes, read the loan agreements). You also need to understand the entity's internal control — broken into five components: Control Environment, Entity's Risk Assessment process, Information & Communication system, Control Activities, and Monitoring (remember the mnemonic CEIAM or CRIME variants).

The golden rule: if you identify a Significant Risk — a risk that requires special audit consideration (e.g., fraud risk, non-routine transactions, high estimation uncertainty) — you cannot rely on controls alone. You must do substantive procedures, period. Management override of controls is always treated as a significant risk in every audit, no exceptions. This is a favourite exam trap.

Also note: SA 315 was revised (SA 315 Revised) and the ICAI curriculum for May 2026 reflects this revision — key additions include Spectrum of Inherent Risk, the distinction between Inherent Risk Factors (complexity, subjectivity, change, uncertainty, susceptibility to fraud/bias), and the concept of Preliminary IT understanding. Don't ignore the IT-related internal control paragraphs — they appear in MCQs.

📊 Worked example

Example 1 — Identifying Assertion-Level RMM

You are auditing Mehta Exports Pvt. Ltd., a textile exporter with revenue of ₹18,00,00,000 (₹18 crore). During RAPs, you notice:

Revenue grew 40% YoY, but the industry average was only 8%
The CFO was changed mid-year
Export debtors include ₹3,20,00,000 (₹3.2 crore) outstanding for over 180 days

Step 1 — Apply Analytical Procedure: 40% growth vs. 8% industry → significant unexplained variance → flag Occurrence and Accuracy assertions for revenue.

Step 2 — Identify Inherent Risk Factors: High subjectivity (debtors recoverability), change (new CFO, process risk), susceptibility to bias (overstatement of revenue).

Step 3 — Assess Control Risk: You inquire and find there is no formal credit approval process for export customers — control gap exists.

Step 4 — Conclude RMM: High Inherent Risk + High Control Risk = High RMM on Revenue (Occurrence) and Trade Receivables (Existence, Valuation).

Audit Response: Design substantive procedures — confirm debtors directly, review subsequent receipts post year-end, test a sample of export invoices.

---

Example 2 — Identifying a Significant Risk

During audit of Sharma Pharmaceuticals Ltd. (revenue ₹45 crore), you note that ₹8,50,00,000 (₹8.5 crore) relates to a one-time land sale — a non-routine transaction at year-end.

Step 1: Non-routine + large amount + complex (capital gains computation, GST implications) → meets definition of Significant Risk.

Step 2: Significant Risk means you cannot rely solely on controls. Even if Sharma has strong controls over property transactions, you must perform substantive procedures — obtain sale deed, verify stamp duty valuation, check board approval, recompute capital gain.

Final Answer: Significant Risk identified on Gain on Sale of Land (Occurrence, Accuracy assertions). Mandatory substantive testing required regardless of control strength.

⚠️ Common exam mistakes

Students confuse RAPs with substantive procedures — RAPs (inquiry, analytical procedures, observation) are only for understanding and risk identification, not for reducing substantive risk. Don't say 'I did analytical procedures so I don't need to verify debtors.'
Forgetting the two levels of RMM — many students only write assertion-level risks in answers. Always address both financial statement level AND assertion level risks for full marks.
Treating all high risks as Significant Risks — a Significant Risk has a specific meaning (special audit consideration needed, often non-routine or high estimation). Don't label every risk as 'significant' — the examiner will deduct marks.
Missing that management override is ALWAYS a Significant Risk — this is hardcoded in SA 315 and SA 240. In any question involving fraud or internal controls, mention this. Students skip it and lose easy marks.
Ignoring IT in internal control answers — SA 315 Revised explicitly covers IT environment understanding. When listing internal control components, don't just write 'control environment' — mention general IT controls and automated application controls if the entity uses software (which almost all do now). This is tested in MCQs for May 2026.

📖 Reference: SA 315 — Institute of Chartered Accountants of India

← Previous

SA 300

SA 320

Test yourself

Practice questions on this section, AI-graded with citations.

⚡ Practice now →