Risk Assessment

Risk Assessment


Auditors are required to assess audit risk and reduce it to an acceptably low level. In conducting a thorough assessment of risk auditors will be able to:

  • Identify areas of the financial statements where misstatements are likely to occur;
  • Plan procedures that address the significant risk areas identified;
  • Carry out an efficient, focussed and effective audit;
  • Minimise the risk of issuing an inappropriate audit opinion to an acceptable level;
  • Reduce the risk of reputational and punitive damage.

Although risk assessment is a fundamental element of the planning process, it is important to understand that risks can be uncovered at any stage of the audit and that procedures must be adapted in light of revelations that indicate further risks of material misstatement. It is, ultimately, the responsibility of the most senior reviewer (usually the engagement partner) to confirm that the risk of material misstatement has been reduced to an acceptable level.

Understanding the Entity and its Environment

The first stage in the risk assessment process it to consider the risks of material misstatements in the client's financial statements in accordance with ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment. This states:

'The objective of the auditor is to identify and assess the risk of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.'

In order to obtain this understanding of their clients the auditor must obtain information about the following matters:

  • Relevant industry, regulatory and other external factors (including the financial reporting framework);
  • The nature of the entity, including:
    • its operations;
    • its ownership and governance structures;
    • the types of investment it makes; and
    • the way it is structured and financed.
  • The entity's selection and application of accounting policies;
  • The entity's objectives, strategies and related business risks;
  • The measurement and review of the entity's financial performance; and
  • The internal controls relevant to the audit.

Once the auditor has obtained this information they must consider how the general business risks identified could impact the financial statements and if they could lead to material misstatement.

The information used to complete these references can come from a wide range of sources, including:

Risk assessment procedures

ISA 315 requires auditors to perform the following procedures to understand the entity and its environment:

  • Enquiries with management and others within the client entity (e.g. about external and internal changes the company has experienced);
  • Analytical procedures; and
  • Observation (e.g. of control procedures) and inspection (e.g. of key strategic documents and procedural manuals).
Created at 10/3/2012 2:47 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 11/2/2016 10:53 AM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Rating :

Ratings & Comments  (Click the stars to rate the page)


risk;audit risk;Risk assessment

Recent Discussions

There are no items to show in this view.