Please enable JavaScript.
Coggle requires JavaScript to display documents.
SA 315: Identifying & Assessing ROMM through Understanding the Entity…
SA 315: Identifying & Assessing ROMM through Understanding the Entity and its Environment
Scope
Auditor's responsibility to identify and assess ROMM in FS
Through understanding the entity, its environment, and its IC
Material Weakness
A weakness in IC that could have a material effect on FS
:star:
Types of RAP
Inquiries of MGT
Inquiries of Others
Analytical Procedures
Observation & Inspection
Info. from other engagements done for the entity
Info. from client acceptance or continuance process
Info. from previous engagements & other audits —
significant changes that have occurred
Info. from discussion among ET members
Required Understanding of Entity and its Environment
Environment
Industry factors —
Market competition
Cyclical/seasonal activity
Product technology
Energy cost and supply
Regulatory factors —
Accounting principles & industry specific practices
Regulatory framework and govt. policies
Taxation
Other factors —
Economic factors
Interest rates & availability of finance
Inflation/currency revaluation
Nature of Entity
Structure
Ownership
Related Parties
Biz. operations
Investment activities
Financing activities
Financial Reporting
Accounting Policies
Biz. objectives & related risks
General Nature and Characteristics of IC
Purpose of IC
Reliability of FR
Effectiveness & efficiency of operations
Compliance with applicable L&R
Safeguarding of Assets
Limitation of IC
Human judgement
Breakdowns due to human error
Circumvented by collusion of employees
Faulty judgements on nature & extent of IC
Cost-benefit analysis
Division of IC into components
Control Environment (CE)
Entity's Risk Assessment Process (RAP)
Control Activities (CA)
Information System (SI)
Monitoring of Controls (MO)
Benefits of IT in IC
Consistency
Enhance timeliness, availability, and accuracy
Additional analysis of information
Monitor the performance
Reduce risk of controls being circumvented
Enhanced and effective segregation of duties
Risk to IC due to IT
Inaccurate processing of data
Processing inaccurate data
Unautorised access
Possibility of IT personnel gaining access beyond their authority
Unauthorised changes to masters, systems, programs
Failure to make necessary changes
Inappropriate manual intervention
Potential data loss or inability to access data as required
Manual Elements in IC
Suitable where judgement and discretion are required for
Large, unusual or non-recurring transactions
Errors are difficult to define, anticipate, or predict
In changing circumstances — outside the scope of automated controls
In monitoring effectiveness of automated controls
Less reliable where
High volumes of recurring transactions
Where errors can be anticipated/predicted/prevented/detected/corrected by automated controls
CA where specific ways to perform control can be adequately designed
Components of IC
Elements of CE
Communication & enforcement of integrity and ethical values
Commitment to competence
Participation by TCWG
MGT's philosophy and operating style
Organisational Structure
Assignment of authority & responsibility
HR policies & practices
The Information System
Relevant to FR objectives, designed & established to
Initiate, record, process, and report
, entity's transactions, events, and conditions
Resolve incorrect processing
of transactions
Process and account for system
override of controls
Transfer info. from transaction processing systems
(TPS) to general ledger
Capture info.
relevant to FR for events and conditions other than transactions
Ensure info. as per applicable FRFW
accumulated, recorded, processed, summarised, and appropriately reported
in FS
Entity's RAP
It forms the basis for how MGT determines the risks to be managed.
Control Activities
Relating to
Authorisation
Performance Reviews
Information Processing
Physical Controls
Segregation of Duties
Monitoring of Controls
To assess the effectiveness
of IC over time,
and take remedial actions
May include
using info. from communication from external parties
that may indicate problems or highlight areas of improvement
Controls relevant to auditors based on the objective it supports
Over completeness and accuracy of information
Relating to operations and compliance objectives
Over safeguarding of assets
In certain circumstances, statute/regulation may require the auditor to report on compliance with specific aspects of IC
Identifying and Assessing ROMM at FS Level
Refers to risks that relate pervasively to the FS as a whole and potentially affects many assertions
May derive in particular from a deficient CE
Identifying and Assessing ROMM at Assertion Level
For classes of transactions, account balances, and disclosures
Need to be considered because such consideration directly assists in determining the NTE of FAP at assertion level necessary to obtain SAAE
Factors affecting controls relevant for audit
Materiality
Significance of related risk
Size of entity
Nature of biz.
Diversity & complexity of entity's operations
Legal & regulatory requirements
Circumstances & applicable component of IC
Nature & complexity of systems
How a specific control prevents/detects/corrects MM
Identifying & Assessing ROMM
Material Weakness in IC
ROMM identified by auditor but not controlled by entity/control is ineffective
Weakness in entity's RAP — evaluate
Absence of RAP where there should have been one — communicate to TCWG
Audit Aspects
Identify risks
Assess identified risk
Evaluate their effect on FS
Relate to possible misstatement at assertion level
Consider likelihood of misstatement & magnitude
Documentation
Discussion w/ ET & sig. decisions
Key elements of understanding
Identified & assessed ROMM
Risks that require special audit consideration
Risks for which substantive procedure alone do not suffice