Understanding The Entity

And Its Environment And

Assessing The Risks Of
Material Misstatement

Lecture No 13
 Inquiries
Analytical procedures

Observation & Inspection

Risk
assessment External Factors
procedures
How Nature of entity

to Objectives and strategies and the related business risks

Understanding
obta consists of: Measurement & review of financial performance
in Internal Control
und
erst
andi Assessing the risk of material
ng misstatement

Communication

Documentation
Sources of Obtaining Understanding
Auditor obtains an understanding of the entity and
environment, including its internal control through:
1. Risk assessment procedures and sources of information
about the entity and its environment including its internal
control.
2. Understanding the entity and its environment, including its
internal control.
3. Assessing the risk of material misstatement.
4. Communicating with those charged with governance and
management.
5. Documentation
1. Risk Assessment Procedures &
Sources of Information
Risk assessment procedures to obtain an understanding
a) Inquiries directed towards:
• Those charged with governance
• Internal audit personnel
• Middle management (employees)
• Legal counsel
• Marketing or sales personnel
b) Analytical procedures
• Financial
• Non financial
c) Observation and inspection of:
• Observations of Activities and operations
• Inspection of Documents and records
• Reading Management reports
• Visit to premises and plant facilities
2. Understanding The Entity And Its
Environment, Including Its Internal
Control

The auditor’s understanding of the entity and its environment

consists of an understanding of the following aspects:
a) External Factors:
• Industry conditions
• Regulatory environment
• Macro economic level factors
b) Nature of the entity:
• Business operations
• Investments
• Financing
• Financial reporting
c) Objectives and strategies and the related business risks
• Potential related business risk at existence of objective:
 Industry developments
 New products and services
 Expansion of the business
 New accounting requirements
 Regulatory requirements
 Current and prospective financing requirements
 Use of IT
• Potential related business risk at implementing a strategies:
 Effects leading to new accounting requirements
d) Measurement and review of the entity’s financial
performance.
e) Internal control.
Understanding The Entity And Its
Environment, Including Its Internal Control
c) Objectives and strategies and the related business risks
Auditor must understand objectives and strategies of the
entity and also the business risks related to those objectives
and the strategies
• Potential related business risk at existence of objective:
 Industry developments
for example, that the entity does not have the personnel or
expertise to deal with the changes in the industry

 New products and services

for example, that there is increased product liability

 Expansion of the business

for example, that the demand has not been accurately
estimated
 New accounting requirements
for example, incomplete or improper implementation, or
increased costs

 Regulatory requirements
for example that there is increased legal exposure

 Current and prospective financing requirements

for example, the loss of financing due to the entity’s
inability to meet requirements

 Use of IT
for example, that systems and processes are incompatible
• Potential related business risk at implementing a strategies:
 Effects leading to new accounting requirements
(for example, incomplete or improper implementation)

The auditor should keep in mind that business risk is

broader than the risk of material misstatement.

Business risks, at times, do not cause any

misstatement in the financial statements but affect the
going concern.
Conditions and Events that may indicate
risks of material misstatements are as
follows:
 Operations in regions that are economically unstable, for
example, countries with significant currency devaluation
or highly inflationary economies.
 Operations exposed to volatile markets, for example,
futures trading.
 High degree of complex regulation.
 Going concern and liquidity issues including loss of
significant customers.
 Constraints on the availability of capital and credit.
Conditions and Events that may indicate
risks of material misstatements are as
follows:
 Changes in the industry in which the entity operates.
 Changes in the supply chain.
 Developing or offering new products or services, or
moving into new lines of business.
 Expanding into new locations.
 Changes in the entity such as large acquisitions or
reorganizations or other unusual events.
 Entities or business segments likely to be sold.
 Complex alliances and joint ventures.
Conditions and Events that may indicate
risks of material misstatements are as
follows:
 Inquiries into the entity’s operations or financial results by regulatory or
government bodies.
 Past misstatements, history of errors or a significant amount of
adjustments at period end.
 Significant amount of non-routine or non-systematic transactions
including inter-company transactions and large revenue transactions at
period end.
 Transactions that are recorded based on management’s intent, for
example, debt refinancing, assets to be sold and classification of
marketable securities.
 Application of new accounting pronouncements.
 Accounting measurements that involve complex processes.
 Events or transactions that involve significant measurement
uncertainty, including accounting estimates.
 Pending litigation and contingent liabilities for example, sales
warranties, financial guarantees and environmental remediation.
 Conditions and Events that may
indicate risks of material misstatements
are as follows:
 Use of off-balance-sheet finance, special-purpose entities, and other
complex financing arrangements.
 Significant transactions with related parties.
 Lack of personnel with appropriate accounting and financial reporting
skills.
 Changes in key personnel including departure of key executive.
 Weaknesses in internal control, especially those not addressed by
management.
 Inconsistencies between the entity’s IT strategy and its business
strategies.
 Changes in the IT environment.
 Installation of significant new IT systems related to financial reporting.
Understanding The Entity And Its
Environment, Including Its Internal Control
d) Measurement and review of the entity’s financial
performance.
 The auditor should obtain an understanding of the
measurement and review of the entity’s financial
performance.
Examples of matters an auditor may consider include
the following:
1. Key ratios and operating statistics
2. Key performance indicators
3. Employee performance measures and incentive
compensation policies.
4. Trends
5. Use of forecasts, budgets and variance analysis
6. Analyst reports and credit rating reports
7. Competitor analysis
8. Period –on-period financial performance
(revenue growth, profitability leverage)
Understanding The Entity And Its
Environment, Including Its Internal Control

e) Internal control.
Understanding of Internal Control is used by
the auditor to identify types of potential
misstatements and to consider factors that
affect the risks of material misstatements
and design the nature, timing and extent of
further audit procedures.
Definition of Internal Control

Internal controls is the process designed and effected

by those charged with governance, management,
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with
regard to reliability of financial reporting,
effectiveness and efficiency of operations and
compliance with applicable laws and regulations.
Components of Internal Control

1. The control environment

2. The entity’s risk assessment process
3. The information system, including the
related business processes relevant to
financial reporting and communication.
4. Control activities
5. Monitoring of controls
1. The Control Environment

It encompasses the following elements:

a) Communication and enforcement of integrity and ethical
values.
b) Commitment to competence
c) Participation by those charged with governance
d) Management’s philosophy and operating style
e) Organizational structure
f) Human resource policies and practices

Auditor should evaluate how these components have been

incorporated into the entity’s processes.
2. The Entity’s Risk Assessment
Process
Risks can arise or change due to circumstances such as the
following:
a) Changes in operating environment
b) New personnel
c) New or revamped information systems
d) Rapid growth
e) New technology
f) New business models, product or activities
g) Corporate restructurings
h) Expanded foreign operations
i) New accounting pronouncements
3. Information system,
including the related business
processes, relevant to financial
reporting and communication
Accordingly, an information system encompasses methods and records
that:
a)Identify and record all valid transaction.
b)Describe on a timely basis the transaction in sufficient detail to permit
proper classification of transactions for financial reporting.
c)Measure the value of transactions in a manner that permits recording
their proper monetary value in the financial statements.
d)Determine the time period in which transactions occurred to permit
recording of transactions in the proper accounting period.
e)Present properly the transactions and related disclosures in the financial
statements.
4. Control Activities
a) Performance reviews
b) Information processing
c) Physical controls
d) Segregation of duties
5. Monitoring of Controls
Monitoring means and includes ensuring that internal controls
are operating as intended. If monitoring is not done, people
may stop performing the functions they are required to perform.
It also involves assessing the quality of internal control
performance over times. Monitoring may be ongoing activities,
separate evaluations or a combination of the two.

Monitoring includes:
a) Supervisions, functions of managers
b) Internal audit
c) Communication from external parties indicating areas requiring
improvement.