The Institute of Chartered Accountants of Pakistan

                                   

Circular No. 12/2004 November 18, 2004

ALL MEMBERS OF THE INSTITUTE

Dear Member

The Council of the Institute in its 165th meeting held on 30-31 July, 2004 decided to adopt: -

  1. ISA 315 ON “UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT” and
  2. ISA 330 ON “THE AUDITOR’S PROCEDURES IN RESPONSE TO ASSESSED RISKS”

These standards on auditing are applicable for the audits of the financial statements covering the periods beginning on or after December 15, 2004.

Given below are outlines of both ISAs:

AN OUTLINE OF ISA 315

Obtaining an understanding of the entity and its environment is an essential aspect of performing an audit in accordance with ISAs. In particular, that understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment about assessing risks of material misstatement of the financial statements and responding to those risks throughout the audit. The Standard therefore requires that:

The auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

The requirements of this Standard can be divided into following five sections:

  1. Risk assessment procedures and sources of information about the entity and its environment, including its internal control. This section explains the audit procedures that the auditor is required to perform to obtain the understanding of the entity and its environment, including its internal control (risk assessment procedures). It also requires discussion among the engagement team about the susceptibility of the entity’s financial statements to material misstatement.
  2. Understanding the entity and its environment, including its internal control. This section requires the auditor to understand specified aspects of the entity and its environment, and components of its internal control, in order to identify and assess the risks of material misstatement
  3. Assessing the risks of material misstatement. This section requires the auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels. The auditor:
    • Identifies risks by considering the entity and its environment, including relevant controls, and by considering the classes of transactions, account balances, and disclosures in the financial statements;
    • Relates the identified risks to what can go wrong at the assertion level; and
    • Considers the significance and likelihood of the risks.

    This section also requires the auditor to determine whether any of the assessed risks are significant risks that require special audit consideration or risks for which substantive procedures alone do not provide sufficient appropriate audit evidence. The auditor is required to evaluate the design of the entity’s controls, including relevant control activities, over such risks and determine whether they have been implemented.

  4. Communicating with those charged with governance and management. This section deals with matters relating to internal control that the auditor communicates to those charged with governance and management.
  5. Documentation. This section establishes related documentation requirements.

    The Standard includes three Appendices that provide additional guidance on:

    • Understanding the entity and its environment;
    • Internal control components; and
    • Conditions and events that may indicate risks of material misstatement

    Appendix 2 also provides guidance on application of the Standard to small entities, which was previously dealt with under IAPS 1005 “The Special Considerations in the Audit of Small Entities”.

AN OUTLINE OF ISA 330

The overall responses and the nature, timing, and extent of the further audit procedures are matters for the professional judgment of the auditor. This Standard provides guidance on determining overall responses and designing and performing further audit procedures to respond to the assessed risks of material misstatement at the financial statement and assertion levels in a financial statement audit and requires that:

The auditor should determine overall responses to address the risks of material misstatement at the financial statement level; and

In order to reduce audit risk to an acceptably low level, the auditor should determine overall responses to assessed risks at the financial statement level, and should design and perform further audit procedures to respond to assessed risks at the assertion level.

The requirements of this Standard can be divided into following four sections:

  1. Overall responses. This section requires the auditor to determine overall responses to address risks of material misstatement at the financial statement level and provides guidance on the nature of those responses.
  2. Audit procedures responsive to risks of material misstatement at the assertion level. This section requires the auditor to design and perform further audit procedures, including tests of the operating effectiveness of controls, when relevant or required, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. In addition, this section includes matters the auditor considers in determining the nature, timing, and extent of such audit procedures.
  3. Evaluating the sufficiency and appropriateness of audit evidence obtained. This section requires the auditor to evaluate whether the risk assessment remains appropriate and to conclude whether sufficient appropriate audit evidence has been obtained.
  4. Documentation. This section establishes related documentation requirements.

    ISA 330 takes a further step to the guidance provided in ISA 315 regarding assessing the risks of material misstatement. The Standard would assist the auditors in applying appropriate audit procedures to address the assessed risks of material misstatement.

These ISAs are part of the Audit Risk Standards comprising of:

  • ISA 315, “Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement;”
  • ISA 330, “The Auditor’s Procedures in Response to Assessed Risks;”
  • Revised ISA 500, “Audit Evidence;” and
  • Amendments to ISA 200, “Objective and General Principles Governing an Audit of Financial Statements.” The amendments are reflected in the appendix of the extant ISA 200.
  1. ISAs 315, 330, 500 (Revised) and the amendments to ISA 200 are effective for audits of financial statements for periods beginning on or after December 15, 2004, after which following ISA will be withdrawn:

    1. ISA 310, “Knowledge of the Business,”
    2. ISA 400, “Risk Assessments and Internal Control,”
    3. ISA 401, “Auditing in a Computer Information Systems Environment,”
    4. extant ISA 500, “Audit Evidence” and
    5. International Auditing Practice Statement (IAPS) 1008, “Risk Assessments and Internal Control—CIS Characteristics and Considerations”

Members are requested to note that the ISA 315, 330, 500 (revised) and details of revisions to ISA 200 are available in the ISA handbook editions published by the Institute on or after February 2004.


Thanking You


Yours truly

 

Syed Sajid Ali
Director Technical Services