Identification and assessment of risks of material misstatement in an audit of financial statements

The Financial Reporting Council (FRC) has issued a revision of its standard for the identification and assessment of risks of material misstatement in an audit of financial statements.

The revised standard is ISA (UK) 315 (Revised – July 2020) Identifying and Assessing the Risks of Material Misstatement.  This ISA (UK) is effective for audits of financial statements for periods beginning on or after 15 December 2021, early adoption is permitted.

The revisions to the standard are designed to drive a more robust and consistent risk identification and assessment, enhancing the basis upon which auditors design and perform audit procedures that are responsive to the risks of material misstatement and, thereby, obtain sufficient appropriate audit evidence to provide a basis for the audit opinion.

Risks of material misstatement identified and assessed by the auditor include both those due to error and those due to fraud.  Although both are addressed by this ISA (UK), the significance of fraud is such that further requirements and guidance are included in ISA (UK) 240 (Revised June 2016) in relation to risk assessment procedures and related activities to obtain information that is used to identify, assess and respond to the risks of material misstatement due to fraud.

The standard says that the auditor’s risk identification and assessment process is iterative and dynamic. The auditor’s understanding of the entity and its environment, the applicable financial reporting framework, and the entity’s system of internal control are interdependent with concepts within the requirements to identify and assess the risks of material misstatement.

The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

As with all of the ISA (UK) documents one needs to read and digest the full contents to ensure understanding and compliance with the audit regulations but the Documentation section at the end of the standard is very useful setting out:

  • Appendix 1: Considerations for Understanding the Entity and its Business Model
  • Appendix 2: Understanding Inherent Risk Factors
  • Appendix 3: Understanding the Entity’s System of Internal Control
  • Appendix 4: Considerations for Understanding an Entity’s Internal Audit Function
  • Appendix 5: Considerations for Understanding Information Technology (IT)
  • Appendix 6: Considerations for Understanding General IT Controls

To find out more about our audit services you can head to our Audit page or you can call us on 01243 782 423!