Joanne M. Flood - Wiley Practitioner's Guide to GAAS 2020

The nature of the control relationships between a parent and its components that determine how the group is to be consolidated

The extent to which components are audited by other auditors

The nature of the business divisions to be audited, including the need for specialized knowledge

The reporting currency to be used, including any need for currency translation for the audited financial information

The need for statutory or regulatory audit requirements (for example, OMB Circular A- 133, Audits of States, Local Governments, and Nonprofit Organizations)

The availability of the work of the internal auditor function and the extent of the auditor’s potential direct use of such work

The entity’s use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them

The expected use of audit evidence obtained in previous audits (for example, audit evidence related to risk assessment procedures and tests of controls)

The effect of IT on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques

The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information, and the effect on the audit of the information obtained during such reviews

The availability of client personnel and data

The following examples illustrate reporting objectives, timing of the audit, and nature of communications:

The entity’s timetable for reporting, including interim periods

The organization of meetings with management and those charged with governance to discuss the nature, timing, and extent of the audit work

The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued and other communications, both written and oral, including the auditor’s report, management letters, and communications to those charged with governance

The discussion with management regarding the expected communications on the status of audit work throughout the engagement

Communication with auditors of components regarding the expected types and timing of reports to be issued and other communications in connection with the audit of components

The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of work performed

Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit

The following examples illustrate significant factors, preliminary engagement activities, and knowledge gained on other engagements:

The determination of materiality, in accordance with AU-C Section 320, Materiality in Planning and Performing an Audit, and, when applicable, the following:The determination of materiality for components and communication thereof to component auditors in accordance with AU-C Section 600, Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors)The preliminary identification of significant components and material classes of transactions, account balances, and disclosures

Preliminary identification of areas in which there may be a higher risk of material misstatement

The effect of the assessed risk of material misstatement at the overall financial statement level on direction, supervision, and review

The manner in which the auditor emphasizes to engagement team members the need to maintain a questioning mind and exercise professional skepticism in gathering and evaluating audit evidence

Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified deficiencies and action taken to address them

The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity

Evidence of management’s commitment to the design, implementation, and maintenance of sound internal control, including evidence of appropriate documentation of such internal control

Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control

Importance attached to internal control throughout the entity to the successful operation of the business

Significant business developments affecting the entity, including changes in IT and business processes; changes in key management; and acquisitions, mergers, and divestments

Significant industry developments, such as changes in industry regulations and new reporting requirements

Significant changes in the financial reporting framework, such as changes in accounting standards

Other significant relevant developments, such as changes in the legal environment affecting the entity

The following examples illustrate the nature, timing, and extent of resources:

The selection of the engagement team (including, when necessary, the engagement quality control reviewer; see AU-C Section 220, Quality Control for an Engagement Conducted in Accordance with Generally Accepted Auditing Standards) and the assignment of audit work to the team members, including the assignment of appropriately experienced team members to areas in which there may be higher risks of material misstatement.

Engagement budgeting, including considering the appropriate amount of time to set aside for areas in which there may be higher risks of material misstatement.

Scope

Technical Alert

Definitions of Terms

Objective of AU-C Section 315

Overview

Requirements

Step 1. Perform Risk Assessment Procedures

Step 2. Identification of Significant Risks

Step 3. Assessing the Risk of Material Misstatement

Documentation

Examples of Matters to Consider When Obtaining an Understanding of the Entity and Its Environment

The Economy

The Client’s Industry

The Client’s Business: New Client

The Client’s Business: Continuing Client

Using a Risk-Based, Top-Down Approach to Evaluate Internal Control

Effect of IT on Internal Control

AU-C 315 Illustrations

AU-C 315 provides guidance for the auditor to identify and assess the risks of material misstatements. The auditor does this by achieving an understanding the entity and its environment, including internal control. (AU-C 315.01)

Through the AICPA’s initiative on Enhancing Audit Quality (EAQ), data surfaced that indicated firms often fail to perform appropriate risk assessments and link those risk assessments to their audit procedures in compliance with AU-C Section 315 and AU-C Section 330. As a result, the AICPA Peer Review Board has developed stronger, more precise guidance. The Peer Review Board in its September 2018 Alert, as clarified in October 2018, announced an updated focus on risk assessment documentation and a new section in the Peer Review Manual, Evaluation of Non-Compliance with the Risk Assessment Standards. This new guidance is effective for peer reviews scheduled from October 2018 through September 2021. 1

The Alert emphasizes that reviewers should be alert to these areas of common non-compliance: