12. The auditor should have an understanding of the entity and its environment, including its internal control, as it relates to the preparation of both annual and interim financial information, sufficient to plan and conduct the engagement so as to be able to:
13. As required by ISA 315 (Revised), Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, the auditor who has audited the entity’s financial statements for one or more annual periods has obtained an understanding of the entity and its environment, including its internal control, as it relates to the preparation of annual financial information that was sufficient to conduct the audit. In planning a review of interim financial information, the auditor updates this understanding. The auditor also obtains a sufficient understanding of internal control as it relates to the preparation of interim financial information as it may differ from internal control as it relates to annual financial information. 14. The auditor uses the understanding of the entity and its environment, including its internal control, to determine the inquiries to be made and the analytical and other review procedures to be applied, and to identify the particular events, transactions or assertions to which inquiries may be directed or analytical or other review procedures applied. 15. The procedures performed by the auditor to update the understanding of the entity and its environment, including its internal control, ordinarily include the following:
16. The auditor determines the nature of the review procedures, if any, to be performed for components and, where applicable, communicates these matters to other auditors involved in the review. Factors to be considered include the materiality of, and risk of misstatement in, the interim financial information of components, and the auditor’s understanding of the extent to which internal control over the preparation of such information is centralized or decentralized. 17. In order to plan and conduct a review of interim financial information, a recently appointed auditor, who has not yet performed an audit of the annual financial statements in accordance with ISAs, should obtain an understanding of the entity and its environment, including its internal control, as it relates to the preparation of both annual and interim financial information. 18. This understanding enables the auditor to focus the inquiries made, and the analytical and other review procedures applied in performing a review of interim financial information in accordance with this ISRE. As part of obtaining this understanding, the auditor ordinarily makes inquiries of the predecessor auditor and, where practicable, reviews the predecessor auditor’s documentation for the preceding annual audit, and for any prior interim periods in the current year that have been reviewed by the predecessor auditor. In doing so, the auditor considers the nature of any corrected misstatements, and any uncorrected misstatements aggregated by the predecessor auditor, any significant risks, including the risk of management override of controls, and significant accounting and any reporting matters that may be of continuing significance, such as significant deficiencies in internal control.
SAS No. 109, Understanding the Entity, Its Environment and Assessing the Risks of Material Misstatement, states: As it has been for decades, the auditor's understanding of an entity and its environment is the basis for risk assessment and designing auditing procedures that respond to identified risks. SAS No.109 hasn't changed that purpose. The standard did, however, identify risk assessment procedures such as inquiries, observations, inspections and analytical procedures that are considered substantive evidence that supports the auditor's conclusions on financial statements. This evidence can serve to reduce evidence previously required from more costly tests of balances, even on small audits. Further, inquiries, observations and inspections may be performed to obtain a sufficient understanding of the five elements of internal control. For small audits, applying these procedures to obtain a sufficient understanding of informal key controls applied by owners or managers may even provide evidence that could reduce control risk to a level less than high! Are you taking credit for the audit evidence you obtain while gaining an understanding of an entity and its environment? If you are, post a comment and tell us how you use the evidence to reduce other more costly evidence. |