Appendix No. 11

to the Order of the Ministry of Finance of the Russian Federation of January 9, 2019 No. 2n

The international standard of audit 315 (reviewed) "Identification and risks assessment of essential misstatement by means of studying of the organization and its environment"

The International Standard of Audit (ISA) 315 (reviewed) "Identification and risks assessment of essential misstatement by means of studying of the organization and its environment" should be considered together with MCA 200 "Main objectives of the independent auditor and carrying out audit according to International standards of audit".

Introduction

Scope of this standard

1. This International Standard of Audit (ISA) establishes the auditor's obligations on identification and risks assessment of essential misstatement of the financial reporting by means of studying of the organization and its environment, including internal control system of the organization.

The effective date

2. This standard becomes effective concerning financial records audit for the periods which are coming to an end on December 15, 2013 or after this date.

Purpose

3. The purpose of the auditor consists in revealing and estimating risks of essential misstatement, both because of unfair actions, and owing to mistake, at the level of the financial reporting and at the level of premises, by means of studying of the organization and its environment, including internal control system of the organization, thus providing basis for development and implementation of audit procedures in response to the estimated risks of essential misstatement.

Determinations

4. For the purposes of International standards of audit the following terms have the stated below values:

(a) premises - the statements of the management made in explicit or other form which are included in the financial reporting and are used by the auditor for consideration of different types of potentially possible misstatements;

(b) business risk - the risk resulting from considerable conditions, events, circumstances, actions or failure to act which can exert negative impact on capability of the organization to achieve effective objectives and to realize the strategy, or resulting from establishment of the inadequate purposes and strategy;

(c) internal control system - the processes developed, implemented and supported by persons who are responsible for corporate management, management and other staff of the organization for ensuring reasonable confidence concerning goal achievement of the organization in the field of preparation of the reliable financial reporting, effectiveness and efficiency of activities and observance of the applicable laws and regulations. The term "control facilities" belongs to any aspects of one or several components of internal control system;

(d) assessment procedures of risks - the procedures which are carried out for the purpose of receipt of understanding of the organization and its environment, including internal control system of the organization, directed to identification and risks assessment of essential misstatement, both because of unfair actions, and owing to mistake, at the level of the financial reporting and at the level of premises;

(e) significant risk - the revealed and estimated risk of essential misstatement which, according to judgment of the auditor, requires special consideration in case of audit.

Requirements

Assessment procedures of risks and the accompanying actions

5. The auditor shall perform assessment procedures of risks to create basis for identification and risks assessment of essential misstatement at the level of the financial reporting and at the level of premises. Assessment procedures of risks, however, in itself do not provide sufficient competent auditor evidences on the basis of which the auditor opinion (see the Items A1 - A 5) can be created.

6. Assessment procedures of risks shall include the following:

(a) the direction of requests to management, the proper staff of service of internal audit (in the presence), and also to other persons in the organization which, according to the auditor, can possess information promoting identification of risks of essential misstatement owing to unfair actions or mistake (see the Items A6 - A 13);

(b) analytical procedures (see the Items A14 - A 17);

(c) observation and inspection (see Item A 18).

7. The auditor shall consider question whether information obtained in case of accomplishment by the auditor of the procedure of acceptance or continuation of the relations with the client is significant for identification of risks of essential misstatement.

8. If the head of task performed other tasks for the organization, then he shall consider whether information obtained by it is significant for identification of risks of essential misstatement.

9. When the auditor plans to use information obtained from the previous experience of its work with the organization and the audit procedures performed during the previous audit engagements he shall establish whether there were any changes since carrying out the previous task which can affect applicability of such information for the current audit (see the Items A19 - A 20).

10. The head of task and other key members of auditor group shall discuss degree of exposure of the financial reporting of the organization to essential misstatement and opportunity use of the applicable concept of preparation of the financial reporting for the facts of activities and to circumstances of the organization. The head of task shall determine what questions shall be brought to the attention members of auditor group who did not participate in discussion (see the Items A21 - A 24).

Necessary understanding of the organization and its environment, including internal control system of the organization

Organization and its environment

11. The auditor shall receive understanding of the following questions:

(a) the corresponding industry, regulatory factors and other external factors, including the applicable concept of preparation of the financial reporting (see the Items A25 - A 30);

(b) nature of the organization, including:

(i) its operating activiies;

(ii) its structure of property and corporate management;

(iii) types of investments which the organization performs and plans to perform, including investments into the organizations of special purpose;

(iv) structure of the organization and methods of its financing which will give the chance to the auditor to understand transaction types, account balances and disclosure of information which are expected in the financial reporting (see the Items A31 - A 35):

(c) the choice and application of accounting policy by the organization, including reasons for the changes made to it. The auditor shall estimate whether there corresponds accounting policy of the organization of its activities and the applicable concept of preparation of the financial reporting, and also the accounting policy used in the corresponding industry (see Item A 36);

(d) the purposes and the strategy of the organization, and also the business risks accompanying them which can result in risks of essential misstatement (see the Items A37 - A 43);

(e) assessment and the analysis of financial results of organization activity (see the Items A44 - A 49).

Internal control system of the organization

12. The auditor shall receive understanding of internal control system of the organization in part, significant for carrying out audit. In spite of the fact that the majority of control facilities which are significant for audit, as a rule, are connected with the financial reporting, not all control facilities connected with the financial reporting are significant for audit. The question of whether the control facility separately or in combination with others is significant for the booked audit, represents subject of application of professional judgment of the auditor (see the Items A50 - A 73).

Nature and amount of understanding of appropriate means of control

13. In case of receipt of understanding significant for the booked audit of control facilities the auditor shall analyze their structure and by means of supplementary procedures, in addition to the direction of requests to personnel of the organization, establish whether they are implemented in practice (see the Items A74 - A 76).

Components of internal control system

Control circle

14. The auditor shall receive understanding of the control circle. During receipt of such understanding of the control circle the auditor shall estimate:

(a) whether it was created and whether it is supported by management under the supervision of persons who are responsible for corporate management, culture of honesty and ethical behavior;

(b) whether provide strengths of elements of the control circle in total proper basis for other components of internal control and also whether render shortcomings of the control circle of negative impact on other components of internal control (see the Items A77 - A 87).

Process of risks assessment in the organization

15. The auditor shall receive understanding of whether the following processes are performed in the organization:

(a) identification of business risks, significant for the purposes of the financial reporting;

(b) assessment of relevancy of risks;

(c) assessment of probability of emergence of risks;

(d) decision making about measures for decrease in such risks (see Item A 88).

16. If in the organization such process (further in the text it is called "process of risks assessment of the organization") is applied, the auditor shall reach understanding of both the process, and results of its application. If the auditor reveals risks of essential misstatement which the management could not reveal, he shall estimate whether he is not present at the heart of these risks of this kind of risk which, according to expectations of the auditor, shall be revealed by process of risks assessment of the organization. If such risk exists, the auditor shall receive understanding of why it was not revealed in the course of risks assessment and to estimate whether there correspond processes to circumstances, or to determine whether there are in the organization considerable shortcomings of internal control system regarding process of risks assessment.

17. If such process in the organization is not performed or applied to separate case, the auditor shall discuss question of with management whether the business risks which are significant for the purposes of the financial reporting and what measures are taken on their elimination were revealed. The auditor shall estimate whether lack of documentary drawn up process of risk assessment is proper in these circumstances or it is considerable lack of internal control system (see Item A 89).

The information system connected with the financial reporting including the corresponding business processes, and information exchange

18. The auditor shall receive understanding of information system, including the corresponding business processes relating to preparation of the financial reporting, including the following aspects (see the Items A90 - A92 and A95 - A 96):

(a) the transaction types within organization activity which are considerable for the financial reporting;

(b) procedures as in system using the information technologies (IT), so in system of manual handling of data by means of which such transactions are initiated, register, processed and are as required adjusted, transferred to the main register and are reflected in the financial reporting;

(c) the relevant data of financial accounting, confirmatory information and specific accounts which are used for initiation, accounting, processing and reflection in the financial reporting; including correction of wrong data and methods of transfer of information in the main register. Records can be carried out as manually, and in electronic format;

(d) how the information system fixes events and conditions, in addition to transactions which are significant for the financial reporting;

(e) process of preparation of the financial reporting, including considerable estimative values and disclosures of information;

(f) control facilities concerning accounting entries, including the non-standard accounting entries applied to accounting of one-time, unusual transactions or adjustments (see the Items A93 - A 94).

This understanding of the information system relating to preparation of the financial reporting shall include the corresponding aspects connected with information opened in the financial reporting which is obtained from or from the outside of the main register and auxiliary sheets.

19. The auditor shall receive understanding of how the organization gives information on functions and obligations by preparation of the financial reporting, and also about the significant questions connected with the financial reporting including the following (see the Items A97 - A 98):

(a) information exchange with the management and persons who are responsible for corporate management;

(b) reporting of information to the third parties, for example, to regulating authorities.

Control actions, significant for the booked audit

20. The auditor shall receive understanding of those control actions, significant for the booked audit which, according to the auditor, it is necessary to study to estimate risks of essential misstatement at the level of premises and to develop further audit procedures in response to the estimated risks. Carrying out audit does not require studying of all control actions connected with each considerable transaction type, account balance and disclosure in the financial reporting or with each corresponding premises (see the Items A99 - A 106).

21. When studying control actions in the organization the auditor shall receive understanding of how the organization responds to the risks arising owing to use of IT (see the Items A107 - A 109).

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info