| 15. | The auditor shall obtain an understanding of whether the entity has a process for: |
| (a) | Identifying business risks relevant to financial reporting objectives; |
| (b) | Estimating the significance of the risks; |
| (c) | Assessing the likelihood of their occurrence; and |
| (d) | Deciding about actions to address those risks. (Ref: Para. A79) |
| 16. | If the entity has established such a process (referred to hereafter as the "entity's risk assessment process"), the auditor shall obtain an understanding of it, and the results thereof. If the auditor identifies risks of material misstatement that management failed to identify, the auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects would have been identified by the entity's risk assessment process. If there is such a risk, the auditor shall obtain an understanding of why that process failed to identify it, and evaluate whether the process is appropriate to its circumstances or determine if there is a significant deficiency in internal control with regard to the entity's risk assessment process. |
| 17. | If the entity has not established such a process or has an ad hoc process, the auditor shall discuss with management whether business risks relevant to financial reporting objectives have been identified and how they have been addressed. The auditor shall evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or determine whether it represents a significant deficiency in internal control. (Ref: Para. A80) |
|
|
Licence and copyright | © 2018, LexisNexis Group a division of Reed Elsevier (UK) Ltd. All rights reserved. |