| A1. | Obtaining an understanding of the entity and its environment, including the entity's internal control (referred to hereafter as an "understanding of the entity"), is a continuous, dynamic process of gathering, updating and analyzing information throughout the audit. The understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment throughout the audit, for example, when: |
| Assessing risks of material misstatement of the financial statements; |
| Determining materiality in accordance with ISA (UK and Ireland) 320;3 |
| Considering the appropriateness of the selection and application of accounting policies, and the adequacy of financial statement disclosures; |
| Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of management's use of the going concern assumption, or considering the business purpose of transactions; |
| Developing expectations for use when performing analytical procedures; |
| Responding to the assessed risks of material misstatement, including designing and performing further audit procedures to obtain sufficient appropriate audit evidence; and |
| Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the appropriateness of assumptions and of management's3a oral and written representations. |
| A2. | Information obtained by performing risk assessment procedures and related activities may be used by the auditor as audit evidence to support assessments of the risks of material misstatement. In addition, the auditor may obtain audit evidence about classes of transactions, account balances, or disclosures and related assertions and about the operating effectiveness of controls, even though such procedures were not specifically planned as substantive procedures or as tests of controls. The auditor also may choose to perform substantive procedures or tests of controls concurrently with risk assessment procedures because it is efficient to do so. |
| A3. | The auditor uses professional judgment to determine the extent of the understanding required. The auditor's primary consideration is whether the understanding that has been obtained is sufficient to meet the objective stated in this ISA (UK and Ireland). The depth of the overall understanding that is required by the auditor is less than that possessed by management in managing the entity. |
| A4. | The risks to be assessed include both those due to error and those due to fraud, and both are covered by this ISA (UK and Ireland). However, the significance of fraud is such that further requirements and guidance are included in ISA (UK and Ireland) 240 in relation to risk assessment procedures and related activities to obtain information that is used to identify the risks of material misstatement due to fraud.4 |
| A5. | Although the auditor is required to perform all the risk assessment procedures described in paragraph 6 in the course of obtaining the required understanding of the entity (see paragraphs 11-24), the auditor is not required to perform all of them for each aspect of that understanding. Other procedures may be performed where the information to be obtained therefrom may be helpful in identifying risks of material misstatement. Examples of such procedures include: |
| Reviewing information obtained from external sources such as trade and economic journals; reports by analysts, banks, or rating agencies; or regulatory or financial publications. |
| Making inquiries of the entity's external legal counsel or of valuation experts that the entity has used. |
| 3 ISA (UK and Ireland) 320, "Materiality in Planning and Performing an Audit." |
| 3a In the UK and Ireland, as explained in paragraph A2-1 of ISA (UK and Ireland) 580, "Written Representations," it is appropriate for written representations that are critical to obtaining sufficient appropriate audit evidence to be provided by those charged with governance, rather than other levels of the entity's management. |
| 4 ISA (UK and Ireland) 240, "The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements," paragraphs 12-24. |
 |
Licence and copyright | © 2018, LexisNexis Group a division of Reed Elsevier (UK) Ltd. All rights reserved. |