8.

Understanding the Entity and Its Environment

References:
a. PSA 300, Planning an Audit of Financial Statements
b. PSA 315 (Redrafted), Identifying and Assessing the Risks of Material Misstatement

Importance of Understanding the Entity, its Environment, and its Internal Control
The auditor’s understanding of the entity and its environment, including internal control (separately
discussed), is the foundation of the conduct of an effective audit. It establishes a frame of reference
within which the auditor plans the audit and exercises professional judgment throughout the audit, for
example, when:
• Assessing risks of material misstatements (ROMM) of the financial statements.
• Establishing materiality.
• Considering the appropriateness of the selection and application of accounting policies, and the
adequacy of financial statement disclosures.
• Identifying areas of special audit consideration
• Developing expectations for use when performing analytical procedures.
• Responding to the assessed ROMM and
• Evaluating the sufficiency and appropriateness of audit evidence obtained.
The auditor uses professional judgment to determine the extent of the understanding required
sufficiently enough to be able to identify and assess risks of material misstatements, which is
ordinarily less than that of possessed by management in managing the entity.
The Six Key Elements of Understanding of the Entity, its Environment, and its Internal Control
Based on PSAs, the scope of the understanding required by the auditor for identifying risks is
contained in six key elements, as follows.

Procedures to Obtain an Understanding of the Entity and its Environment

The procedures that the auditor should perform in order to obtain an understanding sufficient to
assess the risks and consider these risks in designing the audit plans include the following:
1. performing risk assessment procedures.
2. considering the use of information obtain in prior period audits; and
3. having discussion among audit engagement team.
Risk Assessment Procedures (RAP)
Risk assessment procedures are the audit procedures performed to obtain an understanding of the
entity and its environment, including the entity’s internal control, to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and assertion levels,
thereby providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
The risk assessment procedures shall include the following:
1. Inquiries of management, and of others within the entity.
2. Analytical procedures.
3. Observation and inspection.
However, risk assessment procedures by themselves do not provide sufficient appropriate audit
evidence on which to base the audit opinion.

Inquiries of Management, and of Others within the Entity

Much of the information obtained by the auditor’s inquiries is obtained from management and those
responsible for financial reporting. However, the auditor may also obtain information, or a different
perspective in identifying risks of material misstatement, through inquiries of others within the entity.
Inquiries directed towards with others within the entity are summarized below:
Entity Personnel Information to be Obtained
Those charged with governance May help the auditor understand the environment in which
the financial statements are prepared.
May provide information about internal audit procedures
Internal audit personnel performed during the year relating to the design and
effectiveness of the entity’s internal control and whether
management has satisfactorily responded to findings from
those procedures.
Employees involved in initiating, May help the auditor to evaluate the appropriateness of the
processing or recording complex or selection and application of certain accounting policies
Unusual transactions
May provide information about such matters as litigation,
compliance with laws and regulations, knowledge of
In-house legal counsel fraud or suspected fraud affecting the entity, warranties,
post- sales obligations, arrangements (such as
joint ventures) with business partners and the meaning of
contract terms.
May provide information about changes in the entity’s
Marketing or sales personnel marketing strategies, sales trends, or contractual
arrangements with its customers.

Analytical Procedures
Analytical procedures involve evaluations of financial information through analysis of plausible
relationships among both financial and non-financial data. Analytical procedures also encompass
such investigation as is necessary of identified fluctuations or relationships that are inconsistent with
other relevant information or that differ from expected values by a significant amount.

Application of Analytical Procedures in Audit

Analytical procedures involve comparisons between the auditor’s expectations and the recorded
(reported) amounts relating to the entity’s financial statements. Examples of auditor’s expectations
include:
• Financial information:
§ Comparable information for prior periods
§ Anticipated results (budgets or forecasts)
§ Industry information
• Relationships:
§ Elements of financial information expected to have a predictable pattern (gross margin)
§ Between financial and non-financial information, (payroll costs to number of employees)

The auditor should apply analytical procedures at the planning and overall review stages of the audit.
Analytical procedures may help identify the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have audit implications. Unusual
or unexpected relationships that are identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud.

However, when such analytical procedures use data aggregated at a high level (which may be the
situation with analytical procedures performed as risk assessment procedures), the results of those
analytical procedures only provide a broad initial indication about whether a material misstatement
may exist. Accordingly, in such cases, consideration of other information that has been gathered
when identifying the risks of material misstatement together with the results of such analytical
procedures may assist the auditor in understanding and evaluating the results of the analytical
procedures.

Types of Analytical Procedures

The following are the types of typical analytical procedures applied in an audit:
1. Trend analysis—this type is based on the assumption that performance will continue in line with
previous performance or industry trends unless something unusual is happening in the company.
2. Ratio analysis—this type similar to financial statement analysis and is highly effective technique to
highlight account balances that are out of line and may signal the potential for fraud.
3. Test of reasonableness—this type tests whether a recorded amount is reasonable with regards to
the auditor’s expectation.
4. Regression analysis—this type involves time-series analysis by examining trends in relationship
with previous results.

Investigating Results of Analytical Procedures

If analytical procedures identified fluctuations or inconsistent relationships that differ significantly from
expected values, investigate differences by:
• Inquiring of management and obtaining appropriate audit evidence relevant to management’s
responses; and
• Performing other audit procedures as necessary in the circumstances.

Summary of Analytical Procedures

Stage Risk Assessment Risk Response Conclusion and Reporting

Procedure: Preliminary analytical Substantive analytical Concluding (Final or

procedures procedures Overall) analytical
procedures
To obtain understanding of the To detect material To form an overall
Objective: entity and its environment Misstatements. conclusion about
in order to identify and assess Whether financial
ROMM. Statements are
Consistent with the
auditor’s understanding.
Identification and assessment Detection of material Conclusion whether
of ROMM. misstatement Financial statements are
Result: Consistent with the
auditor’s understanding, or
the auditor may identify
previously unrecognized
ROMM.
Attention Yes No Yes
directing?
Required? Yes No Yes

Observation and Inspection

Observation and inspection may support inquiries of management and others, and may also provide
information about the entity and its environment. Examples of such audit procedures include
observation or inspection of the following:
• The entity’s operations.
• Documents (such as business plans and strategies), records, and internal control manuals.
• Reports prepared by management (such as quarterly management reports and interim financial
statements) and those charged with governance (such as minutes of board of directors’ meetings).
• The entity’s premises and plant facilities (tour).
• Books, periodicals and other publications related to the entity and its environment.
Information Obtained in Prior Periods
When the auditor intends to use information obtained from the auditor’s previous experience with the
entity and from audit procedures performed in previous audits, the auditor shall determine whether
changes have occurred since the previous audit that may affect its relevance to the current audit.
The auditor is required to determine whether information obtained in prior periods remains relevant, if
the auditor intends to use that information for the purposes of the current audit. This is because
changes in the control environment, for example, may affect the relevance of information obtained in
the prior year. To determine whether changes have occurred that may affect the relevance of such
information, the auditor may make inquiries and perform other appropriate audit procedures, such as
walk-throughs of relevant systems.

Discussion Among the Engagement Team

(‘Brainstorming’)
The engagement partner and other key engagement team members shall discuss the susceptibility of
the entity’s financial statements to material misstatement, and the application of the applicable
financial reporting framework to the entity’s facts and circumstances. The engagement partner shall
determine which matters are to be communicated to engagement team members not involved in the
discussion.

Documentation
The auditor shall document:
• The risk assessment procedures performed, as part of detailed audit plan.
• The discussion among the engagement team, and the significant decisions reached (normally in a
memorandum or minutes of meeting)
• Key elements of the understanding obtained regarding each of the aspects of the entity and its
environment including the sources of information from which the understanding was obtained
(normally in a ‘understanding the business template’)
For recurring audits, certain documentation may be carried forward, updated as necessary to reflect
changes in the entity’s business or processes.