ROMM AND MATERIALITY

What are Risk Assessment Procedures?

These are steps an auditor takes to gather information about a company. This helps the auditor
spot any areas where mistakes (misstatements) might be hiding in the company’s financial
statements. Once these risky areas are known, the auditor can plan how to properly check and
respond to them.

Sources of Useful Information

1. Client Acceptance or Continuance

Before officially accepting the audit, the auditor already learns a lot about the company:

• Is management trustworthy?
• How big or complex is the business?
• Are there any major changes from before?

This info helps identify possible risks in the financial records.

2. Previous Experience with the Client

If the auditor has worked with the company before:

• They already have background knowledge.

• If it was a full audit before, the knowledge is more useful.
• If it was just tax work, there’s less audit-relevant info.
• The auditor must check if this old info still applies now.

3. Asking Questions (Inquiries)

Talking to different people in the company gives insights:

• Production staff → how goods are made

• Sales/marketing → product strategies, competitors
• HR → structure, pay, disputes
• Internal audit → past risk evaluations
• Finance team → accounting methods, taxes, estimates
• Legal staff or secretary → legal cases, contracts
• Board of directors → overall strategy and control environment
• IT staff → computer systems and data controls
• Audit/Risk Committees → accounting policies, risk controls
• Previous auditor (with permission) → issues found in past audits

4. Observation

Watching what’s happening at the company helps:

• Touring the factory or office shows how things operate.

• This helps the auditor understand what’s going on behind the numbers.

5. Inspection

This means reading key documents like:

• Business plans
• Internal control manuals
• Board meeting minutes
• Last year’s financial statements
• Important contracts
• Industry-related news

This gives a clearer picture of how the company works and where risks might be.

6. Analytical Procedures

This is when the auditor compares numbers and trends to find anything unusual:

• Compare this year’s data to last year’s

• Check industry averages
• Spot things that don’t make sense (like more sales but lower profits)

Examples:

• Sales go up, but profits go down → why?

• More commissions paid, but fewer sales made → suspicious?
These odd results might show errors or fraud.

7. Team Discussions

The audit team talks together to:

• Share their own knowledge

• Discuss where mistakes are most likely
• Let new team members ask questions and bring fresh ideas

This teamwork helps uncover risks that one person might miss.

Sure, Trish! Here's a simple English summary and explanation of everything in that section of
your auditing notes. I broke it down so it’s easier to understand and remember:

Main Goal of the Auditor

The auditor’s job is to find and evaluate any risks that the financial statements may have
errors or fraud. To do this, the auditor needs to understand:

• The company (how it works, what it does)

• Its environment (industry, regulations, etc.)
• Its internal controls (systems that help prevent mistakes or fraud)

Without this understanding, the auditor cannot do a proper audit.

Why Understanding the Client Is So Important

• If you don’t understand the manufacturing process, how can you check inventory or
overhead costs?
• If you don’t know the leasing policies, how can you tell if leases are recorded correctly?
• Understanding the client isn’t something you do once — it grows every year you audit
the same client.

ISA 315 (Revised 2019) – What Auditors Must Understand

1. The Entity and Its Environment

Auditors must learn about:

• The business structure (branches, head office, etc.)

• Ownership and management (who controls what)
• Business model (how the business makes money)
• The industry it operates in and any legal rules that affect it
• How performance is measured (budgets, targets, bonuses)
• The financial reporting framework (what accounting rules they use)
• How risky areas might be prone to errors or fraud

2. The Entity’s Internal Control System

Auditors also need to understand how the company prevents errors and fraud through its internal
systems:

• Control environment (tone at the top, ethics)

• Risk assessment (how the company identifies business risks)
• Monitoring controls (how they check that controls work)
• Information systems (how data flows, how info is recorded)
• Control activities (specific actions to prevent issues)

Understanding Specific Factors

1. Organisational Structure, Ownership & Business Model

Auditors must look at:

• How the business is set up (subsidiaries, divisions)

• Who owns it and how they are related
• Who manages the business and who approves financials
• What the company’s goals are and what risks might come from them

Example:

• A company wants to grow sales → Offers credit too easily → Customers don’t pay →
Risk of misstating bad debts

2. Industry, Regulations, and External Factors

Risks might come from:

• A risky industry (like fashion or tech, where trends change fast)

• Legal rules (tax laws, safety, health regulations)
• Economic factors (interest rates, inflation, currency changes)

3. Performance Measurement

Sometimes performance goals (like bonuses) pressure management to lie in the financials.

Example: If management bonuses depend on profit, they may:

• Record fake sales

• Delay expenses → So they hit targets and get rewarded

Auditors must know:

• What KPIs and goals are used internally

• What outsiders (like investors or credit agencies) expect

4. Accounting Policies

Auditors need to check if:

• The accounting methods make sense for the business

• They follow proper accounting rules
• They didn’t change policies just to hide bad results

5. Inherent Risks (things that make mistakes more likely)

These include:

• Subjectivity: Estimates based on opinions (e.g. property values, depreciation)

• Uncertainty: Things like lawsuits or guarantees
• Complexity: Complicated operations or rules
• Change: New products, new staff, new systems
• Fraud risk: Pressure, opportunity, or reasons to lie in the financials

Final Takeaway:

To do a good audit, the auditor must understand the client deeply — how it operates, what
risks it faces, and where things could go wrong. This understanding helps the auditor:

• Spot possible errors or fraud

• Plan the audit properly
• Ask the right questions and check the right things
Here’s a simple summary and explanation of the internal control system based on ISA 315
(Revised 2019), along with a mind map to help you visualise it.

Summary in Simple English

Auditors need to understand how a business's internal controls work so they can identify risks
that might lead to material misstatements in the financial statements. This helps them plan
better audit procedures.

There are 5 key components of internal control:

1. Control Environment

"The vibe of the organization"

• This is about the attitude of management and employees towards following rules.
• If leadership cares about ethics and controls, employees will too.
• Examples:
o Managers double-checking reconciliations.
o Clear job roles and responsibilities.

2. Risk Assessment Process

"How the company identifies and reacts to risks"

• Companies need to spot and evaluate risks that could affect financial reporting.
• Risks are judged by how likely and serious they are.
• Larger companies might have risk committees, while smaller ones may do this
informally.

3. Monitoring of Controls

"Checking if everything is working properly"

• This is how management checks if controls are working over time.

• Could include:
o Review of monthly reconciliations.
o Feedback from customers or internal audit reports.

4. Information System and Communication

"How financial data is collected and shared"

• Includes both manual and computerised systems.

• Auditors look at:
o How transactions are recorded and reported.
o How data is protected and communicated to management and external parties.

5. Control Activities

"The actual steps taken to prevent mistakes or fraud"

• These are the procedures that help ensure company objectives are achieved.
• Examples:
o Authorising payments.
o Separating duties (e.g. the person who approves payments isn't the one recording
them).
o Password protection on systems.

Mind Map: ISA 315 – Internal Control Components

ISA 315 – Internal Control System
|
----------------------------------------------------------------
| | | | |
Control Risk Monitoring Information Control
Environment Assessment of Controls System & Activities
Communication
| | | | |
- Ethics - Identifying - Internal - How data - Authorization
- Tone from risks audit is handled - Segregation
the top - Risk ranking - Customer - Reporting - Physical
controls
- Structure - Responses to feedback system -
Reconciliations
- HR policies risks - Journals - Access
control
- Estimates
SIMPLE SUMMARY OF AUDIT RISK (ISA 200 &
315)
What is the Auditor’s Role?

• The auditor checks if the financial statements are fairly presented.

• People rely on audited financial statements, so the auditor must give a correct opinion.
• But there’s a risk the auditor might get it wrong and say everything is fine when there’s
actually a problem.

What is Audit Risk?

Audit risk is:

The chance that the auditor gives the wrong opinion when the financial statements are
materially misstated.

This happens when:

• The auditor gives an unqualified (clean) opinion instead of a qualified, adverse, or

disclaimer opinion.

Why Can’t Audit Risk Be 0%?

Because of inherent limitations of an audit:

1. Judgement & Estimates

• Financial reports use estimates and judgment (like valuing diamonds).

2. Hidden Information

• Management might not share everything with the auditor.

3. Fraud

• Fraud can be so well-hidden, regular audit steps can’t find it.

4. No Legal Power

• Auditors can’t force people to give them information like investigators can.

5. Sampling

• Auditors don’t test everything, just samples, so mistakes can be missed.

6. Time Limits

• Audits must be done quickly, not forever.

7. Cost

• It’s too expensive to check every single thing.

Audit Risk and the Audit Process

The audit process helps reduce audit risk to an acceptable level. Auditors follow ISAs to make
sure they are doing everything properly.

COMPONENTS OF AUDIT RISK (ISA 200 & 315)

Audit Risk = Inherent Risk × Control Risk × Detection Risk

Let’s break it down:

1. Inherent Risk (IR)

"The natural risk that something will go wrong, even before any controls are applied."

• Some things are naturally risky (like valuing diamonds).

• Risk exists before looking at controls.
• Example: A company that deals in diamonds has higher inherent risk than one selling
cricket bats.
2. Control Risk (CR)

"The risk that internal controls won’t catch or fix a mistake."

• Happens when internal systems don’t work well.

• Reasons include:
o Weak segregation of duties.
o Mistakes or carelessness.
o Collusion or fraud.
o Outdated procedures.
• Even strong controls aren’t perfect — some risk always exists.

3. Detection Risk (DR)

"The risk that the auditor won’t catch a mistake during the audit."

• Happens when:
o The wrong test is chosen.
o The test is not done properly.
o The auditor misinterprets results.
• This is the only risk the auditor can control.
• Reduced by:
o Good planning.
o Experienced staff.
o Professional scepticism.
o Proper review and supervision.

MIND MAP: AUDIT RISK (ISA 200 & 315)

AUDIT RISK
|
------------------------------------------------
| | |
Inherent Risk Control Risk Detection Risk
("Natural risk") ("Risk from weak ("Risk the auditor
controls") misses a mistake")
| | |
- Complex items - Poor segregation - Bad test chosen
(e.g. diamonds) of duties - Mistake in applying test
- Estimates - Human error - Misinterpretation
- Judgement calls - Collusion - Can be reduced!
- Spectrum of - Override of controls
inherent risk - Cost/benefit limits
WHY AUDIT RISK CAN’T BE ZERO
-----------------------------------------------
| Financial judgement | Time limits |
| Hidden info/fraud | Cost limits |
| Not full investigation | Sampling only |

Chapter 6 Summary: Planning the Audit – Risk of Material Misstatement

1. What is Risk of Material Misstatement?

It's the chance that the financial statements have errors or fraud that are big enough to affect
decisions made by users (like investors or banks).

2. Common Risk Indicators

These are red flags that might suggest something could go wrong (but doesn’t mean it definitely
will):

• Complex business activities (e.g. joint ventures, special purpose entities)

• Going concern issues or liquidity problems
• Rapid changes in leadership or company structure
• Weak internal controls
• Staff lacking financial knowledge
• Risky incentives like bonuses tied to profits
• Complex IT systems or changes in systems
• New accounting standards
• Pending lawsuits or large guarantees
• Many year-end unusual transactions

3. Risk Levels

• Financial Statement Level: Affects the whole financial statement (e.g. dishonest
management)
• Assertion Level: Affects specific parts like:
o Transactions (e.g. sales)
o Balances (e.g. inventory)
o Disclosures (e.g. related party transactions)
4. Significant Risks (ISA 315)

These are the most serious risks, where:

• There’s a high chance of error

• Or the impact of the error could be big

Examples:

• Fraud risk
• Big changes in business (e.g. mergers)
• Complex transactions (e.g. derivatives)
• High subjectivity in values (e.g. asset impairments)
• Related party transactions
• Non-routine or unusual transactions

These require special audit attention!

5. Auditor’s Response to Significant Risks

• Use experienced team members

• Understand all ways the error could happen
• Use strong procedures: inspection, confirmation, enquiry
• Focus on getting high-quality evidence

6. “Stand-Back” Provision

This is a final check:

• After identifying risks, the auditor must make sure nothing important is left out
• Even if something wasn’t marked as “significant,” if it’s material (important for decision-
making), it must be reviewed

Now here’s a mind map to help make it all clearer:

Mind Map: Risk of Material Misstatement – Chapter 6

Risk of Material Misstatement
|
---------------------------------------------------
| | |
Financial Statement Assertion Level Significant Risks
Level Risk (Transactions, (High Likelihood/
(Whole FS) Balances, Disclosures) Impact Risks)
| | |
- Dishonest mgmt - E.g. fake sales - Fraud risk
- Poor controls - Missing inventory - Complex estimates
- Inexperienced staff - Undisclosed parties - Related party deals
- Mergers/changes
- Unusual year-end items
|
Auditor’s Response
|
------------------------------------------------
| | |
Skilled Team Understand full impact High-quality procedures
of the risk (e.g. inspections,
confirmations)

|
“Stand-back” Provision
(Final check for anything missed)

Sure, Trish! Here's a simple explanation and summary of the section you provided about
materiality in auditing, followed by a mind map to help you visualize the key points.

Simple Explanation: Materiality in Auditing

What is Materiality?

• Materiality means the importance or significance of a financial item.

• Auditors give an opinion on whether the financial statements are fairly presented in all
material respects.
• Financial statements don’t need to be perfect, but any errors or omissions must not be
so big that they would mislead users.

Which ISAs Talk About Materiality?

1. ISA 320 – Focuses on materiality during the planning and performance stages of the
audit.
2. ISA 450 – Focuses on evaluating misstatements found during the audit and deciding
whether the financials are still fairly presented.
Nature of Materiality
1. Subjective

• Materiality depends on judgement – different auditors may come up with different

thresholds.
• It’s influenced by context, size of the company, and what would matter to users.

2. Relative

• An amount may be material for a small company but insignificant for a large company.
• Auditors use benchmarks (like % of profit, total assets) to help decide.

3. Quantitative vs Qualitative

• Quantitative: Based on numbers (e.g., R100 000 is material if it exceeds preset limits).
• Qualitative: Based on importance (e.g., fraud or director loans may be material even if
the amount is small).

Planning & Performance Materiality (ISA 320)

1. Planning Materiality

• Set at the start of the audit.

• It helps auditors decide how much testing is needed and where to focus.
• Think of it as a threshold – if errors are above it, users might be misled.

2. Performance Materiality

• Usually lower than planning materiality.

• Used during the audit to reduce the risk that total undetected errors exceed planning
materiality.

Factors Influencing Planning Materiality

• Use of benchmarks (e.g., 5% of profit before tax).
• Industry-specific info users rely on (e.g., R&D in pharma).
• Disclosure rules (e.g., JSE, Companies Act).
• Importance of ratios or agreements (e.g., a bank loan condition).
• Governance expectations (e.g., audit committee’s views).

Mind Map: Materiality in Auditing

Here’s a mind map to help you visualize it all:

MATERIALITY IN AUDITING
│
┌──────────────────┼────────────────────┐
│ │ │
Meaning Relevant ISAs Nature of Materiality
│ │ │
├── Fairness ├── ISA 320 - Planning ├── Subjective
├── Not 100% └── ISA 450 - Eval. ├── Relative
└── Misstatements should └── Quant & Qual factors
not mislead users

PLANNING & PERFORMANCE MATERIALITY

│
┌────────────────┼─────────────────┐
│ │ │
Planning Materiality Performance Final Materiality
(early stage) Materiality (evaluation)

FACTORS INFLUENCING PLANNING MATERIALITY

│
┌───────────────┼────────────────────┐
│ │ │
Benchmarks Industry Needs Legal Requirements
(e.g., 5% PBT) (e.g., R&D) (e.g., Companies Act)

┌───────────────┬──────────────┐
│ │ │
Important Ratios Governance Views Key Disclosures
(e.g., current (e.g., audit (e.g., director pay)
ratio for loan) committee)

Absolutely! Here's a simple explanation, a summary, and a mind map for the concepts you’ve
shared from Chapter 6: Planning the Audit – Identifying and Assessing the Risk of Material
Misstatement.

Simple Explanation
1. Planning Materiality

• This is the maximum amount of error or misstatement the auditor thinks users of the
financial statements wouldn’t care about.
• Example: If planning materiality for inventory is R100 000, then errors up to R100 000
won’t mislead users.

2. Performance Materiality

• This is a stricter, smaller number than planning materiality.

• Why? Because small errors (e.g., R45k + R70k + R13k) could add up and go over the
R100 000 threshold.
• The auditor tests smaller amounts to make sure that all errors combined won’t exceed
planning materiality.

3. Effect on Audit Procedures

• Lower performance materiality → More testing, more samples, and more audit work.
• The nature, timing, and extent of audit procedures depend on this level.

4. Qualitative Misstatements

• Not just numbers! Some errors matter because of what they represent, like:
o Hidden related-party transactions
o Undisclosed lawsuits
o Directors’ pay not explained properly
• These can influence user decisions even if the rand value is small.

5. Changing Materiality During Audit

• Yes, you can change it!

• If you get new info (like the company needs a loan and must meet profit targets), you
adjust your materiality levels accordingly.

6. Final Materiality (ISA 450)

• At the end of the audit, the auditor:

o Evaluates all identified misstatements
o Checks if any uncorrected errors could affect the financial statements
• Misstatements can be:
o Numerical errors
o Wrong classifications or missing disclosures
• Clearly trivial errors (very tiny ones) don’t need to be recorded.
Summary (Key Takeaways)

Concept What It Means

Planning Materiality Overall error limit the auditor considers acceptable.
Performance Materiality Lower threshold to catch smaller errors that could add up.
These are shaped by performance materiality – stricter limits mean
Nature, Timing, Extent
more testing.
Qualitative Disclosures or info that could mislead users, even if the rand value is
Misstatements small.
Revisions to Materiality Can be adjusted if new risks or facts arise.
Final Materiality Used at the end of the audit to assess the impact of all found errors.
Tiny errors that are too small to matter at all – don’t need to be
Clearly Trivial
recorded.

Sure, Trish! Here's a simplified explanation of the text and a mind map to help you visualize
the key points.

Simplified Summary – Materiality in Auditing

1. Planning Materiality

• It’s the maximum error that the auditor believes can exist without affecting the users’
decisions.
• Example: If planning materiality is R100,000 for inventory, it means errors up to
R100,000 won’t mislead users.

2. Performance Materiality

• Smaller than planning materiality.

• Used when auditing specific account balances (like inventory or receivables).
• Ensures that smaller errors that add up don’t go unnoticed.
• Auditor uses it to:
o Assess risk of material misstatement
o Decide how much and what kind of audit procedures to perform
Example: Errors of R45,000 + R70,000 + R13,000 = R128,000 total misstatement –
individually small, but material in total.

3. Planning for Qualitative Misstatement

• These are non-amount related issues that still matter a lot!

• E.g.:
o Misleading accounting policy descriptions
o Not disclosing related party transactions
o Hiding legal issues or loss of license
• These can influence decisions, even without big number changes.

4. Revising Materiality Levels

• Materiality can be changed during the audit if new info comes up.
• E.g.:
o Auditor finds out the company needs to meet loan conditions (covenants).
o Or the financials are going to be submitted to DTI for funding.

Why change it? Because the users (like banks or DTI) have stricter needs and even smaller
misstatements might matter.

5. Final Materiality (Evaluation Stage - ISA 450)

• At the end of the audit, auditor evaluates:

o All errors found.
o Uncorrected misstatements still in the financials.
• Final materiality = the yardstick to see if the errors are acceptable.

Misstatements can be from:

• Mistakes (errors in calculation or missing info)

• Misjudgment (bad estimates or bad accounting policies)
• Fraud (intentional mistakes)

All misstatements must be recorded unless clearly trivial, which means:

• So small that they don’t matter at all