RISK-BASED AUDIT
Enhance Audit Quality with SA 315 & SA 330 Compliance
RISK-BASED AUDIT
Enhance Audit Quality with SA 315 & SA 330 Compliance
1. Introduction
Auditing is not just about reviewing financial statements; it is about ensuring their accuracy, reliability, and compliance with professional standards. Two critical auditing standards, i.e. SA 315 and SA 330, form the foundation of a risk-based audit approach. SA 315 focuses on identifying and assessing risks of material misstatement, while SA 330 requires auditors to respond appropriately to those risks. However, quality reviews have repeatedly highlighted deficiencies in how auditors document risks, assess internal controls and design audit procedures in response to identified risks.
This article integrates key observations of non-compliance from SA 315 and SA 330, clarifies the issues faced by auditors, and provides guidance to improve audit effectiveness. By addressing these gaps, auditors can ensure compliance with the highest professional standards and enhance the overall quality of audits.
2. Identifying Risks Without Proper Documentation
2.1
Relevant SA 315 Provisions
• Para 25 – The auditor shall identify and assess the risks of material misstatement at:
a) The financial statement level
b) The assertion level for classes of transactions, account balances, and disclosures
• Para 26 – The auditor shall identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to those risks.
Observation
A significant issue in audit documentation is the failure to properly record identified risks and link them to the financial statements. In many instances, auditors use generic checklists that provide a broad overview but fail to explain the rationale behind the classification of risks as significant or nonsignificant. Moreover, the documentation often lacks a connection between risks and the corresponding financial statement areas, making it difficult to determine whether audit procedures are appropriately designed to address the risks.
AASB Guidance
Risk identification should not be limited to a checklist approach; it requires a thorough analysis explaining why a particular risk is deemed significant. Each identified risk must be explicitly linked to relevant assertions, financial statement items, and the potential for material misstatement. The audit file should provide a narrative discussion, supported by data, about the nature of the risk and how it affects financial reporting. The risk assessment must also be aligned with the audit strategy, ensuring that responses are proportionate to the level of risk identified. Clear documentation should include references to industry-specific risks, historical financial trends, and management discussions, creating a well-supported risk assessment process.
3. Overlooking the Role of Internal Controls
in Risk Mitigation
3.1 Relevant SA 315 Provisions
• Para 12 – The auditor shall obtain an understanding of internal control relevant to the audit.
• Para 18 – The auditor shall obtain an understanding of the information system, including the related business processes relevant to financial reporting.
• Para 20 – The auditor shall obtain an understanding of control activities relevant to the audit, which are necessary to assess the risks of material misstatement.
Observation
Internal controls, particularly IT-related controls, are frequently overlooked in audits. Many auditors do not test automated controls or IT-dependent processes, relying instead on manual verification. Additionally, some auditors place excessive reliance on internal auditors without independently evaluating their work. This lack of rigorous control testing weakens the audit’s effectiveness and increases the risk of undetected material misstatements.
AASB Guidance
Understanding and testing internal controls is fundamental to an effective risk assessment process. Auditors must go beyond assessing manual controls and evaluating IT-related controls, primarily in organizations that rely heavily on automated systems for financial reporting. IT general controls, application controls, and system-generated reports should be tested to ensure the integrity of financial data. If auditors choose to rely on the work of internal auditors, they must independently assess the scope, objectivity, and reliability of that work. All reliance on internal controls should be justified with supporting documentation, including test results and an evaluation of control effectiveness. A well-documented control assessment ensures that the auditor’s risk response is appropriately designed to address potential weaknesses.
Inadequate Response to Assessed Risks
4.1 Relevant SA 330 Provisions
• Para 5 – The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.
• Para 6 - The auditor shall design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.
An extract from the Independent Auditor’s Report of Reliance Industries Limited
Observation
Even when risks are correctly identified, audit procedures often fail to address them directly. Many auditors apply standard substantive procedures such as vouching, confirmations, and analytical reviews without tailoring these procedures to the specific risks identified. Additionally, control testing is frequently ignored, with auditors defaulting to substantive procedures without determining whether internal controls could be relied upon. This disconnect between risk assessment and audit procedures results in inefficiencies and weakens the overall audit approach.
AASB Guidance
Audit responses should be designed to address the risks identified during the assessment process. If a particular risk is assessed as high, auditors should implement additional testing procedures, such as detailed walkthroughs, recalculations, and extended sampling. When relying on internal controls, auditors must perform control testing to ensure their effectiveness before reducing substantive procedures. Every audit procedure should be directly linked to a risk, with clear documentation explaining the appropriate approach. This ensures that audit work is targeted and effective in addressing potential misstatements.
5. Overlooking Fraud Risk and Management Override of Controls
5.1 Relevant SA 240 and SA 330 Provisions
• SA 240, Para 27 – The auditor shall treat assessed risks of material misstatement due to fraud as significant risks.
• SA 330, Para 21 – When the approach to a significant risk consists only of substantive procedures, those procedures shall include tests of details.
Observation
Many audits fail to consider fraud risk, particularly when management overrides controls adequately. Journal entry testing is often missing, and in cases where it is performed, the selection criteria for testing is unclear. Auditors frequently overlook the potential for biased management estimates, aggressive revenue recognition practices, and unusual transactions that may indicate fraud. This weak approach to fraud risk assessment increases the chances of material misstatements going undetected.
AASB Guidance
A comprehensive fraud risk assessment should include detailed testing of journal entries, particularly those made at the end of the reporting period. Auditors must evaluate accounting estimates to detect potential bias and scrutinize non-routine transactions for signs of fraud. Discussions with management about fraud risks and any inquiries made to those charged with governance should be documented. By implementing a structured fraud assessment process, auditors can identify and mitigate fraud risks properly.
6. Weak Documentation Practices and Lack of Cross-Referencing
6.1
Relevant SA 230 and SA 330 Provisions
• SA 230, Para 8 – Audit documentation must be sufficient for an experienced auditor to understand the work performed.
• SA 330, Para 28 – The auditor shall document the linkage of audit procedures with the assessed risks.
Observation
Many audit files lack structure, making it difficult to track how risks were assessed and addressed. Cross-referencing between risk assessments, audit procedures, and financial statements is often missing, leading to gaps in the audit trail.
AASB Guidance
Audit files should be well-structured, with clear cross-referencing between risk assessments, audit responses, and supporting evidence. Documentation should provide a logical flow, demonstrating how audit procedures addressed identified risks. By maintaining a comprehensive and organized audit file, auditors improve transparency and facilitate external quality reviews.
7. Conclusion
Addressing the deficiencies in SA 315 and SA 330 compliance is essential for improving audit quality. Auditors can provide more effective and reliable assurance by enhancing risk documentation, evaluating internal controls, strengthening fraud detection, and ensuring comprehensive audit documentation. Implementing these best practices will reinforce trust in financial reporting and uphold the integrity of the audit profession.
About Us
Founded 1972
Evolution From a small family business to a leading technology-oriented Publishing/Product company
Expansion
Launch of Taxmann Advisory for personalized consulting solutions
Our Vision
Aim
Achieve perfection, skill, and accuracy in all endeavour
Growth
Evolution into a company with strong independent divisions: Research & Editorial, Production, Sales & Marketing, and Technology
Future
Continuously providing practical solutions through Taxmann Advisory
Our Strength
Core
Editorial and Research Division
Team
Over 200 motivated legal professionals (Lawyers, Chartered Accountants, Company Secretaries)
Expertise
Monitoring and processing developments in judicial, administrative, and legislative fields with unparalleled skill and accuracy
Impact
Helping businesses navigate complex tax and regulatory requirements with ease
Taxmann Today
Legacy Innovation Commitment
Over 60 years of domain knowledge and trust
Technology-driven solutions for modern challenges
Ensuring perfection, skill, and accuracy in every solution provided
Our Core Domain Areas
Income Tax
Corporate Tax Advisory
Trusts & NGO Consultancy
TDS Advisory
Global Mobility Services
Personal Taxation
Training
Due Diligence
Foreign Exchange Management Laws
Due Dilligence
Advisory Services
Assistance in compounding of offences
Transactions Services
Investment outside India
Your Partners for Frictionless Advice
Goods
Transaction Advisory
Business Restructuring
Classification
Due Diligence
Training
Advisory
Trade Facilitation Measures
Corporate
Corporate Structuring
VAT Advisory
Residential Status
A Glimpse of the People Behind Taxmann
Naveen Wadhwa
Research and Advisory [Corporate and Personal Tax]
Chartered Accountant (All India 24th Rank)
14+ years of experience in Income tax and International Tax
Expertise across real estate, technology, publication, education, hospitality, and manufacturing sectors
Contributor to renowned media outlets on tax issues
Vinod K. Singhania Expert on Panel | Research and Advisory (Direct Tax)
Over 35 years of experience in tax laws
PhD in Corporate Economics and Legislation
Author and resource person in 800+ seminars
V.S. Datey Expert on Panel | Research and Advisory [Indirect Tax]
Holds 30+ years of experience
Engaged in consulting and training professionals on Indirect Taxation
A regular speaker at various industry forums, associations and industry workshops
Author of various books on Indirect Taxation used by professionals and Department officials
Manoj Fogla Expert on Panel | Research and Advisory [Charitable Trusts and NGOs]
Over three decades of practising experience on tax, legal and regulatory aspects of NPOs and Charitable Institutions
Law practitioner, a fellow member of the Institute of Chartered Accountants of India and also holds a Master's degree in Philosophy
PhD from Utkal University, Doctoral Research on Social Accountability Standards for NPOs
Author of several best-selling books for professionals, including the recent one titled 'Trust and NGO's Ready Reckoner' by Taxmann
Drafted publications for The Institute of Chartered Accountants of India, New Delhi, such as FAQs on GST for NPOs & FAQs on FCRA for NPOs.
Has been a faculty and resource person at various national and international forums
the UAE
Chartered Accountant (All India 36th Rank)
Has previously worked with the KPMG
S.S. Gupta Expert on Panel | Research and Advisory [Indirect Tax]
Chartered Accountant and Cost & Works Accountant
34+ Years of Experience in Indirect Taxation
Bestowed with numerous prestigious scholarships and prizes
Author of the book GST – How to Meet Your Obligations', which is widely referred to by Trade and Industry
Sudha G. Bhushan Expert on Panel | Research and Advisory [FEMA]
20+ Years of experience
Advisor to many Banks and MNCs
Experience in FDI and FEMA Advisory
Authored more than seven best-selling books
Provides training on FEMA to professionals
Experience in many sectors, including banking, fertilisers, and chemical
Has previously worked with Deloitte
Contact Us
Taxmann Delhi
59/32, New Rohtak Road
New Delhi – 110005 | India
Phone | 011 45562222
Email | sales@taxmann.com
Taxmann Mumbai
35, Bodke Building, Ground Floor, M.G. Road, Mulund (West), Opp. Mulund Railway Station Mumbai – 400080 | Maharashtra | India
Phone | +91 93222 47686
Email | sales.mumbai@taxmann.com
Taxmann Pune
Office No. 14, First Floor, Prestige Point, 283 Shukrwar Peth, Bajirao Road, Opp. Chinchechi Talim, Pune – 411002 | Maharashtra | India
Phone | +91 98224 11811
Email | sales.pune@taxmann.com
Taxmann Ahmedabad
7, Abhinav Arcade, Ground Floor, Pritam Nagar Paldi
Ahmedabad – 380007 | Gujarat | India
Phone: +91 99099 84900
Email: sales.ahmedabad@taxmann.com
Taxmann Hyderabad
4-1-369 Indralok Commercial Complex Shop No. 15/1 – Ground Floor, Reddy Hostel Lane Abids Hyderabad – 500001 | Telangana | India
Phone | +91 93910 41461
Email | sales.hyderabad@taxmann.com
Taxmann Chennai No. 26, 2, Rajan St, Rama Kamath Puram, T. Nagar
Chennai – 600017 | Tamil Nadu | India
Phone | +91 89390 09948
Email | sales.chennai@taxmann.com
Taxmann Bengaluru
12/1, Nirmal Nivas, Ground Floor, 4th Cross, Gandhi Nagar
Bengaluru – 560009 | Karnataka | India
Phone | +91 99869 50066
Email | sales.bengaluru@taxmann.com
Taxmann Kolkata Nigam Centre, 155-Lenin Sarani, Wellington, 2nd Floor, Room No. 213
Kolkata – 700013 | West Bengal | India
Phone | +91 98300 71313
Email | sales.kolkata@taxmann.com
Taxmann Lucknow
House No. LIG – 4/40, Sector – H, Jankipuram Lucknow – 226021 | Uttar Pradesh | India
Phone | +91 97924 23987
Email | sales.lucknow@taxmann.com
Taxmann Bhubaneswar
Plot No. 591, Nayapalli, Near Damayanti Apartments
Bhubaneswar – 751012 | Odisha | India
Phone | +91 99370 71353
Email | sales.bhubaneswar@taxmann.com
Taxmann Guwahati
House No. 2, Samnaay Path, Sawauchi Dakshin Gaon Road
Guwahati – 781040 | Assam | India
Phone | +91 70866 24504
Email | sales.guwahati@taxmann.com