ISA 315: Identifying and

Assessing the Risks of Material

Misstatement through
Understanding the Entity and Its
Environment
Md. Thasinul Abedin
MBA(Accounting); MSc (Economics and Finance)
Associate Professor of Accounting and Finance
University of Chittagong

September 15, 2025

1 / 30
Objective

To identify and assess the risks of material

misstatement, whether due to fraud or error, at
the financial statement level and the assertion level
through understanding the entity and its
environment including the entity’s system of
internal control.

2 / 30
Importance of ISA 315

Once the auditor understands the entity and its

environment including internal controls and
assesses the risks of material misstatement, then he
is capable of:
▶ designing the right audit procedures that
directly address those risks; and
▶ implementing those audit procedures during
the audit.
Note: Both bullet points are covered by ISA 330!

3 / 30
Example-1

Question: The auditor identifies high inherent

risk in revenue recognition (risk of overstatement)
through assessing the internal controls which are
weak.
Responses: (i) increase substantive testing
(deals with account balances) of revenue
recognition transactions; (ii) check whether
transactions are recorded in the correct accounting
period; and (iii) confirm balances with customers.

4 / 30
ISA 315 vs. ISA 330

▶ ISA 315 focuses on risk assessment.

▶ ISA 330 focuses on auditor’s responses
(auditor’s responses to the assessed risks).

5 / 30
Risk of Material Misstatement (RMM)

The risk that the financial statements are

materially misstated prior to audit. It exists at two
levels-
▶ Financial Statement Level (FSL): Risks
that affect the financial statements as a whole.
It is pervasive in nature and affects multiple
areas.
▶ Assertion Level: Risks that affect specific
transactions, account balances, or disclosures.

6 / 30
Understanding the Entity and Its
Environment

The auditor shall obtain an understanding of the

following issues.
▶ Industry, Regulatory, and Other External
Factors
▶ The Nature of the Entity
▶ Accounting Policies and Practices
▶ Measurement and Review of Financial
Performance

7 / 30
Understanding Industry, Regulatory, and
Other External Factors

▶ Industry Conditions
▶ Regulatory Factors
▶ Other External Factors

8 / 30
Industry Conditions

▶ Nature of the industry (growth, decline,

volatile)
▶ Competitive environment (market share,
competitors’ strategies)
▶ Technological developments affecting
operations
▶ Cyclical or seasonal factors affecting financial
results

9 / 30
Regulatory Factors

▶ Applicable laws and regulations (Companies

Act 1994 and Set of IFRSs etc.)
▶ Compliance requirements specific to the
industry
▶ Government policies affecting operations or
financial reporting

10 / 30
Other External Factors

▶ General economic conditions (inflation,

exchange rates, interest rates)
▶ Social or political changes that could affect
the business
▶ Customer or supplier concentration (risk if
revenue depends on few clients)

11 / 30
Understanding the Nature of the Entity

▶ Organizational Structure
▶ Operations
▶ Financing
▶ Investments and Relationships
▶ Objectives, Strategies, and Risks

12 / 30
Organizational Structure

▶ Ownership (public, private, subsidiary, parent

company)
▶ Governance (board of directors, audit
committee)
▶ Reporting lines and management
responsibilities

13 / 30
Operations

▶ Nature of business activities, products, or

services
▶ Geographic location and extent of operations
▶ Production processes, supply chains, and
distribution channels

14 / 30
Financing

▶ Sources of funding (equity, debt)

▶ Capital structure and borrowing arrangements
▶ Covenants or conditions affecting financial
reporting

15 / 30
Investments and Relationships

▶ Subsidiaries, joint ventures, and associates

▶ Related-party relationships and transactions

16 / 30
Understanding Accounting Policies and
Practices

Auditor should understand relevant financial

reporting framework including-
▶ accounting principles and industry specific
practices;
▶ revenue recognition; and
▶ accounting for unusual and complex
transactions.

17 / 30
Understanding Accounting Policies and
Practices, cont...

Auditor should understand the entity’s accounting

policies such as-
▶ the methods the entity uses to recognize,
measure, present and disclose significant
items;
▶ effect of significant accounting policies in
controversial or emerging areas for which
there is a lack of authoritative guidance or
consensus;

18 / 30
Understanding Accounting Policies and
Practices, cont...

▶ changes in the environment (e.g., accounting

or tax changes) that may necessitate a change
in accounting policies; and
▶ financial reporting standards and laws and
regulations that are new to the entity, and
when and how the entity will adopt, or
comply with, such requirements.

19 / 30
Understanding Sustainability Impact

The auditor may consider the implications of

climate-related risks when obtaining an
understanding of the entity and whether
climate-related risks influence-
▶ the entity’s business model (such as the
entity’s supply chain);
▶ industry factors (such as competitive
environment, supplier and customer
relationships, and technological
developments);

20 / 30
Understanding Sustainability Impact,
cont...

▶ regulatory factors (such as climate-related

laws and regulations); and
▶ other external factors (such as the economic
conditions, interest rates and availability of
financing, commodity prices and inflation or
currency revaluation).

21 / 30
Understanding Fraud

Even if ISA 240 stresses that auditor has no

responsibility for the prevention and detection of
fraud given the sole responsibility of the
management, fraud can have a material impact on
financial statements. As a result, fraud becomes a
part of audit after all!

22 / 30
Understanding Fraud, cont...

ISA makes a crucial distinction between two types

of misstatements arising from fraud-
▶ Misstatements arising from fraudulent
financial reporting
▶ Misstatements arising from misappropriation
of assets

23 / 30
Understanding Fraud, cont...

In understanding the client’s business there are

some key questions that need to be asked-
▶ Can the figures be manipulated and if so,
how?
▶ Which areas are most susceptible to
manipulation?
▶ Can assets be misappropriated and if so, how?
▶ Which areas are most at risk?

24 / 30
Related Party Transaction (RPT)

A Related Party Transaction (RPT) means any

transaction between the reporting entity and its
related parties.

25 / 30
Related Party

A related party can be-

▶ individuals who control or significantly
influence the company (owners, directors, key
management);
▶ close family members of such individuals;
▶ entities under common control (subsidiaries,
associates, joint ventures, or companies
controlled by the same person/group).

26 / 30
Examples of RPT

▶ Sale or purchase of goods/services to a

subsidiary at a favorable price.
▶ Loans given to directors or entities they
control.
▶ Transfer of property between the company
and its CEO’s family.
▶ Management contracts with another company
owned by board members.

27 / 30
Importance of Understanding RPT
Related party transactions often do not take place
at arm’s length (i.e., not under normal market
terms). This creates a risk of material
misstatement due to-
▶ Fraud or concealment (hiding liabilities,
inflating revenue).
▶ Conflict of interest (transactions benefiting
insiders instead of shareholders).
▶ Incorrect disclosures (not reporting related
party relationships in the financial
statements).

28 / 30
Auditor’s Responsibilities for RPT: ISA
550
▶ Identify related parties – by inquiring
management, reviewing shareholder records,
board minutes, etc.
▶ Understand relationships and
transactions – assess whether they are
genuine and properly authorized.
▶ Assess risk of material misstatement –
especially fraud risk from undisclosed RPTs.
▶ Verify disclosures – ensure related parties
and their transactions are correctly disclosed
in the financial statements.
29 / 30
Auditor’s Responsibilities for RPT: ISA
550, cont...

▶ Evaluate substance over form – check if

transactions are structured to hide their true
nature.

30 / 30