Step 1
Processing "Risks" and "Risk Reports" to the new 315 standard
Introduction
The changes to the risk dialog due to the new Auditing Standard 315 means all risks need to be reviewed after running the Audit 24.00 update. This is best done in the RRPT Risk Report.
The table below represents all the ‘changes to the risk dialog’ and the ‘expected reaction we need to adopt.’
Changes to Risk Dialogs | Expected reaction from users |
Financial Report Level (FRL) formerly Entity Level (EL) | No change expected. Automatically updates |
What can go wrong | Must be done in version 23.00, prior to Audit 24.00 Update! Field no longer exists in the Audit 24.00 risk dialog. You may wish to export the Risk Report (RRPT) to RTF in version 23.00 prior to updating to preserve the information. |
Financial Statement Areas (changes to Assertions) | For all risks that have been assigned to an FSA, these may have been assigned to the former assertions (C E A V). You are expected to review the assertions and ensure they are appropriately referenced to the new assertions (C E AV P). |
Inherent Risk Factors (IRFs) | New field as required by the new 315 standard. You are expected (if required) to update existing risks to include IRFs. |
Inherent Risk Factors Categories (IRFCs) | New field as required by the new 315 standard. You are expected (if required) to update existing risks to include IRFCs. |
Inherent Risk Factors Description | New field as required by the new 315 standard. You are expected (if required) to enter a description regarding the IRFs and IRFCs selected above. |
Likelihood of Misstatement | Existing field in previous releases but with different results. Formerly 1, 2, 3, 4, 5 is now High / Low. You must update these options after updating to 24.00. |
Magnitude of Misstatement | Existing field in previous releases but with different results. Formerly 1, 2, 3, 4, 5 is now High / Low. You must update these options after updating to 24.00. |
Inherent Risk | Existing field in previous releases but with different results. Formerly High / Low / Medium is now Significant / Higher / Lower. You must update these options after updating to 24.00. |
Control Risk | Existing field in previous releases but with different results. Formerly High / Low / Medium is now High / Low. You must update any existing control risk of Medium to ‘High’ or ‘Low’ after updating to 24.00. |
Risk of Material Misstatement (RMM) formerly Residual Risk | Existing field in previous releases but with different results. Formerly High / Low / Medium is now Significant / Higher / Lower. You must update these options after updating to 24.00. |
How to process the requirements of this step?
Every engagement file updated to Audit 24.00 is required to open and update each previously-identified risk and reassess to comply with 315 changes.
Follow the steps below to update your risks to the 315 changes:
1. Ensure your engagement file has been updated to Audit 24.00 (refer to FAQ). 2. Open the RRPT Risk Report and open the Filters and views panel (for Micro files, use the MIC document)
3. From the “view” picklist, select CWANZ - 315 Oct 22. This will organise the RRPT into a view that will allow
you to easily analyse and apply the expected changes.
4. Open the first risk in the RRPT by double-clicking. Repeat steps 4 - 6 for every risk in your RRPT.
5. For each of the following fields re-evaluate and update with the315 changes:
- Financial Statement Areas - For FSA risks, assign appropriately to new C E AV P assertions.
- Inherent Risk Factors - select most appropriate IRF(s) for this risk.
- Inherent Risk Factors Categories - select most appropriate IRFC(s) for this risk.
- Inherent Risk Factors Description - enter description concerning IRFs / IRFCs selected.
- Likelihood of Misstatement - select either High / Low.
- Magnitude of Misstatement - select either High / Low.
- Inherent Risk - select either Significant / Higher / Lower
Note: For Significant Inherent Risks, ensure you check the Significant Risk checkbox.
- Control Risk - If empty, select either High / Low.
- Risk of Material Misstatement - select either Significant / Higher / Lower.
6. Press OK to save your risk. The risk will now save and update the RRPT (e.g. see risk TL-3 in image below).
Step 2
Reviewing the “FSA assessments” and “Summaries” to align with updated risks
The changes you made to the identified risks in Step 1, as well as the changes to “Assertions” in the template, will now impact the FSA worksheet. Any previous FSA assessments and possibly the corresponding Summaries, will need to be reviewed and adjusted (if required). This will also impact your Phase B, Risk Response Programs (B.10 to X.10) and previous optimised procedures.
If you are using a Micro audit profile, you may skip Step 2.
Follow the steps below to review and adjust FSA assessments and/or the Summaries previously documented:
1. Ensure you have completed Step 1 above before proceeding.
2. Open theFSA Worksheet and ensure the All tab is selected (if it is not already).
3. Ensure the following items are selected from the ‘Audit’ Options menu
a. From the ‘Audit’ menus, select Options > Display Non-Material Items.
b. From the ‘Audit’ menus, select Options > Display All Assertion Rows.
This will organise the FSA into a view that will allow you to easily analyse and apply the expected changes.
4. First of all, we need to ensure you have all four assertions (C E AV P) activated for each FSA item.
To activate any hidden assertions, for each FSA item, right-click > Change Assertions...
a. Ensure all four assertions are selected. Press OK to save.
b. Repeat for any FSA item that is missing an assertion.
Note: You can re-disable any irrelevant assertions after you have completed the update.
5. For the Financial Report Level Risks (top row of the FSA) ensure you select the appropriate assessment for Inherent and Control Risk.
6. For all other assertion rows in the FSA;
a. Inherent Risk
- At the very top of the Inherent risk column, first select “BLANK” to clear any previous selections.
- From the same pick-list, select *Proposed. All assertions with risk(s) assigned will get an assessment.
Any assertions without risks assigned will need to be filled out manually. It may be worthwhile revisiting this when you redetermine materiality for the new current financial statements. b. Control Risk
- Review each assertion ratings and change any “Medium” control assessment to either High or Low
c. Risk of Material Misstatement
- At the very top of the Risk of Material Misstatement column, select “BLANK” to clear previous selections.
- From the same pick-list, select *Proposed to automate the RMM rating for all assertions.
- Review selections driven by the matrix below in the Audit Response Columns:
i.e. Columns A Tests of Controls, B Substantive Analytical, C Substantive Procedures and D Further
7. For the Summarise the reasoning for the assessed level of risk column, review previous comments and update any that may not align with the new assessment processed above.
Step 3
Update “Sampling Worksheets” with new Inherent and Control risk assessments
Do you use our Sampling Worksheets?
If you or your engagement file do not use our “Sampling Worksheets” you may skip Step 3.
The Sampling worksheets will automatically change due to:
This means we need to redo our Sampling worksheets by adopting the new “Assertions” and “FSA Risk Assessments”.
For more information on the changes to the Sampling Worksheet refer to FAQ.
Follow the steps below for all Sampling Worksheets in your engagement:
Ensure your engagement file has been updated to 24.00 (refer to FAQ)
Download a copy of the latest required Sampling Size Worksheet (e.g. B.70 to X.70) and SAMP (compulsory) from the Audit System template.
The new Sample Size worksheets have had some minor enhancements which are required for all engagements updating to Audit 24.00. Ensure you have got the latest Sampling Worksheet(s) downloaded from the Audit System template. Remove all older worksheets or convert them to RTF for reference 3. Redo any Sample Size worksheet using the new 315 inherent and control risk assessments.
Step 4
Confirming new assertion updates for “Risk Response Programs (B.10 - X.10)”
The Audit 24.00 update will change assertions to align with both IFAC and what is more commonly used internationally. Consequently, this change will affect all the “Risk Response Programs” in Phase B, from B.10 to X.10 (for Micro engagements, you will be reviewing the programs in the Z - Financial Statement Areas and Balances folder).
Fortunately, this update will automatically apply to most of the Risk Response Programs in Phase B, during the Audit 24.00 update. However, the purpose of Step 4 is to confirm there are no assertion-errors in your programs, post update. If there are, you might need to delete and reinsert the program from the template.
When confirming if the assertion update has worked in your risk response programs (B.10 to X.10) there should be only “one” P - Presentation procedure per program. The name of this new procedure will be Presentation and can be found by using View | Document Map from the CaseView ribbons. Any other instances of the P assertion is considered an error and should be resolved prior to starting your field work on the engagement
In the example below, the Audit 24.00 update has not worked for the E.10 Inventory program. Procedure 11 should have AV for the assigned assertion, but instead we have P. The only solution here is to delete E.10 and reinsert from the template. Repeat this process for any program that has not updated correctly.
Any procedures created by you or your team will have the procedure right-click > Assertion option enabled. All procedures created by Caseware Australia & New Zealand will have the Assertion option disabled.
Follow the steps below for any custom procedure that was originally tagged to the V -Valuation Assertion (as these will be converted to P - Presentation after the Audit 24.00 update):
Right-click the procedure and select Assertions.
De-select P - Presentation from the dialog and select AV - Accuracy and Valuation.
Press OK to save your work.
Any procedures created by you or your team that were tagged to either C, E or A should convert correctly after the Audit 24.00 update has been applied.
Conclusion
You have now completed the “four” compulsory steps that all engagement files are required to adopt after the update.
Well done!
Your engagement file is now ready to consider the remaining questions (which may not be mandatory).
Consideration Items for the next phase of the Audit 24.00 update:
Do we use the “6-100 Sign-off Report - ASA requirements” worksheet?
Do we want to use the new 315 Understanding the entity and strategy documents?
Have we adopted the “OneForm” or “Micro” profile for our engagement file?
Item 1 - Do we use the “6-100 Sign-off Report - ASA requirements” worksheet?
The 6-100 worksheet (6-100NZ for New Zealand engagements) is designed to allow reviewers to ascertain the progressive completion of the requirements during the engagement and to ensure all requirements of the Standards have been addressed at the completion of the audit. This worksheet lists all ASA (or ISA (NZ)) requirements and objectives and indicates which ones have been addressed, outstanding or deleted.
The 6-100 worksheet is only applicable for those engagements using either; Profile 1 Australia or Profile 2 New Zealand. OneForm or Micro engagement files do not include the 6-100 worksheets and the compliance of these engagements is determined by the engagement partner.
If you are not utilising the 6-100 worksheet, you may skip this item and proceed to Item 2.
Needless to say, due to the changes with 315 and 220, we need to ensure that all our engagement files have the appropriate worksheets, programs and procedures fully updated (refer to FAQ for more information).
Item 2 - Do we want to use the new 315 Understanding the entity and strategy documents?
If you were using the 6-100 worksheet, then it would be a requirement to update the 315 Understanding the entity and strategy documents. However, if you wish to continue using the older 315 workpapers and/or your own home-grown WORD documents to comply with the new standards, this is a decision for the engagement partner to ensure they are compliant.
However, if you wish to adopt our new worksheets, consider this FAQ for preserving your work from prior year engagements.
Item 3 - Have we adopted the “OneForm” or “Micro profile” for our engagement file?
Like the 315 Understanding the entity and strategy documents, ONE for OneForm and MIC for Micro audit engagements, do not have a direct update process and therefore it is up to the engagement partner to determine whether or not the audit team;
Delete current ONE/MIC worksheet and preserve information previously documented (steps outlined in this FAQ); or
Maintain existing ONE/MIC and adjust worksheets to meet the engagement partner’s acceptance of compliance.