Identifying and Assessing the Risks of Material Misstatement


An auditor is required to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. This allows the auditor to design and implement audit tests to reduce the risk of a material misstatement being unidentified in the audit of the financial statements.

The auditor’s work and effort in responding to the assessed risks of material misstatement has been increased as a result of the revisions to ISA (UK) 315. These changes include enhanced requirements for risk assessment procedures which aims to promote consistency in procedures, scalability, simplicity, robust risk assessment, and more targeted responses to risks.

The revised standard and requirements are applicable for audits of financial periods commencing on or after 15 December 2021. So the first audits captured by this new standard are generally those with 31 December 2022 year ends and later.

What are the key changes?

  • Further clarity that the auditor must identify, assess and document the risk of material misstatement at both the financial statement and assertion level. The auditor must identify the relevant assertions (such as completeness, accuracy, rights and obligations, etc.) as well as the significant classes of transactions, account balances, and disclosures that are associated with them in order to accomplish this.
  • Continues to build consistency across the auditing standards in terms of identifying key inherent risk factors when assessing risk. Inherent risk is the risk that exists before controls are considered, and the key factors are subjectivity, complexity, uncertainty, change and susceptibility to misstatement due to management bias or fraud. Inherent risk and control risk must now be considered and documented separately.
  • Reaffirms the ‘spectrum of inherent risk’ to drive scalability. ISA 315 adopts a more granular approach requiring the auditor to assess inherent risk on a spectrum. The auditor must now consider the likelihood and magnitude of a possible misstatement to assign a risk level. A wider risk scale is now used and assessment of where every risk lies on this spectrum must now be clearly documented.
  • Increases the requirement for auditors to understand the IT environment and IT controls that exist. Auditors are now required to have a detailed understanding of the company’s IT applications, infrastructure, processes and personnel to better assess the integrity of the processes and information produced from a risk perspective

What does this mean for you?

In planning and executing our audits, we are having to consider the impact of these key developments. All of which enhance and increase the amount of work that is required to form our audit opinion.

In practical terms the changes will require us to (but not limited to) undertake a more granular identification and assessment of risks of material misstatement (including those related to the IT environment), undertake alternative approaches to audit testing, increase sample sizes and have direct communication with those responsible for dealing with legal and compliance matters.

As a result, we are having to increase our fees and the level of increase applied is dependent on individual circumstances for each client.

If you have any questions, please get in touch with a member of the audit team by calling 01903 234094.