Introduction:

ISA Audit Checklist (315)

Identifying And Assessing The Risks Of Material Misstatement Through Understanding The Entity And Its Environment

All information for this checklist has been obtained for the International Standard on Auditing 315 report. This checklist has been designed to ease the process of completing the 315 ISA Audit, by transferring the report into a checklist format.

About this ISA Audit Checklist

ISA 315 Audit goal:  To identify and assess the risk of material misstatement in financial statements, through understanding the environment, which includes internal controls of an entity.

ISA 315 Objective: To assess the risks of material misstatement, whether due to fraud or error, looking at the financial statement and assertion levels, and by understanding the entity and the environment. This includes looking at the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

The benefits of the checklist approach

Checklists are a simple, yet effective way of providing structure to your processes, recording steps for managemental ease. With checklists, you can save time, delegate tasks more easily, and save energy for you to concentrate on other tasks.

This ISA Audit Checklist has been structured as per the ISA Audit Checklist (ISA) 315, into the following sections:

  • Definitions
  • Requirements
  • Requirements: Risk assessment procedures and related activities
  • Requirements: Required understanding of the entity and its environment, including the entity's internal control

  • Requirements: Identifying and assessing the risk of material misstatement

  • Requirements: Documentation
  • Requirements: Report generation

In this ISA Audit Checklist, you will be presented with specialized questions given as form fields. Different form fields are used, such as:

  • Subtasks
  • Dropdown menus
  • Short answers
  • Long answers

You can populate each form field with your specific data. This data is compiled to produce a report where appropriate.

In addition, in this ISA Audit Checklist, you will find the following features:

Record checklist details

In this ISA Audit Checklist, you will be presented with the following form fields, which you are required to populate with your specific data. More information is provided for each form field via linkage to our help pages:

To begin the ISA Audit Checklist, enter the required details into the form fields below.

This is a stop task, which means you cannot progress in this ISA Audit Checklist until the required form fields are complete.

Your details
Details of the entity being audited
Details for this ISA Audit

Entering the ISA Audit Checklist due date activates our dynamic due date feature. You will be notified a day before this audit is due.

Definitions:

For this ISA Audit Checklist, the required definition for important terms has been stated.

In this section, you are presented with our subtask form field. By checking off each subtask in this form field, you agree that you understand and can define the stated term.

Define assertion

Define assertions

Definition: As representations by management, explicit or otherwise, the inclusion of assertions within the financial statements is used by the auditor for them to consider the different types of possible misstatements. 

  • 1
    I agree that I understand and can define the term 'assertions'

Define Business risk

Define business risk

Definition: Risks can result from significant conditions, events, circumstances, actions or inactions, all of which can adversely impact a business and its objectives and strategies, or from the setting of inappropriate objectives and strategies.

  • 1
    I agree that I understand and can define the term 'assertions'

Define internal control

Define internal control

Definition: The designed, implemented and maintained processes by those charged with governance, management and other personnel,  that provide reasonable assurance about the achievement of an entity's objectives. Objectives are considered regarding the reliability of financial reporting, effectiveness, efficiency of operations, and compliance with applicable laws and regulations.

''Control'' is about any aspects of one or more of the components of internal control.

  • 1
    I agree that I understand and can define the term 'assertions'

Define risk assessment procedures

Define risk assessment procedures

Definition: Audit procedures that are used to obtain an understanding of an entity and its environment, which includes looking into the entity's internal control's used to identify risks of material misstatement - due to fraud or errors - at the financial statement and assertion levels.

  • 1
    I agree that I understand and can define the term 'assertions'

Define significant risk

Define significant risk

Definition: Identified and assessed the risk of material misstatement that, in the judgment of the auditor, requires special audit consideration.

  • 1
    I agree that I understand and can define the term 'assertions'

Application and other explanatory material:

Refer to the application and other explanatory material

During this ISA Audit Checklist, references to the applications and other explanatory material are made throughout the Requirement sections.

I have attached the International Standard on Auditing 315 report below for your reference.

International Standard on Auditing 315 [DOWNLOAD PDF]

You can add information from this section in the report by going to Edit Template. Attached is a video below explaining how this can be done.

Use the underlined A button in the text form field to highlight important bits of information and add some color to added text.

Alternatively, you can use the different formatting options using the paintbrush button in the text form field. different formating can highlight critical bits of information or information that is present as a reminder.

Click here for more information on how to use our text form field.

Requirements:

To obtain ISA Audit 315 certification, you must complete all requirements under this certification.

All requirements are taken directly from the International Standard on Auditing 315 report

To confirm requirement obtainment, you are presented with a drop-down form field, from which you can select 'Pass' or 'Fail'.

You can enter notes for each requirement in the long-text form fields also presented.

Confirm understanding of requirement importance

Please confirm that you understand the importance of meeting the ISA Audit Checklist requirements:

  • 1
    I understand that for ISA Audit 315 certification, all requirements much be met

Complete requirement 5

Requirement: The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion.

Reference paragraphs A1-A5 under Application and Other Explanatory Material

Complete requirement 6

Requirement: The risk assessment procedures shall include the following:

(a) Inquiries of management, and others within the entity who in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error.

b) Analytical procedures.

c) Observation and inspection.

Reference paragraphs:

b) A7-A10

c) A11

under Application and Other Explanatory Material

Complete requirement 7

Requirement: The auditor shall consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement.

Complete requirement 8

Requirement: If the engagement partner has performed other engagements for the entity, the engagement partner shall consider whether information obtained is relevant to identifying risks of material misstatement.

Complete requirement 9

Requirement: Where the auditor intends to use information obtained from the auditor’s previous experience with the entity and audit procedures performed in previous audits, the auditor shall determine whether changes have occurred since the previous audit that may affect its relevance to the current audit.

Reference paragraphs A12-A13 under Application and Other Explanatory Material

Complete requirement 10

Requirement: The engagement partner and other key engagement team members shall discuss the susceptibility of the entity’s financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances. The engagement partner shall determine which matters are to be communicated to engagement team members not involved in the discussion.

Reference paragraphs A14-A16 under Application and Other Explanatory Material

Requirements: Required understanding of the entity and its environment, including the entity's internal control:

Complete requirement 11 - the entity and its environment

Requirement: The auditor shall obtain an understanding of the following:

a) Relevant industry, regulatory, and other external factors including the applicable financial reporting framework. (Ref: Para. A17–A22)

b) The nature of the entity, including:

i) its operation;

ii) its ownership and governance structures

iii) the types of investments that the entity is making and plans to make, including investments in special-purpose entities; and

iv) the way that the entity is structured and how it is financed, to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.

C) The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.

d) The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement.

e) The measurement and review of the entity’s financial performance.

b) The nature of the entity, including:

Reference paragraphs:

a) A17-A22

b.iv) A23-A27

C) A28

d) A29-A35

e) A36-A41

under Application and Other Explanatory Material

Complete requirement 12 - the entity's internal control

Requirement: The auditor shall obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit.

Reference paragraphs:

a) A42-A63

Complete requirement 13 - nature and extent of the understanding or relevant controls

Requirement: When obtaining an understanding of controls that are relevant to the audit, the auditor shall evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to an inquiry of the entity’s personnel.

Reference paragraphs:

a) A66-A68

Complete requirement 14 - components of internal control, control environment

Requirement: The auditor shall obtain an understanding of the control environment. As part of obtaining this understanding, the auditor shall evaluate whether:

a) Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior; and

b) The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and whether those other components are not undermined by deficiencies in the control environment.

Reference paragraphs:

a) A69-A78

Complete requirement 15 - the entity's risk assessment process

Requirement: The auditor shall obtain an understanding of whether the entity has a process for:

a) Identifying business risks relevant to financial reporting objectives;

b) Estimating the significance of the risks;

c) Assessing the likelihood of their occurrence; and

d) Deciding about actions to address those risks.

Reference paragraphs:

a) A79

Complete requirement 16 - the entity's risk assessment process

Requirement: If the entity has established such a process (referred to hereafter as the “entity’s risk assessment process”), the auditor shall obtain an understanding of it, and the results thereof. If the auditor identifies risks of material misstatement that management failed to identify, the auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects would have been identified by the entity’s risk assessment process. If there is such a risk, the auditor shall obtain an understanding of why that process failed to identify it, and evaluate whether the process is appropriate to its circumstances or determine if there is a significant deficiency in internal control concerning the entity’s risk assessment process.

Complete requirement 17 - the entity's risk assessment process

Requirement: If the entity has not established such a process or has an ad hoc process, the auditor shall discuss with management whether business risks relevant to financial reporting objectives have been identified and how they have been addressed. The auditor shall evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or determine whether it represents a significant deficiency in internal control.

Reference paragraphs A80 under Application and Other Explanatory Material

Complete requirement 20 -control activities relevant to the audit

Requirement: The auditor shall obtain an understanding of control activities relevant to the audit, being those the auditor judges it necessary to understand for assessment the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks. An audit does not require an understanding of all the control activities related to each significant class of transactions, account balance, and disclosure in the financial statements or to every assertion relevant to them.

Reference paragraphs A88-A94 under Application and Other Explanatory Material

Complete requirement 21 -control activities relevant to the audit

Requirement: In understanding the entity’s control activities, the auditor shall obtain an understanding of how the entity has responded to risks arising from IT.

Reference paragraphs A95-A97 under Application and Other Explanatory Material

Complete requirement 22 - monitoring of controls

Requirement: The auditor shall obtain an understanding of the major activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates remedial actions to deficiencies in its controls.

Reference paragraphs A98-A10 under Application and Other Explanatory Material

Complete requirement 23 - monitoring of controls

Requirement: If the entity has an internal audit function,1the auditor shall obtain an understanding of the following to determine whether the internal audit function is likely to be relevant to the audit:

a) The nature of the internal audit function’s responsibilities and how the internal audit function fits in the entity’s organizational structure; and

b) The activities performed, or to be performed, by the internal audit function.

Reference paragraphs A101-A103 under Application and Other Explanatory Material

Complete requirement 24 - monitoring of controls

Requirement: The auditor shall obtain an understanding of the sources of the information used in the entity’s monitoring activities, and the basis upon which management considers the information to be sufficiently reliable for the purpose.

Reference paragraphs A104 under Application and Other Explanatory Material

Requirements: Identifying and assessing the risk of material misstatement:

Complete requirement 25

Requirement: The auditor shall identify and assess the risks of material misstatement at:

a) the financial statement level, and

b) the assertion level for classes of transactions, account balances, and disclosures,

to provide a basis for designing and performing further audit procedures.

Reference paragraphs A109-A113 under Application and Other Explanatory Material

Complete requirement 26

Requirement: For this purpose, the auditor shall:

a) Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements;

b) Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions;

c) Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test; and

d) Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement.

to provide a basis for designing and performing further audit procedures.

Reference paragraphs:

a) A114-A115

c) A116-A118

under Application and Other Explanatory Material

Complete requirement 27 - risks that require special audit consideration

Requirement: As part of the risk assessment as described in paragraph 25, the auditor shall determine whether any of the risks identified are, in the auditor’s judgment, a significant risk. In exercising this judgment, the auditor shall exclude the effects of identified controls related to the risk.

Complete requirement 28 - risks that require special audit consideration

Requirement: In exercising judgment as to which risks are significant risks, the auditor shall consider at least the following:

`a) Whether the risk is a risk of fraud;

b) Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention;

c) The complexity of transactions;

d) Whether the risk involves significant transactions with related parties;

e) The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and

f) Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

Reference paragraphs:

f) A119- A123

under Application and Other Explanatory Material

Complete requirement 29 - risks that require special audit consideration

Requirement: If the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk.

Reference paragraphs A124- A126under Application and Other Explanatory Material

Complete requirement 30 - risks for which substantive procedures alone do not provide sufficient appropriate audit evidence

Requirement: In respect of some risks, the auditor may judge that it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to the inaccurate or incomplete recording of routine and significant classes of transactions or account balances, the characteristics of which often permit highly automated processing with little or no manual intervention. In such cases, the entity’s controls over such risks are relevant to the audit and the auditor shall obtain an understanding of them.

Reference paragraphs A127- A129 under Application and Other Explanatory Material

Complete requirement 31 - revision of risk assessment

Requirement: The auditor’s assessment of the risks of material misstatement at the assertion level may change during the audit as additional audit evidence is obtained. In circumstances where the auditor obtains audit evidence from performing further audit procedures, or if new information is obtained, either of which is inconsistent with the audit evidence on which the auditor originally based the assessment, the auditor shall revise the assessment and modify the further planned audit procedures accordingly.

Reference paragraphs A130 under Application and Other Explanatory Material

Requirements: Documentation:

Complete requirement 32

Requirement: The auditor shall include in the audit documentation:

a) The discussion among the engagement team where required by paragraph 10, and the significant decisions reached;

b) Key elements of the understanding obtained regarding each of the aspects of the entity and its environment specified in paragraph 11 and of each of the internal control components specified in paragraphs 14–24; the sources of information from which the understanding was obtained; and the risk assessment procedures performed;

c) The identified and assessed risks of material misstatement at the financial statement level and at the assertion level as required by paragraph 25; and

d) The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the requirements in paragraphs 27–30.

Reference paragraphs A131-A134 under Application and Other Explanatory Material

Report generation:

View your Audit report and add reviewer /approver

This is the end of the ISA 315 Audit. A final report has been generated from the notes added in each task and the attainment details in the task 'Your Report'.

Please enter the date that this audit has been completed on, and the name of who this audit is to be reviewed by. You are then presented with our approvals form field. Please enter your team member who will be conducting the audit approval.

ISA Audit report for {{form.Name_of_entity_being_audited}}

Audit start date

{{form.ISA_Audit_Checklist_start_date_2}}

Audit completion date

{{form.Date_of_audit_completion_2}}

Requirements

Risk assessment procedures and related activities requirements

Requirement 5

Attainment: {{form.Requirement_5_attainment}}

Notes: {{form.Notes_on_requirement_5}}

Requirement 6

Attainment: {{form.Requirement_6_attainment}}

Notes: {{form.Notes_on_requirement_6}}

Requirement 7

Attainment: {{form.Requirement_7_attainment}}

Notes: {{form.Notes_on_requirement_7}}

Requirement 8

Attainment: {{form.Requirement_8_attainment}}

Notes: {{form.Notes_on_requirement_8}}

Requirement 9

Attainment: {{form.Requirement_9_attainment}}

Notes: {{form.Notes_on_requirement_9}}

Requirement 10

Attainment: {{form.Requirement_10_attainment}}

Notes: {{form.Notes_on_requirement_10}}

Required understanding of the entity and its environment, including the entity's internal control

Requirement 11

Attainment: {{form.Requirement_11_attainment}}

Notes: {{form.Notes_on_requirement_11}}

Requirement 12

Attainment: {{form.Requirement_12_attainment}}

Notes: {{form.Notes_on_requirement_12}}

Requirement 13

Attainment: {{form.Requirement_13_attainment}}

Notes: {{form.Notes_on_requirement_13}}

Requirement 14

Attainment: {{form.Requirement_14_attainment}}

Notes: {{form.Notes_on_requirement_14}}

Requirement 15

Attainment: {{form.Requirement_15_attainment}}

Notes: {{form.Notes_on_requirement_15}}

Requirement 16

Attainment: {{form.Requirement_16_attainment}}

Notes: {{form.Notes_on_requirement_16}}

Requirement 17

Attainment: {{form.Requirement_17_attainment}}

Notes: {{form.Notes_on_requirement_17}}

Requirement 18

Attainment: {{form.Requirement_18_attainment}}

Notes:  {{form.Notes_on_requirement_18}}

Requirement 19

Attainment: {{form.Requirement_19_attainment}}

Notes: {{form.Notes_on_requirement_19}}

Requirement 20

Attainment: {{form.Requirement_20_attainment}}

Notes: {{form.Notes_on_requirement_20}}

Requirement 21

Attainment: {{form.Requirement_21_attainment}}

Notes: {{form.Notes_on_requirement_21}}

Requirement 22

Attainment: {{form.Requirement_22_attainment}}

Notes: {{form.Notes_on_requirement_22}}

Requirement 23:

Attainment: {{form.Requirement_23_attainment}}

Notes: {{form.Notes_on_requirement_23}}

Requirement 24:

Attainment: {{form.Requirement_24_attainment}}

Notes: {{form.Notes_on_requirement_24}}

Identifying and assessing the risk of material misstatement

Requirement 25:

Attainment: {{form.Requirement_25_attainment}}

Notes: {{form.Notes_on_requirement_25}}

Requirement 26:

Attainment: {{form.Requirement_26_attainment}}

Notes: {{form.Notes_on_requirement_26}}

Requirement 27:

Attainment: {{form.Requirement_27_attainment}}

Notes: {{form.Notes_on_requirement_27}}

Requirement 28:

Attainment: {{form.Requirement_28_attainment}}

Notes: {{form.Notes_on_requirement_28}}

Requirement: 29

Attainment: {{form.Requirement_29_attainment}}

Notes: {{form.Notes_on_requirement_29}}

Requirement: 30

Attainment: {{form.Requirement_30_attainment}}

Notes: {{form.Notes_on_requirement_30}}

Requirement: 31

Attainment: {{form.Requirement_31_attainment}}

Notes: {{form.Notes_on_requirement_31}}

Documentation

Requirement: 32

Attainmnet: {{form.Requirement_32_attainment}}

Notes: {{form.Notes_on_requirement_32}}

View your final report

The audit report has been generated and is detailed below. As the assigned reviewer and approver, please look over this report.

This is an approval task, continuation of the ISA 315 Audit is not possible until the final audit report has been reviewed.

ISA Audit report for {{form.Name_of_entity_being_audited}}

Audit start date

{{form.ISA_Audit_Checklist_start_date_2}}

Audit completion date

{{form.Date_of_audit_completion_2}}

Requirements

Risk assessment procedures and related activities requirements

Requirement 5

Attainment: {{form.Requirement_5_attainment}}

Notes: {{form.Notes_on_requirement_5}}

Requirement 6

Attainment: {{form.Requirement_6_attainment}}

Notes: {{form.Notes_on_requirement_6}}

Requirement 7

Attainment: {{form.Requirement_7_attainment}}

Notes: {{form.Notes_on_requirement_7}}

Requirement 8

Attainment: {{form.Requirement_8_attainment}}

Notes: {{form.Notes_on_requirement_8}}

Requirement 9

Attainment: {{form.Requirement_9_attainment}}

Notes: {{form.Notes_on_requirement_9}}

Requirement 10

Attainment: {{form.Requirement_10_attainment}}

Notes: {{form.Notes_on_requirement_10}}

Required understanding of the entity and its environment, including the entity's internal control

Requirement 11

Attainment: {{form.Requirement_11_attainment}}

Notes: {{form.Notes_on_requirement_11}}

Requirement 12

Attainment: {{form.Requirement_12_attainment}}

Notes: {{form.Notes_on_requirement_12}}

Requirement 13

Attainment: {{form.Requirement_13_attainment}}

Notes: {{form.Notes_on_requirement_13}}

Requirement 14

Attainment: {{form.Requirement_14_attainment}}

Notes: {{form.Notes_on_requirement_14}}

Requirement 15

Attainment: {{form.Requirement_15_attainment}}

Notes: {{form.Notes_on_requirement_15}}

Requirement 16

Attainment: {{form.Requirement_16_attainment}}

Notes: {{form.Notes_on_requirement_16}}

Requirement 17

Attainment: {{form.Requirement_17_attainment}}

Notes: {{form.Notes_on_requirement_17}}

Requirement 18

Attainment: {{form.Requirement_18_attainment}}

Notes:  {{form.Notes_on_requirement_18}}

Requirement 19

Attainment: {{form.Requirement_19_attainment}}

Notes: {{form.Notes_on_requirement_19}}

Requirement 20

Attainment: {{form.Requirement_20_attainment}}

Notes: {{form.Notes_on_requirement_20}}

Requirement 21

Attainment: {{form.Requirement_21_attainment}}

Notes: {{form.Notes_on_requirement_21}}

Requirement 22

Attainment: {{form.Requirement_22_attainment}}

Notes: {{form.Notes_on_requirement_22}}

Requirement 23:

Attainment: {{form.Requirement_23_attainment}}

Notes: {{form.Notes_on_requirement_23}}

Requirement 24:

Attainment: {{form.Requirement_24_attainment}}

Notes: {{form.Notes_on_requirement_24}}

Identifying and assessing the risk of material misstatement

Requirement 25:

Attainment: {{form.Requirement_25_attainment}}

Notes: {{form.Notes_on_requirement_25}}

Requirement 26:

Attainment: {{form.Requirement_26_attainment}}

Notes: {{form.Notes_on_requirement_26}}

Requirement 27:

Attainment: {{form.Requirement_27_attainment}}

Notes: {{form.Notes_on_requirement_27}}

Requirement 28:

Attainment: {{form.Requirement_28_attainment}}

Notes: {{form.Notes_on_requirement_28}}

Requirement: 29

Attainment: {{form.Requirement_29_attainment}}

Notes: {{form.Notes_on_requirement_29}}

Requirement: 30

Attainment: {{form.Requirement_30_attainment}}

Notes: {{form.Notes_on_requirement_30}}

Requirement: 31

Attainment: {{form.Requirement_31_attainment}}

Notes: {{form.Notes_on_requirement_31}}

Documentation

Requirement: 32

Attainmnet: {{form.Requirement_32_attainment}}

Notes: {{form.Notes_on_requirement_32}}

Consider ISA Audit results for Approval:

Will be submitted for approval:
  • View your final report
    Will be submitted

Final ISA 315 Audit results

You can detail the final ISA 315 Audit results using the below drop-down menu, stating either a 'pass' or a 'fail'.

Please then detail any further notes regarding the ISA 315 audit using the long-text form field.

You can choose to email the final ISA Audit results to the relevant personnel, by selecting either 'Yes' or 'No' in the dropdown form field below.

Email final report results to relevant personnel

Sources:

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.