UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT
Introduction
1. The purpose of this Philippine Standard on Auditing (PSA) is to establish
standards and to provide guidance on obtaining an understanding of the entity and
its environment, including its internal control, and on assessing the risks of
material misstatement in a financial statement audit. The importance of the
auditor’s risk assessment as a basis for further audit procedures is discussed in the
explanation of audit risk in PSA 200, “Objective and General Principles
Governing an Audit of Financial Statements.”
2. The auditor should obtain an understanding of the entity and its
environment, including its internal control, sufficient to identify and assess
the risks of material misstatement of the financial statements whether due to
fraud or error, and sufficient to design and perform further audit
procedures. PSA 500, “Audit Evidence,” requires the auditor to use assertions in
sufficient detail to form a basis for the assessment of risks of material
misstatement and the design and performance of further audit procedures. This
PSA requires the auditor to make risk assessments at the financial statement and
assertion levels based on an appropriate understanding of the entity and its
environment, including its internal control PSA 330, “The Auditor’s Procedures
in Response to Assessed Risks” discusses the auditor’s responsibility to determine
overall responses and to design and perform further audit procedures whose
nature, timing, and extent are responsive to the risk assessments. The
requirements and guidance of this PSA are to be applied in conjunction with the
requirements and guidance provided in other PSAs. In particular, further
guidance in relation to the auditor’s responsibility to assess the risks of material
misstatement due to fraud is discussed in PSA 240, “The Auditor’s Responsibility
to Consider Fraud and Error in an Audit of Financial Statements.”
3. The following is an overview of the requirements of this standard:
• Risk assessment procedures and sources of information about the entity and
its environment, including its internal control. This section explains the audit
procedures that the auditor is required to perform to obtain the understanding
of the entity and its environment, including its internal control (risk
assessment procedures). It also requires discussion among the engagement
team about the susceptibility of the entity’s financial statements to material
misstatement.
• Understanding the entity and its environment, including its internal control.
