Identifying risks through understanding the entity 510

Page 1 of 10

Entity

Period ended

Objective: To identify the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels,
through understanding the entity, including internal control (CAS 315.3).

Use this form to identify possible business and fraud risk factors. Note that many business risks can also be a fraud risk. Record possible risk
factors identified on Forms 520/522 or equivalent for assessment and developing a possible audit response. Where possible, cross-reference
answers to supporting documentation (such as business plans, budgets, agreements, etc.).

GENERAL

1. Describe the nature of the entity’s operations

Type of entity (e.g., public, private

etc.)
If public, on what stock exchanges are
shares/debt listed?

Date incorporated:

Jurisdiction(s) of incorporation:

Possible risk factors (check all that apply):

Industry is high risk, dangerous or controversial Attracts government/media scrutiny

Activities tend to attract litigation Major changes taking place in the industry

Operations in regions that are economically unstable Other

PART A: INDUSTRY, REGULATORY AND OTHER EXTERNAL FACTORS

2. Important indicators, trends and constraints

Identify economic indicators, industry trends and other constraints that could impact on the financial viability of the entity. Review
relevant magazines, studies, reports, newspaper articles and information that is available on the Internet.
Date Trend/constraint identified and possible significance (also indicate source of information where applicable)

Possible risk factors (check all that apply):

Major price increases/volatility in raw materials or other Suitably trained staff difficult to find/employ
key supplies expected

Interest rate increases will significantly affect cash flow Constraints on the availability of capital and credit
needed for operations

Demand for the entity’s products/services are declining Heavy competition from lower cost products/services

New technology or other factors are making existing New products/services or new lines of business require extensive
products/services less valuable or obsolete expenditure on research and development

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 2 of 10

Major impacts resulting from changing weather patterns Consolidation is taking place in the industry
(drought, flood, high temperatures, etc.)

Changes in the supply chain Other

3. Legal and regulatory requirements

Identify laws and regulations (including environmental) that would result in significant liability if contravened. Also include the source
of the authority such as the name of the act or regulation involved.
Regulatory requirement Nature of liability involved and any history of violations

Possible risk factors (check all that apply):

Subject to complex regulations History of litigation or violations

Fines or penalties could impact ability to operate Other

4. Significant customers, suppliers and competitors

Describe
significance Comments
Name (% of sales, etc.) (i.e., length of relationship and any threat of loss)

Possible risk factors (check all that apply):

Loss of a significant customer or supplier Economic dependence

Other

PART B: NATURE OF THE ENTITY

5. Provide a brief outline of how the entity operates (one vs. multiple locations, local, national or international sales, marketing,
Internet sales, competitive advantages, etc.)

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 3 of 10

6. Ownership
Describe the nature of ownership (such as owner/manager, family members, public ownership or taxpayers).

7.
Large stakeholders
(individual/company) % Describe any direct involvement, influence or agreements that exist

Possible risk factors (check all that apply):

Significant stakeholders not active in day-to-day Parent company uses a different financial reporting
management of the entity framework

Extensive public scrutiny of the financial statements Other

8. Board of Directors (where applicable):

On Audit
Member Committee?
Name since (Y/N) Comments (skills, background, expertise, etc.)

Possible risk factors (check all that apply):

Roles and responsibilities unclear (such as in a Board charter Limited or no financial expertise on board or audit
or code of conduct, etc.). committee

No business plan (e.g., annual) No regular monitoring/review of financial results to budget

Board accepts management recommendations without any Board members get involved in day-to-day operations and
substantive discussions/questions undermine management authority

Minutes of meetings poorly documented and/or not Other

approved

9. Management oversight and accountability

To whom does management report on a regular basis (if anyone)?
Nature of accountability (i.e., board,
franchisors, bank loan agreements, etc.) Describe the reporting requirements

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 4 of 10

Possible risk factors (check all that apply):

Management is not being held accountable for actions Management is not inclined to share bad news or poor
performance with the board or others

Other

10. Key personnel

Name key members of the management team or attach an organization chart.
(Note: One person may perform multiple functions or more than one person may fulfill some roles.)

In charge overall Information technology

Finance Administration

Sales Purchasing

Human resources Operations

Other

Describe the entity’s payroll (hourly, salary, etc.) policies and performance incentives (if any).

Describe any significant terms of contract with unions or other employee groups.

Possible risk factors (check all that apply):

Changes in key personnel or departure of key executives Lack of personnel with appropriate accounting and financial
reporting skills

Friends/family frequently hired who do not have the Wages are below market prices
required skills

Staff roles and responsibilities are unclear Minimal staff accountability for poor performance

Inadequate support (i.e., staff resources) to perform the job Incentive pay is large

Other

11. Management operating style

Describe management’s primary operating style (i.e., autocratic or consensus building, risk taking or conservative, etc.)

Possible risk factors (check all that apply):

Operations dominated by a single person or small group of Overly aggressive risk taking
people

Poor attitudes toward internal controls Poor staff morale

Other

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 5 of 10

12. Management pressures

Identify any pressures on management that could provide a source of temptation to manipulate financial statements or misappropriate
assets. Consider incentive bonuses, a planned sale of part or all the entity, need for new financing (acquisitions or new initiatives),
reducing taxes, or meeting expectations (covenants) imposed by lenders, shareholders or other third parties.
Describe the pressure Who is affected? What F/S areas are susceptible to misstatement?

Possible risk factors (check all that apply):

Bank covenants close to being breached Significant incentive bonuses

Plans to sell entity Need for significant new financing

Personal financial pressures of management History of financial statement manipulation or

misappropriation of assets

Other

13. Investigations, charges, and convictions

Have any key members of management or the board been subject (e.g., in the last 5 years) to:
• A significant investigation by a regulatory body? (Y/N)
• Charges/convictions of a criminal act or fines for non-compliance with any regulations? (Y/N)
If yes, describe below or cross-reference to supporting documentation.

Possible risk factors (check all that apply):

Impact on operations and liquidity of investigations, charges or Other
convictions

14. Key advisors to entity

List key advisors to the entity (i.e., legal, bankers, actuaries, insurance brokers, etc.):
Contact person Company Phone/email Type of service provided

15. Related parties

Does the entity have a process to ensure related party transactions (RPT) are identified and the terms (i.e., arm’s length) disclosed?
Yes/No _______If yes, describe below:

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 6 of 10
List identified related parties:
Name Relationship Nature, terms and/or extent of transactions

Possible risk factors (check all that apply):

Significant related party transactions not in the ordinary course Transactions used to cover up a key issue such as lack of
of activities working capital or misappropriation of assets

Undisclosed related parties or transactions Undisclosed guarantees and loan conditions

Other

16. Financing
Financing
Name of lender available Description (interest rate, maturity date, security and covenants)

Possible risk factors (check all that apply):

Entity is highly leveraged Bank covenants have been (or are close to being)
breached

Use of complex financing arrangements Working capital is insufficient for day-to-day needs

Drop-in value of property held as security Inability to raise new financing

Other

17. Subsidiaries and long term investments

If many subsidiaries or long-term investments exist, obtain or prepare a chart of the overall entity structure:
W/P ref.

Name % owned Method of accounting used

Possible risk factors (check all that apply):

Complex alliances, joint ventures or corporate structure Major investments not subject to audit

Foreign operations Fiscal year-ends not the same as entity

Other

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 7 of 10
PART C: ACCOUNTING POLICIES (selection and application) AND ESTIMATES

18. Significant accounting policies and estimates

List significant accounting policies and estimates used or refer to description in notes to the financial statements:
Is policy/estimate unusual, controversial or lacks authoritative support?
Description If yes, explain.

Describe any changes (in period) or expected changes (future periods) in accounting policies and their impact on the F/S.

Possible risk factors (check all that apply):

Inconsistent application of accounting policies Policies can be manipulated to meet a goal such as a
revenue threshold or incentive bonus

Policies are often changed or modified Significant estimates involve subjective judgments or
uncertainties that are difficult to corroborate

Application of new accounting pronouncements Events or transactions involve significant measurement

uncertainty

Other

PART D: OBJECTIVES, STRATEGIES AND RELATED BUSINESS RISKS

19. Business planning

Does the entity have a documented business plan that sets out objectives and strategy? (Y/N)
Does entity identify and assess related risks? (Y/N) If yes, attach the plan and/or risk assessment. W/P ref.
If no plans are available, briefly describe the entity’s objectives/strategy below.
Year Key objectives, strategies for achieving objectives and related risks to be managed Ref

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 8 of 10

Possible risk factors (check all that apply):

Entity is drifting with no plans or sense of direction Plans are overly ambitious or poorly thought through

Management is often surprised by unexpected Resources not allocated to priority areas

events

Other

20. Significant Contracts

Nature of contract and its term Financial statement implications

Possible risk factors (check all that apply):

Non-compliance with contract terms Contract terms are onerous and are undermining the financial viability
of the entity

Other

21. Entity position in the business life cycle

Identify the stage in the business life cycle that best describes the current state of the entity. Then check the related risk factors (if
any) that apply from the appropriate list below.

Rapid growth (start-up or high growth)

Control systems are not keeping up with the Difficulty attracting experienced staff
growth

Inadequate cash flow to address the needs Other

Mature (Steady growth or static in marketplace)

Need for new capital and/or ideas Declining need for services provided

More bureaucratic than entrepreneurial Lack of innovation or new ideas

Other

Declining
Significant declines in need for services provided Unwillingness to change or embrace new ideas

High levels of bureaucracy is choking client Significant management time spent on cost control
service

Other

PART E: MEASUREMENT AND REVIEW OF FINANCIAL PERFORMANCE

22. Performance measures

Key measures used by management (financial and non-
financial) to assess performance Method of calculation and frequency (weekly, monthly, etc.)

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 9 of 10

Possible risk factors (check all that apply):

Performance is not measured by the use of indicators No action is usually taken to correct poor performance

Other

23. Analytical review

Describe key changes and trends over prior periods (consider using Form 524 to record detailed results).

PART F: INTERNAL CONTROL RELEVANT TO THE AUDIT

It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit.
Refer to CAS 315.A57 for factors to consider. When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented by performing procedures in addition to inquiry
of the entity’s personnel.

24. Entity level and IT general controls

Complete Forms 530 and 532 or equivalent to address the control environment, risk assessment, information systems, fraud, certain
control activities and monitoring.

25. Significant risks identified

Identify the controls relevant to each risk identified (cross-reference to risk register Forms 520/522 or other relevant work papers). If
no controls exist this may indicate a material weakness to be reported.

26. Classes of transactions that are significant to the F/S

Identify the significant transaction streams (record on Form 404).

For each significant transaction stream: (Complete the applicable control design Forms (568-578) and Form 534)

Completed/updated by:

a) Consider the risks of material misstatement that could occur.

b) Identify relevant control activities (if any) that mitigate the risks identified.

c) Evaluate the design of relevant controls and their implementation.

d) Document procedures by which transactions are initiated, recorded, processed, corrected as

necessary, transferred to the G/L and reported in the F/S. Complete Form 534 for each transaction
stream or, if no relevant controls exist, prepare a memo.

Possible risk factors (check all that apply):

Material weaknesses in internal control exist Material fraud risks are not being controlled

Other

PEM Forms — Audits September 2008

Identifying risks through understanding the entity 510
Page 10 of 10

OTHER MATTERS

Any additional comments or updates:

Additional risk factors identified:

Conclusion:
Through the use of appropriate risk assessment and other audit procedures, we have:
• Obtained/updated an understanding of the entity and its environment including internal control; and
• Identified possible risks of material misstatement and recorded them on the appropriate risk register (forms 520/522) or equivalent for
further assessment.

Period Prepared/updated by Date Reviewed by Date

PEM Forms — Audits September 2008