NFRA Insights On Risk And Response Memorandum

1. Introduction

The National Financial Reporting Authority (NFRA) has issued a Staff Series document titled “Risk & Response Memorandum: ROMM Assessment at Assertion Level for Revenue – A Sample Document”. The publication serves as an educational and illustrative guide, demonstrating how auditors should perform and document a robust Risk of Material Misstatement (ROMM) assessment in compliance with Standards on Auditing (SAs).

2. Risk Assessment – The Cornerstone of Audit Planning

The toolkit issued by NFRA discusses about that risk assessment under SA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment. Further, it suggests that theauditors are required to identify and assess ROMM through a comprehensive understanding of:

(a) The entity and its operating environment

(b) The applicable financial reporting framework

(c) The design and operating effectiveness of internal controls, including IT systems

Risk of Material Misstatement (ROMM) exists at both the financial statement level and the assertion level for classes of transactions, account balances and disclosures. At the assertion level inherent risk and control risk exist, while detection risk is addressed through appropriately designed audit procedures.

3. Identifying What Could Go Wrong

The NFRA guidance underscores the importance of linking identified risks to specific assertions such as occurrence, completeness, accuracy, cut-off and valuation. Auditors are expected to articulate “what could go wrong” at the assertion level and evaluate whether existing controls are capable of preventing or detecting material misstatements on a timely basis.

The toolkit also recognises situations where substantive procedures alone may be insufficient, particularly in highly automated, high-volume transactions environments, thereby necessitating reliance on controls.

4. Illustrative case study – Revenue audit of a pharmaceutical company

Using a hypothetical listed pharmaceutical company, the toolkit demonstrates a practical application of ROMM assessment for revenue from sale of products under Ind AS 115, Revenue from Contracts with Customers. Key risk drivers identified by NFRA include:

(a) Variable consideration in the form of discounts, rebates and sales returns

(b) Large transaction volumes processed through automated ERP systems

(c) Increased susceptibility to cut-off errors near period-end

(d) Potential management bias in estimating sales returns and chargebacks

5. Aligning Risks with Audit Responses

A key strength of the NFRA toolkit is its clear demonstration of how identified ROMMs have impacts on auditor’s response. Further, this toolkit also maps each identified risk with relevant assertions, manual and automated controls, control reliance strategy. It also discusses about the nature, timing and extent of substantive procedures.

Moreover, illustrative procedures include customer confirmations, invoice-to-delivery testing, period-end cut-off testing, post year-end sales return analysis and detailed testing of management estimates using retrospective review techniques.