Home › CA Final › auditing › Risk Assessment and Internal Control › In a complex group structure with multiple subsi…
In a complex group structure with multiple subsidiaries, the GROUP auditor's risk assessment under SA 315 should:
ABe performed once every five years
BBe performed at both the group level AND for each material component, with appropriate aggregation
CBe limited to the holding company
DBe skipped if internal audit reports look clean
Answer & Solution
Correct answer: C. Be limited to the holding company
1. SA 315 and SA 600(R) require RoMM identification across the group, aggregating component risks.
2. Holding-only or skipped assessments breach the standard.
3. Five-year cadence is also incorrect - annual.
_Source: ICAI BoS CA Final Paper 3, Ch 3 "Risk Assessment and Internal Control"_
Related questions
The IT environment's impact on RoMM identification is BEST captured by:When responding to assessed risks at the financial-statement level, the auditor's overall The Audit Risk Model implies that when materiality (M) is set lower, holding other risks cInformation & Communication component of internal control aims to ensure that:Management override of controls is, per SA 240:A change in entity's revenue recognition policy mid-year would prompt the auditor to:For controls operating over a long period, the auditor wants to rotate testing in alternatUnder SA 540, when management uses a model to estimate Expected Credit Loss (ECL) under In