Step

Entity Name: MV Reethi Rah Resort Private Limited

Engagement Name: MV Reethi Rah Resort Private Limited - 2009 Completed By:Nadarajah Dhames/LK/ABAS/PwC 10/19/2009
Period End: 12/31/2009 Reviewed By: Jatindra Bhattray/LK/ABAS/PwC 02/13/2010
Status: Reviewed
Title: (ISA 315, 500) Understand and evaluate management's risk assessment process
Details

Tailored Procedures:

Procedure to be performed, guidance and template links Work completed and links, including response to
matters arising
R Refer below under results
Understand, evaluate, and, if reliance is going to be placed on controls in this area (including
when substantive procedures alone do not provide sufficient appropriate audit evidence),
validate the entity's process for identifying business risks relevant to financial reporting
objectives and deciding about actions to address those risks, and the results thereof.
PwC Audit 4150

This includes how management identifies risks relevant to the preparation of financial
statements (including account balances, classes of transactions and disclosures), estimates
their significance, assesses the likelihood of their occurrence, and decides upon actions to
manage them. PwC Audit 4150

a) Setting objectives - Consistency of objectives and goals throughout the entity,

identifying key success factors and timely reporting of performance and expectations:
PwC Audit 4150.1

b) Analysing related risks - Identification of risk is an iterative process. The analysis

usually includes estimating the significance of the risk, assessing the likelihood (or
frequency) of the risk occurring and considering how the risk should be managed
PwC Audit 4150.2 :

c) Managing change - Mechanisms exist to identify changes that have occurred or will
shortly occur. See PwC Audit 4150.3
R Multilocation engagements N/A. RRRPL is not a multi locational engagement.
Appropriate consideration should be given to all of the above processes as they relate to the
business unit being audited by your local engagement team and the overall consolidated group
(if the company is a head office) on a multilocation engagement.

If you are a supporting office on a group engagement request information from the head office
audit team as to the contribution that management's risk assessment process may have on
internal control at the supporting office level.

If you are the head office of a group engagement then share any documentation on the impact
that the management's risk assessment process has on the overall internal control of the
group.

Results:

Ref Risk assessment process Entity’s response/controls

a) Setting objectives Senior Management appears to set clear objectives of the company. The objectives appear in various
form including vision statements, overall business plan and strategic plans for the major business units.
b) Analysing related risks Management implemented procedures to assess the key risks affecting the respective business units.
Some of these processes include:
 Methodology for calculation and assessment of key risks and management's estimates are internally
developed with the colloborative efforts of key personnel
 Heads of each business units are responsible for analysing the risks in their operation. The risks are
incorporated into Business Plan (Annual Budget) by General Manager.
 utilisation of external experts where needed.
RRRPL locally does not carry our any formal risk assessment procedure but supports the risk assessment
done by the global (KIML OneandOnly Management) by providing information with regard to necessary
risk conditions faced by OneandOnly group.
c) Managing change Risk management policy is not in place. To be reported in M/L.
Ref Validation
a)  Reviewed the company's objectives in vision statement, business plan and strategic plan and noted that the objectives are clear.
The objectives set up by business unit level are in line with the firm's overall objectives.
b)  Discussions with both the General Manger (Refer - ) and Director of Finance (Refer - ) confirmed that these procedures are
in place.
 Results of their risk assessment was compared with our point of view (from A&C process). No further issues that we hadn't
already identified as being relevant to the audit; similarly, there were no business risks identified by our assessment that
management had not themselves identified.
c)  The Company does not have risk management policy. Therefore, validation was not done.

Conclusion : Base on the work performed as above, we concluded that the management's risk assessment processes are effective and can assist
management to prevent or detect material misstatement. As a results of our validation, we can place reliance on the controls in place.

Attachments:

Categorisation
Area 2160 - Internal control components
Status & Maintenance
Status: Reviewed
Maintenance
Edit History: