What is difference between risk of material misstatements at assertion level and financial statement level?

Thanks for invitation

Risk of material misstatement at the assertion level consists of the following inherent risk and control risk. Inherent risk and control risk are related to company, its environment and its internal control and the auditor assesses those risks based on evidence he or she obtains.

Risk of material misstatement at the financial statement level relate pervasively to the financial statements as a whole and potentially affect many assertions. Risks of material misstatement at the financial statement level may be especially relevant to the auditors consideration of the risk of material misstatement due to fraud.

Having obtained and documented an understanding of the entity including its internal control, the auditor is now in a position to identify and assess the risks of material misstatement, which should be done at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures. The point of the risk assessment is to provide a basis for designing and performing further audit procedures.

Risk assessment procedures should include inquiries of management and other relevant individuals, analytical procedures, observation and enquiry. (ISA 315.6)

An important part of assessing the risk of material misstatement is that the risks identified should be prioritised. This is because ISA 315 determines that risks which are identified as being significant risks require special audit consideration. It is a matter of judgment as to whether a risk constitutes a significant risk, and matters such as the complexity of the transaction, whether there is a risk of fraud, the involvement of related parties, and whether the transaction is outside the normal course of business should be considered. (ISA 315.28)

It is further required that where a significant risk is identified, the relevant controls, including control activities should be understood. (ISA 330, The Auditor's Responses to Identified Risks then deals with the action that should be taken in obtaining evidence in relation to significant risks. If the auditor plans to rely on controls over a significant risk, the controls must be tested in the current period, and substantive procedures should be performed in response to significant risks at the assertion level.)