Skip to main content
CCH Software User Documentation

Master Pack updates

Product Help Banner.png


Mercia master pack ISA 315 updates

Following a review of the latest master packs by Mercia the following updates are required to be included when using the latest master packs. These updates will be included in the next master pack updates however due to the timing of this update we are making these available as templates to be included in the current audit files as most firms will have started using the current master packs and will not be able to update at this stage:

This update is applicable to the following master packs IMER18, IMERG18, MERCHA16, MERLLP10, MERPEN10


The following templates should be downloaded and added to the current audit files:

B24 Design and implementation of controls conclusion

B25 Group materiality

B30 Inherent and control risk assessment

B30 Group inherent and control risk assessment

B34 Fraud risk assessment

B41 Audit team briefing

We have also made the Q1 Audit programme - Accounting estimates avaliable for firms that do not use the software for the accounting estimate program and prefer to use the template instead.

The templates listed above have been included in a zip file for conveieince and can be dowloaded from the following link: Download Templates 


We have also been asked to highlight the following guidance to consider when using the software. This guidance is included on the Mercia templates and will be added to the software with the next master pack updates.

Considerations to add to the Identified Risks

Taken from Assertion level risk B31A

How and to what degree do inherent risk factors affect susceptibility of relevant assertions to misstatement1?

For each relevant assertion, consider the inherent risk factors (before consideration of controls), eg.: 

  1. Complexity;
  2. Subjectivity;
  3. Change;
  4. Uncertainty; and
  5. Susceptibility to misstatement due to management bias or other fraud risk factors insofar as they affect inherent risk. 

1 The greater the degree to which a class of transactions, account balance or disclosure is susceptible to material misstatement, the higher the inherent risk assessment is likely to be. This ensures a more precise response to such a risk is designed.

Notes on systems and controls (Key business processes)

Taken from Systems overview PF2-1

For classes of transaction that are significant to the financial statements, including accounting estimates made by management, document your understanding of the information system relevant to the preparation of the financial statements (including related disclosures). The notes cross referred to must explain the procedures, related accounting records, supporting information and specific accounts by which those transactions are initiated, recorded, processed, corrected (as necessary), incorporated into the general ledger and reported in the financial statements. In order to aid this understanding, we may consider walking through relevant processes. They must also explain how information about events and conditions, other than transactions (eg. information about lease agreements and fair value information obtained from experts) is captured, processed, and disclosed in the financial statements.

Consideration should also be given to the entity’s IT system used (including whether packages are standard or customised) and human resources (including the competence of individuals undertaking the work, whether there are adequate resources and whether there is appropriate segregation of duties). 

Notes should also document your understanding of control activities relevant to the audit (as well as possible system overrides and bypasses of controls), being those judged as necessary to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks. Summarise key controls identified on Key Controls.

Controls that address risks of material misstatement (RMM) at the assertion level

Taken from Design and implementation of controls conclusion B24

We have identified, evaluated the effectiveness of the design and determined implementation of controls that address RMM for the following: 

A Controls that address a risk that is determined to be a significant risk (see B30)1;  

B Controls over journal entries, including non standard journal entries used to record nonrecurring, unusual transactions or adjustments;  

C Controls for which we plan to test operating effectiveness in determining the nature, timing and extent of substantive testing, which include controls that address risks for which substantive procedures alone do not provide sufficient appropriate audit evidence; 

D Other controls that are appropriate to obtain audit evidence to form an appropriate basis for the identification and assessment of RMM and the design of further audit procedures2; and  

E [if applicable] controls at the user entity, that relate to the services provided by a service organization, including those that are applied to the transactions processed by the service organization (PF1-6). 

IT environment

Based on the risks arising from the use of IT identified on PF2-3, we have identified, evaluated the effectiveness of the design and determined implementation of the entity's general IT controls3 that address such risks. 


1 Fraud risks are always treated as significant risks (see B30) and include:

•       Risk of fraud in revenue recognition (unless this presumption can be rebutted - in which case document the reasons for rebutting the presumption); and

•       Risk of management override of controls. 

2 These may include; controls that address risks assessed as higher on the spectrum of inherent risk but are not deemed significant risks, controls relating to reconciling detailed records to the general ledger of complementary user entity controls, if using a service organisation.

3 For guidance on IT general controls, please see Appendix 4 to Section B.4 of the Audit Procedures Manual.


  • Was this article helpful?