What is Audit Risk?

• Performing audits involves accepting a certain degree of risk or uncertainty.

• This risk is commonly referred to as audit risk, which is the likelihood that an auditor
may issue an unqualified (unmodified) report because auditors failed to identify material
misstatements caused by errors or fraudulent activities.
• Why?
• Sampling: We don’t audit everything 100
•%
• Error:
• Misapplied a procedure(s)
• Or misinterpret the results
• Unqualified or unmodified opinion
• Clean bill of health while you have cancer or the opposite.
• Sued by shareholders, client, government, regulators
• How to measure audit risk?
 Control risk

Control Risk: This refers to the risk that material misstatements will not be prevented, or
detected, by an entity's internal control system.
High: No good
Low: Good
2
 Audit Risk Model Part 2
• Audit risk = Inherent Risk x Control Risk x Planned Detection Risk
• Control Risk (company specific): This refers to the risk that material misstatements
will not be prevented, or detected, by an entity's internal control system.
• Internal controls include policies, procedures, and other measures designed to ensure that
financial reporting is accurate and reliable. If the internal controls are weak or ineffective, the
control risk is higher.
• Inherent Risk (company specific): This refers to the risk that material misstatements
exist in the financial statements due to factors such as complexity, estimates, and
judgments.
• Inherent risk is a function of the entity's industry, size, and operations, as well as the accounting
policies and procedures used.
• Inherent risk is beyond the control of the auditor and cannot be eliminated.
• IR and CR assessed by auditor IR x CR = Risk of material misstatement or RMM.
 Inherent Risk
• When assessing inherent risk, auditors aim to anticipate where potential
misstatements (financial statements that are more susceptible to material
misstatements) are more or less probable to occur within the various segments of
the financial statements.
• This assessment impacts the quantity of audit evidence that the auditor must
collect.
• The auditor must evaluate the factors that contribute to the risk and adjust the
audit procedures accordingly to consider them.
• This evaluation occurs during the planning phase and is reviewed periodically
throughout the audit process.
• For instance, factors such as a high volume of transactions, complex
calculations, high level of judgement, estimates, derivatives, declining industry
conditions, or rapid technological advancements can increase inherent risk.
• High inherent risk  more samples  more work more evidence
 Relationship Between RMM and Detection
Risk
Inherent Risk: Assessment of material misstatement before taking into account
control risk
Control Risk: Effectiveness of internal control to prevent or detect material
misstatement
Audit Risk: Auditor’s willing to permit material misstatement to exist after
completing the audit
Detection risk: Extend of evidence plan to accumulate (accept the risk)

Sales & Collection Cycle Sales & Collection Cycle

Inherent Risk High Low

Control Risk High Low
Acceptable Audit risk Low High
Detection Risk Low High or medium
 Solving for Detection Risk
• Audit Risk (set) = (Control Risk x Inherent Risk) x Detection Risk
• Divide both sides of the equation by (Control Risk x Inherent Risk):
• Audit Risk / (Control Risk x Inherent Risk) = Detection Risk
• Therefore, the formula for detection risk is:
• Detection Risk = Audit Risk / (Control Risk x Inherent Risk)
• This formula shows that detection risk is inversely proportional to audit risk.
• If audit risk is high, detection risk must be low to reduce the overall audit risk to
an acceptable level.
• Similarly, if audit risk is low, detection risk can be higher, provided that control
risk and inherent risk are also low.