Audit risk

Question 1

What is audit risk?

Answer 1

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated

Question 2

What are the two components of audit risk?

Answer 2

1. One risk is dependent on the entity and is the risk of material misstatement arising in the financial statements (inherent and control risk)
2. The second risk is dependent on the auditor and is the risk that the auditor will not detect material misstatement in the financial statements (detection risk)

Question 3

What is the audit risk model?

Answer 3

Audit risk = inherent risk x control risk x detection risk (sampling risk and non sampling risk)

Question 4

What is inherent audit risk?

Answer 4

Inherent risk is the susceptibility if an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material either individually or when aggregated with other misstatements, before consideration of any related internal controls

Inherent risk is affected by the nature of the entity, for example:

1. The industry the client operates in
2. Any regulation it is subject to
3. Complex calculations
4. Complex accounting standards
5. Amounts derived from accounting estimates, rather than factual data

Question 5

What is control risk?

Answer 5

Control risk is the risk that a material misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, individually or when aggregated with other misstatements, will not be prevented or detected and corrected on a timely basis by the entity’s internal control.

Some control risk will always exist because if the inherent limitations of internal control, for example human error.

Question 6

What is detection risk?

Answer 6

Detection risk is that risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.

Question 7

How is detection risk sub divided?

Answer 7

Sampling risk: relates to the fact that the auditor does not, and cannot examine all available evidence and only performs audit procedures on a sample of items. There is, therefore, always a risk that the conclusion of the auditor draws based on the sample they have tested is not appropriate for the population as whole.

Non sampling risk: this describes the risk that the auditor’s procedures do not detect material misstatement due to factors other than the sample tested:

• Auditor’s lack of experience
• Time pressure
• Financial constraints
• Poor planning
• New client
• Lack of industry knowledge

Question 8

What are examples of inherent risk factors?

Answer 8

1. Complexity - complex regulation or a complex business model
2. Subjectivity - wide range of accounting estimates/ management choice of valuation
3. Change - economic conditions, markets, customer loss, industry model, business model, geography, entity structure or IT
4. Uncertainty - estimation uncertainty, pending litigation or contingent liabilities
5. Management risk or fraud risk - opportunities for fraudulent reporting, related party transactions, non routine or non-systemic transactions, transactions based on management intentions