Audit Risk Flashcards
What are the components of audit risk?
Audit risk is composed of three components:
Inherent Risk (I/R): The susceptibility of an assertion to misstatement, assuming no related internal controls.
Control Risk (C/R): The risk that misstatements will not be prevented, or detected and corrected on a timely basis, by the accounting and internal control systems.
Detection Risk (D/R): The risk that audit procedures will not detect a misstatement.
How is audit risk calculated and how are they managed by the auditor?
Audit Risk is calculated as Inherent Risk X Control Risk X Detection Risk. The auditor sets the overall Audit Risk, assesses both Inherent and Control Risks, and manages Detection Risk
How should inherent risk be considered in auditing?
Overall Financial Statement (FS) Level: Considerations include factors like poor trading results or operating within volatile or specialized industries (e.g., computer games, financial services).
Assertion Level: Focus on specific classes of transactions, account balances, and disclosures where misstatements are likely. Examples include depreciation, which is susceptible to misestimation, and payables which might be understated to boost profits (completeness assertion).
What is Control Risk in an audit?
Control Risk (CR) is the risk that a misstatement could occur in an account balance or class of transactions and that the misstatement could be material, either individually or when aggregated with misstatements in other balances or classes. This risk would not be prevented, or detected and corrected on a timely basis, by the accounting and internal control systems.
How does the strength of internal controls affect Control Risk, and can you provide examples?
Control Risk varies based on the strength of internal controls:
Increases with weak controls: Examples include lack of physical control (e.g., cash not locked away) and lack of authorization controls (e.g., anyone can order goods).
Decreases with strong controls: Such as regular reconciliations.
Assessment: Strong internal controls typically lead to a low assessment of Control Risk.
What is Detection Risk in an audit?
Detection Risk (DR) is the risk that the auditor’s procedures will not detect a misstatement that exists in an assertion. This misstatement could be material, either individually or when aggregated with other misstatements.
How can an auditor manage Detection Risk?
To keep Detection Risk low, the auditor would need to perform an extensive amount of substantive testing. Conversely, if the auditor decides to keep Detection Risk high, they would conduct a limited amount of substantive testing, which is feasible when Control Risk is assessed to be low due to strong and effective controls.
