Chapter 6 Assessing Risks in an Audit Engagement Flashcards
What are the four risks included in the audit risk model? How are they related?
The four risks included in the audit risk model and their descriptions are: Inherent risk: the probability that material misstatements, due to errors or fraud, have entered the data processing system. Control risk: the probability that the auditee’s system of internal control will fail to detect material misstatements, provided any enter the accounting system in the first place. Detection risk: the probability that audit procedures will fail to find material misstatements, provided any have entered the system and have not been detected or corrected by the auditee’s internal control system. Audit risk (also sometimes called “overall risk” or “tolerable risk” or “ultimate risk”): a concept applied both to the probability of giving an inappropriate opinion and to the probability of failing to discover material misstatements in a particular disclosure or account balance. It represents the amount of risk the audit is accepting, for example if audit risk is 5% the auditor is accepting a 5% probability of giving the wrong audit opinion. Another way of thinking of audit risk is the complement of assurance - so at 5% audit risk the auditor is 95% sure that the financial statements are not misstated
The audit risk model is a conceptual model of how the four types of risk are related. Audit risk is a combination of the other risks:
Audit Risk = Inherent Risk x Control Risk x Detection Risk.
What factors influence the auditor’s decision on an acceptable audit risk level?
The audit risk level an auditor will be willing to accept varies according to auditee and engagement circumstances. Generally, the more risky the auditee or the more users rely on the audited financial statements, the lower the planned audit risk. As the possibility of being sued for material misstatement increases, an auditor will decrease planned audit risk to compensate for the increased risk associated with the engagement. This possibility of negative consequences for the auditor tends to be higher when the company is listed on a public stock exchange, when the company is in financial difficulty, and when users are making significant financial decisions based directly on audited financial statement information.
Give an example of one account with high inherent risk and one with low inherent risk.
Inherent risk assessment will vary from auditee to auditee and is an important application of the auditors understanding of the business risks. It is helpful to assess inherent risk on an assertion by assertion basis, as sometimes the risk arises mainly from one assertion (e.g. valuation of accounts receivable when the auditee has a liberal credit policy). Accounts with high inherent risk are those subject to misstatement because of complexity (inventory valuation in a manufacturing business), volume (sales transactions in a large retail business), likelihood of theft (jewelry or small consumer electronic gadgets), or because they are difficult to control (cash receipts in a charity). Inherent risk tends to be low in accounts that change little (share capital), are low volume (dividend payment) or calculated from other amounts (amortization).
