In this article, I shall summarize key explanation of a technical article, published by Martyn Jones on Accaglobal.com.

What is audit risk?

According to IAASB (International Auditing and Assurance Standard Board) Glossary, audit risk is defined as following:

“The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of material misstatement and detection risk.”

Why is audit risk so important to auditors?

Audit risk occurs because of inherent risk contained in both financial statements and audit approach. When planning and conducting an audit, audit procedures are set out under sampling method. It means the auditor shall not test all transactions occurred in a period/year but have to select samples to test based on auditor’s judgment (statistic and non-statistic sampling).

As a result, when conducting an audit in accordance with ISAs, auditor uses risk-based approach in order to minimize chance of giving inappropriate audit opinion. Risk-based approach help to ensure that audit work is carried out efficiently, using the most effective tests based on audit risk assessment.

For example, ISA 200 frequently makes reference to audit risks and required auditor to maintain professional skepticism throughout the audit in order to meet objectives of an audit.

ISA 315 on the other hand deals with the auditor’s responsibilities to identify and assess risks of material misstatements in the financial statements throughout an understanding of entity and its environment, including the entity’s internal controls and risk assessment processes.

What is component of audit risk model?

There are 03 components in the traditional audit risk model. Inherent risk, Control risk and Detection risk. In order to reduce audit risk, the auditor can control detection risk.

(i) Inherent risk

This is susceptibility of an assertion about a class of transaction, account balance and disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related control. Inherent risk is directly related to nature and complication of business model and business processes of the audited company.

(ii) Control risk

This is a risk when material misstatement in assertion about a class of transaction, account balance or disclosure could occur, either individually or in aggregation, due to weakness of the company’s internal control that is unable to prevent, detect and correct misstatement either due to fraud or error on timely basis.

Control risk is determined by the company itself and evaluated by auditor during course of the audit to give relevant audit responses.

(iii) Detection risk

This is the only risk that is under control of auditor. This is the risk that audit procedures performed by auditor to reduce audit risk to an acceptably low level will not detect material misstatement that exits either individually or in aggregation with others.

Due to audit risks which contain different factors that is out of auditor’s control, and due to audit approach (sampling bases), there is an unavoidable potential risk that auditor might give inappropriate audit opinion even when the audit is planned and conducted in accordance with ISAs. Therefore when assessing auditor’s responsibilities to fraudulent activities, those factors should be taken into account and properly understood.

References

- IAASB Handbook 2009, Glossary of Terms

- ISA 315: Identifying and assessing the risks of material misstatement through understanding of the Entity and its Environment (Par 4b)

- Technical Article published by Martyn Jones on ACCAglobal.com, in Nov 2009.