Components of Audit Risk

NotesVideoQuizPaper exam

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated

Stated another way, this is the risk that there is a material misstatement in the financial statements, but the auditor misses it and says that they present a true and fair view.

Formula for audit risk is:

Inherent Risk    x    Control Risk    x    Detection Risk

Inherent Risk

This will be considered at the planning meeting as it depends on the auditors’ knowledge of the business

Examples are...

  • A cash based business

    • This is often a problem as there must be very strong controls in place if a business is a cash based one.

      The auditor may feel that there are insufficient controls in place to mitigate this risk which may lead to limitation of scope.

  • Fast moving Industry

    • In fast moving industries such as IT or fashion there may be a risk that the inventory held by the business becomes obsolete.

      The auditor may take expert advice on the valuation of inventory, or they may review post year-end sales to ensure the goods are sold for more than they are valued at in the financial statements.

Control Risk

This is the risk of material misstatement due to inadequate internal controls within the business.

The auditor will make a judgement as to the suitability and strength of internal controls – we will examine how this is done at a later stage.

Examples are...

  • No segregation of duties

    • Segregation of duties is where different tasks in a process are performed by different people e.g. an invoice is raised by one person and the cheque is written by another and authorise by someone else.

      If this control is weak or not in place, the auditor may have to increase the sample size to ensure the financial statements present a true and fair view.

  • No controls over access to assets

    • If employees have unfettered access to the assets of the business with no restrictions, this will increase the risk of theft or damage to those assets

      If the auditor finds this to be the case, more physical checks of the existence and condition of assets will have to be carried out.

  • No controls over access to IT

    • If a business does not use passwords and other protection to protect its’ computer systems this can lead to data loss or manipulation without authorisation.

      If these controls are not in place the auditor will have to understand the system to assess the ease of which it can be manipulated and check for anomalous trends using analytical review.

Detection Risk

This is the risk that the work carried out by the auditor does not uncover a material misstatement that exists.

Detection risk can be split into sampling & non-sampling risk

  • Non-sampling risks

    • The auditor did not sufficiently investigate a significant balance

    • The procedures used may have been inappropriate or misinterpreted

  • Sampling risk

    • ‘arises from the possibility that the auditor’s conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure’.

      This is another way of saying that the sample selected by the auditor was not representative of the data.

      Detection risk may be increased by things such as inexperienced audit staff or tight deadlines to complete the audit.

NotesVideoQuizPaper exam