Audit Risk Model Summary First: Let’s think about each of the components of the audit risk model. The auditor selects the overall audit risk they are will to accept, assesses inherent and control risk at the account (or account group) level, and calculates planned detection risk at the account (or account group) level. Audit Risk (AR) is the probability that the auditor issues a clean opinion when the financial statements are materially misstated. Note that acceptable level of audit risk is the same across all accounts or account groups.
The auditor chooses what overall level of audit risk they are willing to accept. A higher level of audit risk means that the auditor is willing to accept more audit failures. 1% audit risk means that you are willing to accept that 1 out of 100 issued audit opinions will be incorrect. 5% audit risk means that you are willing to accept that 5 out of 100 issued audit opinions will be incorrect. So, the higher the audit risk you are willing to accept, the less audit work you have to perform. Audit risk and audit work are inversely related.
inherent risk (IR) is the susceptibility of a particular transaction to be recorded in error. For example, revenue recognition related to software transactions is more inherently risky that revenue recognized at a point of sale transaction at a grocery store. In this example (all else constant), you would assign your software company client revenue accounts higher inherent risk than your grocery store client, due to the inherent difficulty in software revenue recognition. Higher inherent risk, all else constant, leads to more audit work.
The Essay on Accounts Receivable And Acceptable Audit Risk
1. Explain why decisions about acceptable audit risk, inherent risk, the preliminary judgement about materiality, and performance materiality should be made early in the audit during the planning phase. The purpose of assessing risks early is to help auditor plan the audit by deciding which parts of the audit to emphasize and the extent of testing. It helps auditors to understand the nature, ...
Inherent risk and audit work are directly related. Stated more specifically, if the inherent riskiness of one set of accounts is higher than another set of accounts, the auditor must increase the amount of testing done to achieve the given level of audit risk. Control risk (CR) is the risk that the company’s internal control system will fail to prevent or detect errors. A well established fortune 500 manufacturing company is likely to have better internal controls than a small biotech startup with one person playing the roles of accountant, chief financial officer and CEO.
In this example (again, all else constant) you would assign your manufacturing client a lower control risk than your biotech client (for whom, in all likelihood, you decide not to rely on controls at all, and assign a value of 1 to control risk).
Higher control risk, all else constant, leads to more audit work. Control risk and audit work are directly related, stated more specifically, if the risk that controls will not catch accounting errors increases, you must do more testing to achieve a given level of audit risk.
Second: Let’s think about the equation, and the relation of each type of risk to each other. (1) AR ? IR*CR*DR Detection risk (DR) is the risk that our audit procedures over a specific account or group of accounts will fail to detect a material misstatement. We know that we set the level of M. Shepardson audit risk, we assess the levels of inherent risk and control risk, and from that, we calculate the level of detection risk. Rewriting equation (1), we have the following: (2) * DR AR IR CR ?
The Essay on Internal Control Audit Standards
For what purposes should an auditors’ understanding of the internal control components be used in planning an audit? An auditors’ understanding of the internal control components should be used for 3 reasons: a) To identify the potential misstatement that might occurs b) To identify the factors that affect the risk of material misstatement c) To influence the design of substantive procedures b. ...
Note that based upon equation (2), an increase in AR, holding IR and CR constant, results in an increase in DR. Additionally, increases in either IR or CR (holding AR constant) results in a decrease in DR. Note that like audit risk, detection risk and level of work are inversely related. The higher the detection risk, the less work you need to perform. Let’s do some mathematical examples.
