Determining Audit Risk: A Case Study of ABC Limited
VerifiedAdded on 2019/10/09
|9
|2842
|200
Report
AI Summary
The audit risk model is used to determine the required audit evidence based on the levels of inherent risk, control risk, and detection risk. The acceptable level of audit risk for ABC Limited is below or equal to 8%. Oliver identified both inherent risk (30%) and control risk (40%) while reviewing the company's financial statements. Using the audit risk model, he calculated the detection risk as 67%. The total audit risk was found to be 8%, which indicates that the auditors will fail to detect material misstatements in 67% of cases. The model highlights that control risk and inherent risk are independent of an auditor, whereas detection risk is dependent on the auditor's efforts.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
BLOG: AUDIT RISK
WHAT IS AUDIT RISK?
WHAT IS AUDIT RISK?
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
AUDIT RISK
13th August 2019
In the field of accounting and finance audit is something that verifies and inspects the degree of
accuracy and relevancy. Financial auditing refers to the procedure of examining an individual's
or a company’s financial records for determining whether they are reliable, accurate and made
accordingly with the applicable rules of accounting including the existing accounting standards,
theories, laws, and regulations. Audit work is conducted both internally and externally. Internal
auditing is done by a company’s employees i.e. the accounting personnel and executives whereas
external audit work is conducted by external auditors who come from outside of a company to
audit its accounts i.e. to examine its accounting as well as financial records for providing their
independent unbiased opinion on such records. According to law, all publicly owned and
operated companies need to audit their periodic financial statements and accounts externally.
Internal auditors of a company work for examining financial records and for ensuring
improvement in the internal processes of the company such as internal controls, operations,
governance, and risk management.
During the practice of internal and external auditing, the auditors use to face a number of risks
that are called audit risk. Audit risk(s) are the risks which an auditor might issue a non-qualified
report as a result of the failure of the auditor to detect the material misstatement in the financial
statements either due to fraud or error. Audit risk is also called as residual risk and it indicates
the chance for which financial statements of a company will be published with a number of
materials errors and incorrect financial information even though that has been examined,
reviewed, and approved by an external auditor. This type of risk arises when an auditor fails to
detect accounting fraud or errors while examining a company’s financial statements. In order to
eliminate or reduce the degree of audit risk, auditors need to increase the number of audit
procedures. The users of a company’s financial statements use to rely upon the auditors’
assurance in relation to accuracy and materiality of the reporting company’s financial statements
and due to this, it is very crucial for auditors to reduce audit risk at a modest level. The reduction
of audit risks stands as an integral part of a company’s and its auditors’ audit functions.
13th August 2019
In the field of accounting and finance audit is something that verifies and inspects the degree of
accuracy and relevancy. Financial auditing refers to the procedure of examining an individual's
or a company’s financial records for determining whether they are reliable, accurate and made
accordingly with the applicable rules of accounting including the existing accounting standards,
theories, laws, and regulations. Audit work is conducted both internally and externally. Internal
auditing is done by a company’s employees i.e. the accounting personnel and executives whereas
external audit work is conducted by external auditors who come from outside of a company to
audit its accounts i.e. to examine its accounting as well as financial records for providing their
independent unbiased opinion on such records. According to law, all publicly owned and
operated companies need to audit their periodic financial statements and accounts externally.
Internal auditors of a company work for examining financial records and for ensuring
improvement in the internal processes of the company such as internal controls, operations,
governance, and risk management.
During the practice of internal and external auditing, the auditors use to face a number of risks
that are called audit risk. Audit risk(s) are the risks which an auditor might issue a non-qualified
report as a result of the failure of the auditor to detect the material misstatement in the financial
statements either due to fraud or error. Audit risk is also called as residual risk and it indicates
the chance for which financial statements of a company will be published with a number of
materials errors and incorrect financial information even though that has been examined,
reviewed, and approved by an external auditor. This type of risk arises when an auditor fails to
detect accounting fraud or errors while examining a company’s financial statements. In order to
eliminate or reduce the degree of audit risk, auditors need to increase the number of audit
procedures. The users of a company’s financial statements use to rely upon the auditors’
assurance in relation to accuracy and materiality of the reporting company’s financial statements
and due to this, it is very crucial for auditors to reduce audit risk at a modest level. The reduction
of audit risks stands as an integral part of a company’s and its auditors’ audit functions.
Definition and Discussion on Audit Risk
Audit risk refers to the risk which makes financial statements of a company materially incorrect,
even after auditing and audit opinion’s stating that the statements are correct and free of material
misstatements. In other words, audit risk stands as the danger that errors or intended
miscalculations in the financial statements will not be caught by an auditor before they are
issued. It is a risk that a company’s auditor uses to express inappropriate opinion while making
his/her individual statement on the accuracy, relevancy, and materiality of the reporting
company’s financial statements. Audit risk arises at the time when an auditor fails to issue a
correct opinion on a reporting company’s financial statements. This kind of risk arises due to the
accounting errors or fraud, or intended miscalculations of the reporting company in its financial
statements that are not been caught by its auditors before these statements are issued. Followings
are some of the examples of inappropriately made audit opinions of auditors:
Issuing a specific qualified audit opinion on the financial statements where qualification
is not necessary
Issuing an audit report which is not qualified and where qualification is justified in
reasonably manner
Failing to emphasise the significant matters in the company’s audit report
Providing a statement or opinion on a company’s financial statements unreasonably due
to the limitation of audit scope.
There are three components of audit risk such as inherent risk, control risk, and detection risk.
This means audit Risk equals to Inherent Risk multiplied by Control Risk and Detection Risk. It
sometimes considered as a result of the several risks that could be encountered while conducting
auditing work. In terms of keeping the degree of audit risk engagements below the acceptable
limit, auditors need to assess the level of risk pertaining to each component of audit risk.
The main purpose behind initiating audit work is to eliminate or reduce audit risk, considering
the three above mentioned audit risk components, to the lowest level by sufficient evidence and
Audit risk refers to the risk which makes financial statements of a company materially incorrect,
even after auditing and audit opinion’s stating that the statements are correct and free of material
misstatements. In other words, audit risk stands as the danger that errors or intended
miscalculations in the financial statements will not be caught by an auditor before they are
issued. It is a risk that a company’s auditor uses to express inappropriate opinion while making
his/her individual statement on the accuracy, relevancy, and materiality of the reporting
company’s financial statements. Audit risk arises at the time when an auditor fails to issue a
correct opinion on a reporting company’s financial statements. This kind of risk arises due to the
accounting errors or fraud, or intended miscalculations of the reporting company in its financial
statements that are not been caught by its auditors before these statements are issued. Followings
are some of the examples of inappropriately made audit opinions of auditors:
Issuing a specific qualified audit opinion on the financial statements where qualification
is not necessary
Issuing an audit report which is not qualified and where qualification is justified in
reasonably manner
Failing to emphasise the significant matters in the company’s audit report
Providing a statement or opinion on a company’s financial statements unreasonably due
to the limitation of audit scope.
There are three components of audit risk such as inherent risk, control risk, and detection risk.
This means audit Risk equals to Inherent Risk multiplied by Control Risk and Detection Risk. It
sometimes considered as a result of the several risks that could be encountered while conducting
auditing work. In terms of keeping the degree of audit risk engagements below the acceptable
limit, auditors need to assess the level of risk pertaining to each component of audit risk.
The main purpose behind initiating audit work is to eliminate or reduce audit risk, considering
the three above mentioned audit risk components, to the lowest level by sufficient evidence and
adequate testing. This is because, a company’s stakeholders like creditors, shareholders, existing
and potential investors, business analysts, along with some others internal and external
stakeholders use to rely on its financial statements, and it is their right to get a clear and bias-free
picture of a company's financial position via its financial statements for which auditors must
work on reducing audit risk at the lowest level. Furthermore, for Certified Professional Audit
firms those perform audit work, often become legally liable if they fail to reduce audit risk while
examining and making a statement declaring a company's financial status and performance
through financial statements.
Types of Audit Risks and their Assessment
There are three components of audit risk such as inherent risk, control risk and detection risk
whereas while classifying the audit risk, there are two kinds of audit risks like the risk of material
misstatements, and detection risk. The risk of material misstatement is associated with inherent
risk and control risk. In other words, at the level of assertion, the risk of material misstatement
consists of the two components naming inherent risk, and control risk.
1. Risk of Material Misstatement
The risk arises due to material misstatement refer to the risk which indicates that financial
statements of a company are not correct materially before to audit work is performed. Here, the
term ‘material’ refers to the dollar amount which is very and responsible to change the readers or
users opinion on the company after reading its financial statement and the dollar amount or
percentage is subjective. For example, if the inventory balance of a sporting product store of
$10,000,000 is incorrect by $250,000, the stakeholder reading the store’s financial statements
might consider it as a materially correct amount. The particular type of audit risk is even more if
the internal control of a company is insufficient. Moreover, insufficient control risk is also
responsible for arising fraud risk.
This risk makes a company’s financial statements susceptible to a number of material
misstatements. At the level of financial statement, this risk pervasively relates to the reporting
company’s financial statements (income statement, balance sheet, statement of financial position,
and potential investors, business analysts, along with some others internal and external
stakeholders use to rely on its financial statements, and it is their right to get a clear and bias-free
picture of a company's financial position via its financial statements for which auditors must
work on reducing audit risk at the lowest level. Furthermore, for Certified Professional Audit
firms those perform audit work, often become legally liable if they fail to reduce audit risk while
examining and making a statement declaring a company's financial status and performance
through financial statements.
Types of Audit Risks and their Assessment
There are three components of audit risk such as inherent risk, control risk and detection risk
whereas while classifying the audit risk, there are two kinds of audit risks like the risk of material
misstatements, and detection risk. The risk of material misstatement is associated with inherent
risk and control risk. In other words, at the level of assertion, the risk of material misstatement
consists of the two components naming inherent risk, and control risk.
1. Risk of Material Misstatement
The risk arises due to material misstatement refer to the risk which indicates that financial
statements of a company are not correct materially before to audit work is performed. Here, the
term ‘material’ refers to the dollar amount which is very and responsible to change the readers or
users opinion on the company after reading its financial statement and the dollar amount or
percentage is subjective. For example, if the inventory balance of a sporting product store of
$10,000,000 is incorrect by $250,000, the stakeholder reading the store’s financial statements
might consider it as a materially correct amount. The particular type of audit risk is even more if
the internal control of a company is insufficient. Moreover, insufficient control risk is also
responsible for arising fraud risk.
This risk makes a company’s financial statements susceptible to a number of material
misstatements. At the level of financial statement, this risk pervasively relates to the reporting
company’s financial statements (income statement, balance sheet, statement of financial position,
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
and cash flow statement) as a whole. It potentially affects many assertions. Furthermore, at the
level of financial statement, this type of risk might be relevant to the consideration made by an
auditor of this due to internal fraud. For instance, an ineffective internal control environment,
lack of required cash to continue business operations, as well as declining conditions affect the
company's and create opportunities for the management to engage in manipulation while
preparing and presenting financial statements which ultimately lead to the very risk of material
misstatement.
At the level of assertion, the two components of risk of material misstatement are:
Inherent risk: It is the susceptibility in relation to a particular assertion which occurs due
to the presence of material error, omission, or fraud, individually or in combination with
other misstatements. This type of risk occurs before considering any kind of related
controls. Generally, this risk becomes high when a high degree of estimation and
judgment is involved as well as when the reporting company practices highly complex
financial transactions in order to conduct its regular course of business.
Control risk: This risk arises as a result of material fraud or error which use to occur
while making an assertion, individually or in combination with other misstatements. The
internal control system of a company is not capable of detecting or preventing this risk on
a regular basis. Control risk arises from the failure or absence of relevant operation
control mechanisms. This risk becomes high in the absence of adequate internal control
systems in a company which restricts the company to detect and prevent the instances of
material error, omission, and fraud in the company’s financial statements. Control risk
stands as the potential risk of material misstatements that are not be prevented or detected
by a company’s control systems.
Inherent risk along with control risk is solely related to a company, its environment, as well as its
internal control, and the auditors assess such risks on the basis of evidence they obtain. For
assessing control risk, the auditors use the evidence they obtain from tests of controls and other
sources.
level of financial statement, this type of risk might be relevant to the consideration made by an
auditor of this due to internal fraud. For instance, an ineffective internal control environment,
lack of required cash to continue business operations, as well as declining conditions affect the
company's and create opportunities for the management to engage in manipulation while
preparing and presenting financial statements which ultimately lead to the very risk of material
misstatement.
At the level of assertion, the two components of risk of material misstatement are:
Inherent risk: It is the susceptibility in relation to a particular assertion which occurs due
to the presence of material error, omission, or fraud, individually or in combination with
other misstatements. This type of risk occurs before considering any kind of related
controls. Generally, this risk becomes high when a high degree of estimation and
judgment is involved as well as when the reporting company practices highly complex
financial transactions in order to conduct its regular course of business.
Control risk: This risk arises as a result of material fraud or error which use to occur
while making an assertion, individually or in combination with other misstatements. The
internal control system of a company is not capable of detecting or preventing this risk on
a regular basis. Control risk arises from the failure or absence of relevant operation
control mechanisms. This risk becomes high in the absence of adequate internal control
systems in a company which restricts the company to detect and prevent the instances of
material error, omission, and fraud in the company’s financial statements. Control risk
stands as the potential risk of material misstatements that are not be prevented or detected
by a company’s control systems.
Inherent risk along with control risk is solely related to a company, its environment, as well as its
internal control, and the auditors assess such risks on the basis of evidence they obtain. For
assessing control risk, the auditors use the evidence they obtain from tests of controls and other
sources.
2. Detection Risk
Detection risk refers to the risk attached to audit procedures that are used by an auditor which are
incapable of detecting any kind of material misstatement from the reporting company’s financial
statements. While auditing a company’s financial statements, this risk arises due to the
inappropriate planning and designing of audit procedures by an auditor. Detection risk gets
affected by the effectiveness of substantive audit procedures, and the application of such
substantive audit procedures by an auditor which means whether the audit procedures are
performed by the auditors with due professional competence and care or not. This kind of risk is
solely dependent on auditors and their audit competences as well as their act of performing audit
work with due care. The more an auditor applied professional care while auditing a reporting
company’s financial statements, the less the chances of detection risk and vice versa.
Example and Formula of Audit Risk
Oliver works as an external auditor at an audit firm and asked for reviewing ABC Limited’s (an
Information Technology company), financial statements. The manager of Oliver has already
prepared a memo in order to specify the things to be considered with the highest concerns during
the audit process:
ABC Limited operates as an industry leader with a huge network of subsidiaries,
customers, and branches.
The company has a number of auditors its own but its management uses to suspect
control risk.
For ABC Limited, the acceptable level of audit risk is below or equal to 8%.
While reviewing the company’s financial statements, Oliver identifies both inherent risk and
control risk. The audit department of ABC Limited has not yet submitted its financial statements
to the company’s audit committee as well as it is suspected by Oliver that several errors of
auditing have by-passed control. Moreover, the technology industry is very complex and
Detection risk refers to the risk attached to audit procedures that are used by an auditor which are
incapable of detecting any kind of material misstatement from the reporting company’s financial
statements. While auditing a company’s financial statements, this risk arises due to the
inappropriate planning and designing of audit procedures by an auditor. Detection risk gets
affected by the effectiveness of substantive audit procedures, and the application of such
substantive audit procedures by an auditor which means whether the audit procedures are
performed by the auditors with due professional competence and care or not. This kind of risk is
solely dependent on auditors and their audit competences as well as their act of performing audit
work with due care. The more an auditor applied professional care while auditing a reporting
company’s financial statements, the less the chances of detection risk and vice versa.
Example and Formula of Audit Risk
Oliver works as an external auditor at an audit firm and asked for reviewing ABC Limited’s (an
Information Technology company), financial statements. The manager of Oliver has already
prepared a memo in order to specify the things to be considered with the highest concerns during
the audit process:
ABC Limited operates as an industry leader with a huge network of subsidiaries,
customers, and branches.
The company has a number of auditors its own but its management uses to suspect
control risk.
For ABC Limited, the acceptable level of audit risk is below or equal to 8%.
While reviewing the company’s financial statements, Oliver identifies both inherent risk and
control risk. The audit department of ABC Limited has not yet submitted its financial statements
to the company’s audit committee as well as it is suspected by Oliver that several errors of
auditing have by-passed control. Moreover, the technology industry is very complex and
competitive, thus, it puts huge pressure on the IT companies in terms of representing strong and
sound financial results.
Oliver assumed ABC Limited’s inherent risk control risk is 30% and 40% respectively. Here, if
the level of acceptable audit risk of the company stands 8%, then its detection risk will be 67%.
Audit Risk = Inherent Risk * Control Risk * Detection Risk
8% = 30% * 40% * Y (detection risk)
Y = 8% / (30% * 40%)
Y = 8% / 12%
Y = 67%
Therefore, the total audit risk of ABC Limited stands at (30 % x 40% x 67%) = 8% (formula
proved).
The model of audit risk is understood best through the below stated mathematical formula is
Detection Risk (DR) = Audit Risk (AR) / Inherent Risk (IR) * Control Risk (CR).
The denominator IR (inherent risk) is the susceptibility/risk of an audit assertion in relation to
a misstatement which is material in nature without considering the internal controls. It denotes
that in the first place, there is already an error. CR (Control risk) stands as the risk which is
related to the internal controls system of a company that will fail to detect or prevent material
misstatements made in the financial statements. Here, the internal control system is the set of
procedures and policies that are placed by a company’s management for enhancing the reliability
and relevancy of its financial statements. Lastly, DR (detection risk) refers to the risk which
indicates that the auditors will fail to detect the material misstatements that exist in the assertion.
Thus, detection risk and audit risk both are dependent on a company’s auditor. On the other
hand, control risk and inherent risk are independent of an auditor because these two kinds of
risks exist within a company regardless of conducting an audit. Audit procedures are designed in
accordance with the decision made by an auditor on audit risk. A low level of detection risk
needs more persuasive evidence compared to high detection risk.
sound financial results.
Oliver assumed ABC Limited’s inherent risk control risk is 30% and 40% respectively. Here, if
the level of acceptable audit risk of the company stands 8%, then its detection risk will be 67%.
Audit Risk = Inherent Risk * Control Risk * Detection Risk
8% = 30% * 40% * Y (detection risk)
Y = 8% / (30% * 40%)
Y = 8% / 12%
Y = 67%
Therefore, the total audit risk of ABC Limited stands at (30 % x 40% x 67%) = 8% (formula
proved).
The model of audit risk is understood best through the below stated mathematical formula is
Detection Risk (DR) = Audit Risk (AR) / Inherent Risk (IR) * Control Risk (CR).
The denominator IR (inherent risk) is the susceptibility/risk of an audit assertion in relation to
a misstatement which is material in nature without considering the internal controls. It denotes
that in the first place, there is already an error. CR (Control risk) stands as the risk which is
related to the internal controls system of a company that will fail to detect or prevent material
misstatements made in the financial statements. Here, the internal control system is the set of
procedures and policies that are placed by a company’s management for enhancing the reliability
and relevancy of its financial statements. Lastly, DR (detection risk) refers to the risk which
indicates that the auditors will fail to detect the material misstatements that exist in the assertion.
Thus, detection risk and audit risk both are dependent on a company’s auditor. On the other
hand, control risk and inherent risk are independent of an auditor because these two kinds of
risks exist within a company regardless of conducting an audit. Audit procedures are designed in
accordance with the decision made by an auditor on audit risk. A low level of detection risk
needs more persuasive evidence compared to high detection risk.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Use of Audit Risk Model for determining the required Audit Evidence
Audit Risk Inherent
Risk
Control
Risk
Detection
Risk
(Planned)
Volume of
evidence
needed
Sales and cash
collections Low (2%)
High
(96%)
High
(91%) Low High
Purchases
(acquisitions) and
payments
High (6%) Low (51%) Low
(21%) High
Low
Inventory High (6%) Low (51%) Moderate Moderate Moderate
Here, it must be remembered that control risk and inherent risk are not dependent on the auditors
and as pet the level of acceptable audit risk, the volume of required evidence varies.
Acceptable Level of Audit Risk and Inherent Risk
A common way of determining the level of acceptable audit risk is dependent on the type of
company. For instance, an auditor will assume a low level acceptable audit risk for the public
companies compared to the private companies as most of the users of generally depend on
publicly listed and traded companies’ financial statements. However, some other factors are also
there that affect an auditor’s strategy of setting audit risk for a company or an engagement. These
factors are:
Chances of a company’s financial failure: The more the risk of a company’s financial
failure, the less the level of its acceptable audit risk
Audit Risk Inherent
Risk
Control
Risk
Detection
Risk
(Planned)
Volume of
evidence
needed
Sales and cash
collections Low (2%)
High
(96%)
High
(91%) Low High
Purchases
(acquisitions) and
payments
High (6%) Low (51%) Low
(21%) High
Low
Inventory High (6%) Low (51%) Moderate Moderate Moderate
Here, it must be remembered that control risk and inherent risk are not dependent on the auditors
and as pet the level of acceptable audit risk, the volume of required evidence varies.
Acceptable Level of Audit Risk and Inherent Risk
A common way of determining the level of acceptable audit risk is dependent on the type of
company. For instance, an auditor will assume a low level acceptable audit risk for the public
companies compared to the private companies as most of the users of generally depend on
publicly listed and traded companies’ financial statements. However, some other factors are also
there that affect an auditor’s strategy of setting audit risk for a company or an engagement. These
factors are:
Chances of a company’s financial failure: The more the risk of a company’s financial
failure, the less the level of its acceptable audit risk
Reliance by the external users on a company’s financial statements: The more a
company’s external stakeholders, the lower the acceptable audit risk
The integrity of the management: The less questionable the honesty or integrity of a
company’s management, the higher the acceptable audit risk.
The inherent risk of audit is independent of an auditor. In order to take a close look to
understand the inherent risk of audit in a better manner, it is highly significant to understand a
company along with the environment from where it operates by considering the below stated
factors:
Nature of a company's business operations along with the products or services it offers.
For instance, a jewellery manufacturing company or high tech company is more risk
prone as these type of companies faces the risk of inventory obsolescence very often
IT environment of a company like a company which operated through decentralised and
highly complex processing systems are very inherent risk prone compared to other
companies those operate through centralised and less complex processing systems
The integrity of the company’s management
Objectives or motivations of the client company (i.e. offering stock options, allowing
bonuses on the basis of annual net income)
Non-routine transactions such as greater chances of accounting fraud and error as a result
of unorthodox financial transactions
Related parties
Estimation or judgment involved in issues related to accounting.
company’s external stakeholders, the lower the acceptable audit risk
The integrity of the management: The less questionable the honesty or integrity of a
company’s management, the higher the acceptable audit risk.
The inherent risk of audit is independent of an auditor. In order to take a close look to
understand the inherent risk of audit in a better manner, it is highly significant to understand a
company along with the environment from where it operates by considering the below stated
factors:
Nature of a company's business operations along with the products or services it offers.
For instance, a jewellery manufacturing company or high tech company is more risk
prone as these type of companies faces the risk of inventory obsolescence very often
IT environment of a company like a company which operated through decentralised and
highly complex processing systems are very inherent risk prone compared to other
companies those operate through centralised and less complex processing systems
The integrity of the company’s management
Objectives or motivations of the client company (i.e. offering stock options, allowing
bonuses on the basis of annual net income)
Non-routine transactions such as greater chances of accounting fraud and error as a result
of unorthodox financial transactions
Related parties
Estimation or judgment involved in issues related to accounting.
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.