Understanding Audit Risk: A Study on ABC Limited

Verified

Added on 2019/10/09

AI Summary

The assignment content is about ABC Limited, an Information Technology company that operates with its own auditors and uses suspected control risk. The acceptable level of audit risk for the company is below or equal to 8%. Oliver identifies both inherent risk and control risk while reviewing the company's financial statements. He assumes the inherent risk is 30% and control risk is 40%, which means the detection risk will be 67%. The total audit risk is calculated to be 8%. The assignment also discusses the model of audit risk, which includes inherent risk, control risk, and detection risk. It highlights that control risk and inherent risk are independent of an auditor, while detection risk depends on the auditor. The acceptable level of audit risk varies based on factors such as the type of company, chances of financial failure, reliance by external users, and the integrity of management.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

BLOG: AUDIT RISK
WHAT IS AUDIT RISK?

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

AUDIT RISK
13th August 2019
In the field of accounting and finance audit is something that verifies and inspects the degree of
accuracy and relevancy. Financial auditing refers to the procedure of examining an individual's
or a company’s financial records for determining whether they are reliable, accurate and made
accordingly with the applicable rules of accounting including the existing accounting standards,
theories, laws, and regulations. Audit work is conducted both internally and externally. Internal
auditing is done by a company’s employees i.e. the accounting personnel and executives whereas
external audit work is conducted by external auditors who come from outside of a company to
audit its accounts i.e. to examine its accounting as well as financial records for providing their
independent unbiased opinion on such records. According to law, all publicly owned and
operated companies need to audit their periodic financial statements and accounts externally.
Internal auditors of a company work for examining financial records and for ensuring
improvement in the internal processes of the company that include operations, governance,
internal control, and risk management.
During the practice of internal and external auditing, the auditors use to face a number of risks
that are called audit risk. In accounting and auditing, audit risk(s) are the risks which an auditor
might issue a non-qualified report as a result of the failure of the auditor to detect the material
misstatement in the financial statements either due to fraud or error. Audit risk is also called as
residual risk and it indicates the chance for which financial statements of a company will be
published with a number of materials errors and incorrect financial information even though that
has been examined, reviewed, and approved by an external auditor. This type of risk arises when
an auditor fails to detect accounting fraud or errors while examining a company’s financial
statements. In order to eliminate or reduce the degree of audit risk, auditors need to increase the
number of audit procedures. The users of a business organisation’s financial statements use to
rely upon the auditors’ assurance in relation to accuracy and materiality of the reporting
company’s periodic financial statements and due to this, it is very crucial for auditors to reduce

audit risk at a modest level. The reduction of audit risks stands as an integral part of a company’s
and its auditors’ audit functions.
Definition and Discussion on Audit Risk
Audit risk refers to the risk which makes financial statements of a company materially incorrect,
even after auditing and audit opinion’s stating that the statements are correct and free of material
misstatements. In other words, audit risk stands as a danger that leads to errors or intentional
miscalculations in accounts and financial statements that will not been caught by auditors before
such statements get issued. It is a risk that a company’s auditor uses to express inappropriate
opinion while making his/her individual statement on the accuracy, relevancy, and materiality of
the reporting company’s financial statements. Audit risk arises at the time when an auditor fails
to issue a correct opinion on a reporting company’s financial statements. This kind of risk arises
due to the accounting errors or fraud, or intended miscalculations of the reporting company in its
financial statements that are not been caught by its auditors before these statements are issued.
Followings are some of the examples of inappropriately made audit opinions of auditors:
 Issuing a specific qualified audit opinion regarding the company’s financial statements
where qualification is not necessary
 Issuing an audit report which is not qualified and where qualification is justified in
reasonably manner
 Failing to emphasise the significant matters in their audit report
 Providing a statement or opinion on the periodic financial statements unreasonably due to
the limitation of audit scope.
There are three components attached to audit risk such as inherent risk, detection risk, and
control risk. This means audit Risk equals to Inherent Risk multiplied by Control Risk and
Detection Risk. Audit risk sometimes considered as a result of the several risks that could be
encountered while conducting auditing work. In terms of keeping the degree of audit risk

oriented engagements below the acceptable limit, the auditors need to assess risk level pertaining
to each of these component attached to audit risk.
The main purpose behind initiating audit work is to eliminate or reduce audit risk, considering
the three above mentioned audit risk components, to the lowest level by sufficient evidence and
adequate testing. This is because, a company’s stakeholders like creditors, shareholders, existing
and potential investors, business analysts, along with some others internal and external
stakeholders use to rely on its financial statements, and it is their right to get an understandable,
clear and bias-free picture of an organisation’s financial position via its financial statements for
which auditors must work on reducing audit risk at the lowest level. Furthermore, for Certified
Professional Audit firms those perform audit work, often become legally liable if they fail to
reduce audit risk while examining and making a statement declaring a company's financial status
and performance through financial statements.
Types of Audit Risks and their Assessment
There are three different components of audit risk such as inherent risk, detection risk, and
control risk whereas while classifying the audit risk, there are two kinds of audit risks like the
risk of material misstatements, and detection risk. The risk of material misstatement is associated
with inherent risk and control risk. In other words, at the level of assertion, the risk of material
misstatement consists of the two components naming control risk, and inherent risk.
1. Risk of Material Misstatement
The risk arises due to material misstatement refer to the risk which indicates that financial
statements of a company are not correct materially before to audit work is performed. Here, the
term ‘material’ refers to the dollar amount which is very and responsible to change the readers or
users opinion on the company after reading its financial statement and the dollar amount or
percentage is subjective. For example, if the inventory balance of a sporting product store of
$10,000,000 is incorrect by $250,000, the stakeholder reading the store’s financial statements
might consider it as a materially correct amount. The particular type of audit risk is even more if

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

the internal control of a company is insufficient. Moreover, insufficient control risk is also
responsible for arising fraud risk.
This risk makes a company’s financial statements susceptible to a number of material
misstatements. At the level of financial statement, this risk pervasively relates to the reporting
company’s financial statements (income statement, balance sheet, statement of financial position,
and cash flow statement). It potentially affects many assertions. Furthermore, at the level of
financial statement, this type of risk might be relevant to the consideration made by an auditor of
this due to internal fraud. For instance, an ineffective internal control environment, lack of
required cash to continue business operations, as well as declining conditions affect the
company's and create opportunities for the management to engage in manipulation while
preparing and presenting financial statements which ultimately lead to the very risk of material
misstatement.
At the level of assertion, the two components of risk of material misstatement are:
 Inherent risk: It is the susceptibility in relation to a particular assertion which occurs due
to the presence of material error, omission, or fraud, individually or in combination with
other misstatements. This type of risk occurs before considering any kind of related
controls. Generally, this risk becomes high when a high amount of judgment and
estimation is involved as well as when the reporting company practices highly complex
financial transactions in order to conduct its regular course of business.
 Control risk: This risk arises as a result of material fraud or error which use to occur
while making an assertion, individually or in combination with other misstatements. The
system of internal control of a company is incapable of detecting or preventing this risk
on a regular basis. Control risk arises from the failure or absence of relevant operation
control mechanisms. This risk becomes high in the absence of adequate internal control
systems in a company which restricts the company to detect and then to prevent the
occurrences of material error, omission, and fraud in the company’s financial statements.
Control risk stands as the potential risk of material misstatements that are not be
prevented as well as detected by a company’s control systems.

Inherent risk along with control risk is solely related to a company, the company’s environment,
as well as its practices in relation to internal control, and the auditors assess such risks on the
basis of evidence they obtain. For assessing control risk, the auditors use the evidence they
obtain from tests of controls and other sources.
2. Detection Risk
Detection risk refers to the risk attached to audit procedures that are used by an auditor which are
incapable of detecting any kind of material misstatement from the reporting company’s financial
statements. While auditing a company’s financial statements, this risk arises due to the
inappropriate planning and designing of audit procedures by an auditor. Detection risk gets
affected by the effectiveness of substantive audit procedures, and the application of such
substantive audit procedures by an auditor which means whether the audit procedures are
performed by the auditors with due professional competence and care or not. This kind of risk is
solely dependent on auditors and their audit competences as well as their act of performing audit
work with due care. The more an auditor applied professional care while auditing a reporting
company’s financial statements, the less the chances of detection risk and vice versa.
Example and Formula of Audit Risk
Oliver works as an external auditor at an audit firm and asked for reviewing ABC Limited’s (an
Information Technology company), financial statements. The manager of Oliver has already
prepared a memo in order to specify the things to be considered with the highest concerns during
the audit process:
 ABC Limited operates as an industry leader with a huge network of subsidiaries,
customers, and branches.
 The company has a number of auditors its own but its management uses to suspect
control risk.

 For ABC Limited, the acceptable level of audit risk is below or equal to 8%.
While reviewing the company’s financial statements, Oliver identifies both inherent risk and
control risk. The audit department of ABC Limited has not yet submitted its financial statements
to the company’s audit committee as well as it is suspected by Oliver that several errors of
auditing have by-passed control. Moreover, the technology industry is very complex and
competitive, thus, it puts huge pressure on the IT companies in terms of representing strong and
sound financial results.
Oliver assumed ABC Limited’s inherent risk control risk is 30% and 40% respectively. Here, if
the level of acceptable audit risk of the company stands 8%, then its detection risk will be 67%.
Audit Risk = Inherent Risk * Control Risk * Detection Risk
8% = 30% * 40% * Y (detection risk)
Y = 8% / (30% * 40%)
Y = 8% / 12%
Y = 67%
Therefore, the total audit risk of ABC Limited stands at (30 % x 40% x 67%) = 8% (formula
proved).
The model of audit risk is understood best through the below stated mathematical formula is
Detection Risk (DR) = Audit Risk (AR) / Inherent Risk (IR) * Control Risk (CR).
The denominator IR (inherent risk) is the susceptibility/risk of an audit assertion in relation to
a misstatement which is material in nature without considering the internal controls. It denotes
that in the first place, there is already an error. CR (Control risk) stands as the risk which is
related to the internal controls system of a company that will fail to detect or prevent material
misstatements made in the financial statements. Here, the internal control system is the set of
procedures and policies that are placed by a company’s management for enhancing the reliability
and relevancy of its financial statements. Lastly, DR (detection risk) refers to the risk which

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

indicates that the auditors will fail to detect the material misstatements that exist in the assertion.
Thus, detection risk and audit risk both are dependent on a company’s auditor. On the other
hand, control risk and inherent risk are independent of an auditor because these two kinds of
risks exist within a company regardless of conducting an audit. Audit procedures are designed in
accordance with the decision made by an auditor on audit risk. A low level of detection risk
needs more persuasive evidence compared to high detection risk.
Use of Audit Risk Model for determining the required Audit Evidence
Audit Risk Inherent
Risk
Control
Risk
Detection
Risk
(Planned)
Volume of
evidence
needed
Sales and cash
collections Low (2%)
High
(96%)
High
(91%) Low High
Purchases
(acquisitions) and
payments
High (6%) Low (51%) Low
(21%) High
Low
Inventory High (6%) Low (51%) Moderate Moderate Moderate
Here, it must be remembered that control risk and inherent risk are not dependent on the auditors
and as pet the level of acceptable audit risk, the volume of required evidence varies.
Acceptable Level of Audit Risk and Inherent Risk
A common way of determining the level of acceptable audit risk is dependent on the type of
company. For instance, an auditor will assume a low level acceptable audit risk for the public
companies compared to the private companies as most of the users of generally depend on

publicly listed and traded companies’ financial statements. However, some other factors are also
there that affect an auditor’s strategy of setting audit risk for a company or an engagement. These
factors are:
 Chances of a company’s financial failure: The more the risk of a company’s financial
failure, the less the level of its acceptable audit risk
 Reliance by the external users on a company’s financial statements: The more a
company’s external stakeholders, the lower the acceptable audit risk
 The integrity of the management: The less questionable the honesty or integrity of a
company’s management, the higher the acceptable audit risk.
The inherent risk of audit is independent of an auditor. In order to take a close look to
understand the inherent risk of audit in a better manner, it is highly significant to understand a
company along with the environment from where it operates by considering the below stated
factors:
 Nature of a company's business operations along with the products or services it offers.
For instance, a jewellery manufacturing company or high tech company is more risk
prone as these type of companies faces the risk of inventory obsolescence very often
 IT environment of a company like a company which operated through decentralised and
highly complex processing systems are very inherent risk prone compared to other
companies those operate through centralised and less complex processing systems
 The integrity of the company’s management
 Objectives or motivations of the client company (i.e. offering stock options, allowing
bonuses on the basis of annual net income)
 Non-routine transactions such as greater chances of accounting fraud and error as a result
of unorthodox financial transactions