What is audit risk?
The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
What are the three components of audit risk?
Inherent risk, control risk, and detection risk.
What is inherent risk?
The susceptibility of an assertion to a material misstatement before considering any related controls.
What is control risk?
The risk that a material misstatement will not be prevented, or detected and corrected, by the entity’s internal controls.
What is detection risk?
The risk that the auditor’s procedures will not detect a material misstatement that exists.
How is overall audit risk calculated?
Audit Risk = Inherent Risk × Control Risk × Detection Risk.
What is the relationship between detection risk and the other risks?
Detection risk is inversely related to the combined level of inherent and control risk.
What happens when inherent and control risks are high?
The auditor must set detection risk low by performing more substantive procedures.
What happens when inherent and control risks are low?
The auditor may set detection risk higher and perform fewer substantive procedures.
What does a low detection risk mean for the auditor’s work?
More extensive or effective audit testing is required.
What does a high detection risk mean for the auditor’s work?
Less extensive testing may be sufficient.
What are examples of factors increasing inherent risk?
Complex transactions, management estimates, unusual related-party transactions, and rapid change in the industry.
What are examples of factors reducing inherent risk?
Stable business environment, simple transactions, and strong ethical management.
What is the auditor’s goal regarding audit risk?
To reduce audit risk to an acceptably low level through appropriate audit planning and procedures.
What does ISA 200 require regarding audit risk?
That auditors obtain reasonable assurance that the financial statements are free from material misstatement.
What are the two types of material misstatement?
Misstatements due to error and misstatements due to fraud.
What is residual audit risk?
The remaining risk after audit procedures have been performed.
Why can audit risk never be reduced to zero?
Because of inherent limitations in auditing such as sampling, judgment, and potential management concealment.
What is the purpose of audit planning in relation to risk?
To identify and assess risks of material misstatement and design audit procedures accordingly.
How does the auditor assess inherent and control risks?
By understanding the entity and its environment, including internal controls.
What is the purpose of tests of controls?
To evaluate the operating effectiveness of controls in preventing or detecting material misstatements.
What is the purpose of substantive procedures?
To detect material misstatements in the financial statements.
How can detection risk be reduced?
By increasing sample size, using more effective audit procedures, and assigning more experienced staff.
What is business risk in auditing?
The risk that events or conditions may adversely affect the entity’s ability to achieve its objectives or continue as a going concern.
