AUDIT RISK
• The risk that an auditor will give an inappropriate audit opinion when
the financial statements are materially misstated
• If the auditor seeks 90% confidence in their opinion, then the
audit risk is 10%
• Auditor rarely reaches 100% confidence level and therefore
determining an acceptable level of audit risk is important
• In setting desired audit risk the auditor seeks an appropriate
balance between the costs associated with an incorrect audit
opinion and the costs of performing additional audit
procedures to reduce audit risk to an acceptable level
• There will always be an element of audit risk due to:
• Human error and judgment
• Collusion & fraud
• Scarce resources
1
AUDIT RISK (AR)
Audit risk has 3 components
– Inherent risk (IR)
– Control risk (CR)
– Detection risk (DR)
2
INHERENT RISK
Inherent risk is the possibility that material misstatements
are contained in the financial statements.
In estimating inherent risk the focus is on:
1. The nature of transactions & resultant balances
eg Cash is more susceptible to
misappropriation than are plant assets
2. The clients operating environment
eg Foreign exchange dealings
3
INHERENT RISK - continued
1. The nature of transactions & resultant balances
Factors contributing to inherent risk include:
• Accounts and transactions that are difficult to audit e.g.
insufficient evidence
• Complex accounting issues – difficulty in recording
• Transactions that require estimate & judgment i.e. doubtful
debts
• Assets that are susceptible to theft, loss or misappropriation
e.g. stock, accounts receivable
• Sensitivity to valuation to economic activity i.e. revaluation
of assets
• Unusual transactions
• Past fraud or error in subsystem
4
INHERENT RISK - continued
2. The clients operating environment
Matters to be considered include:
• Management integrity
• Management turnover and experience
• Profitability of the client relative to the industry
• Current economic environment of the clients
industry
• Going concern problem, such as lack of working
capital and interest commitments
• Nature of clients operations
5
CONTROL RISK
• Possibility that misstatements, such as material error and
fraud will not be prevented or corrected by the client’s
internal control system
• Control risk can never be zero because internal controls
cannot provide complete assurance that all material
misstatements will be prevented or detected
• Linked to quality of clients control system:
– Segregation of duties
– Reconciliation procedures
– Existence of internal audit
– Quality of supervision
– Authorisation of transactions
– Physical custody of assets
• Where estimated CR is relatively high, more substantive test
of transactions and balances will be carried out and
6
compliance testing will cease
DETECTION RISK
• Possibility that auditing test procedures will fail to detect
material error or fraud in the financial statements
• Relates to the substantive test of transactions and balances
and analytical review
• the risk that the auditors substantive testing will not
detect any misstatements that are not prevented or
detected by the internal control structure.
• Determined directly by auditor – relates to the extent and
quality of the audit
• Unlike control risk and inherent risk the auditor can
control the actual level of detection risk by varying the
nature, timing and extent of substantive procedures to
be performed on managements assertions
7
DETECTION RISK
Detection Risk can be reduced by:
– Conducting more substantiative testing of
transactions and balances
– Raising materiality levels for various subsystems
i.e lowering dollar value of what is investigated
during tests of transactions and balances, so
that smaller errors and omissions are seen as
material by the auditor
8
AUDIT RISK MODEL
Audit Risk (AR) =
Inherent Risk (IR) x Control Risk (CR) x Detection Risk (DR)
E.g. Auditor is planning for the audit of sales & accounts receivable
subsystem. The audit has decided on the following acceptable
risk levels:-
IR = 80% (relatively high risk that material fraud or error occurs
in this subsystem)
CR = 50% (50% chance that the clients internal controls will not
prevent material fraud or error)
DR = 13% (auditor is willing to accept a 13% chance that the audit
tests will not detect material fraud or error in the
subsystem)
9
AUDIT RISK MODEL
The model looks like this:
AR = IR x CR x DR
0.8 x 0.5 x 0.13
0.052
Overall audit risk is 5.2% rounding to 5%
10
AUDIT RISK
The auditor generally specifies the desired level of overall
audit risk to be achieved and their assessed levels of Inherent
and Control risk and then solves for detection risk using the
following variation of the model:-
DR = AR/(IR*CR)
In the previous example (slide 10) if IR or CR were higher and
the auditor wants to achieve an audit risk of 5% then the DR
would need to be reduced by applying the following formulae
DR = AR/ (CR*IR)
0.05/(0.50 x .80)
0.05/0.40
0.125
Detection Risk should be 12.5% (say 13%)
11
RISK OF INSOLVENCY
• Auditors must assess the risk that the
client will not be able to continue as a
going concern
• AUS 708 – Going Concern lists a number
of indicators of going concern:
1. Operating Indicators
2. Financial Indicators
3. Other
12
RISK OF INSOLVENCY
1. Operating Indicators
• Lack of management planning
• Lack of management skill
• Lack of key management
• Loss of significant market, license or franchise
• Problems in management information
systems
13
RISK OF INSOLVENCY
2. Financial indicators
• Recent history of net losses
• High reliance on borrowed funds
• Deferred liabilities approaching maturity
• Unfavorable financial ratios such as working capital,
gross profit ratio, interest coverage, stock & debtor
turnover
• Lack of operating cash flows
• Inability to pay creditors
3. Other indicators
• Non compliance with Corporations Law requirements
• Technological change
• Failure of similar entities in the industry
14