You are required to write short notes on:
I) Audit risk
Audit risk means the risk that the auditor gives an inappropriate audit opinion. E.g. if the auditor reports that the financial statements show a true and fair view while in reality they are materially misstated. Audit risk has three components: inherent risk, control risk and detection risk.
Audit risk = Inherent risk * Control risk * Detection risk
II) Inherent risk
- This is the susceptibility of an account balance or class of transactions to misstatement that could be material individually or when aggregated with misstatements in other balances or classes of transactions assuming there were no related internal controls. Inherent risk could increase as a result of:
- An adverse attitude of managers to internal control matters;
- The type of business carried out;
- The environment within which the entity carries out its business;
- Where there is a high degree of estimation or judgement associated with the transaction;
- The entity is involved in very complex transactions;
- The assets involved are especially susceptible to loss or theft.
An assessment of inherent risk can be made by the auditor carrying out a review of these factors.
III) Control risk
- Means that a material misstatement could occur in an account balance or class of transactions, which would not be prevented or detected in timely manner by the entity‘s accounting and internal control systems.
To assess control risk auditors should:
- Investigate and document internal control systems;
- Confirm their understanding of the systems by performing walk through tests.
These are performed to ensure that the auditor‘s understanding of the client‘s accounting system is correct;
- Make an initial assessment of control risk based upon their understanding;
- Perform tests of controls to confirm their assessment;
- Reassess the level of control risk if controls are found to be ineffective.
IV) Detection risk
This is the risk that an auditor‘s substantive procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material. This implies that detection risk is the only component of the audit risk model that is under the control of the auditor. The level of detection risk relates directly to the auditor‘s substantive procedures. The auditor‘s control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk, and therefore audit risk to an acceptably low level.