Audit Risk Model

Inherent Risk, Control Risk & Detection Risk

Contents:
1. Definition 6.Control Risk
2. Explanation 7.Detection Risk
3. Model 8.Application
4.Components 9.Example
5.Inherent Risk
Definition
Audit Risk is the risk that an auditor expresses an inappropriate opinion on the financial
statements.
Explanation
Audit risk is the risk that an auditor issues an incorrect opinion on the financial statements.
Examples of inappropriate audit opinions include the following:
 Issuing an unqualified audit report where a qualification is reasonably justified;
 Issuing a qualified audit opinion where no qualification is necessary;
 Failing to emphasize a significant matter in the audit report;
 Providing an opinion on financial statements where no such opinion may be reasonably given
due to a significant limitation of scope in the performance of the audit.
Model
Audit Risk = Inherent Risk x Control Risk x Detection Risk
Audit risk may be considered as the product of the various risks which may be encountered in
the performance of the audit. In order to keep the overall audit risk of engagements below
acceptable limit, the auditor must assess the level of risk pertaining to each component of audit
risk.
Components
Explanation of the 3 elements of audit risk is as follows:
Inherent Risk
Inherent Risk is the risk of a material misstatement in the financial statements arising due to
error or omission as a result of factors other than the failure of controls (factors that may cause a
misstatement due to absence or lapse of controls are considered separately in the assessment of
control risk).
Inherent risk is generally considered to be higher where a high degree of judgment and
estimation is involved or where transactions of the entity are highly complex.
For example, the inherent risk in the audit of a newly formed financial institution which has a
significant trade and exposure in complex derivative instruments may be considered to be
significantly higher as compared to the audit of a well established manufacturing concern
operating in a relatively stable competitive environment.
Control Risk
Control Risk is the risk of a material misstatement in the financial statements arising due to
absence or failure in the operation of relevant controls of the entity.
Organizations must have adequate internal controls in place to prevent and detect instances of
fraud and error. Control risk is considered to be high where the audit entity does not have
adequate internal controls to prevent and detect instances of fraud and error in the financial
statements.
Assessment of control risk may be higher for example in case of a small sized entity in which
segregation of duties is not well defined and the financial statements are prepared by individuals
who do not have the necessary technical knowledge of accounting and finance.
Detection Risk
Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial
statements.
An auditor must apply audit procedures to detect material misstatements in the financial
statements whether due to fraud or error. Misapplication or omission of critical audit procedures
may result in a material misstatement remaining undetected by the auditor. Some detection risk
is always present due to the inherent limitations of the audit such as the use of sampling for the
selection of transactions.
Detection risk can be reduced by auditors by increasing the number of sampled transactions for
detailed testing.
Application
Audit risk model is used by the auditors to manage the overall risk of an audit engagement.
Auditors proceed by examining the inherent and control risks pertaining to an audit engagement
while gaining an understanding of the entity and its environment.
Detection risk forms the residual risk after taking into consideration the inherent and control
risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to
accept.
Where the auditor's assessment of inherent and control risk is high, the detection risk is set at a
lower level to keep the audit risk at an acceptable level. Lower detection risk may be achieved by
increasing the sample size for audit testing. Conversely, where the auditor believes the inherent
and control risks of an engagement to be low, detection risk is allowed to be set at a relatively
higher level.
Example
ABC is an audit and assurance firm which has recently accepted the audit of XYZ. During the
planning of the audit, engagement manager has noted the following information regarding XYZ
for consideration in the risk assessment of the assignment:
 XYZ is a listed company operating in the financial services sector
 XYZ has a large network of subsidiaries, associates and foreign branches
 The company does not have an internal audit department and its audit committee does not
include any members with a background in finance as suggested in the corporate governance
guidelines
 It is the firm's policy to keep the overall audit risk below 10%

Inherent risk in the audit of XYZ's financial statements is particularly high because the entity is
operating in a highly regularized sector and has a complex network of related entities which
could be misrepresented in the financial statements in the absence of relevant financial controls.
The first audit assignment is also inherently risky as the firm has relatively less understanding of
the entity and its environment at this stage. The inherent risk for the audit may therefore be
considered as high.
Control risk involved in the audit also appears to be high since the company does not have
proper oversight by a competent audit committee of financial aspects of the organization. The
company also lacks an internal audit department which is a key control especially in a highly
regulated environment. The control risk for the audit may therefore be considered as high.
If inherent risk and control risk are assumed to be 60% each, detection risk has to be set at 27.8%
in order to prevent the overall audit risk from exceeding 10%.
Working
Audit Risk = Inherent Risk x Control Risk x Detection Risk
0.10 = 0.60 x 0.60 x Detection Risk
0.10 = Detection Risk = 0.278 = 27.8%
0.36
Inherent risk, in a financial audit, measures the auditor's assessment of the likelihood that there
are material misstatements due to error or fraud in segment before considering the effectiveness
of internal control
DEFINITION of 'Inherent Risk'
The risk posed by an error or omission in a financial statement due to a factor other than a failure
of control. In a financial audit, inherent risk is most likely to occur when transactions are
complex, or in situations that require a high degree of judgment in regards to financial estimates.
This type of risk represents a worst-case scenario because all controls have failed.

How to Assess Inherent Risk in an Audit

By Maire Loughran from Auditing For Dummies

Auditors must determine risks when working with clients. One type of risk to be aware of is
inherent risk. While assessing this level of risk, you ignore whether the client has internal
controls in place (such as a secondary review of financial statements) in order to help mitigate
the inherent risk. You consider the strength of the internal controls when assessing the client’s
control risk. Your job when assessing inherent risk is to evaluate how susceptible the financial
statement assertions are to material misstatement given the nature of the client’s business. A few
key factors can increase inherent risk.

 Environment and external factors: Here are some examples of environment and
external factors that can lead to high inherent risk:
o Rapid change: A business whose inventory becomes obsolete quickly
experiences high inherent risk.
o Expiring patents: Any business in the pharmaceutical industry also has
inherently risky environment and external factors. Drug patents eventually expire,
which means the company faces competition from other manufacturers marketing
the same drug under a generic label.
o State of the economy: The general level of economic growth is another external
factor affecting all businesses.
 o Availability of financing: Another external factor is interest rates and the
associated availability of financing. If your client is having problems meeting its
short-term cash payments, available loans with low interest rates may mean the
difference between your client staying in business or having to close its doors.
 Prior-period misstatements: If a company has made mistakes in prior years that weren’t
material (meaning they weren’t significant enough to have to change), those errors still
exist in the financial statements. You have to aggregate prior-period misstatements with
current year misstatements to see if you need to ask the client to adjust the account for the
total misstatement.

You may think an understatement in one year compensates for an overstatement in

another year. In auditing, this assumption isn’t true. Say you work a cash register and one
night the register comes up $20 short. The next week, you somehow came up $20 over
my draw count. The $20 differences are added together to represent the total amount of
your mistakes which is $40 and not zero. Zero would indicate no mistakes at all had
occurred.

 Susceptibility to theft or fraud: If a certain asset is susceptible to theft or fraud, the

account or balance level may be considered inherently risky. For example, if a client has
a lot of customers who pay in cash, the balance sheet cash account is going to have risk
associated with theft or fraud because of the fact that cash is more easily diverted than
customer checks or credit card payments.

Looking at industry statistics relating to inventory theft, you may also decide to consider
the inventory account as inherently risky. Small inventory items can further increase the
risk of this account valuation being incorrect because those items are easier to conceal
(and therefore easier to steal).
  Answers
www.referenceboss.com
Facts & Answers at Your Fingertips For Free - Get Reference App Today!
 Internal Audit/Renaix
www.renaix.com/jobs/
Established in 1997. Specialists in audit and financial mangement.
INVESTOPEDIA EXPLAINS 'Inherent Risk'
Inherent risk is one of the risks auditors must look for when reviewing financial statements,
along with control risk and detection risk. When conducting an audit the auditor will try to gain
an understanding of the nature of the business while examining control risks and inherent risks.
If inherent and control risks are considered to be high, an auditor can set the detection risk to a
lower level to keep the overall audit risk at a reasonable level.
Companies operating in highly regulated sectors, such as the financial sector, are more likely to
have higher inherent risk, especially if the company does not have an audit department or has an
audit department without an oversight committee with a financial background. The ultimate risk
posed to the company also depends on the financial exposure created by the inherent risk if the
process for accounting for the exposure fails.
Complex financial transactions, such as those undertaken in the years leading up to the financial
crisis of 2007-2008, can be difficult for even the cleverest financial professionals to understand.
Asset-backed securities, such as collateralized debt obligations (CDOs), became difficult to
account for as tranches of varying qualities were repackaged again and again. This complexity
may make it difficult for an auditor to make the correct opinion, which in turn can lead investors
to consider a company to be more (or less) financially stable than it actually is.
Refine Your Financial Vocabulary
Gain the Financial Knowledge You Need to Succeed. Investopedia’s FREE Term of the Day
helps you gain a better understanding of all things financial with technical and easy-to-
understand explanations. Click here to begin developing your financial language with this daily
newsletter.

Read more: http://www.investopedia.com/terms/i/inherent-risk.asp#ixzz3hXTdDmc1

Follow us: @Investopedia on Twitter
Related to CUTOFF
Synonyms
arrest, arrestment, cease, cessation, check, close, closedown, closure, conclusion, end,
discontinuance, discontinuation, ending, expiration, finish, halt, lapse, offset, shutdown,
shutoff, stay, stop, stoppage, surcease, termination

cut·off
also cut-off (kŭt′ôf′, -ŏf′)
n.
1. A designated limit or point of termination.
2. A shortcut or bypass.
3. A new channel cut by a river across the neck of an oxbow.
4. The act or an instance of cutting off: a cutoff of funds; an electricity cutoff.
5. Baseball The interception by an infielder of a throw to home plate from the outfield.
6. A device that cuts off a flow of fluid.
7. Music A conductor's signal indicating a stop or break in playing or singing.
8. cutoffs Pants, such as blue jeans, made into shorts by cutting off part of the legs.
adj.
1. Designating a limit or point of termination: a cutoff date for applications.
2. Baseball Serving to intercept or relay a throw to home plate from the outfield: the cutoff man.
American Heritage® Dictionary of the English Language, Fifth Edition. Copyright © 2011 by
Houghton Mifflin Harcourt Publishing Company. Published by Houghton Mifflin Harcourt
Publishing Company. All rights reserved.
cut•off
(ˈkʌtˌɔf, -ˌɒf)

n.
1. an act or instance of cutting off.
2. something that cuts off.
3. a point serving as the limit beyond which something is no longer effective, applicable, or
possible.
4. a road, passage, etc., that leaves another, usu. providing a shortcut.
5. a new and shorter channel formed in a river by the water cutting across a bend in its course.
6. cutoffs, shorts made by cutting the legs off a pair of trousers, esp. jeans.
7. an infielder's interception of a baseball thrown from the outfield in order to relay it to home
plate or keep a base runner from advancing.
8. arrest of the steam moving the pistons of an engine, usu. occurring before the completion of a
stroke.
Detail tie in
A Test in auditing that test the articulation of the same number in different parts of the report