Audit risk

From Wikipedia, the free encyclopedia

Audit risk is a term that is commonly applied in relation to the audit of the financial statements of an entity. (See financial audit). The primary objective of such an audit is to provide an opinion as to whether or not the financial statements present fairly the financial position and results of the entity. Audit risk is the risk of the auditor providing an inappropriate opinion on the financial statements. In other words, it is the risk of the auditor stating the financial statements present fairly the financial position of the entity, when in fact they do not. (Although significantly a lesser risk, audit risk also encompasses the risk of the auditor stating the financial statements do not present fairly the financial position of the entity, when in fact they do.)

Contents 1 Components of audit risk 1.1 Inherent risk(IR) 1.2 Control risk(CR) 1.3 Detection risk(DR) 1.4 Acceptable audit risk 2 Audit risk formula 3 Mathematics of audit risk 4 References 5 External links

[edit] Components of audit risk

[edit] Inherent risk(IR)

Inherent risk represents the auditor's assessment that there may be a material misstatement relating to an assertion in the financial statements, without taking into account the effectiveness of the related internal controls. If the auditor concludes that there is a high likelihood of such a misstatement, ignoring internal controls, the auditor would conclude that the inherent risk is high. Internal controls are ignored in setting inherent risk because they are considered separately in the audit risk model as control risk. It is an area that requires professional judgement on the part of an auditor. For example, the valuation of inventory consisting of diamonds is more complex than inventory consisting of bicycles, and hence more risky.

[edit] Control risk(CR)

Control risk represents the auditor's assessment of the likelihood that a material misstatements relating to an assertion in the financial statements will not be prevented or detected, on a timely basis, by the client's internal control system. This assessment includes an assessment of whether a client's internal controls are effective for preventing or detecting misstatements and the auditor's intention to make that assessment at a level below the maximum (99 percent) as part of the audit plan.

[edit] Detection risk(DR)

Detection risk is defined as the likelihood that a material misstatement relating to an assertion will be not detected by the auditor's substantive testing. It is important to note that the detection risk indicates the detection risk that the auditor is willing to "live with" given his desired audit risk and his assessment of inherent and control risk. This means that if the detection risk is high, the auditor is willing to accept a high detection risk, and will do less substantive testing as compared to a situation where the detection risk is low.

[edit] Acceptable audit risk

Acceptable audit risk, also known as residual risk, is a measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unqualified (or clean) opinion was issued. If the auditor decides to lower audit risk, that means that the auditor wants to be more certain that the financial statements are not materially misstated

The product of inherent risk and control risk is referred to as the Risk of Material Misstatement. It is allowable to make a combined assessment of inherent and control risk, called Risk of Material Misstatement.

[edit] Audit risk formula

Audit Risk = IR * CR * DR Given the explanations of the relevant terms above, the purpose of this equation is to determine detection risk, which then indicates to the auditor how much substantive testing he has to do to arrive at the desired audit risk.

[edit] Mathematics of audit risk

Audit standards proposed probability theory to be applied on audit risk concept. Practitioners also attached probability to audit risk concept. But audit standards did not adopt probability theory as the unique formalism of audit risk.

In fact, audit risk is an intersection of three sets. Modeling audit risk issued different models depending on mathematical theories used:

• Probability theory measures audit risk if these three components (inherent risk, control risk...) of audit risk concept are considered as events. Audit risk become a set of events. it become a product of three probabilities.

[edit] References

• Srivastava R.P. & Shafer G.R. (1992) " Belief function Formula for audit risk " Review: Accounting Review, Vol. 67 n° 2, pp. 249-283, for evidence theory applied on audit risk.
• Lesage (1999)" Evaluation du risque d'audit : proposition d'un modele linguistique " Review: Comptabilite, Controle, Audit, Tome 5, Vol. 2, September 1999, pp.107-126, for fuzzy audit risk.
• Fendri-Kharrat et al. (2005)"Logique floue appliquee a l'inference du risque inherent en audit financier ", Review: RNTI : Revue des Nouvelles Technologies de l'Information, n° RNTI-E-5, (extraction des connaissances: etats et perspectives), November 2005, pp.37-49, Cepadues editions, for fuzzy inherent audit risk.

[edit] External links

• A technical explanation of this term can be found in International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants