Scribd
Upload
43 views5 pages

Audit Risk Model

Uploaded by

inovia.indrajati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views5 pages

Audit Risk Model

Uploaded by

inovia.indrajati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Audit Risk Model: Practice Guide

Posted on April 15, 2014 by Chester Bateman

Audit Risk (AR) is the risk that the auditor may express an unqualified audit opinion
when the financial statements are materially misstated and there are material
weaknesses in the system of internal controls.
Audit Risk Model
Paragraph .14, AU-C 200 (AICPA), Overall Objectives of The Independent Auditor,
“Audit risk is a function of the risks of material misstatement and detection risk“.

The Audit Risk Model can be defined as AR = RMM x DR, where the overall audit risk is
obtained by multiplying the probabilities for each risk component. The model is used to
determine the level of detection risk needed to reduce audit risk to an acceptably low
level.

Risks of material misstatement (RMM) is the product of inherent risk and control
risk.

Inherent risk (IR) is the susceptibility of an account balance or class of transactions


to material misstatement, assuming there are no related controls.

Control risk (CR) is the risk that the system of internal controls will fail to prevent or
detect material misstatements.

Detection risk (DR) is the risk that the audit procedures will fail to detect material
misstatements which were not caught by the internal controls.

The components of audit risk are illustrated below, where the cloud represents the
accounting system and the rain drops are misstatements. The likelihood of
misstatements occurring is inherent risk. The probability that internal controls (1st
umbrella) may not prevent or detect misstatements is control risk. The probability that
audit procedures (2nd umbrella) may not detect material misstatements is detection
risk. The probability that the financial statements may include material misstatements
is audit risk.
Risk-Based Audit Approach
The audit risk model provides a risk-based audit approach to assess the risks of material
misstatement to determine the scope of audit procedures to perform. Higher risk areas
would require more audit work as compared to lower risk areas.

Risks of Material Misstatement and Detection Risk


In the risk model, audit risk (AR) is usually set at a low level of 5% (i.e. 95% confidence
that the financial statements do not contain any material misstatements). The auditor
assesses the risks of material misstatement (inherent and control risks) and then solves
the model for detection risk.

Detection risk is inversely related to the risks of material misstatement. For


example, when the inherent and control risks are assessed as High (IR=100%,
CR=70%), the detection risk would need to be Low (DR=7%) to ensure that audit risk is
kept at a low level. This would increase the assurance required from substantive tests.
AR=5%, IR=100%, CR=70%;
AR = (IR x CR) x DR
5% = (100% x 70%) x DR
DR = 0.05 / 0.7
DR = 7%
Substantive Assurance = 100%-DR = 93%

Conversely, when the inherent and control risks are assessed as Low (IR=50%,
CR=20%), a higher level of detection risk (DR=50%) is acceptable while maintaining
audit risk at a low level. This would reduce the assurance required from substantive
tests.

AR=5%, IR=50%, CR=20%;


AR = (IR x CR) x DR
5% = (50% x 20%) x DR
DR = 0.05 / 0.1
DR = 50%
Substantive Assurance = 100%-DR = 50%

The % of substantive assurance required can be used to define the “confidence level” in
statistical sampling to determine the sample size for substantive tests. The sample size
can be calculated using statistical formulas/tables or audit software (e.g. AuditSampler).

Quantitative Audit Risk Matrix


An alternate form of the audit risk model is the “Audit Risk Matrix“, where IR (x-axis)
and CR (y-axis) are assessed as Low, Moderate or High and each risk rating is assigned
a probability value. The combination of IR x CR in the risk matrix determines the level
of RMM, i.e. if IR=Max and CR=Low, then RMM=Moderate (30%). Therefore, DR=17%
(.05/.30) and the assurance required is 83% (100% – DR).

The audit risk matrix provides a visual analysis of the risk assessment (color gradient
from green, yellow to red). The auditor can categorize the assurance required as Low,
Moderate or High and determine the confidence levels for substantive tests.

Preliminary Audit Strategy


The audit risk model can be used for “preliminary audit planning“ to identify and assess
the risks of material misstatement for each class of transactions and account balance to
determine the appropriate audit strategy.
If RMM=Low and CR=Low: the audit strategy would rely on controls and perform a
lower level of substantive tests (controls reliance approach). Alternatively, if
RMM=High and CR=High: the audit strategy would not rely on controls and perform a
higher level of substantive tests (primarily substantive approach).

You might also like