Messie, Glover, Prawitt & Boh, Margaret , 2007 stated that audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. In simple terms, audit risk is the risk that an auditor will issue an unqualified opinion when the financial statements contain material misstatement.
ISA 200 states that auditor should plan and perform the audit to reduce audit risk to an acceptably low level that is consistent with the objective of an audit.
(Auditing and Assurance Standard) AAS-6(Revised), “Risk Assessments and Internal Controls”, identifies the three components of audit risk i.e. inherent risk, control risk and detection risk.
Audit risk model: AR = IR x CR x DR.
AR= Audit risk (the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated)
IR = Inherent risk (the risk that an assertion is susceptible to a material misstatement, assuming there are no related controls)
CR = Control risk (the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal control)
DR = Detection risk (the risk that the auditor will not detect a material misstatement that exists in an assertion)
The objective in an audit is to limit audit risk to a low level, as judged by the auditor. When conducting an audit, the auditor should consider materiality and its relationship with audit risk. The level of detection risk can be considered only after considering the level of inherent and control risks. While planning an audit, the auditor should keep in mind that the audit risk is to be kept at an acceptably low level. The range, efficiency, efficacy, nature and timing of the procedures performed by the auditor will determine the level (i.e. high or low) of detection risk
The major purpose of audit risk models is to help the auditor to obtain a given degree of confidence that the financial statements do not contain a material error. Economic considerations are not explicitly taken into account, and the focus is rather on effective audit risk control. In the second approach, audit decision models are more comprehensive in nature as compared to audit risk models: a broader set of factors are taken into account (such as, audit risk, audit costs, etc.). This type of model may serve as an aid for auditors to identify an efficient and cost effective way by which a suitable level (i.e., cost minimizing) of confidence can be achieved.
Audit risk is fundamental to the audit process because auditors cannot and do not attempt to check all transactions. It would be impossible to check all of transactions, and no one would be prepared to pay for the auditors to do so, hence the importances of the riskâ€‘based approach toward auditing. Traditionally, auditors have used a risk-based approach in order to minimize the chance of giving an inappropriate audit opinion, and audits conducted in accordance with ISAs must follow the risk based approach, which should also help to ensure that audit work is carried out efficiently, using the most effective tests based on the audit risk assessment. Auditors should direct audit work to the key risks (sometimes also described as significant risks), where it is more likely that error in transactions and balances will lead to a material misstatement in the financial statements. It would be inefficient to address insignificant risks in a high level of detail, and whether a risk is classified as a key risk or not is a matter of judgment for the auditor.
“Generally Accepted Auditing Standards” (GAAS) establish a “model” for carrying out audits that requires auditors to use their judgment in assessing risks and then in deciding what procedures to carry out. This model often is referred to as the “audit risk model.” The model allows auditors to take a variety of circumstances into account in selecting an audit approach. For example, the model calls for auditors to have an understanding of the client’s business and industry, the systems employed to process transactions, the quality of personnel involved in accounting functions, the client’s policies and procedures related to the preparation of financial statements, and much more. The model requires auditors to gain an understanding of a company’s internal control, and to test the effectiveness of controls if the auditor intends to rely on them when considering the nature, timing and extent of the substantive tests to be carried out. For example, if controls over sales and accounts receivable are strong, the auditor might send a limited number of accounts receivable confirmation requests at an interim date and rely on the controls and certain other tests for updating the accounts to year end. Conversely, if controls are not strong, the auditor might send a larger number of accounts receivable confirmations at year end. The model requires an assessment of the risk of fraud (intentional misstatements of financial statements) in every audit.
Based on the auditor’s assessment of various risks and any tests of controls, the auditor makes judgments about the kinds of evidence (from sources that are internal or external to the client’s organization) needed to achieve “reasonable assurance.” On the one hand, GAAS set forth numerous requirements or matters that auditors should consider; on the other hand, the need to exercise audit judgment is embedded throughout GAAS.
Handbook Section 5130, “Materiality and Audit Risk in Conducting an Audit.” Approved recently by the CICA’s Auditing Standard Committee (AuSC), explains the meaning of the terms “material misstatement” and “audit risk” and looks at the objective of an audit. In short, while any decision involving materiality, audit risk and the extent of testing will ultimately come down to a question of professional judgments, it is hoped Section 5130, by providing some tools to assist with those judgments, will helps improve audit quality and reduce the potential for under over auditing.
Walker, Robert (Mar 1990) answer question why spend time to asses audit risk? The real reason reliance on the internal control is less efficient than reliance