A. Define audit risk. Audit risk is the risk that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated. B. Describe its components of inherent risk, control risk, and detection risk. The risk of material misstatement may be separated into two components-inherent risk and control risk. Both inherent risk and control risk exist independently of the audit of financial statements, or in other words, the risk of misstatement exists regardless of the audit being done or not.
Inherent risk is the possibility of material misstatement of an assertion before considering the clients internal control. Factors that affect this are from the nature of the client and its environment, or from the nature of the account. The auditor should seriously consider whether to accept the engagement because inherent risk increases the overall risk of the audit. It is often useful to segregate transactions into three types- routine, non-routine, and estimation when assessing inherent risk.
Control risk is the risk that a material misstatement could occur in a relevant assertion and not be prevented or detected on a timely basis by the client’s internal control. Control risk is a part of the effectiveness of design and operation of internal control. Its part is achieving the client’s objectives related to the preparation of its financial statements. Detection risk is the risk that auditors will fail to detect a material misstatement that exists in a relevant assertion. It is a part of the effectiveness of audit procedures and their application by the auditors.
This risk is only present when an audit is performed. So if there is no audit there is no detection risk. Auditors don’t assess detection risk; they try to restrict it by performing important procedures. Detection risk happens because auditor’s procedures are not 100% effective. Detection risk varies inversely with the risk of material misstatement. C. Explain the interrelationship among these components. Inherent and control risks are material misstatements that could occur in the clients financial statements.
Controls are put in place to prevent or detect any of these risks, but controls do not detect all misstatements. The misstatements that were not be detected by the auditor’s procedures are the detection risks. After both controls and the auditor’s procedures, the risk that misstatements still remain is the audit risk. D. Which (if any) of these components is completely a function of the sufficiency of the evidence gathered by the auditors procedures? Explain your answer. Detection risk is the component that is completely a function of the evidence gathered by the auditor’s procedures.
I say this because if there wasn’t an audit there would be no detection risk. If the auditors wish to reduce the level of detection risk they simply obtain additional appropriate evidence. The auditor has to perform procedures for this to happen. The possibility of the other two risks exists whether an audit is performed or not. E. Comment on the following: “Since cash is often less than 1 percent of total assets, inherent and control risk for that account must be low. Accordingly, detection risk should be established at a high level.