Question

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial

statements are materially misstated. The auditor considers audit risk when planning and

performing an examination of financial statements in accordance with auditing standards. In

connection with this, the auditor considers the relevant assertion level because this directly

assists the auditor to plan the appropriate audit procedures for those transactions, accounts or

disclosures. The auditor uses the audit risk model as a framework for assessing audit risk and

to determine the nature, extent and timing (that is the level of audit procedures to be performed)

that should be performed in order to reduce the audit risk to an acceptable low level.

The statutory financial statements of Almighty Limited have been audited by CPA & Co for a

few years. In implementing the ARM, the quantitative approach has been used by the auditor Page 3 of 4

and the components of the audit risk identified and determined at the current year’s planning

stage are as follows:

Internal control risk – 60%

Inherent risk – 60%

Audit risk – 10%

Detection risk – 28%

Required:

(a) Inherent risk, control risk and detection risk are the components of audit risk. Explain

how these components are interrelated.

(b) During the course of the current year’s audit, the auditor noted some changes in

circumstances that require a reassessment of the nature, extent and timing of the audit.

In this connection, the auditor noted that the inherent risk should be revised to 70%

whilst the internal control risk as reassessed should be 80%.

(i) What do you think would be the impact of these changes to the detection risk if

the auditor wants to maintain the audit risk at the same level?

(ii) What does it mean to the level of audit procedures to be performed as a result

of the above reassessment?

Explain your answers for (i) and (ii) above.

Answer 1

a.

-Audit risk has three component- Inherent risk, Control Risk and Detection risk. Inherenet risk and Control risk are collectively known as Risk of material misstatement.

Risk	Meaning	Nature
Inherent Risk	It is the suspectibility of an account balance or class of transaction to a material misstatement, Assuming there were no internal control	Client specific
Control Risk	It is the risk that material misstatement will not be prevented, detected and corrected on a timely basis by the internal control system.	Client Specific
Detection Risk	It is the risk that the substantive procedures performed by the Auditor fails to detect material misstatement.	Auditor Specific

Relationship Between Components of Audit Risk-

1.Inherent Risk and Control Risk-

- Management often reacts to inherent risk situations by designing accounting and internal control system to prevent, detect and correct material misstatementand therefore in many cases inheret risk and control risk are highly interrelated.

-In such situations, if the auditor attempts to assess inherent and control risks separately, there is a possibility of inappropriate risk assessment. As a result, audit risk may be more appropriately determined in such situations by making a combined assessment of Inherent and Control Risk as Risk of Material Misstatement (RMM). This combined assessment is considered to be the Risk Of Material Misstatement (ROMM).

2.Relationship between RMM and Detection Risk

-There is an inverse relationship between detection risks and the combined level of inherent and control risks.

- When inherent and control risks are high, acceptable detection risk needs to be low to reduce audit risk to an acceptably low level. When inherent and control risks are low, an auditor can accept a higher detection risk and still reduce audit risk to an acceptably low level.

- When both inherent and control risks are assessed as high, the auditor needs to consider whether substantive procedures can provide sufficient appropriate audit evidence to reduce detection risk, and therefore audit risk, to an acceptably low level. Mathematically Audit Risk (AR) can be expressed as a product of Inherent Risk (IR), Control Risk (CR) and Detection Risk (DR), i.e. AR = IR x CR x DR

-----------------------------------------------------------------------------------------------

b.(i)

Inherent Risk = 70%

Internal Control Risk = 80%

Audit Risk = 10%

Detection Risk = ??

Audit Risk = Inherent risk x Internal control Risk x Detection risk

=>10% = 70% * 80% * Detection risk

=> Detection Risk = 18%

Hence detection risk need to be decreased from 28% to 18%.

It means to maintain the same level of Audit Risk the auditor need to perform more substamtive procedure to decrease the Detection Risk from 28% to 18%.

---------------------------------------------------------------------

b.(ii)

- From the above point (i) we can conclude that as the Inherent risk and control risk increases hence the RMM or Risk Of material misstatement increases as RMM = IR * CR

- More Risk of material misstatement means high audit risk. Hence to main tain the same level of audit risk the auditor need to decrease the detection risk by performing more substantive procedure.

High level of Substantive Audit procedure need to be performed.

----------------------------------------------