Question

Hello - can you assist with this problem please:

You have been assigned to be the audit senior for the Wine Emporium.  Based on the client's industry, you have set the inherent risk as low. You are also setting the control risk as low given that the owners of the Wine Emporium, Paul and Linda, have put many robust controls in place since buying the Emporium. You also had good success in auditing controls as well as ending financial statement balances in the prior year audit.  

Based on this assessment of inherent risk and control risk, what risk level would you assign to detection risk? How would this detection risk level impact the nature, extent and timing of the procedures you would perform? For this second question, please specifically address how you would approach all three of these aspects of your testing (nature, extent and timing) in your answer.

Answer 1

The audit risk model determines the total amount of risk associated with an audit, and describes how this risk can be managed. The calculation is:

Audit risk = Control risk x Detection risk x Inherent risk

These elements of the audit risk model are:

    Control risk. This risk is caused by the failure of existing controls or the absence of controls, leading to incorrect financial statements.
    Detection risk. This risk is caused by the failure of the auditor to discover a material misstatement in the financial statements.
    Inherent risk. This risk is caused by an error or omission arising from factors other than control failures. This risk is most common when accounting transactions are quite complex, there is a high degree of judgment involved in accounting for transactions, or the training level of the accounting staff is low.

When planning an audit engagement, the auditor must review each of the subsidiary levels of risk to determine the total amount of audit risk. If the risk level is too high, the auditor conducts additional procedures to reduce the risk to an acceptable level. When the level of control risk and inherent risk is high, the auditor can increase the sample size for audit testing, thereby reducing detection risk. Conversely, when control risk and inherent risk are considered to be low, it is safe for the auditor to reduce the sample size for auditing testing, which increases detection risk.

As per the above discussion and based on the assessment of low inherent risk and low control risk level of Wine Emporium , increased detection risk is assigned .

NATURE , TIME AND EXTENT

Nature: Refers to the type of procedures, and the mix of those procedures, to address the audit risk for each account-assertion. Procedures could be controls testing, data analysis, substantive analytics, key item testing, representative sampling, inquiries, representations, etc.

Timing: Relates to when the work is performed. In a controls-driven entity with high governance, audit work can be performed well in advance of year end date, with only update procedures for the remaining period. On the other extreme of this paradigm, some entities may require procedures only at or very close to year end.

Extent: Refers to how much work is done, based on materiality, expected errors, error rate, etc. Again, depending on the comfort obtained from other procedures, tests of details could be based on transactions with different value thresholds.

Since the entity has low inherent risk and control risk the chances of errors and fraud are less , along with experience in prior year audit , auditor can avoid extensive audit procedures and can limit nature , timing and extent of procedure to be applied as auditor can assign high detection risk since the same will not impact decison making of users of financial statment .