Question

Discussion:

(1) Please describe the audit risk model (RMM: risk of material misstatement model) based on your own understanding and explain the each term (factor) in the model in terms of how each factor affects to the overall audit risk (increase or decrease) and amount of audit evidence (nature, timing, and extent of evidence).

(2) Also, describe its interrelationships among each of FOUR factors of the risk model; inherent risk, control risk, and detection risk at an acceptable audit engagement risk level. ( directly proportional vs. inversely proportional, dependent, independent, positive, negative, etc..)

Answer 1

Audit Risk Model basically determines the total amount of risk associated with any audit. It has three factors in it:-

-Inherent Risk, Control Risk and Detection Risk.

i.e Audit Risk = Inherent Risk*Control Risk*Detection Risk

Audit risk is the possibility that auditor issue inappropriate opinion that is he say financial statements does not contain material misstatement when actually they do.

Audit risk is made by three types of risk which are inherent risk, control risk and detection risk.

Inherent risk is risk that financial statements are misstated before internal control are put in place. Inherent risk is caused by nature of balance or transaction or the nature of entity’s business. For example inventories have higher risk of being overstated.

Control risk is the risk of internal control failing to detect, prevent and correct material misstatement in the financial statements.

Detection risk in other hand is the risk that auditor’s planning and testing fail to detect the material misstatement in the financial statement.

Inherent risk and control risk are managed by management, therefore auditor can not control them, instead he will just evaluate them before determining detection risk.

If his auditor conclude that inherent and control risk is high, then he will accept lower detection risk , since he want an overall audit risk to be low. In other hand if he evaluate inherent risk and control risk to be low then he may accept high detection risk.

Auditor is only in control of detection risk.