Module: Audit and Assurance
Lecture 5 – Audit Evaluation & Planning/Risk/Materiality
Audit Risk – ISA 330
We approach on a risk-based basis
We cannot test every single transaction. We can only test on a sample basis.
We assess the risk of the client and then based on that outcome, it will allow
us to know where to focus. You will then be able to build you audit strategy
and plan.
We also need to look at ISA 300, 315, 320.
Audit Risk
ISA 330 relates to the risks that an auditor identifies
Audit risk is not the same thing as business risk. Business risk is the risk that
a business faces, and audit risk is the risk that the auditor faces. However,
sometimes there are overlaps.
Anything that stops a business from achieving its objectives is a business risk.
Overall Audit Risk
Definition: ‘risk that the auditor will draw an invalid conclusion from the audit
procedures’
Audit risk = a risk that they might get it wrong
Audit Risk – Components
There are 3 types of risks: inherent risk, control risk and detection risk
Risk 1: Inherent Risk – Entity Level (examples)
Inherent Risk = ‘the susceptibility of an account balance or class of
transactions to material misstatement irrespective of related internal controls’
this means the possibility that an account balance may contain a material
misstatement whether or not there is a great internal control system in place.
When you suddenly change your management team e.g. you replace your
financial auditor with an inexperienced one. That is likely to affect how the
numbers are reported.
Unusual pressure on management e.g. bullying or intimidation
Nature of business can affect the success of the audit
Lecture 5 – Audit Evaluation & Planning/Risk/Materiality
Audit Risk – ISA 330
We approach on a risk-based basis
We cannot test every single transaction. We can only test on a sample basis.
We assess the risk of the client and then based on that outcome, it will allow
us to know where to focus. You will then be able to build you audit strategy
and plan.
We also need to look at ISA 300, 315, 320.
Audit Risk
ISA 330 relates to the risks that an auditor identifies
Audit risk is not the same thing as business risk. Business risk is the risk that
a business faces, and audit risk is the risk that the auditor faces. However,
sometimes there are overlaps.
Anything that stops a business from achieving its objectives is a business risk.
Overall Audit Risk
Definition: ‘risk that the auditor will draw an invalid conclusion from the audit
procedures’
Audit risk = a risk that they might get it wrong
Audit Risk – Components
There are 3 types of risks: inherent risk, control risk and detection risk
Risk 1: Inherent Risk – Entity Level (examples)
Inherent Risk = ‘the susceptibility of an account balance or class of
transactions to material misstatement irrespective of related internal controls’
this means the possibility that an account balance may contain a material
misstatement whether or not there is a great internal control system in place.
When you suddenly change your management team e.g. you replace your
financial auditor with an inexperienced one. That is likely to affect how the
numbers are reported.
Unusual pressure on management e.g. bullying or intimidation
Nature of business can affect the success of the audit
