RISK EVALUATION • Describe and Evaluate audit risk
• Name and describe components
of audit risk
AUDIT RISK
• Identify the factors that influence
BUSINESS RISK the components of audit risk and
apply practically
• Describe the relationship
INHERENT CONTROL DETECTION between audit risk and audit
RISK RISK RISK
evidence
A. BUSINESS RISKS (ISA 315)
• Business risks can arise from:
o Objectives - e.g. profit targets
o Strategies- e.g. Credit sales (collectability and valuation of debtors)
o Nature of business activities e.g. Technology obsolescence of products
• Influences the company's power negatively.
• Includes risk of material misstatements = IR and CR and the impact on AFS
and the auditor.
• Management's responsibility = identify address
B. AUDIT RISKS (ISA 200)
Risk that the auditor gets something wrong
• Definition: Risk that auditor expresses an inappropriate opinion when financial
statements are materially misstated.
• Plan the audit and conduct to bring Audit Risk (AR) to an acceptable level
o AR = As low as possible (determines how much work must done)
o Must be appropriate & sufficient audit evidence
• Audit risk and assurance level have an inverse relationship.
• Audit risk model
o Audit Risk = IR x CR x DR
• Components
o Inherent risk (IR)
, o Control risk (CR)
o Detection risk (DR) = only element that the auditor can control
• Audit risk consists of
o Risk of material misstatement (IR × CR) in financial statements and
o Material misstatement is not found by auditor (DR)
C. INHERENT RISK (ISA 200)
• Definition: Susceptibility of an assertion for misstatement (possibly material)
on the assumption that there are no internal controls
• Inherent to the type of business
• Assertions that management has made about the financial statements
• Consider factors which could lead to misstatement
o Foreign exchange trans = complex calculations;
o Inventory valuation = figures based on estimates;
o Cash flow challenges = going concern,
• Auditor no control over IR
• See ISA 315 Appendix 2 (risk table summary)
D. CONTROL RISK (ISA 200)
• Definition: Risk that misstatement was not prevented or detected and
corrected timeously by internal controls, which could be material.
o This is split into control environments (e.g. cash business) and cycle
level (e.g. bank once a week)
• Dependant on internal control design and functioning
• Evaluate circumstances by using judgement
• CR = High, except if controls exist and tested by ToC, thus control is working
• CR can never be ‘nil’ = controls can never be full proof
• Auditor has no control over it
E. LINK AND RELATIONSHIP BETWEEN IR AND CR
• Link between IR and CR
o Both entity's risks relate to the risk of misstatement as the ISA's do not refer
to separately.
o Auditor may evaluate together as RMM or separate.
• If evaluating separately
o First IR identify and evaluate
o If there are any controls addressing risk, must evaluate controls
• Evaluation
o Can be done quantitatively (%) or qualitatively(H/M/L)
• Name and describe components
of audit risk
AUDIT RISK
• Identify the factors that influence
BUSINESS RISK the components of audit risk and
apply practically
• Describe the relationship
INHERENT CONTROL DETECTION between audit risk and audit
RISK RISK RISK
evidence
A. BUSINESS RISKS (ISA 315)
• Business risks can arise from:
o Objectives - e.g. profit targets
o Strategies- e.g. Credit sales (collectability and valuation of debtors)
o Nature of business activities e.g. Technology obsolescence of products
• Influences the company's power negatively.
• Includes risk of material misstatements = IR and CR and the impact on AFS
and the auditor.
• Management's responsibility = identify address
B. AUDIT RISKS (ISA 200)
Risk that the auditor gets something wrong
• Definition: Risk that auditor expresses an inappropriate opinion when financial
statements are materially misstated.
• Plan the audit and conduct to bring Audit Risk (AR) to an acceptable level
o AR = As low as possible (determines how much work must done)
o Must be appropriate & sufficient audit evidence
• Audit risk and assurance level have an inverse relationship.
• Audit risk model
o Audit Risk = IR x CR x DR
• Components
o Inherent risk (IR)
, o Control risk (CR)
o Detection risk (DR) = only element that the auditor can control
• Audit risk consists of
o Risk of material misstatement (IR × CR) in financial statements and
o Material misstatement is not found by auditor (DR)
C. INHERENT RISK (ISA 200)
• Definition: Susceptibility of an assertion for misstatement (possibly material)
on the assumption that there are no internal controls
• Inherent to the type of business
• Assertions that management has made about the financial statements
• Consider factors which could lead to misstatement
o Foreign exchange trans = complex calculations;
o Inventory valuation = figures based on estimates;
o Cash flow challenges = going concern,
• Auditor no control over IR
• See ISA 315 Appendix 2 (risk table summary)
D. CONTROL RISK (ISA 200)
• Definition: Risk that misstatement was not prevented or detected and
corrected timeously by internal controls, which could be material.
o This is split into control environments (e.g. cash business) and cycle
level (e.g. bank once a week)
• Dependant on internal control design and functioning
• Evaluate circumstances by using judgement
• CR = High, except if controls exist and tested by ToC, thus control is working
• CR can never be ‘nil’ = controls can never be full proof
• Auditor has no control over it
E. LINK AND RELATIONSHIP BETWEEN IR AND CR
• Link between IR and CR
o Both entity's risks relate to the risk of misstatement as the ISA's do not refer
to separately.
o Auditor may evaluate together as RMM or separate.
• If evaluating separately
o First IR identify and evaluate
o If there are any controls addressing risk, must evaluate controls
• Evaluation
o Can be done quantitatively (%) or qualitatively(H/M/L)
