Audit risk

Audit Risk


Audit risk is the risk that the auditor expresses an inappropriate audit opinion.

The risk based approach to auditing

Modern auditing uses this approach, the main principle of which is explained in ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with ISA's:

'To obtain reasonable assurance, the auditor shall obtain sufficient appropriate evidence to reduce audit risk to an acceptably low level.....'

This is further developed by ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment, which states:

'The objective of the auditor is to identify and assess the risk of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.'

In simple terms:

  • the auditor identifies the risk of material misstatement, and
  • they use this to guide the design of their audit testing/procedures.

Components of audit risk

As stated previously; audit risk is the risk of that the auditor expresses an inappropriate audit opinion, i.e. that they give an unmodified audit opinion when the financial statements contain a material misstatement.

It can be further divided into the following sub-categories of risk:

Inherent risk

This is the susceptibility of a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or in aggregate, before consideration of related controls. In other words this is the risk that a misstatement occurs in the first instance.

Inherent risk is often considered in relation to business risk. These are the risks resulting from conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its business objectives and goals. Ultimately these business risks can lead to complications and deficiencies in the accounting process, which could lead to fraud, error or omission.

Clearly this requires the audit team to have a good knowledge of how the client's activities are likely to affect its financial statements, and the audit team should discuss these matters in a planning meeting before deciding on the detailed approach and audit work to be used.

Control risk

This is the risk is that a misstatement will not be prevented, or detected and corrected on a timely basis by the entity's internal controls. This is either due to the internal control system being insufficient in the circumstances of the business or because the controls have not been applied effectively during the period.

We will consider internal control in depth later in the text.

Detection risk

This is the risk that the procedures performed by the auditor to reduce audit risk to an acceptable level will not detect potentially material misstatements, either individually or in aggregate.

Detection risk comprises sampling risk and non-sampling risk.

Sampling risk is the risk that the auditor's conclusion based on a sample is different from the conclusion that would be reached if the whole population were tested (see sampling in the audit evidence chapter).

Non-sampling risk is the risk that the auditor's conclusion is inappropriate for any other reason, e.g. the application of inappropriate procedures or the failure to recognise a misstatement.

Created at 10/3/2012 2:23 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 11/2/2016 10:49 AM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Rating :

Ratings & Comments  (Click the stars to rate the page)


audit risk;inherent risk;control risk;detection risk;sampling risk;non-sampling risk

Recent Discussions

There are no items to show in this view.