Audit risk is the risk that the
auditor gives an inappropriate audit opinion when the financial
statements are materially misstated. Such misstatements can result from
either fraud or error. There are three components of audit risk i.e.,
inherent risk, control risk and detection risk, and also provides
guidance on how to assess these risks.
Inherent Risk and Control Risk
When
assessing inherent risk and control risk, the auditor should consider
how the financial statements might be materially misstated as a result
of fraud or error. In considering the risk of material misstatement
resulting from fraud, the auditor should consider whether fraud risk
factors are present that indicate the possibility of either fraudulent
financial reporting or misappropriation of assets.
“Risk Assessments and Internal Control”, describes the auditor’s assessment of inherent risk and control risk, and how those assessments affect the nature, timing and extent of the audit procedures. In making those assessments, the auditor considers how the financial statements might be materially misstated as a result of fraud or error.
Detection Risk
Based on the
auditor’s assessment of inherent and control risks, the auditor should
design substantive procedures to reduce to an acceptably low level the
risk that misstatements resulting from fraud and error that are material
to the financial statements taken as a whole will not be detected. In
designing the substantive procedures, the auditor should address the
fraud risk factors that the auditor has identified as being present.
Risk Assessments and Internal Control”, explains that the auditor’s control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk to an acceptably low level. In designing substantive procedures, the auditor addresses fraud risk factors that the auditor has identified as being present. The auditor’s response to those factors is influenced by their nature and significance. In some cases, even though fraud risk factors have been identified as being present, the auditor’s judgment may be that the audit procedures, including both tests of control, and substantive procedures, already planned, are sufficient to respond to the fraud risk factors.