BUSINESS RISK

Risk that auditor will suffer a loss or injury to professional practice due to litigation or adverse
publicity in connection with an audit.
Always present whether or not the auditor conducts the audit in accordance with PSA hence
cannot be directly controlled by auditor.

AUDIT RISK

Definition: Risk that the auditor gives an inappropriate audit opinion when the FS are materially
misstated.
Components:
1. Risk of material misstatement
2. Inherent risk
3. Control risk
4. Detection risk

The Audit Risk Model

AR = IR x CR x DR
Where:
AR = audit risk
IR = inherent risk
CR = control risk
DR = detection risk

Relationships

As the desired level of audit risk decreases, the auditor should design more effective substantive
procedures.
As the assessed level of inherent risk increases, the auditor should design more effective
substantive procedures.
As the assessed level of control risk increases, the auditor should design more effective
substantive procedures.
As the acceptable level of detection risk decreases, the assurance directly provided from
substantive tests increases. Thus, the auditor should design more effective audit procedures in order to
achieve the desired level of assurance.

Steps in using the audit risk model:

1. Set the desired level of audit risk.

2. Assess the level of inherent risk.

- Knowledge of the clients business and industry, preliminary analytical procedures.
3. Assess the level of control risk.
- Studying and evaluating the effectiveness of the clients accounting and internal control systems.

4. Determine the acceptable level of detection risk.

- DR = AR / (IR x CR)

5. Design substantive tests.

- Level of assurance provided is the complement of DR.
- E.g. LOWER acceptable DR, greater assurance by:
a. More effective substantive procedures (nature)
b. Performing year-end procedures (timing)
c. Using larger sample size (extent)
- E.g. HIGHER acceptable DR, lower assurance by:
a. Less effective substantive procedures (nature)
b. Performing interim procedures (timing)
c. Using smaller sample size (extent)

AUDIT RISK, MATERIALITY, AUDIT EFFORT

1. Inverse relationship between audit risk and materiality

- Low audit risk suggests it would take larger amounts to be material

2. Inverse relationship between materiality and audit effort (hours worked)

- Higher materiality threshold suggests less audit effort

3. Example: If after planning for specific audit procedures, the auditor determines that the acceptable
materiality level is lower, audit risk is increased. The auditor would compensate for this by either:
- Reducing assessed level of control risk by carrying out additional or extended tests of controls.
- Reducing detection risk by modifying the nature, timing, and extent of planned substantive
procedures.

RISK ASSESSMENT AND THE AUDITOR'S RESPONSE

Risk assessment procedures

Definition: Audit procedures performed to obtain an understanding of the entity and its
environment, including its internal control, to assess the risks of material misstatement at the FS and
assertion levels.

Steps in assessing RMM:

1. Identify relevant FS assertions.

2. Understand the entity and its environment, including its internal controls.
- Procedures:
a. Inquiries of management and others within the entity
b. Analytical procedures
c. Observation and inspection
- (PSA 315) RMM may be greater for significant non routine transactions from matters such as:
a. Greater mgt intervention to specify acctg treatment
b. Greater manual intervention for data collection and processing
c. Complex calculations or accounting principles
d. Nature of non routine transactions
 - RMM may be greater for significant judgment matters that require use of estimates, such as:
a. Accounting principles for acctg estimates or revenue recognition may be subject to
differing interpretation.
b. Required judgment may be subjective, complex, or require assumptions.

3. Make decisions about materiality.

- PSA 320

4. Perform analytical procedures.

5. Identify risks that may result in material misstatements, including risk of fraud.
- PSA 250: Consideration of laws and regulations.
- PSA 240: Auditors responsibility to consider fraud.
- PSA 330: Auditors Procedures in Response to Assessed Risks

6. Develop preliminary audit strategies.

-END-

Copyright @philCPAReview