Earn your certification as a Financial Modeling & Valuation Analyst (FMVA)™. Register today!

Audit Risk

The risk that the auditor will express an inappropriate audit opinion on financial statements

What is Audit Risk? 

Audit risk is the risk that the auditor will express an inappropriate audit opinion on financial statements that contain material misstatements. From audit risk stems a concept called “acceptable level of audit risk.” The acceptable level of audit risk is what the auditor determines is acceptable for the specific company being audited. The key point is that the auditor, not the entity being audited, chooses what is an acceptable level of risk. The lower the level of acceptable audit risk, the higher the desired level of assurance/certainty, and vice versa.

 

Audit Risk

 

The Audit Risk Formula

The audit risk model is best understood through a mathematical formula:

 

Audit Risk - Formula

 

Where:

DR = Detection Risk

AR = Audit Risk

IR = Inherent Risk

CR = Control Risk

 

Looking at the denominator first, inherent risk (IR) is the risk/susceptibility of an assertion to a material misstatement without considering internal controls. It means that there is an error in the first place.

Control risk (CR) is the risk that the client’s system of internal controls (i.e. policies and procedures put in place by management to enhance the reliability of the financial statements) will fail to prevent or detect a material misstatement. And finally, detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion.

Therefore, audit risk and detection risk are related to the auditor and inherent and control risk are independent of the auditor; they exist within the client regardless of an audit. According to the audit/detection risk that the auditor decides, the types of audit procedures are designed accordingly. A lower detection risk will require more persuasive evidence over a higher detection risk.

 

Using the Audit Risk Model to Determine the Audit Evidence Required

 

 Audit RiskInherent RiskControl RiskPlanned Detection RiskAmount of Evidence Required
Sales and collectionsLow (1%)High (95%)High (90%)LowHIGH
Acquisitions and paymentsHigh (5%)Low (50%)Low (20%)HighLOW
InventoryHigh (5%)Low (50%)ModerateModerateMODERATE

 

Remember that IR and CR are independent of the auditor and depending on the acceptable level of audit risk, the amount of evidence required will vary.

 

A Closer Look at Acceptable Audit Risk

A general way to determine the acceptable level of audit risk usually depends on the type of client. For example, auditors will choose a lower level for public companies over private companies because more users will depend on the financial statements for publicly listed companies. However, there are other factors that also affect how an auditor sets audit risk for an engagement:

  • Reliance by external users: The more external users there are, the lower the acceptable level of audit risk
  • Likelihood of financial failure: The higher the risk of financial failure, the lower the acceptable level of audit risk
  • Integrity of management: The more questionable the integrity/honesty of management, the lower the acceptable level of audit risk.

 

A Closer Look at Inherent Risk

Remember that inherent risk exists independent of the auditor. To gain a better understanding of inherent risk, it is critical to understand the entity and its environment by considering the following factors:

  • Nature of the client’s business including its products and services
  • The client’s information technology environment
    • A company with more complex and decentralized processing systems are more prone to higher inherent risk
  • Integrity of management
  • Client motivations or client objectives (i.e. bonuses based on net income, stock options)
  • Related parties (i.e. greater risk of accounting measurement issues)
  • Non-routine transactions (i.e. greater likelihood of accounting error due to unorthodox transactions)
  • Judgment/estimation involved in accounting issues

 

Example

ABC Company produces cutting-edge environmentally friendly machines. ABC Company recently commercialized its newly developed product and is amortizing it over 50 years. The company financed its new manufacturing facility by issuing convertible debentures and expects to complete an IPO in the future. The financial controller recently obtained his CPA. All management personnel is given stock options, as well as a bonus based on net income.

Some factors to consider:

  • New convertible debentures and potential future IPO means more external users, hence acceptable level of audit risk should be lowered.
  • Cutting-edge technology that is unproven may suggest a potential financial failure issue.
  • The new financial controller is new and may be inexperienced, meaning a higher chance of inherent risk.
  • Stock option accounting can be difficult to the volatility of the stock.
  • The nature of the business seems to be risky because of the high-tech products; there may be potential for inventory valuation issues.
  • The amortization period is judgmental.
  • Public companies are subject to more regulatory requirements over private companies, which also poses higher chance for inherent risk.

 

Additional Resources

CFI is the official provider of the Financial Modeling & Valuation Analyst designation for financial analysts. To continue learning and advancing your career, these additional resources will be helpful:

Free Accounting Courses

Learn accounting fundamentals and how to read financial statements with CFI's free online accounting classes. These courses will give the confidence you need to perform world-class financial analyst work. Start now!  

Building confidence in your accounting skills is easy with CFI courses! Enroll now for FREE to start advancing your career!