Audit risk is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. It is the chance that financial statements will be issued with materials errors even though they have been reviewed by an auditor and approved.
Audit Risk Components
There are components of audit risk as follows inherent risk, control risk, and detection risk.
(a) Inherent Risk – the Inherent risk is the susceptibility of an assertion to a misstatement, assuming that there are no related internal control structure policies or procedures.
(b) Control Risk – Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal control structure policies or procedures.
(c) Detection Risk – Detection risk is the risk that the auditor will not detect a material misstatement exists in an assertion.
The relationship among Risk Component:
For a specified level of audit risk, there is an inverse relationship between assessed levels of inherent and control risks for an assertion and the level of detection risk that the auditor as accepts for that assertion. Thus, the lower the assessments of inherent and control risks, the higher is the acceptable level of detection risk. Inherent and control risks relate to the client’s circumstances, whereas detection risk is controllable by the auditor as explained in the preceding section.
Audit Risk Model – The audit risk model expresses the relationship among the audit components as follows:
AR = IR x CR x DR
The symbols represent audit risk, inherent risk, control risk and detection risk respectively.
Risk Component Matrix
Some auditors who use non-quantitative expressions for risk use a risk component matrix to relate the risk components. The matrix indicates that it is consistent with the audit model in that the acceptable levels of detection risk are inversely related to the inherent and control risk assessments.