- This topic has 5 replies, 2 voices, and was last updated 6 years ago by
.
- Posts
Dear sir, while doing the revision quiz, the following was a question: which of the following risks an auditor can affect in the short term? Audit risk, inherent risk, control risk, detection risk.
Can you please give the answer accompanied by an explanation? Thank you.Inherent risk and control risk are the two components of the risk of material misstatement in the financial statement PRIOR to audit – the auditor must assess but cannot change the level of either of these.
Considering the “audit risk model”: AR = IR x CR x DR
AR must be sufficiently low to provide reasonable assurance, say 5%, so IR x CR x DR must be 5%. If IR and CR are high, say 100%, DR must be low (5%). To achieve this, the auditor must do more audit work (e.g. substantive tests of details).
I do understand the audit risk model and how high levels of inherent and control risks must be offset against low levels of detection risks. However, this particular revision quiz question has me confused as I am not clear as to what is meant by “which risks can the auditor affect in the short term”. I attempted the question, got it wrong and the correct answer was given as “audit risk and detection risk”. How does the auditor affect those risks in the short term? Further, since detection risk is part of the audit risk, why does the answer to the question imply that it’s a risk separate from audit risk? Is it that something is wrong with the question?
My apologies, I didn’t mean to confuse you. In the short term is just referencing a year i.e. the period of time which would be covered by an audit.
So, going back to my answer – the auditor cannot affect (i.e. change) IR or CR – they are what they are. The auditor can change the audit risk that the firm is prepared to accept in relation to a particular audit.
Consider the definition of audit risk – the risk that the auditor expresses an inappropriate (i.e. “wrong”) opinion when the financial statements are materially misstated. In other words the risk that the auditor says they financial statements show a true and fair view.
Consider the extreme that the auditor does NO substantive audit work whatsoever when the risk of misstatements is high and the client has poor controls – the auditor would be accepting 100% risk of an incorrect opinion (AR = 100% x 100% x 100% = 100%). But if the auditor does some work, and reduces DR to 50%, AR will also be reduced to 50%. A generally accepted level of risk might be 5% (but there is no rule about what this should be, it is for auditor to determine), which means doing a lot of work.
The correct answer shows not that they are separate, but that they are inextricably related, so if, for example, an auditor were to take “short-cuts” in carrying out an audit, DR would increase and AR would increas.
Ah!! now I get it. Thanks a million for taking the time out to provide such a comprehensive response.
- The topic ‘Audit risk’ is closed to new replies.