This blog is written by Mr. Haseeb Zaman, Audit and Tax Associate. Please read this blog and provide your valued comments.
Identifying and assessing audit risk is a key part of the audit process, and ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment, gives extensive guidance to auditors about audit risk assessment.
WHAT IS AUDIT RISK?
‘The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of material misstatement and detection risk.’
WHY IS AUDIT RISK SO IMPORTANT TO AUDITORS?
Audit risk is fundamental to the audit process because auditors cannot and do not attempt to check all transactions. It would be impossible to check all of these transactions, and no one would be prepared to pay for the auditors to do so, hence the importance of the risk‑based approach toward auditing. Traditionally, auditors have used a risk-based approach in order to minimize the chance of giving an inappropriate audit opinion, and audits conducted in accordance with ISAs must follow the risk‑based approach, which should also help to ensure that audit work is carried out efficiently, using the most effective tests based on the audit risk assessment. Auditors should direct audit work to the key risks (sometimes also described as significant risks), where it is more likely that errors in transactions and balances will lead to a material misstatement in the financial statements. It would be inefficient to address insignificant risks in a high level of detail, and whether a risk is classified as a key risk or not is a matter of judgment for the auditor.
RELEVANT ISA’s
There are many references throughout the ISAs to audit risk, but perhaps the two most important audit risk-related ISAs are as follows:
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with ISAs
ISA 200 sets out the overall objectives of the auditor, and the standard explains the nature and scope of an audit designed to enable an auditor to meet those objectives. References to audit risk are frequently made by ISA 200, and the standard also requires that the auditor shall plan and perform an audit with professional skepticism, recognizing that circumstances might exist that may cause the financial statements to be materially misstated. Professional skepticism is defined as an attitude that includes a questioning mind and a critical assessment of evidence
ISA 315,Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment
ISA 315 deals with the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements through an understanding of the entity and its environment, including the entity’s internal controls and risk assessment process.
THE AUDIT RISK MODEL
The audit risk model breaks audit risk down into the following three components:
Inherent risk
This is the susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Control risk
This is the risk that a misstatement could occur in an assertion about a class of transaction, account balance or disclosure, and that the misstatement could be material, either individually or when aggregated with other misstatements, and will not be prevented or detected and corrected, on a timely basis, by the entity’s internal control.
Detection risk
This is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Haseeb Zaman