Audit risk

Last updated July 03, 2022

Audit risk (also referred to as residual risk) as per ISA 200 refers to the risk that the auditor expresses an inappropriate opinion when the financial statements are materiality misstated. This risk is composed of:

Inherent risk (IR), the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques. The term inherent risk may have other definitions in other contexts.;^[1]
Control risk (CR), the risk that a misstatement may not be prevented or detected and corrected due to weakness in the entity's internal control mechanism. Example, control risk assessment may be higher in an entity where separation of duties is not well defined; and
Detection risk (DR), the probability that the auditing procedures may fail to detect existence of a material error or fraud. Detection risk may be due to sampling error or non-sampling error.^[2]

Audit risk can be calculated as:

AR = IR × CR × DR^{[ clarification needed ]}

Related Research Articles

Accounting Measurement, processing and communication of financial information about economic entities

Accounting, also known as accountancy, is the measurement, processing, and communication of financial and non financial information about economic entities such as businesses and corporations. Accounting, which has been called the "language of business", measures the results of an organization's economic activities and conveys this information to a variety of stakeholders, including investors, creditors, management, and regulators. Practitioners of accounting are known as accountants. The terms "accounting" and "financial reporting" are often used as synonyms.

Audit Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.

A 'financial audit' is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that investigates whether firms engage in financial reporting misconduct. Forensic accountants apply a range of skills and methods to determine whether there has been financial reporting misconduct.

Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally include using basic office productivity software such as spreadsheets, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available.

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).

Materiality (auditing) Concept in auditing and accounting

Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework such as Generally Accepted Accounting Principles (GAAP).

ISA 400 Risk Assessments and Internal Control is one of the International Standards on Auditing. It serves to require the auditor to understand the client's accounting system and internal control system and to assess control risk and inherent risk. The objective is to determine the nature, timing and extent of substantive procedures in order to reduce audit risk to an acceptable low level.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

This page is a list of auditing topics.

Fraud deterrence has gained public recognition and spotlight since the 2002 inception of the Sarbanes-Oxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as Enron, WorldCom and Waste Management. Section 404 of Sarbanes Oxley mandated that public companies have an independent Audit of internal controls over financial reporting. In essence, the intent of the U.S. Congress in passing the Sarbanes Oxley Act was attempting to proactively deter financial misrepresentation (Fraud) in order to ensure more accurate financial reporting to increase investor confidence. This same concept is applied in the discussion of fraud deterrence.

Management assertions or financial statement assertions are the implicit or explicit assertions that the preparer of financial statements (management) is making to its users. These assertions are relevant to auditors performing a financial statement audit in two ways. First, the objective of a financial statement audit is to obtain sufficient appropriate audit evidence to conclude on whether the financial statements present fairly, in all material respects, the financial position of a company and the results of its operations and cash flows. In developing that conclusion, the auditor evaluates whether audit evidence corroborates or contradicts financial statement assertions. Second, auditors are required to consider the risk of material misstatement through understanding the entity and its environment, including the entity's internal control. Financial statement assertions provide a framework to assess the risk of material misstatement in each significant account balance or class of transactions.

Detection Risk (DR) is the risk that the auditor will not detect a misstatement that exists in an assertion that could be material (significant), either individually or when aggregated with other misstatements. In other words, the chance that the auditor will not find material misstatements relating to an assertion in the Financial statements through substantive test and analysis. Detection risk results in the auditor's conclusion that no material errors are present where in fact there are. It is a component of audit risk.

Entity-level controls are internal controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a top-down approach to understanding the risks of an organization. Generally, entity refers to the entire company.

Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.

Artificial intelligence (AI) is used by many different businesses and organizations. In partcular it is widely used in the financial sector, especially by accounting firms, to help detect fraud.

References

↑ Rachel Slabotsky (7 September 2017). "Inherent Risk vs. Residual Risk Explained in 90 Seconds". fairinstitute.org. FAIR Institute. Retrieved 10 October 2018. Inherent risk represents the amount of risk that exists in the absence of controls.
↑ "AU Section 350: Audit Sampling" (PDF). The Standards of Field Work. American Institute of Certified Public Accountants, Inc. 26 February 2010. pp. 2067–2079.

Non-inline references

Srivastava R.P. & Shafer G.R. (1992) " Belief function Formula for audit risk " Review: Accounting Review, Vol. 67 n° 2, pp. 249–283, for evidence theory applied on audit risk.
Lesage (1999)" Evaluation du risque d'audit : proposition d'un modele linguistique " Review: Comptabilite, Controle, Audit, Tome 5, Vol. 2, September 1999, pp. 107–126, for fuzzy audit risk.
Fendri-Kharrat et al. (2005)"Logique floue appliquee a l'inference du risque inherent en audit financier ", Review: RNTI : Revue des Nouvelles Technologies de l'Information, n° RNTI-E-5, (extraction des connaissances: etats et perspectives), November 2005, pp. 37–49, Cepadues editions, for fuzzy inherent audit risk.

External links

A technical explanation of this term can be found in International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Rachel Slabotsky (7 September 2017). "Inherent Risk vs. Residual Risk Explained in 90 Seconds". fairinstitute.org. FAIR Institute. Retrieved 10 October 2018. Inherent risk represents the amount of risk that exists in the absence of controls.

[2] "AU Section 350: Audit Sampling" (PDF). The Standards of Field Work. American Institute of Certified Public Accountants, Inc. 26 February 2010. pp. 2067–2079.

[1]

[2]

Audit risk

Contents

See also

Related Research Articles

References

Non-inline references

External links