Audit risk

Last updated August 27, 2024

Audit risk (also referred to as residual risk) as per ISA 200 refers to the risk that the auditor expresses an inappropriate opinion when the financial statements are materiality misstated. This risk is composed of:

Inherent risk (IR), the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques. The term inherent risk may have other definitions in other contexts.;^[1]
Control risk (CR), the risk that a misstatement may not be prevented or detected and corrected due to weakness in the entity's internal control mechanism. Example, control risk assessment may be higher in an entity where separation of duties is not well defined; and
Detection risk (DR), the probability that the auditing procedures may fail to detect existence of a material error or fraud. Detection risk may be due to sampling error or non-sampling error.^[2]

Audit risk can be calculated as:

AR = IR × CR × DR^{[ clarification needed ]}

Related Research Articles

<span class="mw-page-title-main">Accounting</span> Measurement, processing and communication of financial information about economic entities

Accounting, also known as accountancy, is the process of recording and processing information about economic entities, such as businesses and corporations. Accounting measures the results of an organization's economic activities and conveys this information to a variety of stakeholders, including investors, creditors, management, and regulators. Practitioners of accounting are known as accountants. The terms "accounting" and "financial reporting" are often used interchangeably.

<span class="mw-page-title-main">Audit</span> Independent examination of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audio

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that investigates whether firms engage in financial reporting misconduct, or financial misconduct within the workplace by employees, officers or directors of the organization. Forensic accountants apply a range of skills and methods to determine whether there has been financial misconduct by the firm or its employees.

Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally include using basic office productivity software such as spreadsheets, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available.

<span class="mw-page-title-main">External auditor</span> Person who audits an entitys financial statements and is independent of that entity

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is an organization that develops guidelines for businesses to evaluate internal controls, risk management, and fraud deterrence. In 1992, COSO published the Internal Control – Integrated Framework, commonly used by businesses in the United States to design, implement, and conduct systems of internal control over financial reporting and assessing their effectiveness.

<span class="mw-page-title-main">Generally Accepted Auditing Standards</span> Standards which judge audits

Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

<span class="mw-page-title-main">Materiality (auditing)</span> Concept in auditing and accounting

Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework, such as the Generally Accepted Accounting Principles (GAAP) which is the accounting standard adopted by the U.S. Securities and Exchange Commission (SEC).

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

<span class="mw-page-title-main">SOX 404 top–down risk assessment</span>

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

This page is a list of auditing topics.

Fraud deterrence has gained public recognition and spotlight since the 2002 inception of the Sarbanes-Oxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as Enron, WorldCom and Waste Management. Section 404 of Sarbanes Oxley mandated that public companies have an independent Audit of internal controls over financial reporting. In essence, the intent of the U.S. Congress in passing the Sarbanes Oxley Act was attempting to proactively deter financial misrepresentation (Fraud) in order to ensure more accurate financial reporting to increase investor confidence. This same concept is applied in the discussion of fraud deterrence.

Management assertions or financial statement assertions are the implicit or explicit assertions that the preparer of financial statements (management) is making to its users. These assertions are relevant to auditors performing a financial statement audit in two ways. First, the objective of a financial statement audit is to obtain sufficient appropriate audit evidence to conclude on whether the financial statements present fairly, in all material respects, the financial position of a company and the results of its operations and cash flows. In developing that conclusion, the auditor evaluates whether audit evidence corroborates or contradicts financial statement assertions. Second, auditors are required to consider the risk of material misstatement through understanding the entity and its environment, including the entity's internal control. Financial statement assertions provide a framework to assess the risk of material misstatement in each significant account balance or class of transactions.

Detection Risk (DR) is the risk that the auditor will not detect a misstatement that exists in an assertion that could be material, either individually or when aggregated with other misstatements. In other words, the chance that the auditor will not find material misstatements relating to an assertion in the financial statements through substantive test and analysis. Detection risk results in the auditor's conclusion that no material errors are present where in fact there are. It is a component of audit risk.

<span class="mw-page-title-main">Entity-level control</span>

An entity-level control is a control that helps to ensure that management directives pertaining to the entire entity are carried out. These controls are the second level to understanding the risks of an organization. Generally, entity refers to the entire company.

Fraud represents a significant problem for governments and businesses and specialized analysis techniques for discovering fraud using them are required. Some of these methods include knowledge discovery in databases (KDD), data mining, machine learning and statistics. They offer applicable and successful solutions in different areas of electronic fraud crimes.

Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.

Artificial intelligence is used by many different businesses and organizations. It is widely used in the financial sector, especially by accounting firms, to help detect fraud.

References

↑ Rachel Slabotsky (7 September 2017). "Inherent Risk vs. Residual Risk Explained in 90 Seconds". fairinstitute.org. FAIR Institute. Retrieved 10 October 2018. Inherent risk represents the amount of risk that exists in the absence of controls.
↑ "AU Section 350: Audit Sampling" (PDF). The Standards of Field Work. American Institute of Certified Public Accountants, Inc. 26 February 2010. pp. 2067–2079.

Non-inline references

Srivastava R.P. & Shafer G.R. (1992) " Belief function Formula for audit risk " Review: Accounting Review, Vol. 67 n° 2, pp. 249–283, for evidence theory applied on audit risk.
Lesage (1999)" Evaluation du risque d'audit : proposition d'un modele linguistique " Review: Comptabilite, Controle, Audit, Tome 5, Vol. 2, September 1999, pp. 107–126, for fuzzy audit risk.
Fendri-Kharrat et al. (2005)"Logique floue appliquee a l'inference du risque inherent en audit financier ", Review: RNTI : Revue des Nouvelles Technologies de l'Information, n° RNTI-E-5, (extraction des connaissances: etats et perspectives), November 2005, pp. 37–49, Cepadues editions, for fuzzy inherent audit risk.

External links

A technical explanation of this term can be found in International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Rachel Slabotsky (7 September 2017). "Inherent Risk vs. Residual Risk Explained in 90 Seconds". fairinstitute.org. FAIR Institute. Retrieved 10 October 2018. Inherent risk represents the amount of risk that exists in the absence of controls.

[2] "AU Section 350: Audit Sampling" (PDF). The Standards of Field Work. American Institute of Certified Public Accountants, Inc. 26 February 2010. pp. 2067–2079.

[1]

[2]

Audit risk

Contents

See also

Related Research Articles

References

Non-inline references

External links