CH - 9 - Risk (Part 2)
CH - 9 - Risk (Part 2)
Chapter 9, part 2
WHAT IS RISK?
◦ is a measure of uncertainty
◦ Zero risk is a certainty
◦ a 100 percent risk is complete uncertainty. Complete assurance (zero risk) of the accuracy of the financial
statements is not economically practical.
◦ Often, auditors refer to the term audit assurance (also called overall assurance or level of assurance)
instead of acceptable audit risk
❑ Auditing
AUDIT RISK MODEL
standards
require the auditor to
understand the entity
and its environment,
including its internal
controls, to assess the
risk of material
misstatements in the
client’s financial
statements.
❑ Auditing standards
require the auditor to
assess the risk of
material misstatements
at the overall financial
statement level as well
as the relevant
assertion level for
classes of transactions,
account balances, and
disclosures.
AUDIT RISK MODEL
◦ The audit risk model helps auditors decide how much and what types of evidence to accumulate for each
relevant audit objective.
𝐴𝐴𝑅
𝑃𝐷𝑅 =
𝐼𝑅 × 𝐶𝑅
Where:
• PDR = Planned Detection Risk
• AAR = Acceptable Audit Risk
• IR = Inherent Risk
• CR = Control Risk
Planned Detection Risk 𝑃𝐷𝑅 =
𝐴𝐴𝑅
𝐼𝑅 × 𝐶𝑅
Planned detection risk is the risk that audit evidence for an audit objective will fail to detect misstatements
exceeding performance materiality.
There are two key points to know about planned detection risk.
❑ Planned detection risk is dependent on the other three factors in the model.
➢ It will change only if the auditor changes one of the other risk model factors.
❑ Planned detection risk determines the amount of substantive evidence that the auditor plans to accumulate, inversely
with the size of planned detection risk.
➢ If the planned detection risk is reduced, the auditor needs to accumulate more evidence to achieve the reduced
planned risk.
Inherent Risk 𝑃𝐷𝑅 =
𝐴𝐴𝑅
𝐼𝑅 × 𝐶𝑅
❑Inherent risk measures the auditor’s assessment of the susceptibility of an assertion to material
misstatement before considering the effectiveness of related internal controls.
❑If the auditor concludes that a high likelihood of misstatement exists, the auditor will conclude that
inherent risk is high
❑Internal controls are ignored in setting inherent risk because they are considered separately in the audit
risk model as control risk.
❑Inherent risk is inversely related to planned detection risk and directly related to evidence.
Control Risk 𝑃𝐷𝑅 =
𝐴𝐴𝑅
𝐼𝑅 × 𝐶𝑅
❑Control risk measures the auditor’s assessment of the risk that a material misstatement could occur in an assertion and
not be prevented or detected on a timely basis by the client’s internal controls.
❑The combination of inherent risk and control risk is referred to in auditing standards as the risk of material
misstatements.
❑The auditor may make a combined assessment of the risk of material misstatements or the auditor can separately assess
inherent risk and control risk. (Remember, inherent risk is the expectation of misstatements before considering the
effect of internal control.)
❑As with inherent risk, the relationship between control risk and planned detection risk is inverse, whereas the
relationship between control risk and substantive evidence is direct.
Acceptable audit 𝐴𝐴𝑅
risk
𝑃𝐷𝑅 =
𝐼𝑅 × 𝐶𝑅
❑Acceptable audit risk is a measure of how willing the auditor is to accept that
the financial statements may be materially misstated after the audit is
completed and an unqualified opinion has been issued.
❑When auditors decide on a lower acceptable audit risk, they want to be more
certain that the financial statements are not materially misstated.
Impact of Engagement
Risk on Acceptable
Audit Risk
❑Auditors must decide the appropriate acceptable audit risk for an audit, preferably during audit planning.
First, auditors decide on engagement risk and then use engagement risk to modify acceptable audit risk.
◦ Engagement risk is the risk that the auditor or audit firm will suffer harm after the audit is finished, even
◦ For example, if a client declares bankruptcy after an audit is completed, the likelihood of a lawsuit
against the CPA firm is reasonably high, even if the quality of the audit is high.
Factors Affecting
Acceptable Audit Risk
❑The Degree to Which External Users Rely on the Statements
❑Several factors are good indicators of the degree to which statements are relied on by external users:
◦ Client’s size. measured by total assets or total revenues, will have an effect on acceptable audit risk.
◦ Distribution of ownership. The statements of publicly held corporations are normally relied on by
many more users than those of closely held corporations. For these companies, the interested parties
include the SEC, financial analysts, and the general public.
◦ Nature and amount of liabilities. When statements include a large amount of liabilities, they are
more likely to be used extensively by actual and potential creditors than when there are few liabilities.
The Likelihood That a Client Will Have
Financial Difficulties After the Audit
Report Is Issued
❑It is difficult for an auditor to predict financial failure before it occurs, but
❑ certain factors are good indicators of its increased probability:
❖Liquidity position. If a client is constantly short of cash and working capital, it indicates a future problem in paying bills.
❖Profits (losses) in previous years. When a company has rapidly declining profits or increasing losses for several years, the
auditor should recognize the future solvency problems that the client is likely to encounter. It is also important to consider the
changing profits relative to the balance remaining in retained earnings.
❖Method of financing growth. The more a client relies on debt as a means of financing, the greater the risk of financial difficulty
if the client’s operating success declines.
❖Nature of the client’s operations. Certain types of businesses are inherently riskier than others. For example, a start-up
technology company dependent on one product is much more likely to go bankrupt than a diversified food manufacturer.
❖Competence of management. Competent management is constantly alert to potential financial difficulties and modifies its
operating methods to minimize the effects of short-run problems.
Assessing Inherent
Risk
❑The auditor must assess the factors that make up the risk and modify audit evidence to consider them.
❑The auditor should consider several major factors when assessing inherent risk:
◦ Nature of the client’s business
◦ Related parties