FUNDAMENTAL

AUDITING
CONCEPTS AND
PRINCIPLES
AUDIT RISKS
 AUDIT RISK

• This is the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated.
• Audit risk is the risk that an auditor will not detect errors or fraud while
examining the financial statements of a client. Auditors can increase the
number of audit procedures in order to reduce the level of audit risk.
• Reducing audit risk to a modest level is a key part of the audit function, since
the users of financial statements are relying upon the assurances of auditors
when they read the financial statements of an organization.
 THE 3 TYPES OF AUDIT RISK

• It is a function of 3 components
• inherent risk, control risk and detection risk.
 INHERENT RISK

• This is the risk associated with a client by its nature assuming the absence of internal
controls e.g the agricultural sector is prone to drought. Livestock production may be
prone to diseases like foot and mouth
• It is the susceptibility of an assertion to error or an account balance or class of
transaction to misstatement.
• Amounts may be materially misstated individually or in aggregate.
• With a good client, inherent risk is likely to be low e. g. in renowned entities like Delta,
Econet. This tends to be so because of their personnel recruitment policies.
 CONTROL RISK

• This is the risk that a misstatement that could occur in an account

balance could be material and may not be detected or prevented on a
timely basis by the system of internal control.
• It is a function of the effectiveness of the design, implementation and
maintenance of the internal control system by the directorate and
management.
• This may arise due to the internal control system lacking controls to
prevent inaccurate, incorrect invalid transactions being recorded; failure
to detect misstatements could be due to weak controls in place.
 CONTROL RISK (CONT.)

• Internal controls should function as was designed throughout the year for
them to be relied upon.
• The auditor must rate the control risk as high, moderate or low; if the
internal controls are not functioning to give the auditor reasonable assurance,
control risk is said to be high; if the auditor’s assessment of control risk is
low, it means such a control system provides the auditor reasonable
assurance; if the auditor describes it as moderate, it does not provide the
acceptable assurance.
• There is an inverse relationship between audit assurance and control risk.
• What do we mean?
 DETECTION RISK

• This is the risk that the auditor’s substantive procedures may fail to pick up or detect misstatements
in an account that could be material individually or in aggregate.
• It is the chance that an auditor will not find material misstatements relating to an assertion in an
entity’s financial statements through substantive tests and analysis
• It is the risk that the auditor will conclude that no material misstatements are present when in fact
they are there.
• This is dependent on the effectiveness of audit procedures since the auditor works on a sample basis
in carrying out their tests.
• This relates to the nature, timing and extent of audit procedures determined by the auditor as
adequate to lower the audit risk to an acceptable level.
 DETECTION RISK (CONT.)

• It is a function of the following

1. adequate audit planning
2. proper assignment of personnel to the engagement team
3. application of professional skepticism in evaluating evidence
4. supervision and review of audit work performed.
• ISA 300 and ISA 330 provide guidance on audit planning.
• To lower the detection risk, more audit procedures(substantive procedures) have to be performed.
This may involve enlarging the sample size by gathering more audit evidence.
• The product of the 3 components gives the audit risk
• The auditor must enjoy reasonable assurance before expressing an opinion-this implies low audit risk
must have been achieved.
 AUDIT RISK MODEL

• To set the audit risk at an acceptable level, the auditor uses professional
judgement(experience and skill)
• Since the audit risk must be as low as possible, the components must be at as low a
level as possible.
• Given that AR=IR . CR . DR, when IR.CR increases, DR must decrease to obtain
the desired AR
• DR can be lowered by gathering more audit evidence.
• IR .CR are beyond the auditor’s control; they fall under the directorate and
management.
• For ‘bad’ clients, control risk is high and probably inherent risk leading to more
substantive work to be done by the auditor. If controls are working well, greater
 ASSESSING RISK
• Assessing risk is evaluating the factors that contribute to the
probability that an inappropriate opinion will be passed by the
auditor.
THE IMPORTANCE OF ASSESSING
RISK
The audit strategy

Who should be on the audit team

The potential impact of fraud

The nature of the procedures to be carried out

how much evidence needs to be gathered

 HOW DO YOU ASSESS RISK?

•There are two sources of information from which it

is possible to assess risk:
1. Knowledge of the business (KOB) .
2. Analytical procedures.
 RISK AND MATERIALITY

•There is a relationship between risk and materiality

in that:
• The greater the risk of material misstatement
• The lower the level of materiality.