S11: Risk Based Audit

Approach

Session Objectives

To define audit risks and establish the

relationship between materiality and
audit risk
To discuss the Audit Risk Model
To explain different kinds of audit risks
and the factors that determine them

Audit Risk

Audit accepts the risk that the audit

conclusion may be wrong and that Audit
may have allowed material error to remain
undetected in the account.
Only a very small degree of audit risk would
be acceptable as otherwise the audit
process may lose its purpose.
A very high level of assurance (or
confidence) is required when expressing the
audit opinion.

Relationship between
materiality and audit risk
Higher the materiality level, lower
the audit risk and vice versa.
To calculate the level of assurance
(or confidence) required from
substantive audit tests, risk model is
employed.

Risk Model

Analytical tool for planning and execution.

Detects high-risk areas for concentrated
audit efforts.
Audit can thus focus on areas which are
likely to generate better assurance instead of
sampling and testing of larger but low risk
areas.
Structures the audit procedures and
reorganizes the audit work in terms of risk
perception

Risk Model

Audit Risk

Inherent Risk

Control risk

Detection Risk

Inherent Risk
The risk that an error will occur in
the first place.
Determined by the susceptibility
of the classes of transactions to be
audited to material misstatement,
irrespective of the related internal
controls in the organization.

Control Risk
The risk that internal controls will
fail to detect the error
Determined
by the efficacy of
internal control environment in
the auditee organization

Detection Risk
Risk that the audit procedures will
fail to detect the error.
Risk
that auditors substantive
tests do not detect a material
misstatement in the transactions
audited by him.

Overall Audit Risk

All the three risks are independent
of each other.
Overall Audit Risk (AR) is defined
as:
OAR=CR x IR x DR
The overall audit risk is defined by
the audit institution and hence is a
constant pre-determined quantity.

Objective for the Auditor

To assess inherent and control risks in
the entity
To design and perform appropriate
compliance
and
substantive
procedures that provide sufficient
assurance that the product of the risks
identified is less than or equal to the
overall audit risk that the auditor is
willing to accept.

Determinants of Inherent
Risk

The number and significance of audit adjustments

and difference waived during the audits of
previous years.
Complexity
of
underlying
calculations
of
accounting principles
The susceptibility of the asset to material fraud or
misappropriation
Experience and competence of accounting
personnel responsible for the component
Judgment involved in determining amount
Mix and size of items subject to the audit test
The degree to which the financial circumstances
of the entity may motivate its management to
misstate the component in regard to this assertion
Integrity and behaviour of the management.
Management turnover and reputation

Assessment of Control
Risk
Evaluate

the control
environment
Evaluate the control systems

Determinants of control
environment
Management philosophy and operating style
The functioning of the board of directors and its
committees, particularly the audit committee
Organizational structure
Methods of assigning authority and
responsibility.
Systems development methods
Systems development methodology
Personnel policies and practices
Management reaction to external influences
Internal audit

Determinants of control
environment (Contd.)

Segregation of incompatible functions

Controls to ensure completeness of transactions
being recorded
Controls to ensure that transactions are
authorized
Third party controls (e.g. confirmation of events)
Control over accounting systems
Controls over computer processing
Restricted access to assets (only allow access to
authorized personnel)

Case Study