The goal of the auditor is to become aware of and accurately determine the risks of a material misstatement by providing a basis for designing and enforcing responses to the risks of material misstatement.
It is important to refer to the traditional audit risk model to remain important to the audit process. The audit risk model identifies the following three types of audit risk components:
Inherent risk is the susceptibility of an assertion about a category of transaction, account balance, or disclosure to a misstatement that would be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Inherent risk is considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex.
Control risk is the risk of a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure, and that the misstatement will be material, either individually or when aggregated with other misstatements, and will no longer be prevented or detected and corrected, on a timely basis, by means of the entity’s internal control.
When the audited entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements, control is considered to be high.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to a low degree won’t find a misstatement that exists which may be material, either individually or in aggregate. Detection risk will be reduced by auditors by increasing the amount of sampled transactions for detail testing.
The following terms have the meanings attributed below for the purpose of ISAs:
Assertions – Representations by management, explicit or otherwise, that are embodied inside the financial statements, as used by the auditor to not to forget the possibility of different forms of misstatements that may occur.
Business risk – A risk resulting from significant conditions, events, circumstances, actions that could adversely influence an entity’s potential to gain its targets and execute its strategies.
Internal control – The procedure designed, applied, and maintained by using those charged with governance, management, and other employees to provide reasonable assurance about the achievement of an entity’s goals with reference to reliability of financial reporting, effectiveness, and performance of operations, and compliance with relevant laws and regulations.
Risk assessment procedures – The audit techniques done to attain an understanding of the entity and its environment, such as the entity’s internal control, to become aware of and identify the risks of material misstatement at the financial statement and assertion levels whether due to fraud and error.
Significant threat – An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration.
Here are some tips to follow while identifying audit risk:
– To plan the audit, you need to pick out your client’s precise risks. To become aware of the risks, you’ll want to gain an understanding of the entity, and which means asking a lot of questions. If you want clarification of something, don’t be shy — ask questions.
– In gaining an understanding of the entity, it’s necessary that you just grasp their business. It’s additionally necessary that you just get a better understanding of your client’s important accounts and group action cycles.
The intention here is simple: the more you acknowledge your client, the additional you’ll be able to determine their risks.
– All entities have controls. If you have a customer in which the owner reviews financial results, communicates the importance of quality or sets a strong “tone on the top” via demonstrating integrity, your client has controls.
When in search of to discover your client’s controls, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) elements and principles can help you detect feasible gaps.
– On each audit, you are required to assess the layout of controls applicable to the audit and decide whether those controls were implemented. This isn’t the identical element as trying out the working effectiveness of controls.
To provide a basis for designing and performing further audit procedures the auditor must identify the risk of material misstatements following these steps_
- Identify risk throughout the process of understanding the entity and its environment.
- Assess the identified risk and evaluate its impact on the financial statements.
- Relate the identified risk at the assertion level considering the controls to be tested.
- Consider the possibility of misstatements and their effect on the financial statements.