An entity operates in an environment where number of risk factors exists due to type of industry, regulatory environment, size of the entity, competitive environment, state of the economy, and complexity of operations. Such risks may or may not effect the preparation of financial statements. The auditor is concerned with those risks only which can effect the financial statements in either way. It is a matter of fact that auditor obtains reasonable assurance through applying various audit techniques that the financial statements depict true and fair view of the financial affairs of the firm under the prevailing financial reporting framework. However the concept of reasonable assurance demonstrates that there is a risk that auditor may express an opinion which is inappropriate in the sense that financial statements are materially misstated and auditor opinion goes contrary to it. Such a risk is known as audit risk.
The main focus of the auditor remains towards planning and performing audit by designing procedures to obtain sufficient audit evidence for forming an appropriate audit opinion in order to reduce audit risk to an acceptably low level. This strategy is consistent with the audit objectives.
Not every audit risk matters to the auditor unless it is material or significant. It implies that any material misstatement which may remain undetected while performing audit procedures is actually the origin of audit risk. To limit the audit risk the auditor needs to assess the risk of material misstatement through performing extensive audit procedures before the commencement of audit and during the audit process. Such procedures include understanding the entity and its environment and designing the audit approach on professional judgments consistent with the entity’s operations and environment. The auditor needs to evaluate what can go wrong in such an atmosphere which can materially effect the preparation of financial statements.
Levels of risk of material misstatements
The auditor considers the risk of material misstatements at two levels. First at the overall financial statements level which means that the risk of material misstatement that relate through out to the financial statements and can potentially effect the preparation of financial statements and many assertions. Precisely speaking when auditor observe overall deficiencies in the internal control system which increase the circumstances of materially misstating the financial statements is referred to as overall level of the risk of material misstatements. The second level of risk of material misstatement relates to individual transactions and account balances which may result misstatement of particular item of the financial statements. To cover such risk the auditor is sought to obtain sufficient appropriate audit evidence in order to reduce the audit risk to acceptably low level.
Types of audit risk
Apparently following types of audit risks exist.
Some accounts, assertions, or amounts are inherently vulnerable to material misstatements either individually or when combined with other misstatements in the instances when no special arrangements have been made in the internal control procedures keeping in view the specificity of such accounts, assertions, or amounts. Inherent risk is likely to prevail in complex calculations, estimations, assets and inventory valuations, foreign exchange transactions, and consolidation of subsidiary accounts.
When auditor observe weaknesses or deficiencies in the internal control system giving rise to likely situations of non-prevention, non-detection, and non-correction of mistakes and errors on timely basis, such circumstances are known as control risk. It implies that ineffectiveness and inefficiency of the internal controls adopted by the management is the origin of control risk and requires in-depth procedures and detailed testing by the auditor in order to obtain reasonable assurance for forming an opinion of true and fair view.
Detection risk refers to the circumstances when auditor fails to detect any material misstatement despite extensively performing substantive procedures or audit methodologies. Detection risk can not be reduced to zero however it can be reduced to acceptably low level through effectiveness of audit procedure and its application.