Understanding and reducing audit risk is fundamental to giving a reasonable assurance opinion.
ISA 200 Overall Objective of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing states that reasonable assurance is:
'...when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level.' (ISA 200,5)
What is audit risk?
ISA 200,13(d) defines audit risk as:
‘The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.'
Overall Audit Risk may be considered as the product of the various risks which may be encountered in the performance of the audit, Detection Risk and Risk of material misstatement (which is broken down into Inherent Risk and Control Risk).
So Overall Audit Risk (OAR) is a function Inherent Risk (IR), Control Risk (CR) and Detection Risk (DR) expressed in the audit risk equation:
OAR = IR x CR x DR
More on this later...
In this series of articles we look at some common key questions and how they are addressed within Audit Assistant (see here for specific instructions on using Audit Assistant for risk identification and analysis).
- How does risk relate to materiality?
- What kinds of risk are there?
- How are risks rated?
- How is overall risk assessed?
- How does risk relate to test sampling?
(Of course risk is mentioned in many of the ISAs, but the standards specifically applicable are ISA 315 which deals with Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment, and ISA 330 which deals with The Auditor’s Responses to Assessed Risks.)