Audit risk (AR) is the ultimate risk that the audit opinion is inappropriate, after completion of all audit procedures.

It is made up of two component parts:

  • material misstatement risk, and
  • detection risk (DR)

Material misstatement risk is the combination of inherent risk (IR) and control risk (CR)

Risk Assessment (Risk Equation):


ISA 400 states that the Auditors should

  • obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach and,
  • use professional judgement to assess audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.

Let us now take these risks one after the other and explore on them.

Audit Risk: 


This is the risk that the auditor may give inappropriate audit opinion on financial statements.

Inherent Risk:

This is the risk that there may be material misstatement in the financial statements due to the complex nature of the entity.

This is the susceptibility of an account balance or class of transaction to material misstatement either individually or when aggregated with misstatement in other balances or classes assuming that there were no related internal controls.

Example 1

Suggest circumstances or factors that would cause you to believe that the level of inherent risk attaching to your client was higher than usual.


Factors indicating a high level of inherent risk

  • Lack of integrity among directors and management
  • Lack of experience and knowledge among management and staff
  • Changes in management during the year
  • Usual pressure on management
  • A complex business
  • high technology inventory being held
  • multiple locations
  • industry factors such as new competitors entering the market
  • a high volume of cash transactions
  • poor quality accounting systems

Control risk:

This is the risk that the financial statements may be materially misstated due to the inadequacy of the internal controls to prevent, detect and control material misstatements or fraud.

The auditor should make a preliminary assessment of control risk and should plan and perform tests of control to support that assessment.

Detection risk:

It is the risk that the auditors’ audit procedures may not be able to detect material misstatements in the financial statements if they exist.   It can also be defined as the risk that the auditors’ substantive procedures fail to detect a material misstatement in an account balance or class of transaction. It is primarily a consequence of the fact that the auditors do not, and cannot, examine all available evidence. The auditors’ control risk assessment, together with their assessment of inherent risk will influence the nature, timing and extent of substantive procedures needed to reduce detection risk, and therefore overall audit risk, to an acceptable level.

The detection risk comes from two sources

  • Sampling risk: This is one of the many types of risks an auditor faces when performing the necessary procedures of audit sampling. Audit sampling exists because of the impractical and costly effects of examining all or 100% of client’s records or books. As a result, a sample of the client’s accounts is examined.
  • Non – sampling risk: This is the opposite of sampling risk. It is an aspect of audit risk that results from an incomplete examination of the available data. It is the failure of an auditor to catch a mistake or a misstatement in the financial statements. This may be caused by either misinterpreting the evidence or misapplying procedures that are inappropriate.

Example 2: You are the audit manager for Vortex Ltd, an entity involved in the manufacture and sale of clothing for teenagers. Half of its sales are on credit to a variety of outlets and the other half are through its own chain of shops. Staff are chosen for their youth, enthusiasm and knowledge of the fashion scene.

Identify the inherent risks that may arise and suggest appropriate controls to reduce the impact of these risks.



  • Inventory may be unsaleable due to its nature
  • Staff may be unreliable
  • Sales are on a cash basis
  • There are numerous locations

Controls needed:

  • Market research to identify trends and reduce the risk of unsold inventory.
  • Obtaining character references for staff together with careful interview procedures.
  • Regular reports to head office coupled with visits from the internal auditors.
  • Staff training on accounting and entity policies.





  1. State the accounting issues
  2. The risk of material misstatements.


“The government paid a grant of $10m when the client company purchased an asset of $100m in Nov. 2009. The useful life of the asset is 10 years. “- an extract from ACCA past question

Required: state the audit risk.


To answer this question, we first consider

  1. The accounting issues: That’s how the transaction should be treated in the financial statement.

According to IAS 20 – Government Grants, on receipt of grant it should be deferred over the useful life of the asset.

On receipt:

Particulars Debit ($) Credit ($)
Property, Plant & Equipment 100  
Cash (cost of asset)   100
Cash 10  
Deferred income (grant received )   10


At the end of year 1

Particulars Debit ($) Credit ($)
Income statement (Depreciation- 100/10) 10  
Property, Plant & Equipment   10
Deferred income – $10/10 years 1  
Income statement   1


Risk:  This simply means, what could go wrong in the treatment of the government grant in the financial statements of the client company?

The accountant may be inefficient or competent and may recognise the total amount of the government grants as income in the year 1’s financial statements. There is a risk that the grant hasn’t been deferred over the life of the asset and this will lead to an understatement of liability and overstatement of the profit figure.   – This is the impact this misstatement will have on the financial statements of the client.


The auditor is the first to audit this company”. State the audit risk.

There is an audit risk that because of lack of experience of an auditor, the auditor may fail to detect the fraud and errors within the client’s entity since this is a first audit work of the client.

Understand the business risk: to do this,

  • Have information about the business risk
  • State why it is a business risk:

There may be a risk that revenue or profit may fall

There may be a risk that the reputation of the client entity may be impaired or damage

The risk that shareholders’ wealth will be decrease as well.


“There are some significant breaches in hygiene standards in the kitchen following a health and safety inspection. “ – What’s the business risk?


To answer this question, we must do two things; copy the information & state why it is a business risk.

So how do we then write our answer to the above question?

A failure to comply with health and safety inspection would be a business risk that the company would end up paying penalties or fines and this will decrease the profit as well.



The auditor must decide whether an item or a transaction in the financial statements is material or not. For instance; if there is a share- based payment expenses of say $5m, then we have to take the amount and consider the materiality against profit or revenue; and if the PBT is $10m, then it accounts for about 50% of PBT and hence material to the Statement of Comprehensive Income (SOCI).

Audit Procedures:

These are the various activities that the auditor undertakes in order to understand the client company as well as gather evidence to express an opinion of the financial statements. These include:

Analytical procedures:

The auditor should apply analytical procedures at the planning stage, throughout the audit and at the overall review stage of the audit.

Analytical procedures include the following type of comparisons:

  •  prior periods
  • budgets and forecasts
  • predictive estimates
  • industry information
  •  relationships between elements of financial information i.e. ratio analysis
  •  financial and non-financial information e.g. the relationship between payroll costs and the number of employees

The auditors should apply analytical procedures at the planning stage to assist in understanding the entity’s business and in identifying areas of potential risk.

When intending to apply analytical review as a substantive procedure, the auditor needs to consider the following factors:

  •  objectives of the analytical review procedures
  •  the nature of the information and the degree to which the information can be sub- divided e.g. apply procedures to divisions or products rather than the overall results.
  •  the comparability, availability, reliability and source of information



The auditor must enquire from management and those charged with governance about the internal controls as well as how financial statements are prepared to well understand the client entity.


The audit must inspect specific documents in relation to the client company at the planning stage as well as throughout the audit work.


With this, the auditor observes how a certain process is carried out within the client company.

Recalculation or Re performance

With this, the auditor checks the arithmetic accuracy of transactions in the financial statements as well as other documents such as invoices among others.


  • The actions to take
  • The documents to consider
  • The assertions to be tested.

Read also, corporatefinanceinstitute

Connect with Nhyira Premium

Watch Lecture Video on YouTube