Audit risk

Audit
Types of audit
	Internal audit; External audit; Tax audit; Environmental audit; Social audit; Fire audit; Due diligence;
Basic concepts
	Auditor; Materiality • Risk • Documentation; Audit report; ISA / PSAD
Accounting in terms of audit
	Financial statements; Profits and Losses Report; Going concern;
Financial control
The big four
	Deloitte Touche Tohmatsu; Ernst & young; Kpmg; PricewaterhouseCoopers;

Audit risk (ECU 15 1/9) - objectively existing probability of non-detection of possible significant inaccuracies and deviations in the financial statements from real data arising during the audit ^[1] ^[2] .

Audit risk helps to subjectively determine the likelihood of recognition that, based on the results of the audit, the financial statements can:

or may contain undetected material misstatement after confirmation of its reliability;
or contains significant distortions, when in fact there are no such distortions ^[3] .

The auditor should use his professional judgment to assess the audit risk and, accordingly, develop the audit procedures necessary to reduce the risk to an acceptably low level. Audit risk is based on an assessment of the risk of inefficiency of the client accounting system, the risk of inefficiency of the client’s internal control system, and the risk of not detecting client errors ^[2] . Audit risk is subject to insurance ^[3] .

Content

1 Audit risk assessment
- 1.1 Inherent risk
- 1.2 Control risk
- 1.3 Risk of non-detection
2 notes

Audit risk assessment

There are two main methods for assessing audit risk:

estimated
quantitative.

The valuation (intuitive) method is applied on the basis of the client’s experience and knowledge. Audit risk is determined on the basis of statements or individual groups of operations as high, probable and unlikely. Such an assessment is used in audit planning.

The quantitative method involves the quantitative calculation of numerous audit risk models. A common model of audit risk: Ar = VR * Kr * Pr , where:

Ar - audit risk;
VR - inherent risk;
Cr - control risk (risk of controls);
Pr - the risk of non-detection (procedural risk) ^[2] .

Inherent risk

Inherent risk is the exposure of the balance of the account or class of operations of an economic entity to distortions that may be significant individually or in conjunction with distortions of other balances of accounts or classes of operations, provided that there are no appropriate means of internal control.

An inherent risk is the risk that reporting items will be distorted due to the characteristics of those items, for example, the fact that they contain estimates. Auditors should use their professional judgment and all available knowledge to assess inherent risk. If there is no such knowledge, then the inherent risk is high. The inherent risk depends on the nature of the organization, on the industry in which it is located, as well as on the nature of the strategies that it adopts.

Control Risk

Control risk is the risk that the distortions made when calculating the balance and class of transactions, being significant individually or in combination with other distortions, were not prevented or timely detected and corrected using the organization’s internal control system .

Undetected Risk

The risk of non-detection is an indicator of the effectiveness and quality of the work of the auditor. It depends on the professionalism of the audit organization in planning and organizing the audit, determining the sample , applying audit procedures, and qualifications of auditors ^[3] ^[4] .

The risk of non - detection is the risk that the procedures performed by the auditor to reduce the risk of the audit to an acceptably low level will not detect existing distortions that may be material, individually or in combination with other distortions.

Non-discovery risk is a component of audit risk that the auditor controls. If this risk is too high, auditors can do more work to reduce this component of audit risk and, therefore, overall audit risk.

One way to reduce the risk of non-detection is to increase sample sizes.

However, increasing the size of the sample and carrying out additional work is not the only way to manage the risks of non-detection. This is due to the fact that the risk of non-detection depends on the selected audit procedure and its application by the auditor.

Although increasing the sample size or performing more work can help reduce the risk of undetection, the following actions can also increase the efficiency and application of procedures and, therefore, help reduce the risk of undetection:

adequate audit planning;
the appointment of more experienced staff to conduct the audit;
the use of professional skepticism;
enhanced control and review of audit procedures performed.

All of the above reduces the likelihood that the auditor may choose an inadequate audit procedure, incorrectly apply the appropriate audit procedure, or misinterpret the audit results.

The level of risk of non-detection is directly related to audit audit procedures, and it may include such components:

risk of analytical procedures - the likelihood that analytical procedures will not reveal significant errors.

The risk of analytical procedures may be due to the following reasons:

the use of false information and incorrect coefficients in the calculations;
comparing disparate data for different periods ;
incorrect use of analytical procedures.

risk of detailed tests - the likelihood that testing will not be able to identify significant errors.
sampling risk - the likelihood that due to the use of the selective verification method instead of the solid one, errors in determining the size of the sample and its formation, the establishment of the wrong size of the permissible error, inclusion of unrepresentative elements in the sample can lead to the failure to detect significant errors in the reporting ^[5] ^[6 ^] ^[6 ^] ^] .

Notes

↑ Raizberg B.A., Lozovsky L.Sh., Starodubtseva E.B. Audit risk // Audit risk. - 5th ed. - M .: INFRA-M, 2006 .-- 495 p. - ISBN 5-86225-758-6 ..
↑ ¹ ² ³ A.D. Sheremet, V.P. Suits. Audit risk // Audit (textbook) . - M .: INFRA-M, 2006 .-- 448 p. - ISBN 5-16-002517-0 .
↑ ¹ ² ³ Audit risks (Russian) . Date of treatment December 8, 2011.
↑ Risk of non-detection (Russian) . Date of treatment December 8, 2011.
↑ Rule (standard) of audit activity No. 8 "Assessment of audit risks and internal control carried out by the audited entity" (Russian) (11/19/2008). Date of treatment December 8, 2011. Archived on September 5, 2012.
↑ Recommendations on the assessment of audit risk and reliability of the internal control system (Russian) (inaccessible link) (September 19, 2005). Date of treatment December 8, 2011. Archived November 4, 2007.

[1] Raizberg B.A., Lozovsky L.Sh., Starodubtseva E.B. Audit risk // Audit risk. - 5th ed. - M .: INFRA-M, 2006 .-- 495 p. - ISBN 5-86225-758-6 ..

[sheremet-2] ¹ ² ³ A.D. Sheremet, V.P. Suits. Audit risk // Audit (textbook) . - M .: INFRA-M, 2006 .-- 448 p. - ISBN 5-16-002517-0 .

[glossary-3] ¹ ² ³ Audit risks (Russian) . Date of treatment December 8, 2011.

[4] Risk of non-detection (Russian) . Date of treatment December 8, 2011.

[5] Rule (standard) of audit activity No. 8 "Assessment of audit risks and internal control carried out by the audited entity" (Russian) (11/19/2008). Date of treatment December 8, 2011. Archived on September 5, 2012.

[6] Recommendations on the assessment of audit risk and reliability of the internal control system (Russian) (inaccessible link) (September 19, 2005). Date of treatment December 8, 2011. Archived November 4, 2007.

Audit

Types of audit
Internal audit External audit Tax audit Environmental audit Social audit Fire audit Due diligence
Basic concepts
Auditor Materiality • Risk • Documentation Audit report ISA / PSAD
Accounting in terms of audit
Financial statements Profits and Losses Report Going concern
Financial control
The big four
Deloitte Touche Tohmatsu Ernst & young Kpmg PricewaterhouseCoopers