 Hello and welcome to the session. This is Professor Farhad in which we would look at CPA exam questions, specifically dealing with the audit section. These topics could be covered in an auditing course, which I do cover these topics in details in my auditing course. You can check out on my website or on my YouTube, my auditing course. But specifically, I'm going to be focusing on a very important concept that's going to be tested on the CPA exam, and that's the audit risk model. So the questions I'm going to be working today revolved around those audit risk model can be found on my website, and I strongly encourage you, if you're interested in learning more, check out my website for lessons as well as more examples. As always, I would like to remind you to connect with me on LinkedIn if you haven't done so. YouTube is where you would need to subscribe. I have 1,700 plus accounting, auditing, tax, finance, Excel tutorial. If you like my lessons, please like them, share them. If they benefit you, it means they might benefit other people. Subscribe to the YouTube channel, connect with me on Instagram. On my website, farhatlectures.com, you will find the additional resources to supplement your CPA exam, CMA exam, EA exam, and whatever accounting course. For example, auditing you are working on or any other accounting course. You invest for your CPA once in your lifetime. Make it wisely. Make sure you invest wisely. So let's take a look at these series of questions that revolve around the audit risk model, which is the factors in the audit risk model. You should have a good understanding about these model. The first thing, it's which of the following is correct. Which of the following is correct? So you're giving two statements, and you need to understand which one is correct. Control risk is not part of the overall audit risk, although it's assessed by the auditor. Well, is this statement correct? Is control risk part of the audit risk model? And the answer is yes. So the answer here, it says is not, is incorrect. It is part of the overall risk model. Therefore, immediately you could take out one and you could take out C because A and C, which A and C, not one, A and C, they have only one. So you could take both out. So all you have to, all what you have to find out now is if statement true is correct. Now what is control risk? So you need to know what is a control risk. Control risk is the risk of a material misstatement that you find in the financial statements arising because their control is not working properly. Okay. So organization, generally speaking, they should have a good internal control to prevent material fraud and errors. Okay. And what do auditors do? Auditors assess that control risk, assess it whether it's high, medium, or low. So remember, it is assessed. That part of the statement is correct, but they're saying it's not part of the control risk. So it can be assessed at as high, means they have a high, control risk, high, medium, or low. High means their control is not good, basically. Their controls are not good. We can assess it. There's nothing we can do about it, remember. They only assess the control risk to help us plan the audit. Now, so we know one is wrong. Let's look at two. Detection risk is part of the audit risk and the answer is yes, but it's not assessed by the auditor. That is correct. That is correct. It's not assessed. It's set. The auditor set the deduction risk, and this is very important. They deduct it at 5%, 10%, 2%, whatever they want to set it at. So the higher is the more chances they are taking. 5% means we want to be 95% accurate. If we set it at 10%, it means we are willing to take 90% chance that we did not miss anything. If we set it at 0%, it means we're taking no chances. We are going to audit everything. So is detection risk part of the audit risk? Yes. But it's not assessed. That's right. It's set by the auditor, not assessed. Control risk is assessed. And remember, maybe you remember this, maybe not the audit risk model. The formula for that, I mean, again, I cover this way in details on my website. It's inherent risk, which we're going to talk about the inherent risk in this session because it's this whole, all these questions I'm going to be working today as part of the control risk times control risk times detection risk. So here we talked about detection risk and we talked about the control risk. We did not look at the inherent risk. Those three together, set together, when you multiply them, they will give you the audit risk. And this is what I explained in details on my website. So simply put, the answer is B, which is 2 only. Now, inherent risk. So this question is about inherent risk. Do you know what inherent risk is? Because it's the third component of the audit risk model. The inherent risk, one, is not influenced by the amount of work or other testing performed by the independent auditor. Simply put, can the auditor influence the inherent risk? And here what they're saying, it is not. Is that true? And the answer, yes. Inherent risk is not influence. What is inherent risk? Inherent risk is the risk of a material misstatement that you find in the financial statements arising from errors or fraud or admission. As a result of factors other than control risk. For example, if the company uses a lot of judgment in their accounting system, they have a lot of numbers. For example, bet that expense, impairment of assets, impairment of goodwill, estimation for warranty. Those are, they all require high degree of judgment. Or they have, for example, financial transaction that are hedges and forward contract and option that are complicated. What happened is by itself, the audit is inherently risky. That's what we mean by inherent risk. So the auditor, they cannot influence. They cannot influence, I'm sorry, inherent risk is not influenced by the amount that the auditor work perform. If it exists, it exists. Is it the characteristic of the accounting system and personnel who work in that system? Yes, it's characteristic of the accounting system and the personnel. And what do I mean by personnel? I spoke about the accounting system, but the personnel too plays a role. So if you have managers, if you have people that are known, that are known not to have good ethics. That's what we mean by personnel. They are known not to have good ethics. Or the company, they have a high turnover of top managers. Well, guess what? There's an inherent risk in their personnel. So I would say both of these statements is correct. Both one and two. The auditor does not influence, does not influence inherent risk. So what do we do with inherent risk? We assess it. We look at the inherent risk and we kind of give it an assessment. And based on that, we plan our audit. Now, if the inherent risk is high, if they are risky, then we have to do more work. But this is basically the definition of inherent risk, which is the third component of the audit risk model that I showed you earlier. Let's go back to control risk. Let's look at control risk and see what control risk is. It's influenced by the amount of work or other testing performed by the independent auditor. Well, control risk, what do we do with control risk? Remember, what do we do with control risk? We assess it. What does it mean we assess it? We determine whether it's high. Basically, we make a judgment upon it, whether it's high, low, or medium. And based on that, we conduct our audit. But it's not influenced by us. Whether it's high, it's because the company does not have a good control. Or if it's low, it means the company they have a good control. So it's not influenced by the amount of work or other testing. So it's not influenced by that. So it's not influenced by that. So once I take one out, once I take one out on the exam day, once you take one out, well, you can take A and you can take C. All you have to do now is to figure out is if 2 is correct, if the Roman numeral 2 is correct, then it will be B. If Roman numeral 2 is not correct, the answer will be B. It's mitigated by good internal control. Yes, if there's a control risk, if they have a good internal control, it's mitigated by that. Therefore, the answer is B. B, 2 is correct. It's not influenced by the amount of the work the auditor perform. It's mitigated by good internal control. Now maybe the auditor might give them some advice about internal control, later down the road to improve their internal control. But that's a separate situation. Here we are being asked, if it's influenced by the amount of work, no, it's influenced by how well the company set up their internal control. It's mitigated by good internal control. So we have to be careful. Each definition, detection risk, control risk, inherent risk, the definition of each and how they all fit together. Let's take a look at this question. If an auditor assess, notice they're assessing both, the inherent risk and the control risk to be high. So notice here, they're already telling us, inherent risk is high, control risk is high. What does that mean? It means bring your best employees beyond the lookout. Control risk means their internal control are not good. We should not rely on them. And inherent risk means they could have a lot of errors, not influenced by the control risk, influenced by the nature of the accounts that they have, the nature of the people that are working there, the characteristic of the account, the characteristic of the personnel. So how should the auditor respond when this is high? I already gave you the answer. You should raise all your antennas and be on the lookout. The auditor must then set the acceptable level of detection risk for an account to a relatively low level. And the answer is yes. Now you cannot take any chances. Your detection risk, your DR, must be set at a low level. Why? Because the company is risky. So your detection risk must be set at a low level, maybe 3%. Maybe usually it's 5%. Why? Because the company is risky. You cannot take any chances. Because if you take chances, well, you may miss a lot of mistakes. So one is correct. Now we can keep, actually, we can only eliminate D because neither 1 and 2. All we have to find out now is if 2 is correct, and if 2 is correct, it will be both A and B, both 1 and 2, which is C. The auditor will perform more substantive testing in that area. And the answer is yes. If you have high control risk, if you have high inherent risk, guess what? I'm going to have to do more substantive work. And I have to do more testing of the accounts, which is 2 is correct. That's how you would respond to a scenario where you have high inherent risk, high control risk. Therefore, the answer in this situation will be C. You have to take care of both. This is very important. So simply put, if inherent risk and control risk are high, you have to set detection risk low. Now, I cover this way much more in details in my lectures on my website, like really, really in details, like the audit risk model is covered in depth. It's covered as if this is the first time you look at it when you're sitting in your college seats. Let's take a look at this question by gathering more evidence through substantive testing in order to reduce what? So what can you reduce? If you collect more evidence, what can you reduce? Well, can you reduce inherent risk? And the answer is no. Remember, inherent risk is assessors. Nothing we can do about inherent risk. Inherent risk is characteristic of the company. If three is out, we can take this one out. This is easy in this one out. A and D are out because they include three. Remember, inherent risk depends on how risky the nature of the company, nature of their accounts, the nature of the people that work there. Now, we're down to B and C. Control risk, remember, what did I tell you about? Control risk, we also assess control risk. And you have to know that control risk is assessed because it's either high, medium, or low, and you really have to understand this. Also, you could eliminate this question, this answer, and this answer. Well, by process of elimination, must be we can only reduce detection risk. Yes, the more work we do, the less risk we are taking. We can reduce our detection risk. The less risk we are taking, they are gonna be missing something out because we are lowering our detection risk. More, think about it, the more work you do, if you sample every, if you look at everything, you have technically no detection risk, assuming you look at it properly. But if you look at only 90%, well, guess what? If you look at a sample, you may be taking a risk. How long is that risk? How big is that risk? Well, it depends on your detection risk. So the more work you do, the lower is your detection risk. So once again, these questions about the audit risk model are covered on my website, but the additional recordings and the explanation about the audit risk model, something that you have to really understand before you sit on your CPA exam, it's covered in my auditing course. You're gonna invest for your CPA once in your lifetime. Invest wisely. I strongly suggest you subscribe to the channel. It's a lifetime investment. Good luck, study hard and stay safe during those coronavirus days.