 in this presentation and we will discuss audit risk model we're gonna start off with what audit risk is so what is audit risk first a word from our sponsor well actually these are just items that we picked from the youtube shopping affiliate program but that's actually good for you because these aren't things that were just given to us from some large corporation which we don't even use in exchange for us selling them to you these are things that we actually researched purchase and use ourselves acer 27 inch monitor i've been using an acer monitor as my primary monitor for a few years now this is the first acer monitor that i have used after having used a series of different brands of monitors in the past the acer monitor has been performing well and i'm trusting the acer brand more and more as i use the monitor i have a 27 inch monitor which i think is ideal for what i do which is of course the screen recording and the editing if you would like a commercial free experience consider subscribing to our website at accounting instruction dot com or accounting instruction dot think of it dot com where we have many different courses you can purchase one at a time or have a subscription model given you access to all the courses courses which are well organized have other resources like excel files and pdf files to download and no commercials that the auditor expresses an incorrect audit opinion when the financial statements are materially misstated so for example if we were to give the most common type of opinion for the audit a clean opinion an unqualified opinion opinion in essence expressing that the financial statements in our opinion are put together in accordance with whatever standard they said they were going to be put together with for example generally accepted accounting principles if that was the case and there was a material misstatement from that standard from generally accepted accounting principles then we would have a material misstatement that would be against our opinion of it and our opinion would therefore be wrong there's always a risk for that to be the case even if we were diligent and that's what we're going to put into our system we're always going to be saying hey there is a risk that we could do our due diligence as a competent auditor go through the audit and still there be a material misstatement in the financial statement that we did not detect even though we issued a clean opinion for it what we're going to do is never say that that's going to be eliminated that risk is never eliminated but we're going to try to make it as low as possible so we want to consider the audit risk the risk that we have say a clean opinion or something like that and there was a material misstatement that was not detected we want to assume we want to discuss what that is and of course set that risk level to a low and acceptably low level so we can think of that on the assertion level in terms of the financial statement level at the financial statements as a whole as well as the individual account balance or disclosure level when we're actually breaking that down into a more granular level of the actual accounts and the disclosures for them the audit risk model then is going to include some key definitions those definitions being inherent risk which we're going to represent with IR control risk with CR and detection with with DR we're going to put this information into more of a formula a formula type format note as we do so we start to think that this is a very defined type thing we see a formula we're saying this is an exact process so that's what goes into many people's minds when we see a formula the number is what it is we need every auditor would come up with that exact same number and the exact same formula if they follow the same procedures not necessarily the case here we're going to take this this is this is more of an art and science as opposed to just a science we're going to take this information and we're going to put them into a form you like format that's going to help us to conceptualize the interplay between these concepts inherent risk control risk detection risk so that we can think about the audit risk overall as well let's now consider these individually starting off with inherent risk inherent risk possibility of an assertion in an account or disclosure to be misstated due to error or fraud that could be material before consideration of any related controls we're thinking about an assertion in an account or disclosure so worth considering actual accounts were on that granular level and then we're considering the removal of control so we're going to say what if there are no controls here we're going to take out the controls because of course the controls within the organization are designed in order to detect types of risks so we're going to say what what if we didn't have any controls and this particular assertion about a particular account what level of inherent risk is there is there and I would think of this as as a risk it just basically is in part or it's part of the actual thing it's inherent to it's already embedded within it so for example if we're thinking about something like cash then and if we took out the controls over cash then cash is going to be more inherently risky why because it's very liquid cash is liquid therefore it's going to be higher probability that there will be fraud or something like that because it's more susceptible to something like fraud if we took that same type of thing we took out the controls and we considered like a building the office building well there's less inherent risk with relation to the office building because it's it's less liquid it's less likely that someone's going to take that office building put it in their back truck and like you know run off with it that's not typically going to happen so there's less inherent risk when we think of say an assertion with regards to whether or not the office building is going to be stolen as opposed to whether we think about cash because of the liquidity of it so that's what we're going to be thinking about the kind of concept that we would think about with inherent risk we're going to say hey if we remove the controls we consider the specific assertion with regards to this particular account and disclosure what would be the risk related to it and you can see that there would be drastic differences with different types of things if we have different types of company with different types of inventory people that sell things like diamonds that are highly valuable and liquid possibly are easy to steal would be would be more risky more inherently risky than someone that sells something of a low value like like a lawn fertilizer or something like that would be lower value type of item that could still be theft it's still worth something but it might be less inherently risky when you consider the inherent risk between the two of them what about control risk that's going to be the possibility that a material misstatement that could occur in an assertion about an account or disclosure will not be prevented or detected and corrected on the timely basis by the organization's internal controls so control risk now we're going to be putting the controls back in place so when we consider the control risk the possibility that there is a material misstatement that could occur as at in an assertion about once again the account or disclosure level so now we're at the account or disclosure level we put the controls back in place and we're trying to think okay now that the controls are in place what's the probability or the risk that the controls aren't sufficient enough in order to to basically catch any kind of misstatement that could be put in place so inherent risk no controls then we put the controls in place so if we're thinking about something like cash what are those controls what are the risks that the controls related to cash are in place now obviously if you think of something like cash you would think the inherent risk is very high the company then would have some system of controls of course to be put in place in order to to account for the fact that the inherent risk is high and the question then is are there controls enough to to detect the risk or what's the likelihood that the controls would not catch a risk and we would think about the controls again on an account level as we go through the accounts inventory cash different types of accounts with relation to the controls then we have the detection risk that's going to be the risk that the material misstatement will not be detected by the procedures performed by the auditor to reduce audit risk to an acceptable level this could result from inappropriate audit procedures misinterpretation of audit evidence or failure to recognize a misstatement so then detection risk is our risk it's on our level now we're at the audit so note that the control risk or the inherent risk aren't really our responsibilities not our whatever industry they're in might be more risky than another industry that's inherent to whatever industry and the accounts related to it the the control risk are their controls they've implemented them the company has management has that's their responsibility detection risk of course is our responsibility because that's going to be the risk that the material misstatement will not be detected by the procedures performed by the auditor to reduce the audit risk to an acceptable level so now we're thinking about you know what type of procedures are we putting into place in order to basically detect any kind of problems because our job of course is to issue an opinion on the financial statements so we're going to try to consider what the detection risk for us would be that there's some type of misstatement that our audit processes do not detect now the the interesting thing here is that we are going to vary our detection risk based on based on in essence the formula so our detection risk could be a result of these at these items inappropriate our procedures so if we set up our audit inappropriately of course misinterpreting audit evidence so maybe we have the evidence but we misinterpreted it and that resulted in us not detecting a material misstatement failure to recognize a misstatement so maybe there was one there and we just missed it we've just failed to recognize it it's possible so the audit risk model then it's going to be in this kind of formulaic type of equation we've got the inherent inherent risk and control risk is going to be equal to the risk of material misstatement so when we consider the inherent risk and the control risk that's going to be equal to the risk of the material misstatement and if you think about that again these are the things that are basically involved by the company right the company has control over one the inherent risk the business that they are in the environment they decided to take on it's inherently risky or whatever the inherent risk level is and then the control risk are the controls that the company put in place in order to mitigate whatever risk model that they have taken on within their business model that of course is going to equal the risk of the material misstatement in the financial statement notice detection risk isn't in this process because that's the risk of us detecting outside our audit process detecting the material misstatement this is basically the risk that a material misstatement is there then we're going to put in the audit risk the audit risk is going to be equal to the inherent risk the IR the control risk the CR and the detection risk so this is basically going to be our formula to determine in essence or think about what total audit risk is or we can consider it in this format audit risk is going to be the risk of material misstatement because of course the risk of material misstatement includes both inherent risk control risk the two things that are going to be the factor of in essence the company on the company side and then the the amount that's on our side the detection risk our audit did our audit tested so this is basically the responsibility of the company being in whatever industry they are in inherent risk and the control risk and then this is on our side the actual audit process to detect the auditor also needs to consider engagement risk as they consider engaging with different clients and taking on different types of engagement different types of auditors the auditor's exposure to financial loss and damage to professional reputation that's going to be the engagement risk so engagement risk auditor's exposure to financial loss and damage to professional reputation this could be a result of say litigation other events are rising that are connected with the financial statements so if we audit the financial statements we have an opinion of the financial statements then we're done with that particular engagement but of course those financial statements are going to be used within some kind of business process that's why we did the audit if it's a publicly traded company then investors are going to be investing in those financial statements it could be an audit for some other reason for non-publicly traded companies such as to get a bank loan or something like that so if there are other events arising that are connected with the audited financial statements the financial statements being used for some kind of business process then that could be a problem for us or that could cause potential problems or be some source of liability in the future engagement risk and then we have any adverse publicity so if there's some kind of adverse publicity say we're auditing a company that maybe we have a clean opinion of the audit but publicly they're not popular for whatever reason that could cause the auditing firm problems as well so if we're talking about publicly traded companies they could have a high degree of presence in the public and again even if their financial statements are clean the the public impression of course will will rub off as well on possibly the auditors that are working with that are doing business with that entity now we'll take a look at these steps in the audit risk models the audit risk model typically will include we're going to set a plan level of audit risk so when we think about audit risk we're actually going to set the audit risk so typically we're going to say hey this is the audit risk that we are going to set and then we're going to assess the risk of material misstatement so the the risk of material misstatement from the company side of things is what they're in control of that's the inherent risk and the control risk and what I mean in control of inherently things are inherently risky no one's in control of that but they chose to be in that industry and therefore they are basically responsible for taking on that business control inherent risk and the control risk their internal controls then we're going to determine the appropriate level of detection risk which is our responsibility now so here's the formula for audit risk note that we're going to set the audit risk however we know and then we're going to determine inherent risk and control risk and then we're going to be looking for with our formula with our with our analysis with our thought process our equation the detection risk that's the risk that of our audit detecting a material misstatement so detection risk then is going to equal the AR which is going to be the audit risk which we're going to set we're going to know that well then we've got the IR which is the inherent risk and the CR the control risk these are going to be the known items so that we can set the DR the detection risk now the thing that's kind of funny about this of course is the thing that's a little bit unusual when you start to think about this model and questions about this model it's easy to get confused about what the detection risk should be should it be high or should it be low and how should we set the detection risk with regards to this model in other words if we think about the detection risk you're thinking about the risk that we're going to perform the audit and the audit is not going to detect a material misstatement we want that risk to be low we want we want to have a low detection risk now you would think that we would want the low detection risk all the time we would always want to have a low detection risk you would think however note we want to have an interplay between the detection risk and the other factors the goal of this detection risk is to help us to put together the audit procedure in such a way that it's most efficient and if we can rely on the internal controls and if we're in a less inherently risky situation then you would think that we can do less of the procedures and that would mean that the detection risk would actually go up but we would still be okay given the fact that we're in a less risky environment and we have internal controls that are sound so if we think this out kind of numerically or for more of a mathematical type of standpoint we've got the audit risk this is going to be the overall audit risk then we have the inherent risk and the control risk so the internal controls remember the internal control risk represents the fact that do we have sound internal controls and the risk that the internal controls would not be catching a material misstatement so if we had good internal controls the company had good internal controls then you would think that the control risk would be low we'd have a low risk that there would be an error that the internal controls wouldn't catch inherent risk if we're in a less risky environment you would think that we would then have less risk that there would be just inherent risks due to the nature of the type of business that we have so if these two risks are low then this equation the numerator is going to be lower it's going to result in a higher number that we would calculate then for the detection risk which would make sense because of course if we had sound internal controls and we're in a less risky environment then we can do less testing in our audit and still be okay so we actually in terms of the audit procedures we actually kind of want this to be high why would why would we want this to be high because if this is high we're doing less work if this is high we're depending more on the fact that we're in a good environment or not a really risky type of environment and we are saying that the controls are sound the business we're working with has sound controls that are more likely to catch any kind of problems and therefore we can set our detection risk higher do less work and still be okay within the audit process and we have to we're hoping for that to basically be the case because again these large publicly traded companies we have to depend in some to some degree on the internal controls with smaller companies we would expect the internal controls to be to be less effective and therefore this risk to be higher and if this risk is higher then we're going to have to set our detection risk lower which means we would do more substantive testing so you can kind of think through this equation what if the inherent risk was high what if the control risk was high what if it was low what would happen then to the detection risk just remember that when you're thinking about the detection risk you're thinking that if it if it's high it's kind of it's almost a good thing because that means we're doing less work and depending more on the controls and just the environment if it's low that means we're basically we're depending less on the controls and we're probably then going to have to do more of the substantive testing so here's just now there are some limitations to the audit risk model so these are the audit risk model limitations model is based on judgments and assessments therefore judgments and assessments must be good for the model to be good so notice this isn't an exact science once again we have judgments and assessments being involved to help give us a mental image on how we can compare these concepts and of course the that means that the outcome what what we get from this model is only as good as the judgments and assessments that we make as we put the model together