Control risk is the risk that misstatement that could occur in an account balance or class of transactions and that could be material, individually or when aggregated with mis-statements in other balances or classes, will not be prevented or detected on a timely basis the system of internal control There will always be some control risk because of the intrinsic limitation of any system of internal control To assess control risk, the auditor should consider the adequacy of control design, as well as test adherence to
control procedures. In the absence of such an assessment, the auditor should assume that control risk is high.
Detection risk is the risk that an auditor’s procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes. The level of detection risk relates directly to the auditor’s procedures. Some detection risk would always be present even if an auditor were to examine 100 percent of the account balance or class of transaction because, for example, the auditor may select an inappropriate audit procedure, misapply an appropriate audit procedure or misinterpret the audit results.