Audit risk is the risk that an auditor may give an inappropriate opinion on financial information, which is materially misstated. An auditor may give an unqualified opinion on financial statements without knowing that they are materially misstated. Such risk may exist at overall level, while verifying various transactions and balance sheets items. There are three components of audit risk:
i. Inherent risk:
It is a risk that material errors will occur. Inherent risk is the susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatement in other balances or classes assuming that there were no related internal controls.
ii. Control risk:
It is the risk that the client’s system of internal control will not prevent or correct such errors, to assess control risk, the auditor should consider the adequacy of control design as well as test adherence to control procedure.
iii. Detection risk:
It is the risk that an auditor’s procedures will not detect a misstatement that exists an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes. The level of detection risk relates directly to the auditor’s procedures. Some detection risk would always be present.
The inherent and control risks are functions of the entity’s business and its environment and the nature of the account balances or classes of transactions, regardless of whether an audit is conducted. Even though inherent and control risks cannot be controlled the auditor, the auditor can assess them and design his substantive procedures to produce an acceptable level of detection risk, therereducing audit risk to an acceptable low level.