## Audit Risk
### Definition
Audit Risk is the risk that the auditor gives an inappropriate opinion when the financial statements are materially misstated.
More precisely: the risk that the auditor issues an Unmodified (clean) Opinion when the FS are, in fact, materially misstated.
---
### Audit Risk Formula
$$\boxed{\text{Audit Risk} = \text{ROMM} \times \text{Detection Risk}}$$
$$= \text{IR} \times \text{CR} \times \text{DR}$$
| Component | Abbreviation | Controlled by |
|---|---|---|
| Risk of Material Misstatement | ROMM | The Client/Entity (auditor cannot change it) |
| Inherent Risk | IR | The Client |
| Control Risk | CR | The Client |
| Detection Risk | DR | The Auditor (can be reduced) |
> Key insight: Auditors cannot control IR or CR — those are entity-level risks. The only lever the auditor has is Detection Risk — by increasing the extent, nature, and timing of audit procedures.
---
### What IS Included in Audit Risk
- Risk of Material Misstatement (ROMM) — risk that FS were already misstated before the audit began
- Detection Risk — risk that auditor's procedures fail to catch the misstatement
### What is EXCLUDED from Audit Risk
1. Business/Auditor Business Risk — e.g., risk of losses from litigation, negative publicity against the audit firm; these are the auditor's own commercial risks, not audit quality risks
2. Risk of giving a Modified Opinion when FS ARE free from material misstatement — this is an over-cautious error, not the audit risk contemplated by standards
---
### Inverse Relationship: ROMM and Detection Risk
To maintain an acceptably low overall Audit Risk:
- If ROMM is High → Auditor must accept only a Low Detection Risk (do more work, larger samples, more experienced team)
- If ROMM is Low → Auditor can tolerate slightly Higher Detection Risk
$$\text{Low Audit Risk} \Rightarrow \text{DR must compensate for high ROMM}$$