Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ / Risk Assessment and Internal Control
Microlesson · 5-min read

Detection Risk – Sampling and Non-Sampling Risk (SA 200 / SA 240)

## Detection Risk and Its Components

### The Audit Risk Model

Audit Risk = Inherent Risk × Control Risk × Detection Risk

### What is Detection Risk?

Definition (SA 200): Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material — either individually or in aggregate.

In simpler terms: the auditor did the work, but still missed the misstatement.

> Detection risk is the only component of audit risk that the auditor can directly control — by adjusting the nature, timing, and extent of audit procedures.

### Components of Detection Risk

#### 1. Sampling Risk

  • Risk that the auditor's conclusion based on a sample differs from the conclusion that would have been reached if the entire population was tested.
  • Cause: The sample chosen was not representative of the population.
  • Example: An auditor tests 50 invoices out of 5,000 and concludes there are no errors — but the errors happen to be concentrated in the untested 4,950.

#### 2. Non-Sampling Risk

  • Risk that the auditor reaches an erroneous conclusion for any reason unrelated to sampling — e.g., using an inappropriate procedure, misinterpreting evidence, or failing to recognise a misstatement.
  • Can be reduced through better training, quality review, and proper procedure design, but cannot be eliminated by increasing sample size.

### Summary Table

ComponentCauseCan be Reduced By
Sampling RiskNon-representative sampleIncreasing sample size, better sampling method
Non-Sampling RiskWrong procedure, human error, misjudgmentBetter training, supervision, procedure design

Worked example

### Example 1

Satranga Foods Pvt. Ltd. manufactures pickles. The auditors planned specific procedures for testing revenue recognition. Despite these procedures, some misstatements in revenue recognition were not detected.

This is Detection Risk — the planned procedures failed to catch an existing material misstatement.

Breaking it down:

  • If the auditors tested only 10% of sales invoices and the errors were in the untested 90% → Sampling Risk.
  • If the auditors used an inappropriate procedure (e.g., checking dispatch records instead of customer confirmations for revenue cut-off) → Non-Sampling Risk (wrong procedure selected).
  • If the auditors saw the error in the data but misinterpreted it as immaterial → Non-Sampling Risk (misjudgment).

⚠️ Common exam mistakes

  • Confusing detection risk with inherent risk — inherent risk relates to the susceptibility of an assertion to misstatement; detection risk is about the auditor failing to find it.
  • Saying sampling risk can be eliminated by testing 100% of the population — at 100% testing, sampling risk is zero, but non-sampling risk remains.
  • Treating detection risk as entirely within the auditor's control without acknowledging non-sampling risk — non-sampling risk is hard to eliminate completely.
  • Not linking detection risk to the audit risk model — detection risk must be managed inversely to assessed inherent and control risk (if IR and CR are high, detection risk must be kept low by doing more work).
Reference: — SA 200 – Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing
← Previous
Data Analytics and CAATs in Au
Next →
Elements of Control Environmen
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic