## Audit Risk and Its Components

### Definition

Audit Risk is the risk that the auditor gives an inappropriate opinion on financial information that is materially misstated.

> In simple terms: the auditor says 'FS are fine' when they are actually materially wrong.

---

### Components of Audit Risk

```

Audit Risk

├── Risk of Material Misstatement (ROMM) ← exists BEFORE audit

│ ├── Inherent Risk

│ └── Control Risk

└── Detection Risk ← depends on auditor's procedures

```

#### 1. Inherent Risk

The susceptibility of an account balance, class of transactions, or disclosure (ABCD) to material misstatement, assuming there were no related internal controls.
It is entity/transaction-specific — some items are inherently more risky (e.g., fair value estimates, related-party transactions).
Not controllable by the auditor — it pre-exists the audit.

#### 2. Control Risk

The risk that a misstatement will not be prevented, or detected and corrected, by the entity's internal control.
Relates to the effectiveness of the entity's own internal control system.
Not controllable by the auditor — depends on the entity's controls.

#### 3. Detection Risk

The risk that audit procedures will fail to detect a material misstatement.
Directly related to the Nature, Timing & Extent (NTE) of audit procedures determined by the auditor.
Controllable by the auditor — by increasing the NTE of procedures, detection risk can be reduced.
The auditor sets detection risk to reduce overall audit risk to an acceptably low level.

---

### Key Relationship

ROMM (IR + CR) is...	Then Detection Risk must be...	Meaning for Audit Work
High	Low	More extensive audit procedures required
Low	High	Less extensive procedures may suffice

> Inverse relationship: Detection risk moves inversely to ROMM. If ROMM is high, the auditor must lower detection risk by doing more work.

Worked example

### Example 1

Classifying Risk:

A company operates in the cryptocurrency industry where asset valuations are highly subjective and volatile.

Inherent Risk: High — because crypto valuations are inherently uncertain even without considering the company's controls.
Control Risk: Assessed after reviewing the company's internal controls over valuation. If controls are weak, control risk is high.
Detection Risk: The auditor must set detection risk at a LOW level (i.e., design extensive procedures) because ROMM (inherent + control risk) is high.

### Example 2

The ROMM–Detection Risk Inverse Relationship:

For trade payables of a manufacturing company, IR is low (routine, well-documented) and CR is low (strong controls). ROMM is therefore LOW. The auditor can tolerate a HIGHER detection risk — meaning less extensive confirmations or cut-off testing is acceptable without compromising the overall audit risk.

⚠️ Common exam mistakes

Saying the auditor controls inherent risk or control risk — the auditor can only control detection risk through the NTE of procedures.
Confusing 'risk of material misstatement' with 'audit risk' — ROMM is only one component of audit risk; detection risk is the other.
Direct relationship error: thinking 'high ROMM → high detection risk acceptable' — it is the opposite (high ROMM → detection risk must be LOW).
Defining inherent risk without including the phrase 'assuming there were no related internal controls' — this qualifier is essential for full marks.
Defining detection risk as relating to 'all audit procedures' — it specifically relates to the NTE of audit procedures determined by the auditor.

Bare-Act text Definitions — Para 13(c) · SA 200 · click to expand

Audit risk means the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

Audit Risk — Inherent Risk, Control Risk, Detection Risk

Worked example

⚠️ Common exam mistakes