[Anonymous]

I don’t understand Risk of Material Misstatement no matter how hard I try. This ALWAYS stumps me on the exam.

I know the formula, what I don’t understand is what increases and decreases certain risks.

I don’t understand why I can’t grasp this concept and it always kills me on the MC as well as the Sims each time.

Inherent Risk, Control Risk, Detection Risk, and overall audit risk are usually the choices on the exam.

I know Inherent risk and control risk can’t be controlled by the auditor, only detection risk can be.

So I always thought inherent risk can’t increase or decrease because it’s innately inherent.

In terms of control risk, I figure when the auditor has a high detection risk, control risk is lower, and if he has a low detection risk, control risk increases.

When does overall audit risk come into play?

I also don’t understand the internal concept behind the increase/decrease even though I know the formula.

I feel that if detection risk (the auditor’s risk that he will detect an issue) is high, obviously control risk should be lower. This means that there is a high risk that the auditor will not or will detect a problem? Or that he tolerates a higher risk or tolerates a lower risk?

I’m sorry if this sounds confusing, but I’ve struggled with this since last year. I get so confused.

If anyone can give me some advice or help on how to go about this I’d really appreciate it!

[soweto]

Detection Risk is the risk that the auditor does NOT detect a material misstatement when one exists. It is lowered by performing more substantive tests. If the risk of material misstatement is high (control & inherent), one must lower detection risk (by performing more substantive tests) to achieve the same level of audit risk. The auditor sets detection risk in response to inherent and control risk, not the other way around. He can't control the latter two, so if they're assessed as high, the auditor must lower detection risk.

Audit risk is the risk that the auditor issues an unqualified opinion when the financial statements are materially misstated. It is a function of detection risk and risk of material misstatement.

If control risk (the risk that internal controls do not prevent/detect + correct material misstatements) is high, the auditor must reduce detection risk.

Same relationship for inherent risk (the risk that an account is materially misstated disregarding controls). Inherent risk would be high for an account that involves a high degree of judgment for example, because its valuation may be subjective and therefore more likely to be misstated.

If inherent and control risk are assessed as low, the auditor can tolerate a higher level of detection risk because it's less likely that material misstatements exist.

Hope that helps.

[Futile]

Audit risk = Inherent risk x Control risk x Detection risk

That formula is useless unless you really understand what each component represents and the order of things.

Inherent risk is the risk in an account or transaction due to its nature and is independent of internal controls. Neither detection risk nor control risk influence inherent risk. For exam purposes, it is typically assumed to be constant.

Control risk is the risk that the client's internal controls are not sufficient to prevent, detect, and correct errors and irregularities in the normal course of business in a timely manner. Higher control risk means that there is greater risk that the client's internal controls will fail. An auditor will set control risk at the maximum (100%) if he will not rely on them, either because the auditor believes the controls are ineffective or because it is not cost-effective to rely on them. An auditor will set control risk below the maximum if he does plan to rely on them because the controls seem effective and it is cost-effective to test them. If the auditor plans to rely on internal controls, he must test them.

Detection risk is the risk that the auditor's procedures will not discover an error or an irregularity that may exist in an account. The higher the detection risk, the more risk the auditor is willing to accept that he will not detect the misstatements and the fewer or less effective procedures the auditor will perform. The lower the detection risk, the less risk the auditor is willing to accept that he will not detect the misstatements and the more or more effective procedures the auditor will perform. Always remember that the quantity or quality of procedures the auditor plans to perform varies inversely with the level of detection risk.

Audit risk is the risk that the audit will fail, that is, the risk that material errors will occur in the accounting process used to develop the financial statements (inherent risk and control risk) and the risk that any material errors that occur will not be detected by the auditor (detection risk).

Audit risk is set by the auditor, and like inherent risk is usually assumed to be constant. Both of these are determined before the other two risks. Control risk is then determined and influences the level of detection risk inversely. As control risk increases, the risk of misstatements increases, so the auditor must lower detection risk by performing more procedures to gain more assurance that there is not a material misstatement. Formula-wise, if audit risk and inherent risk are constant, then a change in control risk can only affect detection risk and for the formula to balance, the two must move in opposite directions.

CPA exam: Done!

Thank You, Lord.

[Anonymous]

Wow. I'm only on chapter 2 on AUD so I haven't gotten there yet but thank you. A great explanation from both of you!

[Anonymous]

Thanks for the input guys, I will try to take a lot out of this in the next coming weeks! I really appreciate the careful and detailed insights!

[topharry123]

The part I struggle with is inherent risk. I'm thinking that things in the environment would be inherent risk, does that sound about right? For example, technological obsolescence, new major competitors selling products at cheaper prices, employees being tired, management overriding controls etc. Basically things that could cause either errors or fraud because of their nature, but things which internal controls couldn't stop? Is my understanding there correct? Thanks in advance and sorry to barge in on the thread with a question of my own, it just seems relevant and I hope it can help you as well !!

FAR - 95
REG - 93
AUD - 91
BEC - 85

[Futile]

It's not that internal controls couldn't stop errors or fraud in things inherently risky–indeed, internal controls are supposed to mitigate these sort of things–but that you simply pretend controls do not exist when evaluating the entity and its accounts and transactions for inherent risk. You are looking for how susceptible something is to misstatement fundamentally, in and of itself.

This does have to do with the environment, whether external (e.g., competitors, laws, the economy) or internal (e.g., management style and philosophy, employee attitudes) to the company, as well as other factors.

There are some pretty good examples here: https://www.dummies.com/how-to/content/how-to-assess-inherent-risk-in-an-audit.html

You may also want to peruse this article (note it is not about U.S. GAAS, but it is helpful): https://www2.accaglobal.com/archive/sa_oldarticles/50047

I wouldn't stress too much about inherent risk, as it requires significant professional judgment and thus isn't all that clear. Know what it is, nail the other kinds of risk, and you'll probably be fine for the exam.

CPA exam: Done!

Thank You, Lord.

[jpat1980]

Picture this: A See Saw

[Year End/Balance Sheet Date] – Positive Confirmations

More – substantive test

Less – Control Test (controls are not working, so cant use them)

Risk of Material Misstatement

IR x CR ________________________________________V___________________________________________DR

(independent)

---

(Dependent) Nature

[Interim Period] — Negative Confirmations

---

Extent

Less – substantive test

---

Timing

More – control test (controls are working, so the output is reliable)

Now you have the visual… You can move the see saw how youd like and depending on where the IRXCR are in relation, you can have a better understanding on what procedures to apply..

AUD-68,74,88
REG-81
BEC-75
FAR-71,79
(Primary: Becker | Supplemental: Wiley MCQ's, Ninja Notes)

CFP - passed(3/2013)
(KIER, College for Financial Planning-cffp.edu, Jeff Rattiner Books and Notes)

[Author]

Replies