Change in risk vs. change in assessment of risk

  • Creator
    Topic
  • December 24, 2010 at 3:51 am #159481
    palal9923
    Participant

    Can somebody help me wih this? I am confused and I know its not that hard, or it def should not be this hard to figure out. It reminds me of when I was studying BEC change in demand vs. change in quanity demanded situation, the definition are different yet the meaning is very similar.

    I am referring to the audit risk model in this question. I know that we cannot change the Inherent Risk, and the Control but we can change the assesmment of them.

    So can somebody explain to me the difference between assesment vs. change in a risk? I do not understand the difference at all.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • December 24, 2010 at 4:11 pm #267715
    Iwant2baCPA
    Participant

    Let's hope I don't confuse you a bit more.

    Inherent and Control risk are basically the company's “responsibility”. This is determined by their internal control and the company itself. For example, a CEO tells you that all checks under over $5,000 need two signatures (CFO and Controller). On the surface that seems like good internal control so you may think the control risk is low. Then you find out that the CFO and Controller are rarely in the office so checks are rubberstamped. Well, now that internal control doesn't seem so effective anymore, does it. But there is nothing you can do to change it. The internal control throughout year was the company's responsibility to initiate and maintain. You cannot change what the company did in the past. All you can do is look at the facts and determine that your original assessment was incorrect.

    REG 89, BEC 86
    AUD 81
    FAR 1/28/2011
    State: CA

    December 26, 2010 at 10:05 pm #267716
    palal9923
    Participant

    So, now the auditor will change his assesment… and this will, or will not change the risk model?

    December 27, 2010 at 2:33 am #267717
    Iwant2baCPA
    Participant

    It will change the risk model. You want your overall risk to remain low. In order to do so, you need to adjust the one variable you have control over – detection risk. If your assessment of control risk changes, your need to change your detection risk. In the above case, you would lower your detection risk by doing more substantive procedures.

    REG 89, BEC 86
    AUD 81
    FAR 1/28/2011
    State: CA

    December 27, 2010 at 1:35 pm #267718
    palal9923
    Participant

    And so therefore, we are changing our “assesment” of the original risk model, but we are not changing the actual CR and IR, because those are whatever we “tested” them to actually be, which were different from our original assumptions ( in this example). Is that correct?

  • Author
    Replies
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Change in risk vs. change in assessment of risk’ is closed to new replies.