Types of Audit Risk

There are 3 types of audit risk faced by companies, namely Inherent risk, Control risk and Detection risk.

Inherent risk is the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Inherent risk at the financial report level is considered in general planning because it specifically affects other decisions made at this time, such as staffing requirements, and other aspects of the audit plan.

Control risk is the risk that a misstatement could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. There is an inverse relationship between the degree of assurance that control objectives have been achieved and the degree of control risk. An auditor determines a preliminary assessed level of control risk at the planning stage, based on the auditor’s understanding of an organisation’s internal control. A final actual assessed level of control risk is then determined based on the result of tests of controls during interim testing.

Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect that a misstatement exists and that could be material, either individually or when aggregated with other misstatements. Note that the usage of substantive analytical procedures reduces this risk. However, detection risk cannot be reduced to 0 and there will always be some amount of risk.


How can companies minimize Audit Risks?

The COSO Enterprise Risk Management is one of the most widely accepted risk management standards organisations use to help manage risks in an increasingly developing and unpredictable business landscape.

Source: https://i-sight.com/resources/coso-framework-what-it-is-and-how-to-use-it/

This model sets the standards for organisations to evaluate the effectiveness of their systems of internal control. There are 5 components that work together as an integrated system to support the achievement of an organisation’s mission, strategies, and related business objectives. They are namely Control Environment, Risk Assessment, Control Activities, Information and Communication and Monitoring.

These 5 components work to establish the foundation for sound internal controls within an organization through directed leadership, shared values and a culture that emphasizes accountability for control. The various risks facing the company are identified and assessed routinely at all levels and within all functions in the organization. Control activities must be proactively designed to address and mitigate significant risks. When the entire system of internal controls is monitored continuously, it ensures that problems are addressed timely.

Singapore Standards on Auditing

SSA200.A34: The assessment of risks is based on audit procedures to obtain information necessary for that purpose and evidence obtained throughout the audit. The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement.

SSA200.A35: For purposes of the SSAs, audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. This risk is ordinarily insignificant.


Authors:
Celesdia SOH Jia Hui
Business Development Associate

Chrislyn WONG Shu En
Business Development Associate

Nur FADHILAH Bte Abd Fazil
Business Development Associate

Michelle CHEN
Business Development Associate

Editor:

Ryan Adnin GOH

MBa, Certified Employment Intermediary  (KAH)

Director of Advisory


References: https://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-the-coso-framework