Audit Risk Model
The model uses a multiplicative relationship between inherent, detection, and control risks.
What is an Audit Risk Model?
The audit risk model is a tool auditors use to assess the risks involved in performing an audit. An audit is an inspection of an entity’s accounts. Audits ensure statements are accurate.
Audits are not easy to do. Independent auditors and audit firms need to weigh several factors when performing audits. These different risks are spelled out in this model.
This model is built on the fact that all audits involve some risk. Auditors must use this model to understand that risk. In short, the model proposes that audit risk is equivalent to the product of inherent risk, control risk, and detection risk.
Audit risk model:
Audit Risk Model = Inherent Risk * Detection Risk * Control Risk
Read about the equation here.
The three risks are ordered in a multiplicative way. A multiplicative equation means two or more variables are multiplied to obtain a result. Make sure you convert the percentages to decimals to use in the equation.
Multiplicative equation form:
y = x * x * ....
If one of the “x” variables increases, the resulting “y” variable will increase too. Likewise, if an “x” variable decreases, the resulting “y” variable decreases. When combined in a multiplicative manner, auditors gain a more accurate representation of the audit risk.
The model determines the appropriate auditing procedures to conduct for the financial information presented in the company’s financial statements.
It is important to note that no matter how much testing is done, there is always some sort of risk involved in an audit. The audit risk model is built on concepts, not numbers. It is difficult to quantify risks.
One thing to be aware of is that the model is not a one-time operation. It is continuously updated throughout the audit process. The model is made more specific as the auditor or audit firm learns about the audited entity.
Let’s dive deeper into the model.
Key Takeaways
- The audit risk model assesses the risk involved in conducting an audit.
- The model uses a multiplicative relationship between inherent, detection, and control risks.
- Auditors must keep updating the audit risk equation to obtain the most accurate figures.
- The model uses information from financial statements.
- The main flaw of the model is that it depends on the auditor’s reasoning, so it is subjective.
Financial Statements of audit risk model
There are three main statements analyzed during an audit. These are:
1. Income Statement
An income statement lists the company’s income and expenses. The auditor can see if the firm profited for the fiscal period. Auditors can also provide their opinions to business owners about the information listed on the income statement.
For instance, if the income statement shows a loss for the fiscal period. The auditor may offer their professional opinion to decrease costs.
One benefit to the income statement is how frequently it is published. Other financial documents are generated yearly, while on the other hand, the income statement is either published monthly or quarterly.
This document is unique and important because it provides up-to-date information to stakeholders. Similarly, business owners can address areas for improvement since the income statement brings attention to them.
The income statement highlights which areas the company spends too much for.
2. Balance Sheet
A balance sheet reports a company's assets, liabilities, and shareholder equity at a single point in time.
The general accounting equation is:
Assets = Liabilities + Shareholders’ Equity
Balance sheets follow this equation. It is clear to see if the assets truly equal liabilities plus equity. If they do not, then there is a problem.
Assets can include cash, property, and inventory. Liabilities are rent, utilities, taxes, and wages. Shareholders’ equity includes retained earnings.
Balance sheets can help to determine risk. Since a company’s assets and liabilities are listed, it is easy to see what they owe. Balance sheets answer if the company has enough cash to meet its demands, if its assets are liquid enough, and if it has taken on too many liabilities.
3. Statement of Cash Flows
The cash flow statement is the last financial statement analyzed for an audit. This document spells out what money flows in and out of the firm. The statement can be generated monthly, quarterly, or yearly.
There are three cash flow statements. These are operating, investing, and financing. Each statement is related but unique.
Below are the types of cash flow statements and their exact purpose.
| Type of cash flow statement | Purpose |
|---|---|
| Operating | Shows the cash influx from ongoing, regular business activities; examples of such activities include selling goods and providing services |
| Investing | Shows the cash flux for investing activities; examples of such activities include purchasing assets and making loans |
| Financing | Shows the cash flux for funding the company. Examples of such activities include issuing bonds and repayment of loans |
The statement of cash flows is a great indicator of a company’s financial state.
What Risks Are Considered in Each Cycle?
Before continuing, we need to understand the various risks included in the model. Terminology can help clear up the purpose of the model.
- Inherent Risk
Inherent risk is one of the factors in the model. These include the types of transactions made, the financial practices of the company, and the company’s history.
This is the company's susceptibility to misstatement without internal controls. In other words, this is before considering the internal controls. - Detection Risk
It is the chance that the auditor will not find a risk. This has to do with the auditor’s side of things. - Control Risk
It is a chance that the company’s internal controls will not detect or prevent a misstatement. Regardless of the company’s internal controls, this risk is still present. The company’s internal control environment influences this risk.
Relationship Between Acceptable Audit Risk and Audit Assurance
Acceptable audit risk is the confidence an auditor has that their auditor’s opinion may bring on a misstatement. This is a complement to audit assurance.
If the acceptable audit risk is 10%, then the audit assurance is (100 - 10)% = 90%. The auditor gains 90% audit assurance that the company’s financial statements are free of misstatements.
Let us take a look at the examples of the Audit Risk Model.
1. A firm’s acceptable audit risk is 20%. Their inherent risk is 10%, and their detection risk is 80%. What is the level of their control risk?
Audit risk = Inherent risk * Detection risk * Control risk
0.20 = 0.10 * 0.80 * Control risk
0.20 = 0.08 * Control risk
0.20 / 0.08 = Control risk
Control risk = 2.5 = 250%
2. What is the level of audit risk for a small company that has the following levels of risk: inherent: 50%, control: 3%, detection: 12%?
Audit risk = Inherent risk * Detection risk * Control risk
Audit risk = 0.50 * 0.12 * 0.03
Audit risk = 0.0018 = 0.18%
3. What is the level of audit risk for a small company that has the following levels of risk: inherent: 0.5%, control: 18%, detection: 80%?
Audit risk = Inherent risk * Detection risk * Control risk
Audit risk = 0.005 * 0.80 * 0.18
Audit risk = 0.00072 = 0.072%
Limitations of the Audit Risk Model
Although the audit risk model allows auditors to map out the logistics of an audit, it also has a few limitations. Here are some limitations of this model:
- Being Subjective
This model maps out risk. One of the main drawbacks of this model is that it heavily depends on the auditor’s reasoning. If the auditor cannot judge well, the risk assessment can vary. This makes the audit itself subpar. - Lack of Scope
The risks addressed in this model are inherent, control, and detection risks. This model provides limited insight. The model fails to consider other risks for a business, such as operational and reputational risks. - Risk of Fraud
The fraud estimates reported by the audit risk model are inaccurate. As fraud increases in the economy, this model must also be updated. A risk of fraud should be included. - Resource Constraints
Performing audits requires a lot of time and resources to be expended. Small companies have a tough time obtaining an auditor for a reasonable price. The audit risk model is an extra charge. Thus, these smaller firms cannot afford to have this model performed. - Information Not Complete or Up-To-Date
As with all other audits, information must be provided to the auditor. If a company fails to comply or withholds information, there are legal actions, and the audit risk model will not run as it should. Therefore, incorrect risk assessments will be made.
By understanding how the model is limited, auditors and companies can understand how to mitigate these and still provide the proper risk assessments.
Conclusion
Hopefully, this article helped you understand the audit risk model. Anyone interested in auditing, accounting, or business management should make sure they know this. It is a special model that helps uncover the audit risk.
The model uses the three main financial statements to analyze various risks. The income statement, the balance sheet, and the statement of cash flows. The auditor can then use the model to understand the audit risk and then make their auditor’s opinion.
The model then uses inherent, detection, and control risks to solve audit risks. Keep in mind that the model does not always quantify risk.
While the model poses benefits for the auditor and the business, there are a few drawbacks. These include subjectiveness, lack of scope, the chance of fraud, expenditures of time and resources, and incomplete information.
Businesses should make sure they address each of these so that the model works the best.
Thanks for reading this article. Check out Wall Street Oasis for other articles and courses that can kickstart your career in business.
or Want to Sign up with your social account?