5.1 Components of audit risk (Inherent, Control and Inherent risks)

Audit risk is the risk that auditors may provide an inappropriate audit opinion on the financial statements, either by failing to detect material misstatements or by making incorrect judgments. Audit risk consists of three components:

1. Inherent Risk:
   • Inherent risk refers to the susceptibility of the financial statements to material misstatement before considering the effectiveness of internal controls.
   • It is influenced by factors such as the nature of the client’s business, complexity of transactions, accounting estimates, related-party transactions, and industry-specific risks.
   • High inherent risk indicates a greater likelihood of material misstatements in the financial statements.
2. Control Risk:
   • Control risk is the risk that internal controls fail to prevent or detect material misstatements in the financial statements.
   • It depends on the effectiveness of the client’s internal controls, including the design, implementation, and operating effectiveness of control activities.
   • High control risk suggests that the client’s internal controls may not be reliable in preventing or detecting material misstatements.
3. Detection Risk:
   • Detection risk is the risk that auditors fail to detect material misstatements in the financial statements during the audit.
   • It is the only component of audit risk that auditors can directly control by designing and performing appropriate audit procedures.
   • The level of detection risk is inversely related to the amount of substantive testing performed by auditors. Higher substantive testing reduces the likelihood of failing to detect material misstatements.

The relationship between these components is expressed by the audit risk model:

Audit Risk = Inherent Risk × Control Risk × Detection Risk