Audit Evidence and Documentation
Audit risk is the possibility that the auditors may unknowingly fail to appropriately
modify their opinion on financial statements that are materially misstated.
composed of the possibility that (1) a material misstatement in an assertion about an
account has occurred (inherent risk and control risk), and (2) the auditors do not detect
the misstatement (detection risk).
Detection risk is this second component, the risk that
the auditors' procedures will lead them to conclude that a material misstatement does
exist in an assertion when in fact such misstatement does exist.
All other factors
held constant, audit risk increases with increases in detection risk.
The two components of the risk of material misstatement include inherent risk and
Inherent risk is the risk of material misstatement of an assertion about an
account, class of transaction, or disclosure without considering internal control, and
control risk is the risk that internal control will fail to prevent or detect and correct the
Inherent risk refers to the possibility of a material misstatement occurring in an
assertion assuming no related internal controls.
Accordingly, since it exists
independently of the auditors, the auditors cannot “reduce” inherent risk.
gather evidence that allows them to make an accurate assessment of the existing
involve recurring financial activities recorded in the accounting
records in the normal course of business.
Examples include sales transactions, purchase
transactions, cash disbursements, cash receipts, and payroll transactions.
involve activities that occur only periodically.
Examples include taking
physical inventories, calculating depreciation, and consolidating financial results.
are financial reporting activities that involve creating an
Examples include estimating the allowance for uncollectible
accounts, estimating warranty reserves, and assessing assets for impairment.
Because inherent risk and control risk are a result of characteristics of the client and its
internal controls, auditors assess them.
Because detection risk is a function of the
effectiveness of the audit procedures used to gather evidence, it is restricted to the
appropriate level based on the scope of procedures performed.
of audit evidence is a matter of judgment on every audit, because there
are no firm guidelines on the quantity of evidence necessary in a specific audit.
strength of the client's internal control, the inherent risk of the audit, the levels of
materiality for the audit, and the existence of related-party transactions are among the
factors influencing the auditors' judgment on the sufficiency of audit evidence.
addition, the quantity of evidence needed to support the auditors' opinion varies