RISK ASSESSMENT AND MATERIALITY
Answers to Review Questions
Audit risk is the risk that the auditor may unknowingly fail to appropriately modify the
opinion on a set of financial statements that are materially misstated.
Engagement risk is
the exposure to loss or injury to professional practice from litigation, adverse publicity, or
other events arising in connection with financial statements audited and reported on.
simple terms, audit risk is the risk that an auditor will issue an unqualified opinion on
materially misstated financial statements, while engagement risk relates to the auditor's
exposure to financial loss and damage to his or her professional reputation.
Inherent risk and control risk differ from detection risk in that inherent risk and control
risk exist independent of the audit.
The levels of inherent risk and control risk are
functions of the client and its environment, and the auditor has little control over these
The auditor can control detection risk through the scope (nature, timing, and
extent) of the audit procedures performed.
Thus, detection risk has an inverse
relationship with inherent risk and control risk.
The audit risk model has a number of limitations.
First, since the auditor assesses
inherent risk and control risk, such assessments may be higher or lower than the actual
inherent risk and control risk that exist for the client. Second, the audit risk model does
not consider the possibility of nonsampling risk (auditor error in assessing risk, choosing
audit procedures, and evaluating results).
Sampling risk refers to the fact that, in many instances, the auditor does not examine 100
percent of the class of transactions or account balance.
Since only a subset of the
population is examined, it is possible that the sample drawn is not representative of the
population and a wrong conclusion may be made on the fairness of the account balance.
Nonsampling risk occurs because an auditor may use an inappropriate audit procedure,
fail to detect a misstatement when applying an appropriate audit procedure, or
misinterpret an audit result.
In understanding the entity and its environment, the auditor gathers knowledge about: (1)
the nature of the entity; (2) industry, regulatory, and other external factors; (3) objectives
and strategies and related business risks; (4) entity performance measures; and (5)
Some examples of conditions and events that may indicate the existence of business risks
Significant changes in the entity such as large acquisitions, reorganizations, or
other unusual events.
Significant changes in the industry in which the entity operates.
Significant new products or services or significant new lines of business.