Audit risk

Hello. This is the fourth of our talks about auditing. David Hay from the University of Auckland. Today, we're talking about audit risk and the audit risk model. How do auditors know what areas to concentrate on? Previously, we talked about assertions and materiality, and how the list of assertions gives them a checklist of what areas to look at. Materiality helps them decide what areas are important to concentrate on. But auditors do a lot more than that in focusing their work. What they do is take account of the risk, and particularly business risk. That's the type of auditing that we do these days. In previous centuries, other types of auditing might have been done concentrating on systems, for instance, concentrating on the balance sheet.

Now, auditing is pretty much universally done with the audit risk model, risk-based auditing, taking into account business risk. The auditing standards are designed that way. If anyone asks you what sort of auditing we're talking about, you can tell them risk-based auditing. We're looking at business risk, and we're looking at other risks related to accounting.

The audit risk model takes account of the different types of risk that auditors need to consider, risks that might affect the financial statements and planning the audit. The audit risk model is really saying there's an overall audit risk. It's the risk of getting the audit wrong, it's defined as issuing an inappropriate opinion, saying that the financial statements are not materially misstated when they really are misstated. The risk is that they really are materially misstated, and they issue the wrong opinion. We say the financial statements are fine when they're not fine. There's something wrong with them. How could that happen? It's because one of the risks in the audit risk model has occurred. The audit risk model is a very simplified equation that takes into account the factors that affect audit risk. The audit risk is that of getting the opinion wrong, and it's affected by inherent risk, control risk, and detection risk. Those are the three factors that we look at. Those three factors all interact with each other. We want to keep our audit risk down to a low, manageable level, if one of the other risks changes, we've got to make some adjustments to take account of that. Let's go through these risks. Inherent risk. Inherent risk is the first one.