[Anonymous]

If so, which component? IR or CR? Why?

[sdguy]

Hey. I don't fully understand your question, but really the answer would be neither. But rather, Detection Risk.

-Detection Risk is the risk that an auditor will not detect material misstatements due to fraud or error.

-Inherent risk is more environmental circumstances, industry, going concern, etc. Things an auditor can not control.

-Control risk is the absence or failure of internal controls. So a small company with no / limited segregation of duties.

AUD: 83
FAR: 77
REG: 86
BEC: 86

[Anonymous]

I understand what you are saying about DR, the auditor should consider how much risk of fraud he can accept in setting DR and planing the NET.

in other words I'm asking, if the likelihood of fraud is higher than normal, how would that impact the audit risk model? Does this higher level of fraud risk increase audit risk, increase the chance that an auditor will issue the wrong opinion? Or is fraud risk an entirely different element to be considered in planing and performing the audit?

[sdguy]

Ahh okay, I have a better understanding of what you're asking now. I think a “higher risk of fraud” is an element of all of them,

not one by itself. Because the ultimate goal is for the auditor to discover Fraud or material misstatement, which is why they control Detection risk through increasing or decreasing their audit procedures.

But at the same time, if a company has no or limited internal controls, then Control Risk will be higher which leads to a greater chance of fraud (is 1 employee entering, approving, and mailing vendor payments? if so, he could be stealing for himself ie fraud).

The different risk elements of the Risk model formula are there to measure fraud / misstatements. Fraud doesn't just impact one element of risk factor.

Does this help? I'm not an auditor by profession, but have gone through numerous audits and believe I understand it pretty well. Maybe an experienced auditor can chime in.

AUD: 83
FAR: 77
REG: 86
BEC: 86

[Author]

Replies