RELEVANT TO ACCA QUALIFICATION PAPER F8 AND
  PERFORMANCE OBJECTIVES 17 AND 18
  Audit risk
  Candidates studying Paper F8, Audit and Assurance, are required under the
  syllabus to: ‘Explain the components of audit risk and explain the risks of
  material misstatement in the financial statements’.
  This element of the syllabus has been examined in the last three sessions of
  Paper F8 – in June 2010, December 2010 and June 2011. However, the
  performance of candidates has on the whole been unsatisfactory. This article
  aims to identify the most common mistakes made by candidates as well as
  clarifying how audit risk questions should be tackled in order to maximise
  marks.
  An example question requirement relating to audit risks is as follows:
  Describe the audit risks and explain the auditor’s response to each risk in planning
  the audit of XYZ Co.
  Previously examined risk questions have carried a mark allocation of 10 marks.
  However, a significant majority of candidates have not passed this part of the
  question. Common mistakes made include:
   providing definitions of the audit risk model, even though this was not
  part of the question requirement
  a lack of understanding of what audit risk is and providing business risks
  instead
   not providing an adequate response to the risk. This needs to be from
  the perspective of the auditor and not from management’s perspective
   a limited range of risks identified, often just focusing on one area such
  as going concern.
  Audit risk definitions
  Audit risk is defined as ‘the risk that the auditor expresses an inappropriate
  audit opinion when the financial statements are materially misstated. Audit
  risk is a function of the risks of material misstatement and detection risk’.
  Hence, audit risk is made up of two components – risks of material
  misstatement and detection risk.
  Risk of material misstatement is defined as ‘the risk that the financial
  statements are materially misstated prior to audit. This consists of two
  components… inherent risk … control risk.’
  Inherent risk is ‘the susceptibility of an assertion about a class of transaction,
  account balance or disclosure to a misstatement that could be material, either
  2
  AUDIT RISK
  NOVEMBER 2011
  individually or when aggregated with other misstatements, before
  consideration of any related controls.’
  Control risk is ‘the risk that a misstatement that could occur in an assertion
  about a class of transaction, account balance or disclosure and that could be
  material, either individually or when aggregated with other misstatements, will
  not be prevented, or detected and corrected, on a timely basis by the entity’s
  internal control.’
  Detection risk is defined as ‘the risk that the procedures performed by the
  auditor to reduce audit risk to an acceptably low level will not detect a
  misstatement that exists and that could be material, either individually or when
  aggregated with other misstatements.’
  Audit risk questions require candidates to identify risks of material
  misstatements, which include inherent and control risks as well as detection
  risks.
  Audit risk model
  In all three sessions a number of candidates have wasted valuable time by
  describing the audit risk model along with definitions of audit risk, inherent
  risk, control and detection risk. Unless the question requirement specifically
  asks for the ‘components of audit risk’ or ‘a description of the audit risk
  model’, candidates should not provide definitions of audit risk, inherent risk,
  control risk or detection risk as no marks are available.
  Audit risk versus business risk
  The main area where candidates continue to lose marks is that they do not
  actually understand what audit risk relates to. Hence, they frequently provide
  answers that consider the risks the business would face or ‘business risks’,
  which are outside the scope of the syllabus. There are no marks available for
  business risks.
  Business risks are defined as ‘a risk resulting from significant conditions,
  events, circumstances, actions or inactions that could adversely affect an
  entity’s ability to achieve its objectives and execute its strategies, or from the
  setting of inappropriate objectives and strategies’.
  Risks must be related to the risk arising in the audit of the financial statements
  and should include the financial statement assertion impacted. Therefore,
  audit risks should be related back to relevant assertions.