Types of Audit Risks and Their Sources
Audit risk refers to the possibility that a material misstatement is present in the financial statements of the company even though an auditor from an audit firm in Johor Bahru has assessed and audited those statements.
In other words, audit risk is the risk that the company’s financial statements are not presenting its actual financial position or the management has an intention to cover the facts although the audit opinion has stated that those financial statements do not contain any material misstatement (Also see Types of Audit – Financial Statement Audit). This risk may have an impact on the prospective investors, creditors, as well as shareholders.
There are three common types of audit risks, which are detection risks, control risks and inherent risks.
Detection risks
This means that the auditor fails to detect the misstatements and errors in the company’s financial statement, and as a result, they issue a wrong opinion on those statements. As an instance, the auditors failed to determine the continual misreporting of the company’s financial statements.
Sources of detection risks:
- The auditors did not choose the correct sample size (Also see Introduction to Audit Sampling)
- The auditors did not understand the complexity and the business conducted by the company
- The auditors did not engage and communicate well with the company’s management.
- The auditors did not plan the audit well and have chosen inappropriate audit procedures (Also see Audit Procedures for Small Businesses)
Control risks
This type of risks refers to the risks of misstatements and errors in the company’s financial statements as the company fails to manage its internal controls well. As an instance, the management was unable to control and prevent unauthorised staff from carrying out those transactions in the first place.
Sources of control risks:
- The management failed to make sure that there is proper segregation of duties between the staff who has their responsibility in financial reporting
- The management was unable to inculcate efficient and proper internal controls in financial reporting
- The management did not implement the culture of appropriate filing and documentation (Also see Introduction to Audit Documentation) in the company
Inherent risks
This is the risks that both the management and the company could not prevent due to some uncontrollable factors, and the auditors did not find them in the audit. For example, the transactions that involve high-value cash amount will bring higher inherent risks
Sources of inherent risks
- The auditors are unable to identify the risk as the transactions require a high level of judgement
- There is a high possibility for a company that has misreported some of the data to repeat the mistakes again
- The industry that the company is in will experience technological developments frequently, and this makes the company face the risks of technology obsolescence
- The business transactions of the company are complicated, and they involve derivative instruments