Do you easily establish the difference between the Audit Risk Model and its components - Inherent Risk, Control Risk and Detection Risk and the following scenarios?

1. The impact on audit risk when company fails to discover employee fraud on a timely basis because bank reconciliation is not prepared monthly. It means that internal controls are poor. This is a control system that fosters fraud situations.


2. CEO announced to the public that company has committed fraud resulting in profit overstatement and asset overstatemet.


3. Industry in boom arguably lowers audit risk.


4. Car wash industry restricted use of water due to drought. How does it impact the operating capabilities of a going concern from the audit stand point of view?


5. Company has branches in each capital city. These branches electronically report to the head office each month, does the company risk increase? If so, why? One example could be the effects of cyber crime which implies the risk of transactions being intercepted by cyber criminals.

To properly answer these questions one needs to know the difference between these three kinds of risks. A good place will be The Sarbanes-Oxley Act Section 202 Risk Considerations.

For example, regarding the impact on audit risk when a company fails to discover employee fraud on a timely basis because of the lack of bank reconciliations prepared in a timely manner, other factors need to be taken into consideration such as mitigating factors where management monitors bank transactions in a regular basis. Monthly bank reconciliations preserve the integrity of the accounting information, the accuracy of financial information, etc.

Risk can be classified as cathastrofic, major, moderate, minor, or insignificant. Depending of the degree of a risk you implement measures always ensuring that benefits exceed costs. The best way to analyze those scenarios is by writing down a series of circumstances and analizing the risk consequences of each one as stated and, then, weight its overall impact.

An important concept is materiality. Auditors and accountants are concerned with material amounts. It does not matter if the amount is small, for example, US2,000 in a large company is not a material amount, but if it represents assets taken by a manager or someone in a position to steal and conceal, it becomes material, thus, all transactions where that manager was involved should be scrutinized.

The HM Revenue & Customs (HMRC) states that Inherent risk needs to be examined during the planning stage of the assurance event. Inherent risk is the likelihood that, because of the general trader environment, or nature of the trader’s business, an error of significance (i.e. a mis-declaration) might occur. Planning is the foundation of the risk assessment process, to focus officers on the critical areas of an audit.

HMRC further states that Inherent risk may be broken down as follows:

1. Financial stability: the ability of the trader to meet all debts / business viability.


2. Non-compliance: history of compliance / non-compliance.


3. Trader-related risks: type and size of trader, business.


4. Sector risks: Areas operated in, number of locations, complexity of excise duties, taxable supplies made.


5. System-related risks: volume of data, complexity of computer systems and presence of validation checks, software packages used.

Forensic accountants are aware of material weaknesses within organizations which allows them to search beyond financial records when finding facts in an investigation.