Page 27 - Internal Auditing Standards
P. 27

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts





         Nature                Description                                Commentary
         Detection Risk        The risk that the procedures performed     The auditor assesses the risks of material
                               by the auditor to reduce audit risk to an   misstatement (inherent and control risk) at
                               acceptably low level will not detect a     the financial statement and assertion levels.

                               misstatement that exists and that could
                                                                          Audit procedures are then developed to
                               be material, either individually or when
                                                                          reduce audit risk to an acceptably low
                               aggregated with other misstatements.
                                                                          level. This includes consideration of the
                                                                          potential risk of:
                                                                          •     Selecting an inappropriate audit
                                                                                procedure;
                                                                          •     Misapplying an appropriate audit
                                                                                procedure; or
                                                                          •     Misinterpreting the results from an
                                                                                audit procedure.



        Note:  The ISAs define the risk of material misstatement at the assertion level as consisting of two
               components: inherent risk and control risk. Consequently, the ISAs do not ordinarily refer to inherent
               risk and control risk separately, but rather to a combined assessment of the “risks of material
               misstatement.” However, the auditor may make separate or combined assessments of inherent and
               control risk, depending on preferred audit techniques or methodologies and practical considerations.



           CONSIDER POINT

           Many inherent risks can result in both business and fraud risks. Where this occurs, list and assess
           the fraud risk factors separately from the business risk factors. Otherwise it is possible that the audit
           response will only address the business-risk element and not the fraud risk.

           Separating the fraud risk element from a business risk also enables the fraud to be assessed in relation

           to all the other fraud risks identified. This may help to reveal an unusual pattern of events/transactions
           for investigation, or an individual(s) with the motive, opportunity, and rationalization to commit fraud.
           For example, a new accounting system may create potential for errors (business risk), but may also
           provide an opportunity for someone to manipulate financial results or misappropriate funds (fraud risk).



























                                                                                                                   25
   22   23   24   25   26   27   28   29   30   31   32