Chapter 7

Risk Assessment and Inherent Risk

Concept Check Questions

C7-1 What are the components of the audit risk model?

The audit risk consists of Audit Risk which is the function of Inherent Risk, Control Risk and
Detection Risk. Auditors use this model to help guide them in maintaining, audit risk, the risk
that the auditor expresses an inappropriate audit opinion when the financial statements are
materially misstated, at an acceptably low level. Risk of material misstatement, which consists
of inherent risk and control risk, resides at the client and the auditor assesses this risk in order to
manage detection risk – the only part of the model which the auditor has control.

C7-2 Using the audit risk model, holding all factors equal, what happens to detection risk if
control risk goes up? Why?

If control risk goes down, detection risk goes up. This means that less assurance is required from
substantive testing, i.e., less detection assurance is required. This happens because the auditor is
relying upon internal control and will do tests of controls to provide some of the assurance
required.

C7-3 What is detection risk? Explain how auditors manage detection risk.

Detection risk the risk that the audit procedures will fail to detect material misstatements.
Auditors manage detection risk by adjusting the nature (type of procedure and quality of
evidence), timing (year-end versus interim) and extent (quantity) of their audit procedures
based upon their assessment of RMM.

C7-4 At what two levels does the auditor assess risk of material misstatement? What level of
RMM is the following condition – management is inexperienced in preparing financial
statements?

The risk of material misstatement exists at two levels: the overall financial statement level and at
the assertion level for classes of transactions, account balances, and presentation and disclosures.
Auditing standards require the auditor to assess the risk of material misstatement at each of these
levels and to plan the audit in response to those assessed risks.

Copyright © 2022 Pearson Canada Inc.

7-1
Instructor’s Solutions Manual for Auditing, Fifteenth Canadian Edition

C7-5 What are inherent risk factors and how do they help in the inherent risk assessment?

Inherent risk factors are characteristics of events or conditions that affect the susceptibility to
misstatement, whether due to fraud or error, of an assertion about a class of transactions,
account balance or disclosure, before the consideration of controls. The characteristics
(complexity, subjectivity, change, uncertainty, susceptibility to management bias and other
fraud risk factors) of these events and conditions will help auditors determine the level of
inherent risk at the financial statement level and the assertion level.

C7-6 What are relevant assertions?

A relevant assertion about a class of transactions, account balances or disclosure is relevant

when it has an identified risk of material misstatement. The determination of a relevant
assertion is made before consideration of internal controls.

C7-7 What are significant risks? Are they the same for all organizations? Why or why not?

A significant risk is an identified and assessed risk of material misstatement that, in the
auditor’s professional judgment, requires special audit consideration. Although audit standards
highlight some examples of significant risks and require auditors to consider two specific risks,
risk of revenue recognition fraud and nonroutine related party transactions, each client’s
circumstances are unique and will vary across organizations and can even change over time (as
the client’s circumstances change).

C7-8 How can general rules of thumb and past experience with the client create judgment
traps for auditors’ risk assessments? Provide an example for inherent risk and control
risk assessments.

General rules and past experience with the client may cause the auditors to not be as reflexive in
their reasoning when assessing materiality or various risks. The judgment traps can be
availability or even anchoring. In the case of past experience, this may cause the auditor not to
adjust the audit approach.

C7-9 How is the overall risk response different than the risk response at the assertion level?

The overall risk response relates to managing the risk at the overall financial statement level. In
audits with high overall financial statement level risk, auditors will assign more experienced
staff and have more careful reviews. The risk response at the assertion level refers to the
development of further audit procedures to address the RMM in relevant assertions. As RMM
increases, the auditor will want to gather more persuasive audit evidence.

C 7-10 Define misappropriation of assets and give two examples.

Misappropriation of assets refers to when employees or management have incentives or financial

pressures to misappropriate assets and circumstances provide opportunities for employees or
management to do so. It could involve embezzlement of cash or theft of inventory.

Copyright © 2022 Pearson Canada Inc.

7-2
 Chapter 7: Risk Assessment and Inherent Risk

C7-11 How does brainstorming regarding fraud risk improve auditors’ professional judgment?
Explain how it helps to mitigate potential judgment traps.

Effective brainstorming is meant to overcome potential biases by being open to various points of
view. Also, since it is performed with the audit team, it enhances consultation and provides less
experienced auditors with views from more experienced auditors.

Copyright © 2022 Pearson Canada Inc.

7-3