What is an Audit Risk Assessment?

Article Details
  • Written By: Mary McMahon
  • Edited By: O. Wallace
  • Last Modified Date: 17 October 2019
  • Copyright Protected:
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
In 2008, Mike Merrill became the first publicly traded person, allowing shareholders to control his life decisions.  more...

October 23 ,  1983 :  Suicide bombers killed nearly 300 US and French military troops in Beirut.  more...

Audit risk assessment is a stage in the audit planning process. During the assessment, an auditor determines the likelihood of audit risk, defined as the possibility of recording an inappropriate opinion on an audit as a result of a misstatement in the financial documents examined. Audit risk assessment is part of the series of controls which are used to manage the integrity of an audit, and to determine when and how audits should be conducted, and by whom.

While many people fear audits from tax authorities, they are actually a valuable tool when used internally. During an audit, a company can identify financial issues such as funds where they shouldn't be, abnormal numbers, signs of fraud or theft, and so forth. Auditing is used to control costs, to ensure that accounting is accurate, and to hold employees accountable for their activities. It can be performed across an entire company, or in specific departments.

Audit risk consists of several components. The first is the likelihood that a material misstatement will be made in financial documents. The second is the risk that the misstatement will not be caught by internal controls, and the third is that the misstatement will not be caught by an auditor. These components are examined during an audit risk assessment to come up with a numerical score which can be used to make decisions about the auditing process.


If the audit risk is high, it may indicate that audits should be performed more frequently, to increase the chance that errors and misstatements will be caught. A high audit risk may also suggest that it may be time to change some of the factors to lower the risk. For example, an auditor could recommend changes to internal controls which would lower the risk by increasing the chances of catching a misstatement internally.

Risk-based auditing is an approach to audit management which is informed by an audit risk assessment. It's important to remember that the assessment is not an audit; the audit still needs to be completed, keeping the findings of the assessment in mind.

In addition to being valuable for internal accounting, regular audits can also be useful from a customer relations standpoint. People tend to trust businesses which perform regular audits more, as auditing demonstrates a commitment to ethical standards. In some regions, internal auditing and transparency in the auditing process may be legally required of companies which wish to be traded publicly.


You might also Like


Discuss this Article

Post 2

Just imagine what it would be like if healthcare clinics and hospitals didn't have an audit system. Our health records would be an open book especially when records were send over the internet.

New laws required healthcare to make big changes. They have to provide a system where a patient's health stays confidential, especially when it is being transferred on the internet. All patients and health workers need a unique I.D.

These changes are great. No one wants their health records exposed.

I'm sure that healthcare places have really complete and thorough audits.

Post 1

I'm all for extensive audits within companies, from outside the company, and government tax audits. If these audits worked like they should, there would be a lot less fraud and misconduct in U.S. companies.

My dad worked for a local community bank. These local banks usually were a part of the community, were ethical, and were respected by the community. I remember my dad saying, "The auditors are coming tomorrow. I think we're all set."

If the company is a public company, they for sure should do complete audits. Even if they aren't public companies, but they deal with the public; they should be required to do audits.

Post your comments

Post Anonymously


forgot password?