Breadcrumb

What Is an Audit Risk Model?

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedNov 20223 min read

Audits are an essential component of accounting, but they carry some element of risk. The audit risk model helps assess this level of risk, making it a useful tool to employ during the planning stages of any financial audit. In this guide, we’ll break down the audit risk model formula, describe its elements, and give an example of how it works.

What is an audit risk model?

The main job for any auditing team is determining that a company’s financial documents are accurate. Before beginning the process, they use a tool called an audit risk model to evaluate any risk that might be part of performing this audit. So, what is an audit risk model? It’s a formula that weighs and manages the risks associated with evaluating each financial document. By using this model, the auditor can determine the type of evidence they’ll need for each assertion made, all based on potential risk.

Audit risk models are used during the planning stages of an audit to help the team determine which procedures make the most sense. During the audit process, they’ll go through the accounts and transactions listed on a company’s income statement, balance sheet, and cash flow statement. It’s important to keep in mind that these financial statements aren’t always complete or accurate. Outlining potential risks using an audit risk model helps you minimize issues like material misstatement and others.

How to apply the audit risk model

There are many ways to apply the audit risk model. Before running the formula, auditors will need to study the client’s business, including its daily operations and financial reporting procedures. They’ll also need to look at external factors like government policy and market conditions, as well as financial performance and management strategies. Auditors will also look at the client’s internal controls and risk mitigation procedures during this evidence gathering process. With a greater understanding of the controls and procedures put in place, auditors can then pinpoint the areas where risks are higher.

How to use the audit risk model formula

With evidence gathered, it’s time to apply the model. This involves a simple audit risk model formula:

Audit Risk = Control Risk x Detection Risk x Inherent Risk

Control risk describes the risk of material misstatements falling through the cracks of a client’s internal control systems. This could lead to undocumented asset losses, where financial statements show a profit when there should be a loss.
Detection risk describes the possibility of audit procedures not detecting material misstatement. In other words, the audit is completed without picking up these errors.
Inherent risk is higher when clients engage in unusual or complex transactions. Risk increases if the client records transactions outside of their usual scope, or relies heavily on estimates during the accounting process. It applies to any error or omissions appearing for reasons aside from control failures.

These three risks are multiplied together to calculate overall audit risk, or the risk of an auditor drawing inaccurate conclusions.

Audit risk model example

We can see what the formula above looks like in practice with this audit risk model example.

Imagine that a financial consulting firm has an acceptable audit risk of 5%. An auditing team has determined that the level of inherent risk is 90%, while the control risk is assessed to be 40%.

0.05 = 0.90 x 0.40 x Detection Risk

To calculate detection risk, we can change the formula around to:

Detection Risk = 0.05 / (0.90 x 0.40)

Detection Risk = 0.14

The conclusion of the audit risk model is that there’s a planned detection risk of 14%, meaning that the auditor needs to manage risks to ensure the risk of detecting material misstatements falls to below this level.

What are some limitations of the audit risk model?

The audit risk model formula is undoubtedly a useful tool. However, there’s some level of detection risk involved with every audit due to its inherent limitations. This includes the fact that financial statements are created with a standard range of acceptable numerical values. They’re also subject to human error.

Auditors don’t always have full access to a company’s financial statements. There’s always a risk of fraudulent or incomplete information being given, which means an auditor cannot say with 100% certainty that their opinions will be correct. It’s also impossible to gather all relevant evidence, as auditors are bound by cost and time restrictions during the initial stages of an audit.

Your business can minimize risk by automating accounts with tools like three-way matching and bank reconciliation. Accounting software like Xero cuts down on the human error element of audit risk, saving time and money. GoCardless integrates with over 350 partners, recording transactions at the point of payment to improve accuracy and streamline the accounting workflow.

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.