Audit risk (also referred to as residual risk) refers to the risk that an auditor may issue an unqualified report due to the auditor's failure to detect material misstatement either due to error or fraud. This risk is composed of inherent risk (IR), control risk (CR) and detection risk (DR), and can be calculated thus:
- AR = IR × CR × DR
IR refers to the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques.
CR refers to the risk that a misstatement could occur but may not be detected and corrected or prevented by the entity's internal control mechanism. Example,control risk assessment may be higher in an entity where separation of duties is not well defined.
DR is the probability that the audit procedures may fail to detect existence of a material error or fraud. While CR depends on the strength or weakness of the internal control procedures, DR is either due to sampling error or human factors.
- Srivastava R.P. & Shafer G.R. (1992) " Belief function Formula for audit risk " Review: Accounting Review, Vol. 67 n° 2, pp. 249–283, for evidence theory applied on audit risk.
- Lesage (1999)" Evaluation du risque d'audit : proposition d'un modele linguistique " Review: Comptabilite, Controle, Audit, Tome 5, Vol. 2, September 1999, pp. 107–126, for fuzzy audit risk.
- Fendri-Kharrat et al. (2005)"Logique floue appliquee a l'inference du risque inherent en audit financier ", Review: RNTI : Revue des Nouvelles Technologies de l'Information, n° RNTI-E-5, (extraction des connaissances: etats et perspectives), November 2005, pp. 37–49, Cepadues editions, for fuzzy inherent audit risk.