2014A年ACCA学习辅导——F8（2）

RELEVANT TO ACCA QUALIFICATION PAPER F8 AND

　　PERFORMANCE OBJECTIVES 17 AND 18

　　Audit risk

　　Candidates studying Paper F8, Audit and Assurance, are required under the

　　syllabus to: ‘Explain the components of audit risk and explain the risks of

　　material misstatement in the financial statements’.

　　This element of the syllabus has been examined in the last three sessions of

　　Paper F8 – in June 2010, December 2010 and June 2011. However, the

　　performance of candidates has on the whole been unsatisfactory. This article

　　aims to identify the most common mistakes made by candidates as well as

　　clarifying how audit risk questions should be tackled in order to maximise

　　marks.

　　An example question requirement relating to audit risks is as follows:

　　Describe the audit risks and explain the auditor’s response to each risk in planning

　　the audit of XYZ Co.

　　Previously examined risk questions have carried a mark allocation of 10 marks.

　　However, a significant majority of candidates have not passed this part of the

　　question. Common mistakes made include:

　　? providing definitions of the audit risk model, even though this was not

　　part of the question requirement

　　? a lack of understanding of what audit risk is and providing business risks

　　instead

　　? not providing an adequate response to the risk. This needs to be from

　　the perspective of the auditor and not from management’s perspective

　　? a limited range of risks identified, often just focusing on one area such

　　as going concern.

　　Audit risk definitions

　　Audit risk is defined as ‘the risk that the auditor expresses an inappropriate

　　audit opinion when the financial statements are materially misstated. Audit

　　risk is a function of the risks of material misstatement and detection risk’.

　　Hence, audit risk is made up of two components – risks of material

　　misstatement and detection risk.

　　Risk of material misstatement is defined as ‘the risk that the financial

　　statements are materially misstated prior to audit. This consists of two

　　components… inherent risk … control risk.’

　　Inherent risk is ‘the susceptibility of an assertion about a class of transaction,

　　account balance or disclosure to a misstatement that could be material, either

　　2

　　AUDIT RISK

　　NOVEMBER 2011

　　individually or when aggregated with other misstatements, before

　　consideration of any related controls.’

　　Control risk is ‘the risk that a misstatement that could occur in an assertion

　　about a class of transaction, account balance or disclosure and that could be

　　material, either individually or when aggregated with other misstatements, will

　　not be prevented, or detected and corrected, on a timely basis by the entity’s

　　internal control.’

　　Detection risk is defined as ‘the risk that the procedures performed by the

　　auditor to reduce audit risk to an acceptably low level will not detect a

　　misstatement that exists and that could be material, either individually or when

　　aggregated with other misstatements.’

　　Audit risk questions require candidates to identify risks of material

　　misstatements, which include inherent and control risks as well as detection

　　risks.

　　Audit risk model

　　In all three sessions a number of candidates have wasted valuable time by

　　describing the audit risk model along with definitions of audit risk, inherent

　　risk, control and detection risk. Unless the question requirement specifically

　　asks for the ‘components of audit risk’ or ‘a description of the audit risk

　　model’, candidates should not provide definitions of audit risk, inherent risk,

　　control risk or detection risk as no marks are available.

　　Audit risk versus business risk

　　The main area where candidates continue to lose marks is that they do not

　　actually understand what audit risk relates to. Hence, they frequently provide

　　answers that consider the risks the business would face or ‘business risks’,

　　which are outside the scope of the syllabus. There are no marks available for

　　business risks.

　　Business risks are defined as ‘a risk resulting from significant conditions,

　　events, circumstances, actions or inactions that could adversely affect an

　　entity’s ability to achieve its objectives and execute its strategies, or from the

　　setting of inappropriate objectives and strategies’.

　　Risks must be related to the risk arising in the audit of the financial statements

　　and should include the financial statement assertion impacted. Therefore,

　　audit risks should be related back to relevant assertions.