AUD risk-identification coverage for assertions, inherent versus control risk, fraud risk, and materiality.
This chapter turns client understanding into formal audit risk assessment. The central task is to identify where material misstatements could occur, why they could occur, and how those risks should be documented and prioritized.
Risk-identification questions should be tied to assertions, not answered as general business concerns. A fact only becomes audit risk when it suggests how a material misstatement could occur in a specific account, disclosure, class of transactions, or financial statement assertion.
| Risk element | What to identify first | Common AUD trap |
|---|---|---|
| Accounts, transactions, and assertions | Which assertion is most exposed by the fact pattern. | Naming an account without explaining the assertion at risk. |
| Inherent versus control risk | Whether the risk arises from the item itself or from weak controls. | Blending business complexity and control failure into one vague risk label. |
| Fraud risk | Whether incentive, opportunity, or rationalization changes the audit response. | Treating fraud risk as ordinary error risk. |
| Materiality | Which threshold controls planning, performance, or evaluation. | Discussing risk without connecting it to material misstatement. |
| Step | AUD question to ask | Audit-planning effect |
|---|---|---|
| 1. Start with the account or disclosure | Which financial statement area could be misstated? | Risk assessment must attach to a specific reporting area. |
| 2. Map the vulnerable assertion | Is the concern existence, completeness, valuation, rights and obligations, presentation, or cutoff? | Assertions convert business facts into audit risk. |
| 3. Separate inherent and control sources | Does the risk come from complexity, judgment, fraud pressure, or weak control design and operation? | Distinguishing source helps choose the right response. |
| 4. Consider fraud and materiality | Does incentive, opportunity, rationalization, or threshold significance elevate the risk? | Fraud and materiality determine priority and documentation depth. |
| 5. Link to further procedures | What nature, timing, extent, skepticism, or specialist involvement should change? | Risk identification should drive the audit plan. |
| Checkpoint | Ask before documenting risk | Audit response |
|---|---|---|
| Specific account or disclosure | Which financial statement area could be materially misstated? | Risk assessment must attach to a concrete reporting area. |
| Assertion affected | Is the risk about existence, completeness, valuation, cutoff, rights and obligations, or presentation? | Assertion mapping determines the nature of further procedures. |
| Risk source | Is the risk inherent, control-related, fraud-related, estimate-related, or transaction-specific? | Source affects whether the response is substantive, control-focused, or skeptical escalation. |
| Materiality interaction | Does size, sensitivity, fraud risk, or user impact make the issue significant? | Materiality determines priority and documentation depth. |
| Planned response | What procedure, timing, extent, specialist work, or supervision change follows from the risk? | A documented risk is incomplete unless it changes the audit plan. |