Detection risk is one of three elements that comprise audit risk, the other two being inherent risk and control risk. Detection risk is the chance that an auditor will not find material misstatements relating to an assertion in an entity’s financial statements through substantive tests and analysis.
Let’s understand the meaning of detection risk and learn how to calculate and determine the detection risk.
What is Detection Risk?
Detection risk is the risk that the auditors’ procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, either individually or when aggregated with misstatements in other balances and classes.
According to International Standards on Auditing, detection risk is defined as “the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
In simple words, detection risk is the risk that material misstatements will escape the auditor’s procedures that he has applied to detect material misstatements.
This is the component of audit risk that the auditors have a degree of control over because, if the risk is too high to be tolerated, the auditors can carry out more work to reduce this aspect of audit risk, and therefore audit risk as a whole.
It is the auditor’s responsibility to reduce detection risk to an acceptably low level, which means that only by lowering the detection risk can the auditor reduce audit risk. In contrast, audit risk means the risk that auditors may express an inappropriate audit opinion.
Exhaustive substantive tests and analyses may reduce the level of detection risk.
Detection risk also depends on the quality of auditors. The lower the auditor’s quality, the higher the detection risk. Detection risk may also be higher in regions where regulatory bodies are relatively ineffective.
The formula of Detection Risk – How to Calculate Detection Risk
Planned detection risk is determined based on the relationships expressed in the following model:
The model shows that for a given level of audit risk (AR) specified by the auditor, detection risk (DR) is inversely related to the assessed levels of inherent risk (IR) and control risk (CR).
When used in the planning phase to determine planned detection risk, CR represents the planned assessed level of control risk specified as the first component of the preliminary audit strategy.
Determining Detection Risk
It is management who is responsible for managing business risk, and it’s reducing its effects in that it increases the inherent risk of misstatements that may corrupt financial information.
As it is one of the duties of the management to provide true and fair financial statements to its users, for this purpose, management is responsible for implementing an internal control system for the entity.
However, we must recognize that the inherent risk cannot be eliminated, and the internal control system also has its limitations; therefore, material misstatements may still exist even in the presence of relevant controls.
However, an auditor is not responsible for:
- Business risk as he is not involved in running the business.
- Inherent risk is the responsibility of the management to implement internal controls to minimize inherent risk.
- Control risk is the responsibility of maintaining an internal control system in such a state that it can perform efficiently and effectively.
But if these risks are not catered to properly, the financial statement may be materially misstated. More material misstatements mean more chances of giving an inappropriate opinion by the auditor.
Thus the only solution left to the auditor is to detect such misstatements by himself by applying audit procedures designed by himself.
Therefore to reduce audit risk, the auditor has to reduce detection risk, which simply means auditors will have to be stricter about misstatements.
Due to the same reason, detection risk is considered to be part of the function of audit risk, which in equation form is usually written as follows;
- Audit risk = risk of material misstatements x Detection risk; or,
- Audit risk = (Inherent risk x Control risk) x Detection risk or,
- Audit risk = (IR x CR) x DR
Suppose the risk of material misstatements is high. In that case, the auditor will reduce the detection risk by applying more procedures and tolerating fewer misstatements that go undetected and uncorrected.
