How to Assess Detection Risk in an Audit
Detection risk occurs when you don’t use the right audit procedures or you don’t use them correctly. You assess inherent and control risk and then solve your audit risk equation by assigning detection risk to reduce your audit risk to an acceptable level. Keep in mind that you can never completely eliminate detection risk because you’ll most likely never look at each and every transaction. You’ll always have some risk of a misstatement being missed, but your goal is to keep it to an acceptable minimum.
Here are the three major elements of detection risk:
Misapplying an audit procedure: A good example is when you’re using ratios to determine if a financial account balance is at face value accurate (reasonable), and you use the wrong ratio. I discuss reasonability more in the next section of this chapter.
Misinterpreting audit results: You use the right audit procedure but just flat out make the wrong decision when evaluating your results. Maybe you decide accounts payable is fairly presented when it actually contains a material misstatement.
Selecting the wrong audit testing method: Different financial accounts are best served using specific testing methods. For example, if you want to make sure a particular sale took place, you test for its occurrence — not for whether the invoice is mathematically correct.
Consider an example of detection risk during a common audit procedure. While examining accounts payable, you test to see if the invoices shown in the accounts payable list are indeed not paid. Very good — that’s a correct audit procedure to use for the accounts payable assertion. You correctly implement your audit procedure and make the accurate decision that the accounts payable balance contains no material misstatements.
However, you fail to test for segregation of duties between the employee who processes the payments and the employee who updates the vendor file marking the invoice as paid. This incomplete testing causes you to misinterpret audit results, which increases your detection risk. In other words, you heighten the risk that you’ll fail to recognize or detect errors or fraudulent transactions in the client’s purchasing process.