Årgang 18 | Nummer 54 | September 2013
Adapting the Audit Risk Model to Assurance Engagements in General
would seem inappropriate for assurance engagements in general and is only loosely referred to in the realm of operational auditing. The main arguments against adapting the ARM in assurance engagements in general are these: 1. The ARM only applies to financial statement audits 2. The natures of assurance engagements in general are so many facetted that a model covering them all would have to be so abstract, that it would lose its
Af Audit Manager Tobias Zorde, Nordea
meaning. It should be emphasized that argument no. 1 is based upon the misunderstanding, that ISA has ownership of the terminology surrounding the ARM. The validity of ar-
1. Introduction
The Audit Risk Model (ARM) is the pivotal point of the risk based audit methodology. The power of the ARM is that it captures the whole audit process as a function of audit risk in an abstract, general, and simple equation: AR = IR x CR x DR
gument no. 2 must, however, be addressed before any attempts to adapt the ARM to assurance engagements in general are made. The objective of this article is to rid the ARM of the language in ISA pertaining to the audit of financial statements and substitute it with a general assurance vocabulary. The means to do this will be to, firstly, revisit the definition of an audit and, secondly, attempt to break down assurance engagements in to main categories. The reason for identifying main assurance categories is in recognition of argument no. 2. Rather than adapting the ARM to a single version covering all types of engagements, it will be demonstrated how to employ it with regard to the particular type of audit.
The ARM helps us to plan our audit strategy taking into consideration the expected level of provided assurance, the inherent risk of the audit subject matter, and the reliance of the control processes mitigating this risk. Without a proper audit strategy – the audit will almost certainly be inefficient and in worst case – ineffective. In the International Standards of Auditing (ISA), the ARM constitutes the abstract core of the whole framework. The trouble is, then, that the language enveloping the model, found in ISA, is developed particularly in the service of one certain type of audit – namely the audit of financial statements. Thus, at first glance, the model
2. The ARM as Found in the International Standards of Auditing
Let us first take a quick look at how the ARM is employed in the audit of financial statements. The function is defined as follows:
AR (Audit risk) The risk that the auditor expresses an inappropriate audit opinion when the financial statement is materially misstated.
=
IR (Inherent risk) The risk that a material misstatement exists in the financial statement without the consideration of internal control.
X
CR (Control risk) That risk that a material misstatement resulting from the inherent risk will not be prevented, detected and corrected on a timely basis by the entity’s internal control.
X
DR (Detection risk) The risk that the auditor will not detect material misstatement risk. that exist as a result of the inherent
Foreningen af Interne Revisorer | Side 27