Detection risk is one of three elements that comprise audit risk, the other two being inherent risk and control risk. Detection risk is the chance that an auditor will not find material misstatements relating to an assertion in an entity’s financial statements through substantive tests and analysis.
Detection risk is the risk that the auditors’ procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, either individually or when aggregated with misstatements in other balances and classes.
According to International Standards on Auditing, detection risk is defined as “the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.”
In simple words, detection risk is the risk that material misstatements will escape auditor’s procedures that he has applied to detect material misstatements.
This is the component of audit risk that the auditors have a degree of control over, because, if the risk is too high to be tolerated, the auditors can carry out more work to reduce this aspect of audit risk, and therefore audit risk as a whole.
It is the responsibility of the auditor to reduce detection risk to an acceptably low level, which means that only by lowering the detection risk auditor can reduce audit risk where audit risk means the risk that auditors may express an inappropriate audit opinion.
Exhaustive substantive tests and analysis may reduce the level of detection risk.
Detection risk also depends on the quality of auditors, the lower the quality of the auditor, generally the higher the detection risk. Detection risk may also be higher in regions where regulatory bodies are relatively ineffective.
Planned detection risk is determined based on the relationships expressed in the following model:
The model shows that for a given level of audit risk (AR) specified by the auditor, detection risk (DR) is inversely related to the assessed levels inherent risk (IR) and control risk (CR).
When used in the planning phase to determine planned detection risk, CR represents the planned assessed level of control risk specified as the first component of the preliminary audit strategy.
Determining Detection Risk
It is management who is responsible for managing business risk, and it’s reducing its effects in that it increases the inherent risk of misstatements that may corrupt financial information.
As it is one of the duties of the management to provide true and fair financial statements to its users; for this purpose, management is responsible for implement an internal control system of the entity.
However, we must recognize that the inherent risk cannot be eliminated, and also internal control system also has its limitations; therefore, even in the presence of relevant controls, material misstatements may still exist.
However, an auditor is not responsible for:
- Business risk as he is not involved in running the business.
- Inherent risk is the responsibility of the management to implement internal controls to minimize inherent risk.
- Control risk as it is the responsibility to maintain an internal control system in such a state that it can perform efficiently and effectively.
But if these risks are not catered properly, then the financial statement may be materially misstated. More material misstatements mean more chances of giving an inappropriate opinion by the auditor.
Thus the only solution left to the auditor is detecting such misstatements by himself by applying audit procedures designed by himself.
Therefore to reduce audit risk, the auditor has to reduce detection risk, which simply means auditors will have to be stricter about misstatements.
Due to the same reason detection risk is considered to be part of the function of audit risk which in equation form is usually written as follows;
Audit risk = Risk of material misstatements x Detection risk;
Audit risk = (Inherent risk x Control risk) x Detection risk
Audit risk = (IR x CR) x DR
If the risk of material misstatements is high, then the auditor will reduce the detection risk by applying more procedures and tolerating fewer and fewer misstatements to go undetected and uncorrected.