The Relationship between Materiality and Audit Risk

When planning the audit, the auditor considers what would make the financial statements
materially misstated. The auditor's understanding of the entity and its environment establishes a
frame of reference within which the auditor plans the audit and exercises professional judgment
about assessing the risks of material misstatement of the financial statements and responding to
those risks throughout the audit. It also assists the auditor to establish materiality and in evaluating
whether the judgment about materiality remains appropriate as the audit progresses. The auditor's
assessment of materiality, related to classes of transactions, account balances and, disclosures
helps the auditor decide such questions as what items to examine and whether to use sampling and
substantive analytical procedures. This enables the auditor to select audit procedures that, in
combination, can be expected to reduce audit risk to an acceptably low level. There is an
inverse relationship between materiality and the level of audit risk, that is, the higher the
materiality level, the lower the audit risk and vice versa. The auditor takes the inverse
relationship between materiality and audit risk into account when determining the nature, timing
and extent of audit procedures. For example, if, after planning for specific audit procedures, the
auditor determines that the acceptable materiality level is lower, audit risk is increased. The auditor
would compensate for this by either:
 Reducing the assessed risk of material misstatement, where this is possible, and supporting
the reduced level by carrying out extended or additional tests of control; or
 Reducing detection risk by modifying the nature, timing and extent of planned substantive
procedures.

Level of materiality directly affect out acceptable level of audit risk. Audit risk is a combination
of three elements inherent Risk *Control Risk * Detection risk. Audit risk Increases when we set
our material at low level, and Acceptable audit decreases when we set our materiality at higher
level.

Some people may get confused by my above statement let me explain further, Low materiality
mean we need to test more items.

for explanation purpose we set two materiality level 1,00,000, Tk. 2.200,000. In case of
materiality level 1, any error or misstatement individually or aggregated below100,000 will
not accept our judgment (there are some other qualitative matters which may affect
judgment)

The auditors' assessment of materiality and audit risk when evaluating the results of audit
procedures may be different from that at the time of initially planning the engagement. This
could be because of a change in circumstances or because of a change in the auditors'
knowledge as a result of the audit.
For example, if the audit is planned prior to the period end, auditors anticipate the results of
operations and the financial position. If actual results of operations and financial position are
substantially different, the assessment of materiality and audit risk may also change together
with the nature, timing and extent of planned audit procedures. Additionally, auditors may, in
planning the audit work, intentionally set the acceptable materiality level at a lower level than
is intended to be used to evaluate the results of the audit. This may be done to reduce the
likelihood of undiscovered misstatements and to provide the auditors with a margin of safety
when evaluating the effect of misstatements discovered during the audit

Examples of Inherent Risk, Control Risk & Detection Risk

Inherent Risk
For example, the inherent risk in the audit of a newly formed financial institution which has a
significant trade and exposure in complex derivative instruments may be considered to be
significantly higher as compared to the audit of a well-established manufacturing concern
operating in a relatively stable competitive environment.
Control Risk
Assessment of control risk may be higher for example in case of a small sized entity in which
segregation of duties is not well defined and the financial statements are prepared by
individuals who do not have the necessary technical knowledge of accounting and finance.
Detection Risk
For example, sometimes auditors take a sample of a certain type of
company transaction because examining every transaction is impractical. Increasing the
sample size can reduce detection risk, but some risk will always remain. Detection risk is one
of the three elements that comprise audit risk, the other two being inherent risk and control
risk.

One Single Example for Three Definitions

Example
ABC is an audit and assurance firm which has recently accepted the audit of XYZ. During the
planning of the audit, engagement manager has noted the following information regarding XYZ
for consideration in the risk assessment of the assignment:

 XYZ is a listed company operating in the financial services sector

 XYZ has a large network of subsidiaries, associates and foreign branches
 The company does not have an internal audit department and its audit committee does not
include any members with a background in finance as suggested in the corporate
governance guidelines
 It is the firm's policy to keep the overall audit risk below 10%
Inherent risk in the audit of XYZ's financial statements is particularly high because the entity is
operating in a highly regularized sector and has a complex network of related entities which could
be misrepresented in the financial statements in the absence of relevant financial controls. The first
audit assignment is also inherently risky as the firm has relatively less understanding of the entity
and its environment at this stage. The inherent risk for the audit may therefore be considered as
high.

Control risk involved in the audit also appears to be high since the company does not have proper
oversight by a competent audit committee of financial aspects of the organization. The company
also lacks an internal audit department which is a key control especially in a highly regulated
environment. The control risk for the audit may therefore be considered as high.

If inherent risk and control risk are assumed to be 60% each, detection risk has to be set at 27.8%
in order to prevent the overall audit risk from exceeding 10%.

Working

Audit Risk = Inherent Risk x Control Risk x Detection Risk

0.10 = 0.60 x 0.60 x Detection Risk

0.10 = Detection Risk = 0.278 = 27.8%

0.36