ACCT90014 · Auditing And Assurance Services
Audit Risk and Materiality
An audit cannot give an absolute guarantee — it targets reasonable assurance. The audit risk model is how the auditor turns that target into an evidence plan, decomposing the risk of issuing a clean opinion on materially misstated statements into three multiplied components: AR = IR × CR × DR (inherent risk × control risk × detection risk). Only one of these — detection risk — is in the auditor’s hands; the other two describe the client. Rearranged, DR = AR / (IR × CR), which gives the exam’s key reflex: as the risk of material misstatement (RMM = IR × CR) rises, the acceptable detection risk must fall, so the auditor must do more work. Materiality is the other planning lever: information is material if its omission or misstatement could reasonably influence users’ decisions (ASA 320). It is set in planning against a benchmark, drives how much evidence to gather, and at completion decides whether the opinion is modified. Performance materiality sits below planning materiality as a buffer against the aggregation of small misstatements.
What this chapter covers
- 01The audit risk model: AR = IR × CR × DR
- 02What each component means and which one the auditor controls
- 03The inverse relationship: RMM up → acceptable DR down → more evidence
- 04Materiality (ASA 320): the decision-influence threshold
- 05Benchmarks, planning materiality and performance materiality (the buffer)
- 06Worked planning vignette: set materiality, assess IR & CR, derive required DR
- 07Materiality at completion (ASA 450) and the recap
Worked example: using the audit risk model to plan evidence
- +2(a) RMM = IR × CR = 0.9 × 0.8 = 0.72 — a high risk of material misstatement that the client, not the auditor, brings.
- +2(b) Rearrange the model: DR = AR / RMM = 0.05 / 0.72 = 0.069 (about 7%) — a low acceptable detection risk.
- +1(c) A low acceptable DR means the auditor may miss very little, so plan more extensive substantive testing: larger samples, more reliable evidence (external confirmation over internal documents), and timing at year-end rather than interim.
- +1State the principle: the auditor cannot change IR or CR — they describe the client — so the only lever is DR, achieved through the nature, timing and extent of substantive procedures.
Key terms
- Audit risk (AR)
- The risk that the auditor expresses an inappropriate (clean) opinion when the financial statements are materially misstated. Modelled as AR = IR × CR × DR; the auditor sets a low target (e.g. 5%) and plans evidence to achieve it.
- Inherent risk (IR)
- The susceptibility of an assertion to material misstatement before considering controls — driven by complexity, estimation, susceptibility to fraud and the nature of the account. A client characteristic the auditor assesses but cannot change.
- Control risk (CR)
- The risk that a material misstatement will not be prevented or detected and corrected by the entity's internal controls. Assessed by understanding and testing controls; like IR, it describes the client, not the auditor.
- Detection risk (DR)
- The risk that the auditor's own procedures fail to detect a material misstatement. The only component the auditor controls — lowered by more extensive, better-quality and better-timed substantive procedures. DR = AR / (IR × CR).
- Performance materiality
- An amount set below planning materiality to reduce the risk that the aggregate of uncorrected and undetected misstatements exceeds materiality for the statements as a whole. A buffer against the build-up of individually immaterial errors.
Audit Risk and Materiality FAQ
Which component of the audit risk model can the auditor actually change?
Only detection risk (DR). Inherent risk and control risk describe the client — its complexity and its controls — and the auditor assesses them but cannot reduce them. The auditor responds to a high risk of material misstatement (IR × CR) by lowering the detection risk it is willing to accept, through more and better substantive procedures.
What is the inverse relationship and why does it matter?
Rearranging AR = IR × CR × DR gives DR = AR / (IR × CR). Holding the target audit risk fixed, when RMM (= IR × CR) rises, the acceptable DR must fall — the auditor is allowed to miss less, so must gather more evidence. This single reflex answers most planning questions: high-risk client → low acceptable DR → more substantive work.
How is materiality decided?
Materiality is set in planning by choosing a benchmark relevant to users (e.g. profit before tax, total revenue or total assets) and applying a percentage to it, then exercising judgement on qualitative factors. It sizes how much evidence to gather and, at completion, whether uncorrected misstatements require a modified opinion (ASA 320/450).
Why set performance materiality below planning materiality?
Because misstatements aggregate. Several individually immaterial errors can sum to a material total, and the auditor will not detect every error. Setting performance materiality lower than planning materiality builds in a buffer so the aggregate of undetected and uncorrected misstatements is unlikely to exceed overall materiality.
Exam move
Burn the formula and its rearrangement into reflex: AR = IR × CR × DR, and DR = AR / (IR × CR). The exam reflex is the inverse relationship — high RMM forces low acceptable DR forces more substantive work — so practise stating it in one sentence and computing DR from given AR, IR and CR. Be able to say which component the auditor controls (only DR) and why (IR and CR describe the client). For materiality, know the benchmark logic, the planning-vs-completion roles, and why performance materiality sits below planning materiality. Drill the planning vignette: pick a benchmark, set materiality, assess IR and CR with reasons tied to the facts, derive the required DR, and state the evidence consequence.