Ask Joey ™ a Question

What happens if control risk is set too high or too low?

Audit risk is comprised of inherent risk, control risk, and detection risk. Depending on how the audit team assesses control risk, they would set detection risk, which determines the level of substantive testing that should be performed. To assess control risk, the audit team would use attribute sampling to determine if the controls were operating effectively.

Attribute Sampling – Controls Testing

As mentioned above, when an audit team is testing controls, they would perform attribute sampling to understand if the control works or doesn’t work.

The whole point of performing controls testing is to assess control risk. If control risk is high, then the audit team team would conclude that controls are not operating effectively and they will not rely the company’s internal controls. If control risk is low, then the audit team would conclude that controls are operating effectively.

Now there is a risk that the audit team incorrectly assesses the company’s internal controls. They can either deem control risk to be too high or control risk to be too low.

Control risk too high = Inefficient audit: This means that the audit team felt that controls were not designed and operating effectively, so they won’t rely on the internal controls. As a result, the audit team would have to lower detection risk and perform more substantive testing procedures (which costs more time and money). However, since control risk could have been set lower, then the team performed more substantive testing procedures than necessary, which means they essentially over audited.

Control risk too low = Ineffective audit: This means that the audit team felt that controls were designed and operating effectively, so they would rely on the internal controls. As a result, the audit team would increase detection risk and perform fewer substantive testing procedures (which saves time and money). However, since control risk should have been set higher, then that means that more substantive testing should have been performed. Since more performed fewer substantive procedures than they should have, there is a chance that the team won’t identify a misstatement and the audit won’t be effective.


You might also be interested in...

  • How can variable sampling risk impact the efficiency or effectiveness of an audit?

    Audit risk is comprised of inherent risk, control risk, and detection risk. The level of substantive testing that the audit performs is based on detection risk, which is set after the audit team assesses inherent risk and control risk. Variable Sampling – Substantive Testing When the audit team is performing substantive testing, they will use […]

  • What is business intelligence?

    In general, business intelligence is the strategy and technology used by a company to analyze their data. There are a number of difference functions that fall under the business intelligence umbrella. These include analytics, data mining, processing mining, use of dashboards, etc. The biggest problem most companies face is that they have a ton, and […]

  • How can visual learning help me prepare for the CPA exam?

    Recent studies have estimated that over 65% of students prefer visual learning. So if that is the case, why hasn’t visual learning been used for CPA exam prep before Universal CPA Review came along? That is the question we asked, and that is why Universal CPA Review was created. Traditional Method vs Visual Learning Method […]