Your Ask Joey ™ Answer

What happens if control risk is set too high or too low?

Audit risk is comprised of inherent risk, control risk, and detection risk. Depending on how the audit team assesses control risk, they would set detection risk, which determines the level of substantive testing that should be performed. To assess control risk, the audit team would use attribute sampling to determine if the controls were operating effectively.

Attribute Sampling – Controls Testing

As mentioned above, when an audit team is testing controls, they would perform attribute sampling to understand if the control works or doesn’t work.

The whole point of performing controls testing is to assess control risk. If control risk is high, then the audit team team would conclude that controls are not operating effectively and they will not rely the company’s internal controls. If control risk is low, then the audit team would conclude that controls are operating effectively.

Now there is a risk that the audit team incorrectly assesses the company’s internal controls. They can either deem control risk to be too high or control risk to be too low.

Control risk too high = Inefficient audit: This means that the audit team felt that controls were not designed and operating effectively, so they won’t rely on the internal controls. As a result, the audit team would have to lower detection risk and perform more substantive testing procedures (which costs more time and money). However, since control risk could have been set lower, then the team performed more substantive testing procedures than necessary, which means they essentially over audited.

Control risk too low = Ineffective audit: This means that the audit team felt that controls were designed and operating effectively, so they would rely on the internal controls. As a result, the audit team would increase detection risk and perform fewer substantive testing procedures (which saves time and money). However, since control risk should have been set higher, then that means that more substantive testing should have been performed. Since more performed fewer substantive procedures than they should have, there is a chance that the team won’t identify a misstatement and the audit won’t be effective.


Back To All Questions

You might also be interested in...

  • CECL Excel Workbook

    If you would like to use the Excel workbook that was used to create the Universal CPA lecture on CECL for debt securities, please click the link below to download the Excel workbook: CECL Calculation workbook (Universal CPA Review)

  • Journal Entry for Direct Materials Variance

    Journal Entry for Direct Materials Variance In the current year, Mission Burrito budgeted 6,000 pounds of production and actually used 4,000 pounds. Material cost was budgeted for $5 per pound and the actual cost was $8 per pound. What would the debit or credit to the direct material efficiency variance account be for the current...

  • Understanding Variance Analysis

    Variance Analysis Variance analysis is a method for companies to compare its actual performance vs its budgeted amount for that cost measurement (related to the flexible budget). The differences between the standard (budgeted) amount of cost and the actual amount that the organization incurs is referred to as a variance. By analyzing variances, the company...