Audit Risk Approach and Its Components

Cite this


Before carrying out an audit an auditor should plan effectively so that he/she can seal any loopholes that can allow misstatement in the financial statements. The auditors should ensure sufficient understanding of the internal controls of the firm under investigation (Ramos 3). An audit risk approach indicates that the allowance that the books of accounts could be misstated. Audit risk approach has two components, which includes inherent risk and control risk.

Main body

Inherent risk is the probability that an account balance or class of transaction is misstated either materially, individually or when balanced off against other balances or classes elsewhere disregarding any internal controls (Messier 47, SAS 107 1). It can occur either at the financial statement level or at the account balance or class of transaction levels. Transactions are assessed depending on how complicated they were and further, the need for expertise. If any complex or abnormal transactions were completed in the period, inherent risk is considered (Pickett 34). Assets require consideration due to their being susceptible to loss or embezzlement, especially those that are highly liquid.

In the case of Comptronix Corporation, there were many inherent risk factors present in the audits of the 1989 through 1992. The management of the firm had access to too many books and places that enabled them to misstate and cover up their fraud. They could bypass the process of the audit trail and also access to shipping and invoice documents. The manipulation of the Cost of Goods and the Inventory accounts against the set standards indicates an increase of inherent risk. In auditing, two wrongs do not make up a right. The auditors could manipulate different accounts over the period under audit in order to cover up their wrongs.

Inherent risk was high in the case of Comptronix Corporation due to the undue pressure placed on the management within. They were both formerly employed by a competitor of Comptronix and therefore, were expected to perform based on their experience. Further, the period up to 1988, the company had earned profits hence they were under pressure to maintain the trend during the period under investigation. The management transferred cost from one account to the other that amounted to violation of significant accounting principles (“Auditing Standard No. 13” para. 22).

The loss of a key customer to their competitors SCI in 1989 made the possibility of inherent risk increase. This occurrence was one out of the ordinary and therefore means that the management was under pressure to maintain growth and profits without him (SAS 109 5). In fact, from the case, it drove them to misstate the financial statement and paint a wrong picture of the firm. The company went public after a period of good earning, which provided a possibility of material misstatement in the financial statements (“Auditing Standard No. 12” para 17).

Control risks will always be present in any particular case because of the internal control system’s short comings. The control risks are normally evaluated to be high when the accounting and internal control systems are ineffective or when their effectiveness would not be efficient (SAS 109 1). Tests of control should be established to measure the strength and effectiveness of the internal controls established in a client’s organization. Control risk increases in case there are no supporting documents for transactions carried out by the company. For example, considering Comptronix, the directors refused intentionally to record the sales and purchases journals as it was required by the controls (“Company’s profit data were false,” n.p). Further, when Mr. Medlin destroyed all the shipping and invoice documents to ensure that they were not mailed shows control risks.

Control risk will increase when the controls in place do not leave a trace for the audit to be carried out. This means that in case of a transaction, no one can come back and follow the flow of the same from beginning to the end. There is importance in identifying who actually authorized the transaction and not merely who was responsible for authorizing it. In the case of Comptronix, the two directors, Mr. Shifflett and Mr. Medlin could approve payments without following the normal trail for purchase of assets by accepting only an invoice (“A Comptronix founder, in 1989 suit, says he flagged misdeeds” n.p). This gave room for them to allow cash disbursement using a fake vendor invoice to a junior clerk who did not question anything but simply obeyed by preparing a check.

The board of directors of the firm was not in a position of pointing out, the fraud even though they might have been having prior knowledge of the same. The board consisted of up to 28.6% of inside directors and the rest of the board through external. They had an interest in the company. One of them acted as the outside general legal counsel while the other one had an interest in one of Comptronix’s customers. Such poor controls within the management raised eye brows and contributed to poor internal controls within the board and consequently the company.


Audit risk assessment is an important factor in the preparation and planning of an audit. The different types of risks cover diverse areas as to the probabilities of misstatement of the financial statements are concerned hence making it possible to spot any anomaly. If dubious deal and fraud are to be discovered during auditing are to be discovered, then careful planning and risk assessment must be carried out.

Works Cited

“A Comptronix founder, in 1989 suit, says he flagged misdeeds,” The Wall Street Journal, 1992. Web.

“Company’s profit data were false,” The New York Times, 1992, D-1.

“Auditing Standard No. 12”. Public Company Accounting Oversight Board. n.d. Web. 2011.

“Auditing Standard No. 13”. Public Company Accounting Oversight Board. n.d. Web. 2011.

Messier, Eilifsen, Jr., and Austen. Characteristics of auditor detected misstatements: Evidence from Norwegian audits. Working paper:Georgia State University. 2000. Print.

Messier, W.F. Jr. Auditing & Assurance Services: A Systematic Approach, 2nd ed. New York: Irwin McGraw-Hill, 2000. Print.

Pickett, Spencer. Audit planning: a risk-based approach. John Wiley and Sons. 2006. Print

Ramos, Michael. “Risk-Based Audit Best Practices.” Journal of Accountancy 208.6 (2009): 32,32-37,10. Web.

SAS 109. “Statements on Auditing Standards” American Institute of CPAs. n.d. Web. 2011.

SAS 109. “Statements on Auditing Standards” American Institute of CPAs. n.d. Web. 2011.

Cite this paper

Select style


BusinessEssay. (2022, November 30). Audit Risk Approach and Its Components. Retrieved from


BusinessEssay. (2022, November 30). Audit Risk Approach and Its Components.

Work Cited

"Audit Risk Approach and Its Components." BusinessEssay, 30 Nov. 2022,


BusinessEssay. (2022) 'Audit Risk Approach and Its Components'. 30 November.


BusinessEssay. 2022. "Audit Risk Approach and Its Components." November 30, 2022.

1. BusinessEssay. "Audit Risk Approach and Its Components." November 30, 2022.


BusinessEssay. "Audit Risk Approach and Its Components." November 30, 2022.