Equilibrium of the audit risk equation

Assume the audit risk equation (AR = IR x CR x DR) should always be in equilibrium. In other words, assume the left side of the equation should always be in balance with the right side of the equation.

An equilibrium position for the equation that is easy to remember is:

ARLOW = IRMOD x CRMOD x DRMOD,

or simply
LOW = MOD x MOD x MOD.

In order for the equation to remain in equilibrium, there are two rules to remember:

  1. A downward/upward change in the value of one side of the equation is balanced by a change of the same amount and in the same direction on the other side of the equation.

    For example, if IR (or CR or DR) changed from MOD to LOW (one downward movement on the right side of the equation) then the equation could be kept in equilibrium by one downward movement on the left side, that is by one downward movement of AR. Similarly, two upward movements in AR (from VERY LOW to MOD) on the left side of the equation may be balanced by two upward movements in any one of IR, CR or DR, or by one upward movement in any two of IR, CR or DR on the right side of the equation. This is illustrated below:

    LOW = MOD x MOD x MOD (a known equilibrium position)
    VERY LOW = LOW x MOD x MOD (one downward movement by IR balanced by one downward movement in AR)
    MOD = LOW x HIGH x HIGH (two upward movements in AR balanced by one upward movement by each of CR and DR)
  2. A downward/upward change on one side of the equation may also be balanced by a change of the same amount but in the opposite direction on the same side of the equation.

    For example, if IR changed from MOD to VERY HIGH (two upward movements), the equation may remain in equilibrium by CR changing from MOD to VERY LOW (two downward movements) or by both CR and DR changing from MOD to LOW (one downward movement each). This is illustrated below:

    LOW = MOD x MOD x MOD (a known equilibrium position).
    LOW = VERY HIGH x VERY LOW x MOD (two upward movements in IR balanced by two downward movements in CR), or alternatively
    LOW = VERY HIGH x LOW x LOW (two upward movements in IR balanced by one downward movement in each of CR and DR).

All the above equations are in equilibrium. The values that can be assigned to the various factors in the equation are as follows:

Risk factor Possible assigned values #
AR, AR* VERY LOW, LOW, MODERATE.
IR, CR, DR LOW, MODERATE, HIGH
DR* VERY LOW, LOW, MODERATE, HIGH, VERY HIGH
 
# Note that other values may be calculated (e.g. see value for IR of VERY HIGH above) but as they are not considered practical, they not used in practice and thus are not possible assigned values.

Example 1: The auditor has evaluated inherent risk as high, control risk as low and detection risk as low. What is the (achievable level of) audit risk?

Answer:

  1. Start with a known equilibrium position:
    LOW = MOD X MOD X MOD
  2. Change the value of IR to the desired value and then change the value of the unknown variable (in this case AR) to keep the equation in equilibrium.
    MOD = HIGH x MOD x MOD
  3. Change the value of CR to the desired value and then change the value of the unknown variable (which again is AR) to keep the equation in equilibrium.
    LOW = HIGH x LOW x MOD
  4. Change the value of DR to the desired value and then change the value of the unknown variable (which again is AR) to keep the equation in equilibrium.
    VERY LOW = HIGH x LOW x LOW
  5. Thus, given IR = HIGH, CR = LOW and DR = LOW, the achievable level of audit risk (AR) is VERY LOW.

Example 2: The auditor has evaluated the acceptable level of risk (AR*) as very low, inherent risk (IR) as moderate and control risk (CR) as low. If the auditor wishes to achieve an acceptable level of audit risk, what is the acceptable level of detection risk (DR*)?

Answer: If the auditor wishes to achieve an audit risk that is acceptable, then the achievable level of audit risk (AR) must be equal to or less than the acceptable level of audit risk (AR*). In other words, the value of AR* may be substituted for AR in the audit risk equation. Therefore, in the example, AR must also be very low (or lower). Thus, AR, IR and CR are known. The audit risk equation can then be used to determine the maximum acceptable level of detection risk (DR*).

  1. Start with a known equilibrium position:
    LOW = MOD x MOD x MOD
  2. Change the value of AR to the desired value and then change the value of the unknown variable (in this case, DR*) to keep the equation in equilibrium.
    VERY LOW = MOD x MOD x LOW
  3. The value of IR is the desired value, so no change is necessary for IR.
    VERY LOW = MOD x MOD x LOW
  4. Change the value of CR to the desired value and then change the value of the unknown variable (DR*) to keep the equation in equilibrium.
    VERY LOW = MOD x LOW x MOD.
  5. Thus, given AR* = VERY LOW, IR = MOD and CR = LOW, the maximum acceptable level of detection risk (DR*) is MOD.

Problems such as the above may be solved using the procedures described or by reference to the following tables:

Back to glossary

Copyright, Australian Educational Research Pty Ltd. Any person accessing this site agrees to the Terms of Use.