Activity Based Risk Evaluation Model of Auditing

HOME >> FRAMEWORK >> CONTROL TESTING STAGE: EVIDENCE EVALUATION ACTIVITIES

Control testing stage: evidence evaluation:
DR*₃ = AR*₃ / IR₃ x CR₃

ACTIV- ITIES	STAGES
	CA/R	AP	CT	ST	OF
PL	SP	TP	OP	OP	OP
EG	PK	DK	EofO	EofM	CFS
EE	AR1	DR*2	DR*3	AR4	AR5
DM	A/R	AA	CR?	CAB	AO

After the auditor gathers evidence in the control testing stage, the auditor evaluates the evidence, and in particular, arrives at a value for control risk, CR₃. If the auditor becomes aware of new information relating to the previous evaluations of the acceptable audit risk and inherent risk, then this information is used to arrive at values for AR*₃ and IR₃. Otherwise, AR*₃ and IR₃ assume the same values as AR*₂ and IR₂.

The values of AR*₃, IR₃ and CR₃ enable a value for the revised acceptable detection risk to be determined ( DR*₃ = AR*₃ / IR₃ x CR₃).

Thus, for each account balance assertion, the auditor evaluates:

• acceptable audit risk AR*₃.
• inherent risk IR₃.
  Both these evaluations are based on the previously evaluated AR₂ and IR₂ adjusted for information of which the auditor has become aware of any increased or reduced risk. The adjusted risk is evaluated as VERY LOW, LOW or MODERATE for AR*₃ and LOW, MODERATE or HIGH for IR₃.
• control risk CR₃. Again, this is based on the previous evaluation of CR₂ adjusted for any increased or reduced risk based on evidence gathered relating to the effectiveness of operation of controls. In particular, the auditor considers whether the level of control deviations exceeds the acceptable level. If there are no control deviations then, by inference, the control procedures are operating as they are designed to operate. In this case, the CR₃ has the same value as CR₂.

  If the auditor finds an unacceptable level of control deviations, then the auditor will re-evaluate control risk . The more unacceptable deviations found, the higher the value of control risk. Control risk CR₃ is re-evaluated as LOW, MODERATE or HIGH.

• acceptable detection risk DR*₃ . Given (i) that the achievable audit risk AR₃ must be equal to or less than the acceptable audit risk AR*₃, and (ii) the evaluation of each of inherent risk IR₃ and control risk CR₃, the auditor estimates the acceptable detection risk for each account balance assertion. (Refer to the glossary: acceptable detection risk, table.) Values for this level of risk range from VERY LOW to VERY HIGH.

Finally, the auditor considers whether s/he has gathered evidence of sufficient quantity and appropriate quality, based on its relevance and reliability to make a decision as to whether reliance on internal controls should continue. If not, the auditor gathers further evidence. When the auditor considers that sufficient, appropriate evidence has been gathered, the auditor proceeds to the decision as to continued reliance. Refer to the next activity.

Copyright, Australian Educational Research Pty Ltd. Any person accessing this site agrees to the Terms of Use.