What Is Detection Risk?
Detection risk is the chance that an auditor will fail to find material misstatements that exist in an entity's financial statements. These misstatements may be due to either fraud or error. Auditors make use of audit procedures to detect these misstatements, but because of the nature of these procedures, some detection risk will always exist. For example, sometimes auditors take a sample of a certain type of company transaction because examining every transaction is impractical. Increasing the sample size can reduce detection risk, but some risk will always remain. Detection risk is one of the three elements that comprise audit risk, the other two being inherent risk, and control risk.
- Detection risk occurs when auditor misses material misstatements in financial statements.
- Detection risk, inherent risk, and control risk comprise audit risk.
- Auditors must implement correct audit procedures to avoid detection risk.
Understanding Detection Risk
Detection risk can occur at unacceptable levels when an auditor fails to implement the correct audit procedures or implements the right procedures incorrectly. It’s important for auditors to assess both control and inherent risk and then assign detection risk to bring the total audit risk to an acceptable level. However, it’s unlikely that an auditor can eliminate detection risk entirely, simply because most auditors will never examine every single transaction in a financial statement. Instead, auditors should aim to keep detection risk at an acceptable level.
The three main components of detection risk include 1) applying an audit procedure incorrectly, for example, when an auditor applies the wrong ratio to the procedure of using ratios to evaluate the face value accuracy of an account balance; 2) choosing an audit testing method that isn’t right for the type of financial account being audited, for example, testing for accuracy of the invoice rather than occurrences of particular sales; and 3) misinterpreting the results of the audit, or just evaluating the results wrongly.
A common mistake that auditors make is to conclude that a detected misstatement is trivial. Sometimes a misstatement that is trivial in one unit of a company may become material when aggregated over multiple business units, making a significant impact on the company's financial statements. Detection risk may be higher in regions where regulatory bodies are relatively ineffective.
Audit procedures used to minimize detection risk include:
- Classification testing: Used to determine whether transactions were classified correctly.
- Completeness testing: Used to examine if any transactions are missing from the accounting records. An auditor may review a client's bank statements, for example, to determine if payments to suppliers were not recorded.
- Valuation testing: Used to test whether the value of the assets and liabilities on the company's books are accurate.
- Occurrence testing: Used to determine whether recorded transactions have actually occurred. This test could involve examining specific invoices listed on the sales ledger as well as customer order and shipping documentation.
Example of a Detection Risk
An example of detection risk during a common audit procedure might involve investigating whether invoices listed in the accounts payable actually haven’t yet been paid. You implement the procedure and accurately determine that the accounts payable balance contains no misstatements. However, you forget to test for the segregation of duties between the person who updates the vendor files in which these invoices are recorded as paid and the person who processes the payments. This causes you to interpret the results incorrectly and increases your detection risk.