Introduction Organizations today face several business risks that can have an effect on their financial statements. The audit risk model is a tool that auditors use to help identify those risks. To better understand how the audit risk model can help identify risks, we will examine how the model can be applied to the Coca-Cola Corporation and the limitations of using the model. Components of the Model The audit risk model is composed of the equation, audit risk (AR) equals inherent risk (IR) times control risk (CR) times detection risk (DR).
Audit risk is the risk that the auditor may fail to modify their opinion on misstatements in the financial statements. Inherent risk is the risk of an assertion being made on material misstatements, assuming that there is no problem with related internal controls.
Control risk is the risk that material misstatements could occur in an assertion that are not detected or prevented by the existing internal controls. Detection risk is the risk that the auditor will not detect a material misstatement in the assertion (Messier, 2003, pg. 94).
In the process of assessing the audit ee risk, the auditor must determine the entity’s business risk. This can be done by evaluating the nature of the entity, industry, regulatory, and other external factors, management, governance, objective and strategies, measurement and performance, and business processes (Messier, 2003, pg. 98).
Examples of possible business risks can be found in the Coca-Cola Corporation. Coca-Cola faces different regulatory practices since it has operations in countries outside of the United States. These operations include North America, Africa, Asia, Europe, Eurasia, and Middle East, and Latin America. Another business risk for Coca-Cola is that the nature of the business can be seasonal. The demand for the product can fluctuate from one location to another and may fluctuate over time within a single location. Coca-Cola also acquired ownership or licensing rights to products in Croatia, Argentina, Mexico, and Bahrain in 2004, which create new business risks.
The company also uses two different units of measurement to figure sales. The measurements are gallons and cases of finished products. The difference in measurement can cause errors in measurement, therefore possibly creating another business risk (Coca-Cola, March 4, 2005, pg. 2, 4).
Applying the Model The use of the audit risk model should be applied at the account balance or class of transaction level. There are three steps to applying the model, the steps include setting a planned level of audit risk, determining inherent and control risk, and solving the risk equation in order to determine the appropriate level of detection risk (Messier, 2003, pg.
95).
The first step, setting a planned level of audit risk, may be done in quantitative or qualitative terms. This is done so that at the completion of the audit, the auditor may issue an opinion on the financial statements at an acceptable level of audit risk. The second step, determining inherent and control risk may be done together or separately since they are considered the audit ee’s risks. These risks are the entity’s business risks and the risks that the financial statements may contain material misstatements due to error or fraud. The third and final step, determine the level of detection risk, is determined by completing the equation, AR = IR x CR x DR.
Once the level of detection risk is determined, the auditor plans the audit process in a manner that will reduce the level of audit risk to an acceptable level (Messier, 2003, pg. 95-96).
Limitations of the Model Since the assessment of inherent and control risk can be imprecise, the audit risk model should be used only as a tool to plan the audit. Another limitation is that the model figures the components of risk separately, but in reality, one component may be a function of another. For example, the risk of material misstatement, or inherent risk, may be a result of the entity’s internal controls, or control risk.
Furthermore, since the auditor assesses the component risks, the actual risks may be higher or lower than the auditor’s assessment. The model also does not take into account the risk of non sampling. (Messier, 2003, pg. 95-96, 116).
Conclusion The audit risk model is a good tool for auditors to use when planning the audit of an entity’s financial statements. The model allows the auditor to estimate the amount of audit risk associated with the audit engagement.
The auditor may then plan how to proceed with the audit in a fashion that will reduce the amount of audit risk. The model has limitations that make it necessary that it is used only as a tool for the auditor to use in the planning of an audit. References Coca-Cola Corporation. (March 4, 2005).
2004 Annual Report on Form 10-K. Retrieved May 16, 2005 from web 10 K 2004.
pdf. Messier, William F. (2003).
Auditing and assurance services: A systematic approach (3 rd ed. ).
Burr Ridge: Irwin/McGraw-Hill..