• +1 (800) 317-2820
  • +1 (408) 689-8205

Understanding the Audit Risk Model

Written by Risk Management Team on July 5, 2017

Request a Live Demo

Take a Virtual Tour of TotalCompliance

See our product in action with your own private demo. During the 60-minute live demo we cover key functionality plus any detail you want. Pick your date and time now, and let us know what is most important to you.

The cost of an audit can vary greatly, more than four times above the baseline depending on your business structure and your financial practices. And with year-over-year cost increases to audits, the financial setback of a poorly planned audit can greatly affect your bottom line (1, 2).

When an auditor is planning an audit for your company, they utilize the Audit Risk Model to determine how much effort must be expended reviewing your statements to find errors or misstatements. Why is this important for you? Organizations that understand the Audit Risk Model can improve their internal controls and afford greater detection risk, which decreases the auditor’s required effort and overall cost.

We will explore the Audit Risk Model, describe how each component in the model affects the cost of an audit, and describe methods you can implement to decrease your risk moving forward.

How do you break down the Audit Risk Model?

The Audit Risk Model is represented by the following function: Audit Risk = (Inherent Risk) x (Control Risk) x (Detection Risk). The audit risk is the set risk an auditor is willing to take in overlooking a possible error or misstatement during the audit—this number is generally low. The inherent and control risks are assessed before the audit and are driven by company factors like financial practices, business structure, and record keeping. A company with poor practices will demonstrate high inherent and control risk (3).

Once an auditor knows the inherent and control risks of your business, they can go on to calculate the detection risk—which is the risk of not detecting a misstatement. If your organization has high inherent and control risk, then the auditor knows there is a higher risk of misstatements. To reach their acceptable audit risk level, the auditor must lower the detection risk. In other words, they must expend more effort reviewing your financial documentation. And greater effort translates to higher costs (4).

What is the impact of inherent and control risks?

Inherent risk includes errors or omissions in a financial statement due to factors other than a failure of control. One way you can decrease inherent risk is to improve the competency of your accounting personnel. A well-trained and competent bookkeeper with an understanding of accounting rules surrounding transactions reduces the time the auditor must spend identifying and analyzing unusual transactions.

Control risks, on the other hand, represents the probability that a material misstatement exists, caused by a failure during entry. These errors are generally caused by a problem with the organization’s internal control systems failing to detect an error (5).

How do you lower inherent and control risk through policy and procedure compliance?

Overall risk can be decreased by having clean financial records of all events and transactions. By having all organizational information such as bank statements, agreements, and policies and procedures available, you can significantly reduce the time an auditor spends reviewing your business.

How do you ensure high levels of internal control? One way is to maintain a robust set of policies and procedures that are regularly reviewed by your accounting, sales, and management staff. For example, trained staff with a clear understanding of all your transaction policies and procedures help ensure that nothing is omitted.

With TotalCompliance, from ComplianceBridge®, you can import and create thorough documents that can be easily reviewed and approved by various stakeholders. Once each document passes through the appropriate checks, you can publish and notify the respective members of the organization about its existence—all within the platform. These individuals can then go on to view and acknowledge each document as well as take tests of your design (6).

Finally, the robust metrics and reporting tools enable you to quickly gauge your compliance and spot areas requiring your attention. And instead of sending out dozens of individual e-mail reminders, you have a powerful reminder system that automatically sends out regular reminders and even escalates notifications on your behalf.

Interested learning more about how the ComplianceBridge platform can make an impact to your bottom line during an audit? Take a tour.


  1.     Bramwell, Jason. “Survey: Public and Private Company Audit Fees Went Up in 2013.” AccountingWEB. October 03, 2014. Accessed June 21, 2017. http://www.accountingweb.com/practice/practice-excellence/survey-public-and-private-company-audit-fees-went-up-in-2013.
  2.     Allocca, Sean. “Audit Fees Rise Again -.” CFO. December 06, 2016. Accessed June 21, 2017. http://ww2.cfo.com/auditing/2016/12/audit-fees-rise/.
  3.     AmandaLovesToAudit. YouTube. August 19, 2012. Accessed June 21, 2017. https://www.youtube.com/watch?v=ncYYY5xU3Oo.
  4.     “Audit Risk Model Inherent Risk, Control Risk & Detection Risk.” Audit Risk Model | Inherent Risk, Control Risk & Detection Risk. Accessed June 21, 2017. http://accounting-simplified.com/audit/risk-assessment/audit-risk.html.
  5.     “Audit/Review Cost Estimate Calculator.” CROWDFUND CPA – CROWDFUND REVIEWS & REGULATION A AUDITS. Accessed June 21, 2017. http://crowdfundcpa.com/cost-estimate–calculator.html.
  6.     “Powerful Policy Management Software from ComplianceBridge.” ComplianceBridge. Accessed June 14, 2017. http://compliancebridge.com/products/policy-management-software/.

Risk Management Team

The Risk Management Team has decades of experience in risk, audit and assessment in highly regulated industries. We cover risk management news as well as tips and tricks to get your work done more efficiently and effectively.