According to International Auditing Standards detection risk is defined as follows:
The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
In simple words detection risk is the risk that material misstatements will escape auditor’s procedures that he has applied to detect material misstatements.
It is the responsibility of the auditor to reduce detection risk to an acceptably low level which basically mean that only by lowering the detection risk auditor can reduce audit risk where audit risk means the risk that auditor may express inappropriate audit opinion.
Understanding this relationship of different risks with each other is vital in understanding the scope of responsibilities of management and auditors.
It is management who is responsible to manage business risk and its reducing its affects in that increase inherent risk of misstatements that may corrupt financial information. As it is one of the duties of the management to provide true and fair financial statements to its users, for this purpose management is responsible for implement internal control system of the entity. However, we must recognize that inherent risk of cannot be eliminated completely and also internal control system also has its limitations therefore, even in the presence of relevant controls material misstatements may still exist.
However, auditor is NOT responsible for:
- business risk as he is not involved in running the business
- inherent risk as it is the responsibility of the management implement internal controls to minimize inherent risk
- control risk as it is the responsibility to maintain internal control system in such state that it can perform efficiently and effectively
But if these risks are not catered properly then financial statement may be materially misstated. More material misstatements means more chances of giving inappropriate opinion by the auditor. Thus the only solution left to the auditor is detect such misstatements by himself by applying audit procedures designed by himself. Therefore to reduce audit risk auditor has to reduce detection risk which simply means auditor will have to be more strict about misstatements. Due to the same reason detection risk is considered to be part of the function of audit risk which in equation form is usually written as follows:
Audit risk = Risk of material misstatements x Detection risk
Audit risk = (Inherent risk x Control risk) x Detection risk
Audit risk = (IR x CR) x DR
Many students might be confused with the phrase that “IF risk of material misstatement is high then detection risk should be low“. I will answer about this confusion in detail in some other answer but for the moment it will be easy if students read this phrase as follows:
If risk of material misstatements is high then auditor will reduce the detection risk by applying more procedures and tolerating less and less misstatements to go undetected and uncorrected.