In order to express an opinion, auditor needs sufficient appropriate audit evidence. To obtain audit evidence, auditor applies range of audit procedures.
But due to limited time and resources and also to conduct audit efficiently, auditor does not apply audit procedures to the whole population in consideration. Instead, he carefully selects reasonably small proportion, which is called sample, from such population and apply audit procedures on the selected sample and the conclusions drawn from such sample are later used to assess the risk in the whole population. In simple words, in order to understand the whole population, small part (which is representative of whole population) is selected and assessed. And on the basis of assessment of this small part, whole population is judged. This technique i.e. applying audit procedures to less 100% items inside a relevant population is called sampling.
As auditor will NOT assess every item inside population, it is possible that auditor might understand population incorrectly and his decision might have been different if the whole population was assessed instead of just a sample from population. This is sampling risk.
There are TWO kinds of erroneous conclusions that auditor might end up with because of examining less then 100% items:
First Kind: Auditor concluded that matter in hand is too good when in fact its not
- In case of Tests of Controls; auditor concluded that controls are affective where they were not as effective as concluded
- In case of Substantive Procedures (precisely: Test of Details); auditor concluded that material misstatement does not exist where in fact it does exist
If auditor make such mistakes then whole point in auditing financial statements is wasted as auditor has concluded that everything is fine where in fact its not. Therefore, such kind of errors lead to ineffective audits because of inappropriate audit opinion i.e. it affects EFFECTIVENESS of audit.
Second Kind: Auditor concluded that matter in hand is too risky when in fact its not
- In case of Tests of Controls; auditor concluded that controls are less effective where they were not that much ineffective as concluded
- In case of Substantive Procedures; auditor concluded that material misstatement exists where in fact material misstatement does not exist
In such cases, auditor will end up conducting unnecessary additional audit procedures and will later realize on obtaining additional audit evidence that initial conclusions were wrong. This render the audit engagement inefficient i.e. such errors affects EFFICIENCY of audit. However, this usually does not lead to inappropriate audit opinion.
As we understood from the above points that sampling risk can lead to inappropriate audit opinion and thus causes audit risk.
Audit risk is a function of Risk of Material Misstatements and Detection Risk i.e. audit risk is a product of these two separate risks. As use of sampling technique can cause problems in detection of material misstatements i.e. risk that material misstatement might go undetected just because whole population was not subjected to audit procedures, therefore, we can say that sampling risk is a component of detection risk.
You can understand it by imagining a hierarchy, where audit risk is at the top and under that we have risk material misstatement and detection risk and under detection risk we have sampling and non-sampling risks.