(A fellow forumer/member at PinoyCPA.com PMed me about the relationship of control risk and detection risk and I wanna share it with you guys. Below is my response to her. I hope this will help)
There is an inverse relationship between control risk and detection risk. How? Let me state an example.
Audi is the auditor of Timang Corp. for the period ended December 31, 2010. He prepared the audit program that will guide him in his audit of the said Company. He judged that the audit objectives can be effectively and efficiently be achieved by following the control approach instead of the substantive approach. Control Approach is the audit approach that evaluates the controls over significant accounts in the financial statements being audited. This is usually done by the auditor if he judged, based on his planning and preliminary assessment, that the controls can be relied upon.
Now, his metholody of pursuing an audit with a control approach will definitely involve control risk assessment. Control risk is the risk that internal controls may fail thereby causing a material misstatement in the financial statements. Control Risk is usually classified as low, moderate and high. Control risk is the risk which the auditor cannot control. It is under the control and jurisdiction of the entity. So how do the auditor tackle this issue? What can he do? He can modify the nature, timing and extent of other testing procedures which has an effect in the detection risk.
Detection risk is the risk that a misstatement in the financial statements cannot be detected by the auditor. So if the Detection Risk is high, it means that the auditor is willing to accept higher probabilities that he cannot detect the said misstatements. Why is he willing to do that? Well, it's because he found out that the controls are effective (meaning, control risk is low). Thus, if the Detection Risk is high, control risk is low.
Now, what if the control risk is High? Then, the auditor now assumes a greater responsibility to detect the misstatements that were not captured by the controls (kasi nga control risk is High. meaning, the controls are not operating effectively). By doing so, Detection Risk by the auditor is minimized.
Parang ganito lang yan. Halimbawa meron kang manliligaw. Meron ka ring dalawang bestfriends. Si bestfriend A ay kilala mong mabusisi at may good taste sa mga bagay-bagay (so it means, katiwa-tiwala siya so meron siyang "low" na control risk). Si Bestfriend B naman ay yung tipo ng kaibigan na kunsintidor at hindi very particular sayo (meron siyang "high" na control risk). Kinunsulta mo sila tungkol sa manliligaw mo. sabi ni A, di raw ok sa kanya si manliligaw. pero ok naman siya kay B. So sino ang pniniwalaan mo? most likely si A diba? kasi mas may tiwala ka sa kanya (low controls risk ika nga). so di ka kampante ka kaya di ka willing ka mag-assume ng risk na sagutin si manliligaw (mataas ang detection risk mo kasi careful ka).
Now kung pinakinggan mo si B (na may "high" control risk), medyo alangan ka kasi nga di maganda ang judgment niya sa mga bagay-bagay base sa pagkakakilala mo sa kanya. so willing kang mag-evaluate further (which means mababa ang detection risk na willing kang i-accept).
gets na ba?
No comments:
Post a Comment