What is Audit Risk?

Definition: Audit risk, also known as residual risk, is the chance that financial statements will be issued with materials errors even though they have been reviewed by an auditor and approved.

What Does Audit Risk Mean?

What is the definition of audit risk? This risk consists of three main components: detection risk, control risk, and risk of material misstatement. Detection risk is the threat that the auditor will not detect a miscalculation or misstatement. Control risk is the threat that auditing errors will bypass control. Finally, risk of material misstatement or inherent risk is the chance that the auditor will deliberately conclude that the financial statements are misstated.

Auditors must first evaluate the risk of each individual component to lower the overall risk to an acceptable level. The audit risk formula to calculated: Audit risk = inherent risk x control risk x detection risk.

Let’s look at an example.


Matt is an auditor at company XYZ, and he is asked to review the financial statements of a technology company. His manager has prepared a memo for the consideration of the concerns with the auditing process:

  • The technology company is a leader in the industry with a large network of customers, subsidiaries, and branches.
  • The technology company has its own auditors, but the management suspects control risk.
  • The acceptable level of audit risk for the technology company equal to or below than 8%.

Having a view of the firm’s financial statements, Matt identifies both control risk and inherent risk. The firm’s audit department has not submitted the financial statements to an audit committee, and it is highly likely that several auditing errors have bypassed control. Furthermore, the technology sector is highly competitive and complex, thus putting a lot of pressure on the companies to present strong financial results.

Matt assumes that control risk is 40%, and inherent risk is 30%. If the acceptable level of audit risk for the technology company is 8%, then the detection risk is equal to:

30% x 40% x Y = 8%

12% x Y = 8%

Y = 8% / 12%

Y = 67%

Therefore, the overall audit risk is 30 % x 40% x 67% = 8%

Summary Definition:

Define Audit Risk: Audit risk is the danger that errors or intended miscalculations in the financial statements will not be caught by an auditor before they are issued.