Audit risk = Control risk x Detection risk x Inherent risk
These elements of the audit risk model are:
Inherent risk. This risk is caused by an error or omission arising from factors other than control failures. This risk is most common when accounting transactions are quite complex, there is a high degree of judgment involved in accounting for transactions, or the training level of the accounting staff is low.
When planning an audit engagement, the auditor must review each of the subsidiary levels of risk to determine the total amount of audit risk. If the risk level is too high, the auditor conducts additional procedures to reduce the risk to an acceptable level. When the level of control risk and inherent risk is high, the auditor can increase the sample size for audit testing, thereby reducing detection risk. Conversely, when control risk and inherent risk are considered to be low, it is safe for the auditor to reduce the sample size for auditing testing, which increases detection risk.