The audit risk against which the auditor and those who rely on his/her opinion require reasonable protection is a combination of two separate risks at the assertion level. The first risk (consisting of inherent risk and control risk) is that balances, classes of transactions, or disclosures contain material misstatements. The second is that
Material misstatements that occur will not be detected by the audit.
Audit risk is a function of the risks of material misstatement and detection risk. Detection risk is the risk that the procedures performed to reduce audit risk to an acceptably low level will not detect a misstatement that exists and could be material individually or combined with other misstatements. The auditor assesses the risk of material misstatement after obtaining an understanding of the entity and its environment, including its internal control. It exists at the overall financial statement level and assertion level. The RMM at the assertion level consists of inherent risk and control risk. Some auditors use a mathematical model based on the relationships of the components of audit risk to arrive at an acceptable level of detection risk. For example, it reflects that the acceptable detection risk has an inverse relationship with the RMMs at the assertion level (AU-C 200 and AS No. 8).