Audit risk means the risk that the auditor might give an inappropriate audit opinion that Financial Statements are free from material misstatements when in fact the financial statements are materially misstated.
Audit risk is a function of the risks of material misstatement and detection risk.
Risk of material misstatement may be defined as the risk that the financial statements are materially misstated prior to audit.
ROMM consists of two components- Inherent risk and Control risk.
Audit Risk = Risk of Material Misstatement x Detection Risk
Also, ROMM = Inherent Risk x Control Risk
Hence, Audit Risk = Inherent Risk x Control Risk x Detection Risk
Inherent risk is ‘the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.’
Control risk is ‘the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.’
Detection risk is defined as ‘the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.’