15 Risk Assessment Mistakes CPAs Make

By Charles Hall | Accounting and Auditing

Feb 11

Here are 15 risk assessment mistakes. Have you seen these?

Risk assessment mistakes

  1. Assessing control risk at high with no understanding of internal controls and no walkthroughs (in other words, defaulting to high control risk)
  2. Seeing significant internal control problems, assessing control risk at high, then performing routine audit procedures (and no extended procedures)
  3. Assessing inherent risk too high (resulting in unnecessary responses–audit procedures)
  4. Assessing inherent risk too low (resulting in adequate responses–audit procedures)
  5. Not documenting why inherent risks are assessed as they are
  6. Seeing risks of material misstatement in the performance of risk assessment procedures (e.g., preliminary analytics), but not documenting those on the summary risk assessment form
  7. Adding audit procedures for assertions that are not relevant (wasted hours of work)
  8. Not documenting linkage between the risks of material misstatement by assertion to the planned audit procedures
  9. Failing to document an understanding of the entity and its industry
  10. Assessing control risk below high without the support of a test of controls
  11. Defaulting to a test of details rather than performing a test of controls for effectiveness when the test of details takes more time than the test of controls (not necessarily wrong, just takes more time)
  12. Not identifying significant risks (and not performing needed extended procedures)
  13. Not understanding how weak internal controls affect the risk of material misstatement
  14. Not giving sufficient attention to internal controls because “my controls risk will be assessed at high anyway”
  15. Doing the same-as-last-year without determining if last year’s approach was correct and without determining if new risks of material misstatement are present

Review one of your audit files and see if any of these risk assessment mistakes are present.

Want to understand risk assessment? Check out my risk assessment book on Amazon.


About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty-five years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention, The Why and How of Auditing, Audit Risk Assessment Made Easy, and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles consults with other CPA firms, assisting them with auditing and accounting issues.