Walk me through the audit risk model.
A core Audit & Assurance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
Audit Risk = Inherent Risk × Control Risk × Detection Risk. AR is set at an acceptably low level. IR and CR are assessed (cannot be changed). DR is the residual risk the auditor manages through the nature, timing, and extent of procedures. Lower IR/CR = higher tolerable DR = less testing needed.
WHAT INTERVIEWERS LISTEN FOR
- ✓Audit Risk = IR × CR × DR
- ✓AR set at acceptably low level
- ✓IR and CR assessed, not changed
- ✓DR managed via procedures
- ✓Inverse relationship with testing
COMMON MISTAKES
- ✗Confuses DR with overall audit risk
- ✗Thinks IR/CR can be reduced by auditor
- ✗Omits the multiplicative relationship
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Explain the concept of materiality.
- Explain the COSO framework.
- Describe how you would plan the audit of a new client.
- What is the difference between 'materiality' and 'performance materiality'?
- What is the difference between a control deficiency, a significant deficiency, and a material weakness?
- Explain how you determine overall materiality and performance materiality for a new audit client. What factors influence your judgment?