Risk of Material Misstatement


Risk of material misstatement is the risk that financial statements contain material misstatement but the internal control cannot prevent or detect such misstatement. In an audit, it is the combination of inherent risk and control risk.

Likewise, the risk of material misstatement has a great effect on the overall audit strategy that auditors form in the audit. That includes the allocation of resources and the direction of an entire audit process.

Auditors have the responsibility to design suitable audit procedures that can appropriately respond to the assessed risk of material misstatement. In this case, the level of detection risk as well as the amount of audit works that auditors need to perform will depend on the level of risk of material misstatement.

Risk of Material Misstatement Formula

Auditors usually calculate the risk of material misstatement by using the formula as below:

Risk of material misstatement formula

Based on the formula above, the level of risk of material misstatement will depend entirely on the inherent risk and control risk.

Inherent risk is a susceptibility of an account to misstatement. It is directly related to the nature of the client’s business.

On the other hand, control risk is related to the internal control procedures that the client has in place. In this case, control risk is low if the client’s internal control is effective in reducing the risk of material misstatement (i.e. if it can prevent or detect inherent risk).

For example, if the client has strong and effective controls over the inventory account, the level of control risk in inventory will be low. In this case, the overall risk of material misstatement for inventory will be reduced to some extent.

Inherent risk is the risk that could happen before consideration of any internal controls in place. Hence, auditors usually assess the risk of material misstatement by identifying inherent risk first; and then they will assess whether the client’s internal controls can eliminate or reduce the chance of inherent risk from happening.

If they assess that the internal control is effective, auditors usually tick the control risk as low and perform the test of controls in order to obtain sufficient appropriate audit evidence to support their assessment.

Risk of Material Misstatement Example

For example, as auditors, we have a client that sells its products both at its offline stores and on its website. During our audit, its sales on the website reached 30 % of total sales.

What is the risk of material misstatement concerning the sales on the website here?


With the example above, we have the risk of material misstatement that the sale data being processed from the website to the accounting system may be incomplete and inaccurate.

If we breakdown the risk of material misstatement in this example into inherent risk and control risk, we may have the two risks as below:

  • Inherent risk: as there are two separate systems, website and accounting system, there is an inherent risk of incomplete and incorrect data are being processed from website to accounting system.
  • Control risk: the accounting system and client’s website should be properly integrated to ensure the completeness and the accuracy of the sales being processed from the website to the accounting system. There is a risk that the internal control procedure does not work as it was supposed to, leading to the incorrect amount of sales were recorded in the accounting system.