本帖最后由 samstar123 于 2011-4-2 10:13 编辑
Definition:
The following are extracted from International Standards on Auditing (ISA 400).
Inherent risk: 'is the susceptibility of an account balance or class of transactions to
misstatement that could be material, individually or when aggregated with
misstatements in other balances or classes, assuming that there were no related
internal controls'
Control risk: 'corresponds to the risk that a misstatement that could occur in an
account balance or class of transactions and that could be material individually or
when aggregated with misstatements in other balances or classes, will not be
prevented or detected and corrected on a timely basis by the accounting and internal
control systems'.
The concept of residual risk can be defined as being the risk remaining after the controls put
in place in order to mitigate the inherent risk, and can be summarized as follows:
Residual risk = Gross inherent risk – risk mitigated by control procedures. |