According to the article found in Auditing: A Journal of Practice &
Theory, entitled "Inherent Risk and Control Assessments: Evidence on the
Effect of Pervasive and Specific Risk Factors," the concept of assessing
the interdependence of various risks is key to understanding the audit risk
model of component accounting. In this model, risk is not a uniform
concept, but a series of factors. The standards of the model depict each
component risk individually. However, the audit risk model will not
produce proper results unless the components are considered in relation to
The authors posit as a hypothetical example two firms, A and B, with
identical control structures with respect to an audit objectives. If
auditors consider only features of the internal controls as to the basis of
the risks of an audit, then they will assess A and B firm's control risk as
the same. However, to use the risk model properly, the assessed control
risk of firm A should be higher than the control risk of firm B. If there
is inherently a higher probability of more material misstatements in firm A
than in firm B, then the same control structure has a higher risk of
failing to detect and correct misstatements in firm A than in firm B.
(Duensbury, Reimer, & Wheeler, 2002)
One of the problems of the model is that assessing these component
risks interdependently calls for subtle, highly skilled judgment. For
instance, something as psychologically dependant as client factor or
behavior can affect the assessed level of component risk such as "the
aggressiveness of the client firm's management." However, "auditors did
base subsequent risk assessments on the prior risk assessment level, as is
necessary for proper use of the audit risk model. The implication is that
inherent risk need not automatically be set at a maximum (to offset a
possibility that risk components will be assessed independently). ...