Audit Risk may be defined as the possibility of financial misrepresentation, either voluntary or involuntary, being unreported by the auditor. The firm's reputation is put at great risk if unqualified audits are given to firms who undertake financial misrepresentation. Arthur Anderson, a major audit firm, became bankrupt from various litigations in 2002 when it was found the firm was negligent in its audit duties. Audit planning ensures such an event is avoided. Audit Risk Model (ARM) At Dewey, Cheatem, & Howe (DCH), the audit risk is quantified using the Audit Risk Model (ARM). It is not meant to quantify the risk exactly but to give an approximation. The model and its three components are shown below. Audit Risk (AR) = Inherent Risk (IR) x Control Risk (CR) x Detection Risk (DR) Inherent Risk (IR) measures the different risks that can arise from the environment in which the client operates in. Control Risk (CR) measures the risk that material misstatement might not be prevented or detected by internal control procedures. Detection Risk (DR) measures DCH's to conclude no material misstatement exists when, in fact, one does. Sampling and non-sampling risk are its components which are discussed below. Only one of the components has to be close to zero for audit risk to be close to zero. It is imperative to realise that despite the best efforts from the client and auditor, AR cannot be completely eliminated and hence continuous measures need to be taken so as to keep this risk at a minimal level (Griffiths, 2005). It is only the DR that is under the control of the auditor and help with resolving any unsatisfactory outcome of the model. Sampling A sample can be used to assist in planning the allowable audit risk of incorrect acceptance. The tests of control or substantive testing are applied to only particular transactions, which is the sample. From the sample, general conclusions about the entire group of transactions or the account of the client can be made. Sampling is required as it is costly or not realistically possible to obtain audit evidence from the whole population such as the whole account balance. An acceptable AR is assumed and then IR, CR and DT are quantified based on the auditor's judgment of risks. If the sample is adequately large such that it is fairly representative of the population, it can provide satisfactory inferences that are accurate for the whole population. There is always a trade-off between the sampling technique and size of sample with the availability of resources and audit risk of the given client (Lueng et. al., 2011). Therefore, it becomes necessary that the transactions selected should be from amongst those which are at high audit risk. Since the focus of the audit is on scrutinising limited transactions, only those transactions are selected where the underlying audit risk is high through audit procedures (Arens et. al., 2007). Audit Risk Management At the planning stage of the audit, the auditor will assess the IR and CR within the client's organisation to be audited. Once this assessment is made then DR will be managed to ensure that the audit risk is acceptable. For example, if CR is high then DR is set at a lower level to keep the audit risk at an acceptable level which may be achieved by increasing the sample size. Since the DR is composed of sampling risk and non-sampling risk, the auditor should focus on minimising these two. Sampling risk is the probability that the auditor has reached an incorrect conclusion because audit sampling was used rather than 100% examination (ASA/ISA 530.05) whereas non-sampling risk arises from factors, other than sample size, that cause an auditor to reach an incorrect conclusion. Examples include the possibility that the auditor will fail to recognise misstatements included in examined items or the auditor applies a procedure that is not effective in achieving a specific objective. Minimising either sampling risk or non-sampling risk will minimise DR which in turn will resolve an unsatisfactory outcome from the model. The next section will discuss different ways of doing so. Sampling Procedures Broadly, there are two types of sampling procedures, statistical and non-statistical. Please note that sampling risk of a statistical sample can be measured and controlled whereas sampling risk of a non-statistical sample cannot. Three methods will be discussed: random sampling, haphazard sampling and judgement sampling. Random sampling is statistical. Statistical techniques can be used to draw inferences, whereas the other two are non-statistical. Random sampling can be done with a computer or with a random number table. Haphazard sampling involves auditor selecting items for a fairly representative sample at random without using a statistical formula. Judgement sampling is similar to haphazard except that items are picked with the auditor's sound and seasoned judgment. The haphazard sampling does not have any particular selection technique which can allow the sample to have a high chance of being biased. Larger sample size may help reduce the underlying audit risk but it is unlikely (Jones, 1999). A prudent alternative is judgemental sampling since it allows the auditor to select the samples based on the given controls and the fundamental audit risk of the business. This can ensure that audit process is efficient, especially when the auditor has a sound understanding of the client's business and is proficient (Rittenberg, Johnstone & Gramling, 2010). Random sampling ensures each population item has an equal chance of selection. If sample is large enough, it is highly likely to be a fair representation of the given population and is normally easy to employ. To reduce sampling risk, random sampling is the best method. However, non-sampling risk is not mitigated. To reduce sampling and non-sampling risks, it is advised to use judgement sampling. This will reduce DR which will reduce AR and allow the overall audit risk engagement to be below the acceptable limit.