Audit risk (also referred to as residual risk) as per ISA 200 refers to the risk that the auditor expresses an inappropriate opinion when the financial statements are materiality misstated. This risk is composed of:

• Inherent risk (IR), the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques. The term inherent risk may have other definitions in other contexts.;^[1]
• Control risk (CR), the risk that a misstatement may not be prevented or detected and corrected due to weakness in the entity's internal control mechanism. Example, control risk assessment may be higher in an entity where separation of duties is not well defined; and
• Detection risk (DR), the probability that the auditing procedures may fail to detect existence of a material error or fraud. Detection risk may be due to sampling error or non-sampling error.^[2]

Audit risk can be calculated as:

AR = IR × CR × DR^{[clarification needed]}

• Risk-based auditing

• Srivastava R.P. & Shafer G.R. (1992) " Belief function Formula for audit risk " Review: Accounting Review, Vol. 67 n° 2, pp. 249–283, for evidence theory applied on audit risk.
• Lesage (1999)" Evaluation du risque d'audit : proposition d'un modele linguistique " Review: Comptabilite, Controle, Audit, Tome 5, Vol. 2, September 1999, pp. 107–126, for fuzzy audit risk.
• Fendri-Kharrat et al. (2005)"Logique floue appliquee a l'inference du risque inherent en audit financier ", Review: RNTI : Revue des Nouvelles Technologies de l'Information, n° RNTI-E-5, (extraction des connaissances: etats et perspectives), November 2005, pp. 37–49, Cepadues editions, for fuzzy inherent audit risk.

• A technical explanation of this term can be found in International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants