What makes a risk a 'significant risk', and how does that classification change your audit response?
A core Audit & Assurance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
A significant risk is an identified risk of material misstatement for which the assessed inherent risk is close to the upper end of the spectrum — driven by complexity, subjectivity/estimation uncertainty, fraud potential, significant unusual or related-party transactions, or rapid change. Classifying a risk as significant triggers heightened responses: you must obtain an understanding of the relevant controls (whether or not you test them), you generally can't rely on prior-period evidence alone, you design substantive procedures specifically responsive to that risk, and substantive procedures must be performed for each significant risk (controls testing alone isn't sufficient). It also drives more senior involvement, more skepticism, and often becomes a candidate Key Audit Matter. The point is that significant risks get dedicated, tailored, evidence-heavy attention rather than standard coverage.
WHAT INTERVIEWERS LISTEN FOR
- ✓High end of inherent-risk spectrum (complexity, subjectivity, fraud, unusual transactions)
- ✓Must understand related controls
- ✓Substantive procedures specifically responsive; can't rely on prior-period alone
- ✓Drives senior involvement and often a KAM
COMMON MISTAKES
- ✗Treating significant risks with standard procedures
- ✗Relying on controls testing alone
- ✗Not understanding related controls
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Explain the concept of materiality.
- Walk me through the audit risk model.
- Explain the COSO framework.
- Describe how you would plan the audit of a new client.
- What is the difference between 'materiality' and 'performance materiality'?
- What is the difference between a control deficiency, a significant deficiency, and a material weakness?