This study introduces strategic elements into the audit risk model, which is widely used in practice, through a game-theoretic model between managers and auditors. In the economic model used in this study, managers who have engaged in fraudulent financial reporting determine the probability of investing concealment effort to hide such fraud. The manager's concealment effort can affect the auditor's audit planning in two ways: one is that it can distort the auditor's assessment of control risk, and the other is that it can affect the detection probability in substantive audit procedures. The auditor evaluates control risk and determines the scope of substantive procedures by considering these managerial strategies. One important finding of this study is that the strategy in which the auditor relies on internal controls to conduct the audit—that is, the strategy of assessing control risk and designing substantive procedures according to the level of control risk—is more efficient than the strategy of not relying on internal controls. Second, according to the audit risk model based on decision theory, when control risk is high, the scope of the audit should be expanded, and when control risk is low, the scope of the audit can be somewhat reduced. However, in a game-theoretic model that considers strategic elements, the above assertion does not always hold. When the probability that the auditor fails to correctly assess control risk due to the manager's concealment effort increases, situations may arise where the scope of the audit should actually be expanded when the assessed control risk is low. This result suggests that there are problems with the audit risk model that mechanically links control risk assessments and target detection risk to establish audit plans. Finally, through comparative static analysis, this study analyzed the effects of various exogenous variables included in the economic model on the equilibrium strategies of the auditor and manager. The results showed that the magnitude of the probability that control risk is incorrectly assessed due to the manager's concealment effort does not affect the probability of the manager investing concealment effort, and that the marginal cost of auditing borne by the auditor and the expected cost of audit risk differentially affect the scope of substantive auditing depending on the assessed control risk.