Title: Management of Risks in Audit RISK ANALYSIS AND STATISTICAL SAMPLING IN AUDIT
1Management of Risks in AuditRISK ANALYSIS AND
STATISTICAL SAMPLING IN AUDIT
2The Risk Model Theory and Assumptions
- Control Risk (CR)
- Risk that the internal control systems in an
organization will not be able to detect an error
or material misstatement - Inherent Risk (IR)
- Susceptibility of a class of transactions to
material misstatement or errors - Risk of Occurrence of Error
- Detection Risk (DR)
- Risk that auditors substantive tests will not be
able to detect a material misstatement in the
audited transactions
3Overall Audit Risk (OAR)
- Assurance required from audit procedures
- the maximum risk the auditor is willing to accept
- OAR CR x IR x DR
- OAR defined by the audit institution
- A constant pre-determined quantity
- Objective of the auditor
- assess inherent and control risks in the entity
- design and perform compliance and substantive
tests - to provide sufficient assurance that the product
of the risks identified overall audit risk - solve the equation for DR assessing IR and CR
4Detection Risk (DR)
- DR is actually a combination of
- Analytical procedures risk (AP) Risk that
analytical procedures will fail to detect
material errors - Tests of detail risk (TD) Risk that detailed
test procedures will fail to detect the material
errors - DR AP X TD
- OAR IR X CR X AP X TD
- Auditor exercises professional judgment in
assessing IR, CR and AP and solves the equation
for TD
5Confidence Level
- Detection Risk is closely related to the
confidence that the auditor wishes to obtain from
his substantive tests. - Increased confidence gt Low DR gt more
transactions and balances need to be tested
substantively - Confidence Level 100-Detection Risk
- Detection Risk
- Only risk that the auditor has under his control
- Must be kept low
6Materiality and Audit Risk-I
- Independent of OAR
- Related to VALUE, NATURE and CONTEXT of Error
- Materiality relates to the maximum possible
misstatements/ error - Risk -- concerned with the likelihood of error
- Materiality concerned with extent to which we
can tolerate error
7Materiality and Audit Risk -II
- Auditor to ensure
- Maximum possible error at the desired assurance
level lt Materiality - IR CR gt Expected error rate in the population
- Materiality gt Tolerable error rate in the
population
8Assessment of Risks-I
- Assessment of Inherent Risk
- Depends on nature, complexity and volume of
transactions - Inherent to these activities or sets of
transactions - Risk classified as high, moderate or low
- Possible to assign numerical values to the risk
assessed
9Assessment of Risks-II
- Assessment of Control Risk
- Assesses adequacy of policies, procedures and
systems in the organization - Whether controls are adequate to detect errors
- Expressed either in numerical () or qualitative
(high, medium, low) terms - Assessment of Detection Risk
- Assurance about transactions required from audit
procedures - Risk Assurance Guide
- Sample Size
10Detection Risk Assurance Guide
11Risk Assessment and Sampling
- Statistical Sampling
- The population is a homogeneous group
- There is no bias in the selection of sample items
- Attribute Sampling, Variable Sampling and MUS
- Attribute sampling
- Estimates proportion of items in a population
having a certain attribute or characteristic. - In audit, estimates the existence or otherwise of
an error. - Used to derive assurance about prescribed
procedures/ controls. - Estimates of error (say, vouchers that have
been misclassified) -
12Attribute sampling
- Set upper limit of acceptable error, being still
assured that systems are in place - can only be used in assessment of control risk
- The attribute whether a specific control has
been applied or not applied
13Types of Audit sampling
- Variables sampling
- estimates a quantity
- e.g. amount of sundry debtors shown in the
balance sheet - the underassessment in a tax circle.
14Monetary Unit Sampling
- provides quantitative results and is suited to
most audit situations - More accurate in low level error situations with
a relatively small population, where there are no
negative or zero balances. - PPS or Probability Proportional to Size
- the probability of selection becomes proportional
to the size of a/c - high value items tend to get more weight and
therefore more probability of getting picked up
in any random selection, since
15Sampling Methods
- Simple random sampling
- Systematic random sampling
- Stratified sampling
- CAATs IDEA gt identified audit tests can
directly be applied on the sample elements.
16Audit Assumptions
- Audit works on the principle that higher the risk
involved in the transactions, higher the need for
more extensive checks. - Audit through statistical sampling
- Assessment of Inherent Risk through auditors
knowledge, judgment and application of specific
auditing procedures like analytical reviews etc. - Assessment of Control Risk through Compliance
Testing, done through attribute sampling,
analytical reviews etc. - Design the Sampling Frame for Substantive Testing
determine sampling method, sample size. - Evaluation of results of Substantive Tests and
expression of audit opinion.
17Compliance Testing and Substantive Testing
- Compliance Testing review and evaluate the
effectiveness of internal control systems - Substantive Testing gather evidence on
completeness, accuracy and validity of data. - Sampling Risks of an Auditor
- Sampling Risk in Compliance Testing risk of
over-reliance / under-reliance on controls - Sampling Risk in Substantive Testing risk of
incorrect acceptance / rejection - Selection of appropriate sample size of utmost
importance in minimising risk
18Designing a Sample
- Steps
- Define population and select an appropriate
sampling method attribute, variable, monetary
unit etc. - Determine sample size
- Identify sampling procedure, random, systematic,
stratified etc. - Perform substantive audit tests on the sample
elements - Estimate Population Value of Parameter
- Express audit opinion on the entire population
19Determinants of Sample Size 1. Expected Error
Rate in Population
- Error Rate /Amount in the Population
- mistakes in vouchers /wrong entries in cash
books/stores ledger - unauthorized payments
- cash books not daily checked /physical
verifications not done - Areas of application
- sanctions / propriety / regularity / financial
audit - auditor only wants to confirm if the balance is
correctly stated or not without estimating the
correct balance - The greater the expected error rate, the larger
the sample size for the auditor to conclude - actual error rate lt tolerate error rate.
202. Tolerate Error Rate in Population
- Tolerate error rate / amount
- the maximum error rate the auditor is prepared to
accept when deciding whether his initial
evaluation of the control risk is valid - maximum error rate the auditor is willing to
accept and still conclude that the auditee is
following the procedures properly - tolerable error is limited by the level of
materiality set by the auditor - The lower the tolerable error, the larger would
be the sample size
213. Precision Level
- Precision level
- Difference between the sample estimate and the
actual population value - The auditor to decide the precision to provide in
his estimates - Tolerable Error
- maximum error the auditor is willing to accept
- Maximum (sample estimate precision level).
22Confidence Level
- Confidence level 100- DR ()
- Confidence level
- how certain the auditor is that the actual
population measure is within the sample estimates
and its associated precision level - Occurrence rate
- Population proportion having the error that audit
wishes to test
23Acceptable risk of Over-Reliance
- Risk of under-reliance does not affect the
correctness of the auditors opinion - it only results in increasing his workload
- Over Reliance may lead to wrong audit opinion
- When the degree of reliance in controls is high,
acceptable risk of over reliance is low and vice
versa - May be quantified as 5, 10, 15 etc.
24Estimating Population Value
- If Computed tolerable error Sample estimate
precision lt tolerable error - assurance can be placed by auditor on the system
- If Computed tolerable error gt tolerable error,
- assurance derived from control has to be reduced
- assurance required from substantive tests has to
be increased
25To identify areas of applicability
- A Few Suggested Areas
- Checking correct accountal of expenditure/
receipts - Checking calculations of payment or receipts
- Checking propriety and regularity of expenditure
- Checking interpretation or application of rules
/contract clauses /provisions of tax acts - Checking achievement of objective of expenditure
/ exemption of receipts. - Any other areas to be identified
- Where most / least effective
26Problems, Doubts and Decision Areas
- Audit is primarily a judgmental process
- Statistical sampling cannot be a substitute for
Auditors judgment - At best the two are complementary
27Nature of Population Distribution
- Is it necessary to estimate?
- Assumption of homogeneity-how true?
- Sampling distribution of mean
- normal for large sample
- What about smaller samples?
- For small samples- what distribution (t?).
- Testing for a single attribute (say
classification mistake) - - Binomial/ Poisson distribution?
28To evolve a framework for application -I
- To integrate the risk model of audit with
sampling theory - To identify the population distribution and the
corresponding sampling frame for auditing - To suggest an appropriate sampling method for
selection of sample elements identification of
areas for application of attribute/ variable/
monetary unit sampling - To suggest an appropriate formula for
determination of sample size
29To evolve a framework for application -II
- To evolve an theoretical framework and practical
method for projecting sample results into
population and for estimating the population
value - To suggest ways to minimize audit risk,
especially risks of over reliance and incorrect
acceptance - To suggest a practical way to apply the
theoretical frame in a simple manner
30OUR CONCERNS
- OBJECTIVITY
- RATIONALITY
- SIMPLICITY
- USER FRIENDLINESS
- PRACTICABILITY
- ADAPTABILITY
- LEGALITY
- ASSURANCE