Management of Risks in Audit RISK ANALYSIS AND STATISTICAL SAMPLING IN AUDIT

1
Management of Risks in AuditRISK ANALYSIS AND
STATISTICAL SAMPLING IN AUDIT
2
The Risk Model Theory and Assumptions

• Control Risk (CR)
• Risk that the internal control systems in an
  organization will not be able to detect an error
  or material misstatement
• Inherent Risk (IR)
• Susceptibility of a class of transactions to
  material misstatement or errors
• Risk of Occurrence of Error
• Detection Risk (DR)
• Risk that auditors substantive tests will not be
  able to detect a material misstatement in the
  audited transactions

3
Overall Audit Risk (OAR)

• Assurance required from audit procedures
• the maximum risk the auditor is willing to accept
• OAR CR x IR x DR
• OAR defined by the audit institution
• A constant pre-determined quantity
• Objective of the auditor
• assess inherent and control risks in the entity
• design and perform compliance and substantive
  tests
• to provide sufficient assurance that the product
  of the risks identified overall audit risk
• solve the equation for DR assessing IR and CR

4
Detection Risk (DR)

• DR is actually a combination of
• Analytical procedures risk (AP) Risk that
  analytical procedures will fail to detect
  material errors
• Tests of detail risk (TD) Risk that detailed
  test procedures will fail to detect the material
  errors
• DR AP X TD
• OAR IR X CR X AP X TD
• Auditor exercises professional judgment in
  assessing IR, CR and AP and solves the equation
  for TD

5
Confidence Level

• Detection Risk is closely related to the
  confidence that the auditor wishes to obtain from
  his substantive tests.
• Increased confidence gt Low DR gt more
  transactions and balances need to be tested
  substantively
• Confidence Level 100-Detection Risk
• Detection Risk
• Only risk that the auditor has under his control
• Must be kept low

6
Materiality and Audit Risk-I

• Independent of OAR
• Related to VALUE, NATURE and CONTEXT of Error
• Materiality relates to the maximum possible
  misstatements/ error
• Risk -- concerned with the likelihood of error
• Materiality concerned with extent to which we
  can tolerate error

7
Materiality and Audit Risk -II

• Auditor to ensure
• Maximum possible error at the desired assurance
  level lt Materiality
• IR CR gt Expected error rate in the population
• Materiality gt Tolerable error rate in the
  population

8
Assessment of Risks-I

• Assessment of Inherent Risk
• Depends on nature, complexity and volume of
  transactions
• Inherent to these activities or sets of
  transactions
• Risk classified as high, moderate or low
• Possible to assign numerical values to the risk
  assessed

9
Assessment of Risks-II

• Assessment of Control Risk
• Assesses adequacy of policies, procedures and
  systems in the organization
• Whether controls are adequate to detect errors
• Expressed either in numerical () or qualitative
  (high, medium, low) terms
• Assessment of Detection Risk
• Assurance about transactions required from audit
  procedures
• Risk Assurance Guide
• Sample Size

10
Detection Risk Assurance Guide
11
Risk Assessment and Sampling

• Statistical Sampling
• The population is a homogeneous group
• There is no bias in the selection of sample items
• Attribute Sampling, Variable Sampling and MUS
• Attribute sampling
• Estimates proportion of items in a population
  having a certain attribute or characteristic.
• In audit, estimates the existence or otherwise of
  an error.
• Used to derive assurance about prescribed
  procedures/ controls.
• Estimates of error (say, vouchers that have
  been misclassified)

12
Attribute sampling

• Set upper limit of acceptable error, being still
  assured that systems are in place
• can only be used in assessment of control risk
• The attribute whether a specific control has
  been applied or not applied

13
Types of Audit sampling

• Variables sampling
• estimates a quantity
• e.g. amount of sundry debtors shown in the
  balance sheet
• the underassessment in a tax circle.

14
Monetary Unit Sampling

• provides quantitative results and is suited to
  most audit situations
• More accurate in low level error situations with
  a relatively small population, where there are no
  negative or zero balances.
• PPS or Probability Proportional to Size
• the probability of selection becomes proportional
  to the size of a/c
• high value items tend to get more weight and
  therefore more probability of getting picked up
  in any random selection, since

15
Sampling Methods

• Simple random sampling
• Systematic random sampling
• Stratified sampling
• CAATs IDEA gt identified audit tests can
  directly be applied on the sample elements.

16
Audit Assumptions

• Audit works on the principle that higher the risk
  involved in the transactions, higher the need for
  more extensive checks.
• Audit through statistical sampling
• Assessment of Inherent Risk through auditors
  knowledge, judgment and application of specific
  auditing procedures like analytical reviews etc.
• Assessment of Control Risk through Compliance
  Testing, done through attribute sampling,
  analytical reviews etc.
• Design the Sampling Frame for Substantive Testing
  determine sampling method, sample size.
• Evaluation of results of Substantive Tests and
  expression of audit opinion.

17
Compliance Testing and Substantive Testing

• Compliance Testing review and evaluate the
  effectiveness of internal control systems
• Substantive Testing gather evidence on
  completeness, accuracy and validity of data.
• Sampling Risks of an Auditor
• Sampling Risk in Compliance Testing risk of
  over-reliance / under-reliance on controls
• Sampling Risk in Substantive Testing risk of
  incorrect acceptance / rejection
• Selection of appropriate sample size of utmost
  importance in minimising risk

18
Designing a Sample

• Steps
• Define population and select an appropriate
  sampling method attribute, variable, monetary
  unit etc.
• Determine sample size
• Identify sampling procedure, random, systematic,
  stratified etc.
• Perform substantive audit tests on the sample
  elements
• Estimate Population Value of Parameter
• Express audit opinion on the entire population

19
Determinants of Sample Size 1. Expected Error
Rate in Population

• Error Rate /Amount in the Population
• mistakes in vouchers /wrong entries in cash
  books/stores ledger
• unauthorized payments
• cash books not daily checked /physical
  verifications not done
• Areas of application
• sanctions / propriety / regularity / financial
  audit
• auditor only wants to confirm if the balance is
  correctly stated or not without estimating the
  correct balance
• The greater the expected error rate, the larger
  the sample size for the auditor to conclude
• actual error rate lt tolerate error rate.

20
2. Tolerate Error Rate in Population

• Tolerate error rate / amount
• the maximum error rate the auditor is prepared to
  accept when deciding whether his initial
  evaluation of the control risk is valid
• maximum error rate the auditor is willing to
  accept and still conclude that the auditee is
  following the procedures properly
• tolerable error is limited by the level of
  materiality set by the auditor
• The lower the tolerable error, the larger would
  be the sample size

21
3. Precision Level

• Precision level
• Difference between the sample estimate and the
  actual population value
• The auditor to decide the precision to provide in
  his estimates
• Tolerable Error
• maximum error the auditor is willing to accept
• Maximum (sample estimate precision level).

22
Confidence Level

• Confidence level 100- DR ()
• Confidence level
• how certain the auditor is that the actual
  population measure is within the sample estimates
  and its associated precision level
• Occurrence rate
• Population proportion having the error that audit
  wishes to test

23
Acceptable risk of Over-Reliance

• Risk of under-reliance does not affect the
  correctness of the auditors opinion
• it only results in increasing his workload
• Over Reliance may lead to wrong audit opinion
• When the degree of reliance in controls is high,
  acceptable risk of over reliance is low and vice
  versa
• May be quantified as 5, 10, 15 etc.

24
Estimating Population Value

• If Computed tolerable error Sample estimate
  precision lt tolerable error
• assurance can be placed by auditor on the system
• If Computed tolerable error gt tolerable error,
• assurance derived from control has to be reduced
• assurance required from substantive tests has to
  be increased

25
To identify areas of applicability

• A Few Suggested Areas
• Checking correct accountal of expenditure/
  receipts
• Checking calculations of payment or receipts
• Checking propriety and regularity of expenditure
  
• Checking interpretation or application of rules
  /contract clauses /provisions of tax acts
• Checking achievement of objective of expenditure
  / exemption of receipts.
• Any other areas to be identified
• Where most / least effective

26
Problems, Doubts and Decision Areas

• Audit is primarily a judgmental process
• Statistical sampling cannot be a substitute for
  Auditors judgment
• At best the two are complementary

27
Nature of Population Distribution

• Is it necessary to estimate?
• Assumption of homogeneity-how true?
• Sampling distribution of mean
• normal for large sample
• What about smaller samples?
• For small samples- what distribution (t?).
• Testing for a single attribute (say
  classification mistake)
• - Binomial/ Poisson distribution?

28
To evolve a framework for application -I

• To integrate the risk model of audit with
  sampling theory
• To identify the population distribution and the
  corresponding sampling frame for auditing
• To suggest an appropriate sampling method for
  selection of sample elements identification of
  areas for application of attribute/ variable/
  monetary unit sampling
• To suggest an appropriate formula for
  determination of sample size

29
To evolve a framework for application -II

• To evolve an theoretical framework and practical
  method for projecting sample results into
  population and for estimating the population
  value
• To suggest ways to minimize audit risk,
  especially risks of over reliance and incorrect
  acceptance
• To suggest a practical way to apply the
  theoretical frame in a simple manner

30
OUR CONCERNS

• OBJECTIVITY
• RATIONALITY
• SIMPLICITY
• USER FRIENDLINESS
• PRACTICABILITY
• ADAPTABILITY
• LEGALITY
• ASSURANCE