management of risks in audit risk analysis and statistical sampling in audit
TRANSCRIPT
Management of Risks in Audit
RISK ANALYSIS AND STATISTICAL SAMPLING IN AUDIT
The Risk Model Theory and Assumptions
Control Risk (CR) Risk that the internal control systems in an organization
will not be able to detect an error or material misstatement
Inherent Risk (IR) Susceptibility of a class of transactions to material
misstatement or errors Risk of Occurrence of Error
Detection Risk (DR) Risk that auditor’s substantive tests will not be able to
detect a material misstatement in the audited transactions
Overall Audit Risk (OAR)
Assurance required from audit procedures the maximum risk the auditor is willing to accept
OAR = CR x IR x DR OAR defined by the audit institution
• A constant pre-determined quantity
Objective of the auditor assess inherent and control risks in the entity design and perform compliance and substantive tests to provide sufficient assurance that the product of the risks
identified ≤ overall audit risk solve the equation for DR assessing IR and CR
Detection Risk (DR)
DR is actually a combination of: Analytical procedures risk (AP): Risk that analytical
procedures will fail to detect material errors Tests of detail risk (TD): Risk that detailed test
procedures will fail to detect the material errors
DR = AP X TD OAR = IR X CR X AP X TD Auditor exercises professional judgment in
assessing IR, CR and AP and solves the equation for TD
Confidence Level
Detection Risk is closely related to the confidence that the auditor wishes to obtain from his substantive tests.
Increased confidence => Low DR => more transactions and balances need to be tested substantively
Confidence Level = 100%-Detection Risk Detection Risk
Only risk that the auditor has under his control Must be kept low
Materiality and Audit Risk-I
Independent of OAR Related to VALUE, NATURE and CONTEXT of
Error Materiality relates to the maximum possible
misstatements/ error Risk -- concerned with the likelihood of error Materiality – concerned with extent to which
we can tolerate error
Materiality and Audit Risk -II
Auditor to ensure: Maximum possible error at the desired
assurance level < Materiality IR + CR => Expected error rate in the
population Materiality => Tolerable error rate in
the population
Assessment of Risks-I
Assessment of Inherent Risk Depends on nature, complexity and volume of
transactions Inherent to these activities or sets of
transactions Risk classified as high, moderate or low
Possible to assign numerical values to the risk assessed
Assessment of Risks-II
Assessment of Control Risk: Assesses adequacy of policies, procedures and systems
in the organization Whether controls are adequate to detect errors Expressed either in numerical (%) or qualitative (high,
medium, low) terms Assessment of Detection Risk Assurance about transactions required from audit
procedures Risk Assurance Guide
Sample Size
Detection Risk Assurance Guide
Assurance from inherent risk evaluation
Assurance from internal control
Assurance from substantive analytical review procedures
Required assurance from detailed substantive tests confidence level
High (Excellent system)
Med Low Nil
60 70 75
Med (Good system)
Med Low Nil
65 75 80
Low (Fair system)
Med Low Nil
75 80 85
High
Nil (Poor System/DST)
Med Low Nil
92 94 95
Risk Assessment and Sampling
Statistical Sampling The population is a homogeneous group There is no bias in the selection of sample items
Attribute Sampling, Variable Sampling and MUS Attribute sampling
Estimates proportion of items in a population having a certain attribute or characteristic.
In audit, estimates the existence or otherwise of an error.
Used to derive assurance about prescribed procedures/ controls.
Estimates % of error (say, vouchers that have been misclassified)
Attribute sampling
• Set upper limit of acceptable error, being still assured that systems are in place
• can only be used in
assessment of control risk The attribute : whether a specific control has
been applied or not applied
Types of Audit sampling
Variables sampling estimates a quantity
e.g. amount of sundry debtors shown in the balance sheet
the underassessment in a tax circle.
Monetary Unit Sampling
provides quantitative results and is suited to most audit situations
More accurate in low level error situations with a relatively small population, where there are no negative or zero balances.
‘PPS’ or ‘Probability Proportional to Size’ the probability of selection becomes proportional to the
size of a/c high value items tend to get more weight and
therefore more probability of getting picked up in any random selection, since
Sampling Methods
Simple random sampling Systematic random sampling Stratified sampling CAATs: IDEA => identified audit tests
can directly be applied on the sample elements.
Audit Assumptions
Audit works on the principle that higher the risk involved in the transactions, higher the need for more extensive checks.
Audit through statistical sampling Assessment of Inherent Risk through auditor’s knowledge,
judgment and application of specific auditing procedures like analytical reviews etc.
Assessment of Control Risk through Compliance Testing, done through attribute sampling, analytical reviews etc.
Design the Sampling Frame for Substantive Testing : determine sampling method, sample size.
Evaluation of results of Substantive Tests and expression of audit opinion.
Compliance Testing and Substantive Testing
Compliance Testing: review and evaluate the effectiveness of internal control systems
Substantive Testing: gather evidence on completeness, accuracy and validity of data.
Sampling Risks of an Auditor Sampling Risk in Compliance Testing: risk of over-reliance /
under-reliance on controls Sampling Risk in Substantive Testing: risk of incorrect
acceptance / rejection Selection of appropriate sample size of utmost
importance in minimising risk
Designing a Sample
Steps Define population and select an appropriate sampling
method: attribute, variable, monetary unit etc. Determine sample size Identify sampling procedure, random, systematic,
stratified etc. Perform substantive audit tests on the sample elements Estimate Population Value of Parameter
Express audit opinion on the entire population
Determinants of Sample Size 1. Expected Error Rate in Population
Error Rate /Amount in the Population: mistakes in vouchers /wrong entries in cash books/stores ledger unauthorized payments cash books not daily checked /physical verifications not done
Areas of application sanctions / propriety / regularity / financial audit
auditor only wants to confirm if the balance is correctly stated or not without estimating the correct balance
The greater the expected error rate, the larger the sample size for the auditor to conclude: actual error rate < tolerate error rate.
2. Tolerate Error Rate in Population
Tolerate error rate / amount the maximum error rate the auditor is prepared to
accept when deciding whether his initial evaluation of the control risk is valid
maximum error rate the auditor is willing to accept and still conclude that the auditee is following the procedures properly
tolerable error is limited by the level of materiality set by the auditor
The lower the tolerable error, the larger would be the sample size
3. Precision Level
Precision level: Difference between the sample estimate and the
actual population value
The auditor to decide the precision to provide in his estimates
Tolerable Error = maximum error the auditor is willing to accept = Maximum (sample estimate + precision level).
Confidence Level
Confidence level =100%- DR (%)Confidence level:
how certain the auditor is that the actual population measure is within the sample estimates and its associated precision level
Occurrence rate Population proportion having the error that
audit wishes to test
Acceptable risk of Over-Reliance
Risk of under-reliance does not affect the correctness of the auditor’s opinion it only results in increasing his workload
Over Reliance may lead to wrong audit opinion
When the degree of reliance in controls is high, acceptable risk of over reliance is low and vice versa May be quantified as 5%, 10%, 15% etc.
Estimating Population Value
If Computed tolerable error = Sample estimate + precision < tolerable error assurance can be placed by auditor on the
systemIf Computed tolerable error > tolerable
error, assurance derived from control has to be
reduced assurance required from substantive tests has
to be increased
To identify areas of applicability
A Few Suggested Areas Checking correct accountal of expenditure/ receipts; Checking calculations of payment or receipts; Checking propriety and regularity of expenditure; Checking interpretation or application of rules
/contract clauses /provisions of tax acts; Checking achievement of objective of expenditure /
exemption of receipts. Any other areas to be identified
Where most / least effective
Problems, Doubts and Decision Areas
Audit is primarily a judgmental process
Statistical sampling cannot be a substitute for Auditor’s judgment
At best the two are complementary
Nature of Population Distribution
Is it necessary to estimate? Assumption of homogeneity-how true? Sampling distribution of mean
normal for large sample What about smaller samples?
For small samples- what distribution (t?).
Testing for a single attribute (say classification mistake) - Binomial/ Poisson distribution?
To evolve a framework for application -I To integrate the risk model of audit with sampling
theory To identify the population distribution and the
corresponding sampling frame for auditing To suggest an appropriate sampling method for
selection of sample elements identification of areas for application of attribute/ variable/ monetary unit sampling;
To suggest an appropriate formula for determination of sample size
To evolve a framework for application -II
To evolve an theoretical framework and practical method for projecting sample results into population and for estimating the population value
To suggest ways to minimize audit risk, especially risks of over reliance and incorrect acceptance;
To suggest a practical way to apply the theoretical frame in a simple manner
OUR CONCERNS
OBJECTIVITYRATIONALITYSIMPLICITYUSER FRIENDLINESSPRACTICABILITYADAPTABILITYLEGALITYASSURANCE