Management of Risks in Audit

RISK ANALYSIS
AND
STATISTICAL SAMPLING IN AUDIT
The Risk Model
Theory and Assumptions
 Control Risk (CR)
 Risk that the internal control systems in an organization
will not be able to detect an error or material misstatement
 Inherent Risk (IR)
 Susceptibility of a class of transactions to material
misstatement or errors
 Risk of Occurrence of Error
 Detection Risk (DR)
 Risk that auditor’s substantive tests will not be able to
detect a material misstatement in the audited transactions
Overall Audit Risk (OAR)
 Assurance required from audit procedures
the maximum risk the auditor is willing to accept
 OAR = CR x IR x DR
 OAR defined by the audit institution
• A constant pre-determined quantity
 Objective of the auditor
 assess inherent and control risks in the entity
 design and perform compliance and substantive tests
 to provide sufficient assurance that the product of the risks
identified ≤ overall audit risk
 solve the equation for DR assessing IR and CR
Detection Risk (DR)
 DR is actually a combination of:
Analytical procedures risk (AP): Risk that analytical
procedures will fail to detect material errors
Tests of detail risk (TD): Risk that detailed test
procedures will fail to detect the material errors
 DR = AP X TD
 OAR = IR X CR X AP X TD
 Auditor exercises professional judgment in
assessing IR, CR and AP and solves the
equation for TD
Confidence Level
 Detection Risk is closely related to the
confidence that the auditor wishes to obtain from
his substantive tests.
 Increased confidence => Low DR => more
transactions and balances need to be tested
substantively
 Confidence Level = 100%-Detection Risk
 Detection Risk
Only risk that the auditor has under his control
Must be kept low
Materiality and Audit Risk-I
 Independent of OAR
 Related to VALUE, NATURE and CONTEXT of
Error
 Materiality relates to the maximum possible
misstatements/ error
 Risk -- concerned with the likelihood of error
 Materiality – concerned with extent to which
we can tolerate error
Materiality and Audit Risk -II

Auditor to ensure:
Maximum possible error at the desired
assurance level < Materiality
IR + CR => Expected error rate in the
population
Materiality => Tolerable error rate in
the population
Assessment of Risks-I

Assessment of Inherent Risk

Depends on nature, complexity and volume of
transactions
Inherent to these activities or sets of
transactions
Risk classified as high, moderate or low
Possible to assign numerical values to the risk
assessed
Assessment of Risks-II
Assessment of Control Risk:
 Assesses adequacy of policies, procedures and systems
in the organization
 Whether controls are adequate to detect errors
 Expressed either in numerical (%) or qualitative (high,
medium, low) terms
Assessment of Detection Risk
 Assurance about transactions required from audit
procedures
 Risk Assurance Guide
 Sample Size
Detection Risk Assurance Guide

Assurance from Assurance from Assurance from Required assurance

inherent risk internal control substantive from detailed
evaluation analytical review substantive tests
procedures confidence level
High Med 60
(Excellent system) Low 70
Nil 75
Med Med 65
(Good system) Low 75
Nil 80
High Low Med 75
(Fair system) Low 80
Nil 85
Nil Med 92
(Poor System/DST) Low 94
Nil 95
Risk Assessment and Sampling
 Statistical Sampling
The population is a homogeneous group
There is no bias in the selection of sample items

 Attribute Sampling, Variable Sampling and MUS

 Attribute sampling
Estimates proportion of items in a population having
a certain attribute or characteristic.
In audit, estimates the existence or otherwise of an
error.
Used to derive assurance about prescribed
procedures/ controls.
Estimates % of error (say, vouchers that have been
misclassified)
Attribute sampling

• Set upper limit of acceptable

error, being still assured that
systems are in place
• can only be used in
assessment of control risk
 The attribute : whether a specific control has
been applied or not applied
Types of Audit sampling

Variables sampling
estimates a quantity
e.g. amount of sundry debtors shown in the
balance sheet
the underassessment in a tax circle.
Monetary Unit Sampling
 provides quantitative results and is suited to
most audit situations
 More accurate in low level error situations with a
relatively small population, where there are no
negative or zero balances.
 ‘PPS’ or ‘Probability Proportional to Size’
the probability of selection becomes proportional to the
size of a/c
 high value items tend to get more weight and
therefore more probability of getting picked up in
any random selection, since
Sampling Methods

Simple random sampling

Systematic random sampling
Stratified sampling
CAATs: IDEA => identified audit tests
can directly be applied on the sample
elements.
Audit Assumptions
 Audit works on the principle that higher the risk
involved in the transactions, higher the need for
more extensive checks.
 Audit through statistical sampling
 Assessment of Inherent Risk through auditor’s knowledge,
judgment and application of specific auditing procedures like
analytical reviews etc.
 Assessment of Control Risk through Compliance Testing, done
through attribute sampling, analytical reviews etc.
 Design the Sampling Frame for Substantive Testing : determine
sampling method, sample size.
 Evaluation of results of Substantive Tests and expression of
audit opinion.
Compliance Testing and Substantive
Testing
 Compliance Testing: review and evaluate the effectiveness
of internal control systems
 Substantive Testing: gather evidence on completeness,
accuracy and validity of data.
 Sampling Risks of an Auditor
 Sampling Risk in Compliance Testing: risk of over-reliance /
under-reliance on controls
 Sampling Risk in Substantive Testing: risk of incorrect
acceptance / rejection
 Selection of appropriate sample size of utmost
importance in minimising risk
Designing a Sample
 Steps
Define population and select an appropriate sampling
method: attribute, variable, monetary unit etc.
Determine sample size
Identify sampling procedure, random, systematic,
stratified etc.
Perform substantive audit tests on the sample elements
Estimate Population Value of Parameter
 Express audit opinion on the entire population
Determinants of Sample Size
1. Expected Error Rate in Population
 Error Rate /Amount in the Population:
 mistakes in vouchers /wrong entries in cash books/stores ledger
 unauthorized payments
 cash books not daily checked /physical verifications not done
 Areas of application
 sanctions / propriety / regularity / financial audit
 auditor only wants to confirm if the balance is correctly
stated or not without estimating the correct balance
 The greater the expected error rate, the larger the
sample size for the auditor to conclude:
actual error rate < tolerate error rate.
2. Tolerate Error Rate in Population

 Tolerate error rate / amount

the maximum error rate the auditor is prepared to accept
when deciding whether his initial evaluation of the
control risk is valid
maximum error rate the auditor is willing to accept and
still conclude that the auditee is following the procedures
properly
 tolerable error is limited by the level of
materiality set by the auditor
 The lower the tolerable error, the larger
would be the sample size
3. Precision Level
 Precision level:
Difference between the sample estimate and the
actual population value
 The auditor to decide the precision to
provide in his estimates
 Tolerable Error
= maximum error the auditor is willing to accept
= Maximum (sample estimate + precision level).
Confidence Level

Confidence level =100%- DR (%)

Confidence level:
how certain the auditor is that the actual
population measure is within the sample
estimates and its associated precision level
Occurrence rate
Population proportion having the error that
audit wishes to test
Acceptable risk of Over-Reliance

Risk of under-reliance does not affect the

correctness of the auditor’s opinion
it only results in increasing his workload
Over Reliance may lead to wrong audit
opinion
When the degree of reliance in controls is
high, acceptable risk of over reliance is
low and vice versa
May be quantified as 5%, 10%, 15% etc.
Estimating Population Value
If Computed tolerable error = Sample
estimate + precision < tolerable error
assurance can be placed by auditor on the
system
If Computed tolerable error > tolerable
error,
assurance derived from control has to be
reduced
assurance required from substantive tests has
to be increased
To identify areas of applicability

 A Few Suggested Areas

 Checking correct accountal of expenditure/ receipts;
 Checking calculations of payment or receipts;
 Checking propriety and regularity of expenditure;
 Checking interpretation or application of rules /contract
clauses /provisions of tax acts;
 Checking achievement of objective of expenditure /
exemption of receipts.
 Any other areas to be identified
 Where most / least effective
Problems, Doubts and Decision Areas

Audit is primarily a judgmental

process
Statistical sampling cannot be a
substitute for Auditor’s judgment
At best the two are complementary
Nature of Population Distribution

 Is it necessary to estimate?
 Assumption of homogeneity-how true?
 Sampling distribution of mean
normal for large sample
What about smaller samples?
 For small samples- what distribution (t?).
 Testing for a single attribute (say classification
mistake)
- Binomial/ Poisson distribution?
To evolve a framework for application -
I
 To integrate the risk model of audit with sampling
theory
 To identify the population distribution and the
corresponding sampling frame for auditing
 To suggest an appropriate sampling method for
selection of sample elements identification of areas
for application of attribute/ variable/ monetary unit
sampling;
 To suggest an appropriate formula for
determination of sample size
To evolve a framework for application -
II
To evolve an theoretical framework and
practical method for projecting sample
results into population and for estimating
the population value
To suggest ways to minimize audit risk,
especially risks of over reliance and
incorrect acceptance;
To suggest a practical way to apply the
theoretical frame in a simple manner
OUR CONCERNS
OBJECTIVITY
RATIONALITY
SIMPLICITY
USER FRIENDLINESS
PRACTICABILITY
ADAPTABILITY
LEGALITY
ASSURANCE