1. Management of Risks in Audit RISK ANALYSIS AND STATISTICAL SAMPLING IN AUDIT

2. Session Objectives
To revisit the Audit Risk Model and Materiality concepts;
To explain the Theory of Sampling as applied to audit
To Explain the link between risk assessment and sampling

3. The Risk Model Theory and Assumptions
Control Risk (CR)
Risk that the internal control systems in an organization will not be able to detect an error or material misstatement
Inherent Risk (IR)
Susceptibility of a class of transactions to material misstatement or errors
Risk of Occurrence of Error
Detection Risk (DR)
Risk that auditor’s substantive tests will not be able to detect a material misstatement in the audited transactions

4. Overall Audit Risk (OAR)
Assurance required from audit procedures
the maximum risk the auditor is willing to accept
OAR = CR x IR x DR
OAR defined by the audit institution
A constant pre-determined quantity
Objective of the auditor
assess inherent and control risks in the entity
design and perform compliance and substantive tests
to provide sufficient assurance that the product of the risks identified ≤ overall audit risk
solve the equation for DR assessing IR and CR

5. Detection Risk (DR) DR is actually a combination of: DR = AP X TD
Analytical procedures risk (AP): Risk that analytical procedures will fail to detect material errors
Tests of detail risk (TD): Risk that detailed test procedures will fail to detect the material errors
DR = AP X TD
OAR = IR X CR X AP X TD
Auditor exercises professional judgment in assessing IR, CR and AP and solves the equation for TD.

6. Confidence Level
Detection Risk is closely related to the confidence that the auditor wishes to obtain from his substantive tests.
Increased confidence => Low DR => more transactions and balances need to be tested substantively
Confidence Level = 100%-Detection Risk
Detection Risk
Only risk that the auditor has under his control
Must be kept low

7. Materiality and Audit Risk-I
Independent of OAR
Related to VALUE, NATURE and CONTEXT of Error
Materiality relates to the maximum possible misstatements/ error
Risk -- concerned with the likelihood of error
Materiality – concerned with extent to which we can tolerate error

8. Materiality and Audit Risk -II
Auditor to ensure:
Maximum possible error at the desired assurance level < Materiality
IR + CR => Expected error rate in the population
Materiality => Tolerable error rate in the population

9. Assessment of Risks-I Assessment of Inherent Risk
Depends on nature, complexity and volume of transactions
Inherent to these activities or sets of transactions
Risk classified as high, moderate or low
Possible to assign numerical values to the risk assessed

10. Assessment of Risks-II
Assessment of Control Risk:
Assesses adequacy of policies, procedures and systems in the organization
Whether controls are adequate to detect errors
Expressed either in numerical (%) or qualitative (high, medium, low) terms
Assessment of Detection Risk
Assurance about transactions required from audit procedures
Risk Assurance Guide
Sample Size

11. Detection Risk Assurance Guide
Assurance from
inherent risk
evaluation
internal control
substantive
analytical review
procedures
Required assurance
from detailed
substantive tests
confidence level
High
(Excellent system) M ed
Low
Nil 60 70 75
Med
(Good system) 65 80
(Fair system) 85
(Poor System/DST) 92 94 95

12. Risk Assessment and Sampling
Statistical Sampling
The population is a homogeneous group
There is no bias in the selection of sample items
Attribute Sampling, Variable Sampling and MUS
Attribute sampling
Estimates proportion of items in a population having a certain attribute or characteristic.
In audit, estimates the existence or otherwise of an error.
Used to derive assurance about prescribed procedures/ controls.
Estimates % of error (say, vouchers that have been misclassified)

13. Attribute sampling
Set upper limit of acceptable error, being still assured that systems are in place.
Can only be used in assessment of control risk.
The attribute : whether a specific control has been applied or not applied.

14. Types of Audit sampling
Variables sampling
estimates a quantity
e.g. amount of sundry debtors shown in the balance sheet
the underassessment in a tax circle.

15. Monetary Unit Sampling
provides quantitative results and is suited to most audit situations
More accurate in low level error situations with a relatively small population, where there are no negative or zero balances.
‘PPS’ or ‘Probability Proportional to Size’
the probability of selection becomes proportional to the size of a/c
high value items tend to get more weight and therefore more probability of getting picked up in any random selection, since

16. Sampling Methods Simple random sampling Systematic random sampling
Stratified sampling
CAATs: IDEA => identified audit tests can directly be applied on the sample elements.

17. Audit Assumptions
Audit works on the principle that higher the risk involved in the transactions, higher the need for more extensive checks.
Audit through statistical sampling
Assessment of Inherent Risk through auditor’s knowledge, judgment and application of specific auditing procedures like analytical reviews etc.
Assessment of Control Risk through Compliance Testing, done through attribute sampling, analytical reviews etc.
Design the Sampling Frame for Substantive Testing : determine sampling method, sample size.
Evaluation of results of Substantive Tests and expression of audit opinion.

18. Compliance Testing and Substantive Testing
Compliance Testing: review and evaluate the effectiveness of internal control systems
Substantive Testing: gather evidence on completeness, accuracy and validity of data.
Sampling Risks of an Auditor
Sampling Risk in Compliance Testing: risk of over-reliance / under-reliance on controls
Sampling Risk in Substantive Testing: risk of incorrect acceptance / rejection
Selection of appropriate sample size of utmost importance in minimising risk

19. Designing a Sample Steps
Define population and select an appropriate sampling method: attribute, variable, monetary unit etc.
Determine sample size
Identify sampling procedure, random, systematic, stratified etc.
Perform substantive audit tests on the sample elements
Estimate Population Value of Parameter
Express audit opinion on the entire population

20. Determinants of Sample Size 1. Expected Error Rate in Population
Error Rate /Amount in the Population:
mistakes in vouchers /wrong entries in cash books/stores ledger
unauthorized payments
cash books not daily checked /physical verifications not done
Areas of application
sanctions / propriety / regularity / financial audit
auditor only wants to confirm if the balance is correctly stated or not without estimating the correct balance
The greater the expected error rate, the larger the sample size for the auditor to conclude:
actual error rate < tolerate error rate.

21. 2. Tolerate Error Rate in Population
Tolerate error rate / amount
the maximum error rate the auditor is prepared to accept when deciding whether his initial evaluation of the control risk is valid
maximum error rate the auditor is willing to accept and still conclude that the auditee is following the procedures properly
tolerable error is limited by the level of materiality set by the auditor
The lower the tolerable error, the larger would be the sample size

22. 3. Precision Level Precision level:
Difference between the sample estimate and the actual population value
The auditor to decide the precision to provide in his estimates
Tolerable Error
= maximum error the auditor is willing to accept
= Maximum (sample estimate + precision level).

23. Confidence Level Confidence level =100%- DR (%) Confidence level:
how certain the auditor is that the actual population measure is within the sample estimates and its associated precision level
Occurrence rate
Population proportion having the error that audit wishes to test

24. Acceptable risk of Over-Reliance
Risk of under-reliance does not affect the correctness of the auditor’s opinion
it only results in increasing his workload
Over Reliance may lead to wrong audit opinion
When the degree of reliance in controls is high, acceptable risk of over reliance is low and vice versa
May be quantified as 5%, 10%, 15% etc.

25. Estimating Population Value
If Computed tolerable error = Sample estimate + precision < tolerable error
assurance can be placed by auditor on the system
If Computed tolerable error > tolerable error,
assurance derived from control has to be reduced
assurance required from substantive tests has to be increased

26. To identify areas of applicability
A Few Suggested Areas
Checking correct accountal of expenditure/ receipts;
Checking calculations of payment or receipts;
Checking propriety and regularity of expenditure;
Checking interpretation or application of rules /contract clauses /provisions of tax acts;
Checking achievement of objective of expenditure / exemption of receipts.
Any other areas to be identified

27. Summing Up Audit is primarily a judgmental process
Statistical sampling cannot be a substitute for Auditor’s judgment
At best the two are complementary

28. Nature of Population Distribution
Is it necessary to estimate?
Assumption of homogeneity-how true?
Sampling distribution of mean
normal for large sample
What about smaller samples?
For small samples- what distribution (t?).
Testing for a single attribute (say classification mistake)
- What distribution to assume?

29. Case Study