Introduction

Welcome to the ‘Walkthrough of the Bayesian audit sampling workflow’ vignette of the jfa package. This page aims to demonstrate how the package can assist auditors in the standard audit sampling workflow (hereafter referred to as “audit workflow”) in a Bayesian fashion.

In this audit workflow example, we will be looking at a hypothetical scenario involving BuildIt, a fictitious construction company based in the United States. BuildIt is undergoing an audit by an external auditor from a fictional audit firm. At the end of the fiscal year, BuildIt has presented a summary of its financial status in its financial statements. The objective of the auditor is to form an opinion on the fairness of BuildIt’s financial statements. The auditor’s opinion should be compliant with professional auditing standards (American Institute of Certified Public Accountants (AICPA), 2021; International Auditing and Assurance Standards Board (IAASB), 2018; Public Company Accounting Oversight Board (PCAOB), 2020).

The auditor is required to gather appropriate and sufficient evidence to support the hypothesis that the misstatement in the financial statements is less than a specified amount, known as the materiality. If the financial statements contain material misstatements, this means that the inaccuracies in the financial statements are substantial enough to influence the decisions of stakeholders who depend on these financial statements. For this example, the overall materiality of the financial statements is set to ten percent. This implies that for the auditor to endorse the financial statements, inaccuracies in the financial statements should not exceed ten percent.

During an audit, the auditor examines the populations that underpin the line items in the financial statement. In this vignette, we concentrate on the BuildIt data set that is included in the package, which contains NN = 3500 invoices from the BuildIt’s rental account. The data can be loaded in R via data("BuildIt").

data("BuildIt")
head(BuildIt)
##      ID bookValue auditValue
## 1 82884    242.61     242.61
## 2 25064    642.99     642.99
## 3 81235    628.53     628.53
## 4 71769    431.87     431.87
## 5 55080    620.88     620.88
## 6 93224    501.76     501.76

For this population, the auditor determines the performance materiality, which is the degree of materiality that applies to this specific population. In this case, the performance materiality is established at fifty percent of the overall materiality, or five percent. This implies that for the auditor to endorse the population, the misstatement in the population should not exceed five percent.

To form an opinion about the misstatement in the population, the auditor typically divides their audit workflow into four stages. Initially, they need to plan the minimum sample size they need to examine to make inferences about the population. Next, they have to select the required sample from the population. Subsequently, they need to inspect the selected sample and determine the audit (i.e., true) value of the items it comprises. Finally, they must use the information from the audited sample to make inferences about the misstatement in the population.

workflow

Setting up the audit

The auditor aims to assert that, with 95 percent confidence, the misstatement in the population is less than the performance materiality of five percent. Drawing from last year’s audit at BuildIt, where the upper limit of the misstatement was found to be 2.5 percent, they are willing to accept a maximum of 2.5 percent misstatements in the intended sample. Consequently, the auditor can rephrase their statistical statement as wanting to conclude that, if 2.5 percent misstatements are detected in the sample, they can determine with 95 percent confidence that the misstatement in the population is less than the performance materiality of five percent.

confidence <- 0.95 # Confidence level = 95%
materiality <- 0.05 # Performance materiality = 5%
expected <- 0.025 # Tolerable sample errors = 2.5%

Many audits are conducted according to the audit risk model (ARM), which posits that the overall uncertainty about the auditor’s statement (1 - confidence) is a product of three components: inherent risk, control risk, and detection risk.

Audit risk=Inherent risk×Control risk×Detection risk\begin{equation} \text{Audit risk} = \text{Inherent risk} \,\times\, \text{Control risk} \,\times\, \text{Detection risk} \end{equation}

  • Inherent risk refers to the risk of a material error occurring in BuildIt’s financial statement before considering any related control systems (e.g., computer systems).
  • Control risk is the risk that BuildIt’s internal control systems fail to prevent or detect a material misstatement.
  • Detection risk is the risk that the auditor will not discover material misstatements that exist in BuildIt’s financial statements.

The ARM is practically useful because for a given level of audit risk, the tolerable detection risk is inversely proportional to the other two risks. Hence, the ARM can be beneficial for the auditor as it allows them to reduce the amount of audit evidence required from the sample in the presence of risk-reducing information.

Typically, auditors assess inherent risk and control risk on a three-point scale: low, medium, or high. Different audit firms may assign different standard percentages to these categories. In the auditor’s firm, the probabilities for low, medium, and high are defined as 50 percent, 60 percent, and 100 percent, respectively. After evaluating BuildIt’s internal control systems, the auditor has classified the internal control risk as medium (60 percent), while they have determined the inherent risk to be high (100 percent).

ir <- 1 # Inherent risk = 100%
cr <- 0.6 # Control risk = 60%

Stage 1: Planning an audit sample

planning

In a Bayesian audit, the initial step for the auditor is to define the prior distribution that aligns with their assessment of the inherent risk and control risk. They can create a prior distribution that integrates the information from the risk assessments in the ARM using the auditPrior() function. For more details on how this is accomplished, we refer to Derks et al. (2021).

prior <- auditPrior(
  method = "arm", ir = ir, cr = cr,
  likelihood = "poisson", materiality = materiality, expected = expected
)

The prior distribution can be visualized via the plot() function.

plot(prior)

With the prior distribution now defined, the auditor can determine the necessary sample size for their intended inference using the planning() function. They use the prior object as an input for the planning() function.

stage1 <- planning(
  materiality = materiality, expected = expected,
  conf.level = confidence, prior = prior
)

The auditor can then examine the outcome of their planning procedure using the summary() function. The results indicate that, given the prior distribution, the auditor needs to select a sample of nn = 178 items. This ensures that if a maximum of kk = 4.45 misstatements are found, they can assert with 95 percent confidence that the misstatement in BuildIt’s financial statements is less than the performance materiality of five percent.

summary(stage1)
## 
##  Bayesian Audit Sample Planning Summary
## 
## Options:
##   Confidence level:              0.95 
##   Materiality:                   0.05 
##   Hypotheses:                    H₀: Θ > 0.05 vs. H₁: Θ < 0.05 
##   Expected:                      0.025 
##   Likelihood:                    poisson 
##   Prior distribution:            gamma(α = 2.325, β = 53) 
## 
## Results:
##   Minimum sample size:           178 
##   Tolerable errors:              4.45 
##   Posterior distribution:        gamma(α = 6.775, β = 231) 
##   Expected most likely error:    0.025 
##   Expected upper bound:          0.049981 
##   Expected precision:            0.024981 
##   Expected BF₁₀:                 9.6614

The auditor can examine how the prior distribution compares to the expected posterior distribution by using the plot() function. The expected posterior distribution is the posterior distribution that would result if the auditor were to actually observe a sample of nn = 178 items, with kk = 4.45 of them being misstated.

plot(stage1)

Stage 2: Selecting a sample

selection

The auditor is now prepared to select the required nn = 178 items from the population. They have two statistical methods to choose from for this task. In record sampling (units = "items"), inclusion probabilities are assigned at the item level, treating items of high and low value equally. This means an item of $5,000 is just as likely to be selected as an item of $1,000. In monetary unit sampling (units = "values"), inclusion probabilities are assigned at the level of individual monetary units (e.g., a dollar). When a dollar is selected to be in the sample, the item that includes that dollar is selected. This method favors items with a higher value, as an item with a value of $5,000 is now five times more likely to be selected than an item with a value of $1,000.

The auditor opts to use monetary unit sampling, as they want to include more high-valued items. The selection() function enables them to select the sample from the population using this sampling scheme. They use the stage1 object as input for the size argument in the selection() function, as this passes the calculated sample size from the planning stage directly to the function.

stage2 <- selection(
  data = BuildIt, size = stage1,
  units = "values", values = "bookValue", method = "interval"
)

Like before, the auditor can examine the results of their sampling procedure using the summary() function.

summary(stage2)
## 
##  Audit Sample Selection Summary
## 
## Options:
##   Requested sample size:         178 
##   Sampling units:                monetary units 
##   Method:                        fixed interval sampling 
##   Starting point:                1 
## 
## Data:
##   Population size:               3500 
##   Population value:              1403221 
##   Selection interval:            7883.3 
## 
## Results:
##   Selected sampling units:       178 
##   Proportion of value:           0.062843 
##   Selected items:                178 
##   Proportion of size:            0.050857

Stage 3: Executing the audit

The selected sample can be singled out by indexing the $sample object from the sampling result.

sample <- stage2$sample

Next, the auditor can carry out the audit by annotating the items in the sample with their audit values. This can be done, for example, by writing the sample to a csv file using write.csv(). The annotated sample can then be loaded back into the R session for further evaluation.

# Write the sample to a .csv file:
write.csv(x = sample, file = "auditSample.csv", row.names = FALSE)

# Load annotated sample back into R:
sample <- read.csv(file = "auditSample.csv")

In the case of the BuildIt data set, the audit values of the sample items are already provided in the auditValue column of the data set.

Stage 4: Evaluating the sample

evaluation

With the annotated sample, the auditor can perform inference about the misstatement in the population using the evaluation() function. By supplying the prior object to the function, it automatically sets method = "binomial" to align with the prior distribution.

stage4 <- evaluation(
  materiality = materiality, conf.level = confidence, data = sample,
  values = "bookValue", values.audit = "auditValue", prior = prior
)

The outcomes of their inference can be examined by the auditor using the summary() function. The upper bound on the population misstatement is 2.278 percent, which is below the performance materiality of five percent. Hence, the auditor can conclude that there is a 95 percent probability that the misstatement in BuildIt’s population is less than 2.278 percent.

summary(stage4)
## 
##  Bayesian Audit Sample Evaluation Summary
## 
## Options:
##   Confidence level:               0.95 
##   Materiality:                    0.05 
##   Hypotheses:                     H₀: Θ > 0.05 vs. H₁: Θ < 0.05 
##   Method:                         poisson 
##   Prior distribution:             gamma(α = 2.325, β = 53) 
## 
## Data:
##   Sample size:                    178 
##   Number of errors:               0 
##   Sum of taints:                  0 
## 
## Results:
##   Posterior distribution:         gamma(α = 2.325, β = 231) 
##   Most likely error:              0.0057359 
##   95 percent credible interval:   [0, 0.022781] 
##   Precision:                      0.017045 
##   BF₁₀:                            2179.8

The prior and posterior distribution can be inspected using the plot() function.

plot(stage4, type = "posterior")

Conclusion

As the 95 percent upper credible bound on the misstatement in the population is lower than the performance materiality, the auditor has gathered sufficient evidence to conclude that the population does not contain material misstatement.

References

American Institute of Certified Public Accountants (AICPA). (2021). Clarified statements on auditing standards. American Institute of Certified Public Accountants (AICPA).
Derks, K., Swart, J. de, Batenburg, P. van, Wagenmakers, E.-J., & Wetzels, R. (2021). Priors in a Bayesian audit: How integration of existing information into the prior distribution can improve audit transparency and efficiency. International Journal of Auditing, 25(3), 621–636. https://doi.org/10.1111/ijau.12240
International Auditing and Assurance Standards Board (IAASB). (2018). Handbook of international quality control, auditing review, other assurance, and related services pronouncements (vol. i). International Federation of Accountants.
Public Company Accounting Oversight Board (PCAOB). (2020). Auditing standards. Public Company Accounting Oversight Board (PCAOB).