`vignettes/articles/sampling-workflow.Rmd`

`sampling-workflow.Rmd`

Welcome to the ‘Walkthrough of the classical audit sampling workflow’
vignette of the **jfa** package. This page aims to
demonstrate how the package can assist auditors in the standard audit
sampling workflow (hereafter referred to as “audit workflow”).

In this audit workflow example, we will be looking at a hypothetical scenario involving BuildIt, a fictitious construction company based in the United States. BuildIt is undergoing an audit by an external auditor from a fictional audit firm. At the end of the fiscal year, BuildIt has presented a summary of its financial status in its financial statements. The objective of the auditor is to form an opinion on the fairness of BuildIt’s financial statements. The auditor’s opinion should be compliant with professional auditing standards (American Institute of Certified Public Accountants (AICPA), 2021; International Auditing and Assurance Standards Board (IAASB), 2018; Public Company Accounting Oversight Board (PCAOB), 2020).

The auditor is required to gather appropriate and sufficient evidence to support the hypothesis that the misstatement in the financial statements is less than a specified amount, known as the materiality. If the financial statements contain material misstatements, this means that the inaccuracies in the financial statements are substantial enough to influence the decisions of stakeholders who depend on these financial statements. For this example, the overall materiality of the financial statements is set to ten percent. This implies that for the auditor to endorse the financial statements, inaccuracies in the financial statements should not exceed ten percent.

During an audit, the auditor examines the populations that underpin
the line items in the financial statement. In this vignette, we
concentrate on the `BuildIt`

data set that is included in the
package, which contains
$N$
= 3500 invoices from the BuildIt’s rental account. The data can be
loaded in R via `data("BuildIt")`

.

```
## ID bookValue auditValue
## 1 82884 242.61 242.61
## 2 25064 642.99 642.99
## 3 81235 628.53 628.53
## 4 71769 431.87 431.87
## 5 55080 620.88 620.88
## 6 93224 501.76 501.76
```

For this population, the auditor determines the performance materiality, which is the degree of materiality that applies to this specific population. In this case, the performance materiality is established at fifty percent of the overall materiality, or five percent. This implies that for the auditor to endorse the population, the misstatement in the population should not exceed five percent.

To form an opinion about the misstatement in the population, the auditor typically divides their audit workflow into four stages. Initially, they need to plan the minimum sample size they need to examine to make inferences about the population. Next, they have to select the required sample from the population. Subsequently, they need to inspect the selected sample and determine the audit (i.e., true) value of the items it comprises. Finally, they must use the information from the audited sample to make inferences about the misstatement in the population.

The auditor aims to assert that, with 95 percent confidence, the misstatement in the population is less than the performance materiality of five percent. Drawing from last year’s audit at BuildIt, where the upper limit of the misstatement was found to be 2.5 percent, they are willing to accept a maximum of 2.5 percent misstatements in the intended sample. Consequently, the auditor can rephrase their statistical statement as wanting to conclude that, if 2.5 percent misstatements are detected in the sample, they can determine with 95 percent confidence that the misstatement in the population is less than the performance materiality of five percent.

```
confidence <- 0.95 # Confidence level = 95%
materiality <- 0.05 # Performance materiality = 5%
expected <- 0.025 # Tolerable sample errors = 2.5%
```

Many audits are conducted according to the audit risk model (ARM), which posits that the overall uncertainty about the auditor’s statement (1 - confidence) is a product of three components: inherent risk, control risk, and detection risk.

$\begin{equation} \text{Audit risk} = \text{Inherent risk} \,\times\, \text{Control risk} \,\times\, \text{Detection risk} \end{equation}$

- Inherent risk refers to the risk of a material error occurring in BuildIt’s financial statement before considering any related control systems (e.g., computer systems).
- Control risk is the risk that BuildIt’s internal control systems fail to prevent or detect a material misstatement.
- Detection risk is the risk that the auditor will not discover material misstatements that exist in BuildIt’s financial statements.

The ARM is practically useful because for a given level of audit risk, the tolerable detection risk is inversely proportional to the other two risks. Hence, the ARM can be beneficial for the auditor as it allows them to reduce the amount of audit evidence required from the sample in the presence of risk-reducing information.

Typically, auditors assess inherent risk and control risk on a three-point scale: low, medium, or high. Different audit firms may assign different standard percentages to these categories. In the auditor’s firm, the probabilities for low, medium, and high are defined as 50 percent, 60 percent, and 100 percent, respectively. After evaluating BuildIt’s internal control systems, the auditor has classified the internal control risk as medium (60 percent), while they have determined the inherent risk to be high (100 percent).

```
ir <- 1 # Inherent risk = 100%
cr <- 0.6 # Control risk = 60%
```

In a frequentist analysis applying the audit risk model, the auditor
treats the increased detection risk as their level of uncertainty. This
implies that the auditor promptly uses the adjusted confidence level
`c.adj`

to compute the sample size via the
`planning()`

function.

```
c.adj <- 1 - ((1 - confidence) / (ir * cr))
stage1 <- planning(materiality = materiality, expected = expected, conf.level = c.adj)
```

The auditor can review the outcome of their planning procedure using
the `summary()`

function. The results indicate that the
auditor needs to select a sample of
$n$
= 178 items. This ensures that if a maximum of
$k$
= 4.45 misstatements are found, they can assert with 91.66 percent
confidence that the misstatement in BuildIt’s population is less than
the performance materiality of five percent.

`summary(stage1)`

```
##
## Classical Audit Sample Planning Summary
##
## Options:
## Confidence level: 0.91667
## Materiality: 0.05
## Hypotheses: H₀: Θ >= 0.05 vs. H₁: Θ < 0.05
## Expected: 0.025
## Likelihood: poisson
##
## Results:
## Minimum sample size: 178
## Tolerable errors: 4.45
## Expected most likely error: 0.025
## Expected upper bound: 0.049986
## Expected precision: 0.024986
## Expected p-value: 0.083211
```

The auditor is now prepared to select the required
$n$
= 178 items from the population. They have two statistical methods to
choose from for this task. In record sampling
(`units = "items"`

), inclusion probabilities are assigned at
the item level, treating items of high and low value equally. This means
an item of $5,000 is just as likely to be selected as an item of $1,000.
In monetary unit sampling (`units = "values"`

), inclusion
probabilities are assigned at the level of individual monetary units
(e.g., a dollar). When a dollar is selected to be in the sample, the
item that includes that dollar is selected. This method favors items
with a higher value, as an item with a value of $5,000 is now five times
more likely to be selected than an item with a value of $1,000.

The auditor opts to use monetary unit sampling, as they want to
include more high-valued items. The `selection()`

function
enables them to select the sample from the population using this
sampling scheme. They use the `stage1`

object as input for
the `size`

argument in the `selection()`

function,
as this passes the calculated sample size from the planning stage
directly to the function.

```
stage2 <- selection(
data = BuildIt, size = stage1,
units = "values", values = "bookValue", method = "interval"
)
```

Like before, the auditor can examine the results of their sampling
procedure using the `summary()`

function.

`summary(stage2)`

```
##
## Audit Sample Selection Summary
##
## Options:
## Requested sample size: 178
## Sampling units: monetary units
## Method: fixed interval sampling
## Starting point: 1
##
## Data:
## Population size: 3500
## Population value: 1403221
## Selection interval: 7883.3
##
## Results:
## Selected sampling units: 178
## Proportion of value: 0.062843
## Selected items: 178
## Proportion of size: 0.050857
```

The selected sample can be singled out by indexing the
`$sample`

object from the sampling result.

`sample <- stage2$sample`

Next, the auditor can carry out the audit by annotating the items in
the sample with their audit values. This can be done, for example, by
writing the sample to a csv file using `write.csv()`

. The
annotated sample can then be loaded back into the R session for further
evaluation.

```
# Write the sample to a .csv file:
write.csv(x = sample, file = "auditSample.csv", row.names = FALSE)
# Load annotated sample back into R:
sample <- read.csv(file = "auditSample.csv")
```

In the case of the `BuildIt`

data set, the audit values of
the sample items are already provided in the `auditValue`

column of the data set.

With the annotated sample, the auditor can perform inference about
the misstatement in the population using the `evaluation()`

function.

```
stage4 <- evaluation(
materiality = materiality, conf.level = c.adj, data = sample,
values = "bookValue", values.audit = "auditValue"
)
```

The auditor can review the results of their inference using the
`summary()`

function. The resulting upper bound is 1.396
percent with a confidence level of 91.66 percent, which is below the
performance materiality of five percent.

`summary(stage4)`

```
##
## Classical Audit Sample Evaluation Summary
##
## Options:
## Confidence level: 0.91667
## Materiality: 0.05
## Hypotheses: H₀: Θ >= 0.05 vs. H₁: Θ < 0.05
## Method: poisson
##
## Data:
## Sample size: 178
## Number of errors: 0
## Sum of taints: 0
##
## Results:
## Most likely error: 0
## 91.66667 percent confidence interval: [0, 0.01396]
## Precision: 0.01396
## p-value: 0.00013639
```

Given that the 91.66 percent upper confidence bound on the misstatement in the population is below the performance materiality, the auditor has gathered sufficient evidence to conclude that the population does not contain material misstatement.

American Institute of Certified Public Accountants (AICPA). (2021).
*Clarified statements on auditing standards*. American
Institute of Certified Public Accountants (AICPA).

International Auditing and Assurance Standards Board (IAASB). (2018).
*Handbook of international quality control, auditing review, other
assurance, and related services pronouncements (vol. i)*.
International Federation of Accountants.

Public Company Accounting Oversight Board (PCAOB). (2020). *Auditing
standards*. Public Company Accounting Oversight Board
(PCAOB).