Walkthrough of the classical audit sampling workflow

Introduction

Welcome to the ‘Walkthrough of the classical audit sampling workflow’ vignette of the jfa package. This page aims to demonstrate how the package can assist auditors in the standard audit sampling workflow (hereafter referred to as “audit workflow”).

In this audit workflow example, we will be looking at a hypothetical scenario involving BuildIt, a fictitious construction company based in the United States. BuildIt is undergoing an audit by an external auditor from a fictional audit firm. At the end of the fiscal year, BuildIt has presented a summary of its financial status in its financial statements. The objective of the auditor is to form an opinion on the fairness of BuildIt’s financial statements. The auditor’s opinion should be compliant with professional auditing standards (American Institute of Certified Public Accountants (AICPA), 2021; International Auditing and Assurance Standards Board (IAASB), 2018; Public Company Accounting Oversight Board (PCAOB), 2020).

The auditor is required to gather appropriate and sufficient evidence to support the hypothesis that the misstatement in the financial statements is less than a specified amount, known as the materiality. If the financial statements contain material misstatements, this means that the inaccuracies in the financial statements are substantial enough to influence the decisions of stakeholders who depend on these financial statements. For this example, the overall materiality of the financial statements is set to ten percent. This implies that for the auditor to endorse the financial statements, inaccuracies in the financial statements should not exceed ten percent.

During an audit, the auditor examines the populations that underpin the line items in the financial statement. In this vignette, we concentrate on the BuildIt data set that is included in the package, which contains $N$ = 3500 invoices from the BuildIt’s rental account. The data can be loaded in R via data("BuildIt").

data("BuildIt")
head(BuildIt)

##      ID bookValue auditValue
## 1 82884    242.61     242.61
## 2 25064    642.99     642.99
## 3 81235    628.53     628.53
## 4 71769    431.87     431.87
## 5 55080    620.88     620.88
## 6 93224    501.76     501.76

For this population, the auditor determines the performance materiality, which is the degree of materiality that applies to this specific population. In this case, the performance materiality is established at fifty percent of the overall materiality, or five percent. This implies that for the auditor to endorse the population, the misstatement in the population should not exceed five percent.

To form an opinion about the misstatement in the population, the auditor typically divides their audit workflow into four stages. Initially, they need to plan the minimum sample size they need to examine to make inferences about the population. Next, they have to select the required sample from the population. Subsequently, they need to inspect the selected sample and determine the audit (i.e., true) value of the items it comprises. Finally, they must use the information from the audited sample to make inferences about the misstatement in the population.

workflow

Setting up the audit

The auditor aims to assert that, with 95 percent confidence, the misstatement in the population is less than the performance materiality of five percent. Drawing from last year’s audit at BuildIt, where the upper limit of the misstatement was found to be 2.5 percent, they are willing to accept a maximum of 2.5 percent misstatements in the intended sample. Consequently, the auditor can rephrase their statistical statement as wanting to conclude that, if 2.5 percent misstatements are detected in the sample, they can determine with 95 percent confidence that the misstatement in the population is less than the performance materiality of five percent.

confidence <- 0.95 # Confidence level = 95%
materiality <- 0.05 # Performance materiality = 5%
expected <- 0.025 # Tolerable sample errors = 2.5%

Many audits are conducted according to the audit risk model (ARM), which posits that the overall uncertainty about the auditor’s statement (1 - confidence) is a product of three components: inherent risk, control risk, and detection risk.

$\begin{equation} \text{Audit risk} = \text{Inherent risk} \,\times\, \text{Control risk} \,\times\, \text{Detection risk} \end{equation}$

Inherent risk refers to the risk of a material error occurring in BuildIt’s financial statement before considering any related control systems (e.g., computer systems).
Control risk is the risk that BuildIt’s internal control systems fail to prevent or detect a material misstatement.
Detection risk is the risk that the auditor will not discover material misstatements that exist in BuildIt’s financial statements.

The ARM is practically useful because for a given level of audit risk, the tolerable detection risk is inversely proportional to the other two risks. Hence, the ARM can be beneficial for the auditor as it allows them to reduce the amount of audit evidence required from the sample in the presence of risk-reducing information.

Typically, auditors assess inherent risk and control risk on a three-point scale: low, medium, or high. Different audit firms may assign different standard percentages to these categories. In the auditor’s firm, the probabilities for low, medium, and high are defined as 50 percent, 60 percent, and 100 percent, respectively. After evaluating BuildIt’s internal control systems, the auditor has classified the internal control risk as medium (60 percent), while they have determined the inherent risk to be high (100 percent).

ir <- 1 # Inherent risk = 100%
cr <- 0.6 # Control risk = 60%

Stage 1: Planning an audit sample

planning

In a frequentist analysis applying the audit risk model, the auditor treats the increased detection risk as their level of uncertainty. This implies that the auditor promptly uses the adjusted confidence level c.adj to compute the sample size via the planning() function.

c.adj <- 1 - ((1 - confidence) / (ir * cr))
stage1 <- planning(materiality = materiality, expected = expected, conf.level = c.adj)

The auditor can review the outcome of their planning procedure using the summary() function. The results indicate that the auditor needs to select a sample of $n$ = 178 items. This ensures that if a maximum of $k$ = 4.45 misstatements are found, they can assert with 91.66 percent confidence that the misstatement in BuildIt’s population is less than the performance materiality of five percent.

summary(stage1)

## 
##  Classical Audit Sample Planning Summary
## 
## Options:
##   Confidence level:              0.91667 
##   Materiality:                   0.05 
##   Hypotheses:                    H₀: Θ >= 0.05 vs. H₁: Θ < 0.05 
##   Expected:                      0.025 
##   Likelihood:                    poisson 
## 
## Results:
##   Minimum sample size:           178 
##   Tolerable errors:              4.45 
##   Expected most likely error:    0.025 
##   Expected upper bound:          0.049986 
##   Expected precision:            0.024986 
##   Expected p-value:              0.083211

Stage 2: Selecting a sample

selection

The auditor is now prepared to select the required $n$ = 178 items from the population. They have two statistical methods to choose from for this task. In record sampling (units = "items"), inclusion probabilities are assigned at the item level, treating items of high and low value equally. This means an item of $5,000 is just as likely to be selected as an item of $1,000. In monetary unit sampling (units = "values"), inclusion probabilities are assigned at the level of individual monetary units (e.g., a dollar). When a dollar is selected to be in the sample, the item that includes that dollar is selected. This method favors items with a higher value, as an item with a value of $5,000 is now five times more likely to be selected than an item with a value of $1,000.

The auditor opts to use monetary unit sampling, as they want to include more high-valued items. The selection() function enables them to select the sample from the population using this sampling scheme. They use the stage1 object as input for the size argument in the selection() function, as this passes the calculated sample size from the planning stage directly to the function.

stage2 <- selection(
  data = BuildIt, size = stage1,
  units = "values", values = "bookValue", method = "interval"
)

Like before, the auditor can examine the results of their sampling procedure using the summary() function.

summary(stage2)

## 
##  Audit Sample Selection Summary
## 
## Options:
##   Requested sample size:         178 
##   Sampling units:                monetary units 
##   Method:                        fixed interval sampling 
##   Starting point:                1 
## 
## Data:
##   Population size:               3500 
##   Population value:              1403221 
##   Selection interval:            7883.3 
## 
## Results:
##   Selected sampling units:       178 
##   Proportion of value:           0.062843 
##   Selected items:                178 
##   Proportion of size:            0.050857

Stage 3: Executing the audit

The selected sample can be singled out by indexing the $sample object from the sampling result.

sample <- stage2$sample

Next, the auditor can carry out the audit by annotating the items in the sample with their audit values. This can be done, for example, by writing the sample to a csv file using write.csv(). The annotated sample can then be loaded back into the R session for further evaluation.

# Write the sample to a .csv file:
write.csv(x = sample, file = "auditSample.csv", row.names = FALSE)

# Load annotated sample back into R:
sample <- read.csv(file = "auditSample.csv")

In the case of the BuildIt data set, the audit values of the sample items are already provided in the auditValue column of the data set.

Stage 4: Evaluating the sample

evaluation

With the annotated sample, the auditor can perform inference about the misstatement in the population using the evaluation() function.

stage4 <- evaluation(
  materiality = materiality, conf.level = c.adj, data = sample,
  values = "bookValue", values.audit = "auditValue"
)

The auditor can review the results of their inference using the summary() function. The resulting upper bound is 1.396 percent with a confidence level of 91.66 percent, which is below the performance materiality of five percent.

summary(stage4)

## 
##  Classical Audit Sample Evaluation Summary
## 
## Options:
##   Confidence level:               0.91667 
##   Materiality:                    0.05 
##   Hypotheses:                     H₀: Θ >= 0.05 vs. H₁: Θ < 0.05 
##   Method:                         poisson 
## 
## Data:
##   Sample size:                    178 
##   Number of errors:               0 
##   Sum of taints:                  0 
## 
## Results:
##   Most likely error:              0 
##   91.66667 percent confidence interval: [0, 0.01396] 
##   Precision:                      0.01396 
##   p-value:                        0.00013639

Conclusion

Given that the 91.66 percent upper confidence bound on the misstatement in the population is below the performance materiality, the auditor has gathered sufficient evidence to conclude that the population does not contain material misstatement.

References

American Institute of Certified Public Accountants (AICPA). (2021). Clarified statements on auditing standards. American Institute of Certified Public Accountants (AICPA).

International Auditing and Assurance Standards Board (IAASB). (2018). Handbook of international quality control, auditing review, other assurance, and related services pronouncements (vol. i). International Federation of Accountants.

Public Company Accounting Oversight Board (PCAOB). (2020). Auditing standards. Public Company Accounting Oversight Board (PCAOB).

Koen Derks