Audit Assurance Modeling That Makes a Difference

Trevor StewartDeloitte (Retired), Rutgers Business School, Vrije Universiteit

28 april 2010- Symposium Statistical Auditing Slide 1

Assurance and Audit Risk in the ISAs

• ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement. Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. (ISA 200, para 5).

• Audit Risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. (ISA 200, para 13(c))

• The Audit Risk Model (ARM) is commonly expressed as AR = RMM × DR.

– RMM = Risk of Material Misstatement– RMM = IR × CR (Inherent Risk × Control Risk)

• As has been often noted, the ARM is a joint risk model and not a Bayesian revision model and is not very useful.

• This presentation will focus on a more useful model and some examples of its application.

xQ.95 = 3.0β

Using Probability Distributions to Represent Audit Assurance—a Simple Example

If the auditor– Has no specific evidence of misstatement, and

– Believes that the probability that total misstatement X exceeds x decreases exponentially as x increases

Then the auditor’s assurance can be described by the exponential probability distribution

Relationship to Errorless Monetary Unit Sampling (MUS) and the Poisson distribution

•If all the assurance comes from an errorless MUS applied to a population of size Y, then the auditor’s (posterior) assurance can be represented by an exponential distribution with parameter β equal to the sampling interval, i.e., β = Y/n.

•The 95th percentile is Q.95 = 3.0β where the factor 3.0 is also familiar from Poisson distribution tables commonly used to evaluate samples

•The exponential and Poisson distributions are closely connected– The likelihood function induced by an errorless Poisson-based MUS (k = 0, parameter x / β > 0) is effectively an

exponential distribution—a function of x > 0 with parameter β.

/1( ; ) ; 0, 0xf x e x

0 // /( / ) 1

( 0; / ) ( ; ), for 0; 0, 00!

xx xx e

Poisson k x e e f x x k

The Gamma Distribution• Gammas provide intuitively plausible representations of auditors’ assurance

about total misstatement– The exponential distribution, the simplest gamma, is often used (at least implicitly)

• Gammas can be used to represent judgmental prior assurance (RMM)

• MUS samples and evidentially-equivalent other procedures induce likelihood functions that are essentially gamma distributions (normalized)

• The resulting posterior assurance is also a gamma distribution

• When accumulating evidence and revising assurance it is therefore possible to remain within the gamma family of distributions

0 1β 2β 3β 4β 5β 6β 7β 8β

x

α = 1 (exponential)

α = 2

α = 3α = 4

1 /( / )( ; , ) , 0; , 0

( )

xx eg x x

Various gamma distributions with shape parameters α = 1, 2, 3, 4 and scale parameter β. The 95th percentiles are 3.0, 4.75, 6.30, 7.76 times β, respectively. These are also the 95% Poisson MUS evaluation factors for k = 0, 1, 2, 3 misstatements.

Sampling Example

• Materiality is $100

• RMM is Low and the AICPA Sampling Guide (2001 ed.):

– Equates this to a Reliability Factor (Assurance Factor) of 1.0 (37% risk).

– Gives required Reliability Factor from substantive procedures as 2.0 (14% risk).

• Thus AR = 37% × 14% = 5%, and, logarithmically 1.0 + 2.0 = 3.0

• In Bayesian terms:*– Auditor’s prior is the (exponential)

gamma g(x;1,100/1.0).

– The target posterior is g(x;1,100/3.0).

– The target likelihood function to be induced by an errorless sample is therefore g(x;1,100/2.0).

* Scale factor arithmetic per Bayes’ rule• Prior scale parameter is βpri

• Likelihood scale parameter is βlik (sampling interval)

• Posterior scale parameter is βpos = (1/βpri + 1/βlik)–1

• Thus 100/3.0 = [1/(100/1.0)+1/(100/2.0)]–1

0 50 100 150 200

Prior g(x;1,100/1.0)Likelihood g(x;1,100/2.0) Posterior g(x;1,100/3.0)

Sampling Example Continued…• Materiality is $100• MUS sample size, n = Y/(100/2.0); one (100%)

misstatement is found, k = 1.

• In Bayesian terms:*– Auditor’s prior is the gamma g(x;1,100/1.0).

– The likelihood function induced by the sample is g(x;2,100/2.0).

– The posterior is g(x;2,100/3.0).

– The achieved posterior 95th percentile is Q.95 = 4.75×(100/3.0) = 158

– The factor 4.75 is the 95th percentile of the standard gamma distribution (scale = 1) with shape 2 (= 1+k with k = 1). It can also be obtained from the 95% Poisson sample evaluation table with k = 1.

0 50 100 150 200 250 300

Prior g(x;1,100/1.0) Likelihood g(x;2,100/2.0)Posterior g(x;2,100/3.0)

* Bayes’ rule• Prior distribution g(x;αpri,βpri)

• Poisson-induced likelihood function for k misstatements is proportional to g(x;1+k,βlik), where βlik is the sampling interval

• Posterior distribution g(x;αpos,βpos) where αpos = αpri + k and βpos = (1/βpri + 1/βlik)–1

• Thus if the RMM prior is g(x;1,100/1.0) and a MUS sample is selected using a sampling interval of 100/2.0 reveals one misstatement (k = 1) so that the induced likelihood function is g(x;1+1,100/2.0), then the posterior is g(x;1+1,100/3.0).

Aggregation Across a Group of Components

• If there are N components and the auditor’s assessment of total misstatement is represented by random variables X1, X2,…, XN, then total misstatement for the group is X = X1+X2+…+XN

• If the Xi are stochastically independent then the distribution of X is the convolution of the distributions of the Xi.

• If the Xi are gamma-distributed then X is approximately gamma-distributed for component distributions likely to be encountered in auditing practice*

• X is exactly gamma-distributed if scale parameters are equal for all components

– The shape parameter of the convolution equals the sum of the shape parameters of the component distributions

– The scale parameter of the convolution equals scale parameter of the component distributions.

* Stewart, T., L. Strijbosch, H. Moors, and P. van Batenburg. 2007. A simple approximation to the convolution of gamma distributions. Discussion Paper, No. 2007-70. Tilburg University. Available at: http://arno.uvt.nl/show.cgi?fid=63976 .

Example of Aggregation:Evaluation of Audit Results for Group

• Two equal components with auditor’s assurance represented by an exponential distribution (α = 1) with scale β = 100/3.0.

– Component 95th percentile is Q.95 = (100/3.0)×3.0 = 100.

• Group assurance can be represented by a gamma distribution with shape α = 1+1 = 2 and scale β = 100/3.0

– Group 95th percentile is Q.95 = (100/3.0)×4.75 = 158

• This is unsatisfactory if Group Materiality is $100 (only 80% assurance achieved). Instead we would need achieve component posteriors g(xi;1,100/4.75)

– Then group 95th percentile is Q.95 = (100/4.75)×4.75 = 100.

0 50 100 150 200

g(x1+x2; 2, 100/3.0)

Q.95 = 158Q.80 = 100

0 50 100 150 200

g(x1; 1, 100/3.0)

Q.95 = 100

0 50 100 150 200

g(x2; 1, 100/3.0)

Q.95 = 100

Aggregate to

Conclude

Planning a Group Audit Requires Disaggregation

1. Group auditor starts with target group posterior (gamma) distribution, with Group Materiality at 95th percentile.

2. Group auditor determines target (gamma) posteriors for the N components that will convolute to the target group posterior.– There is an infinite number of potential solutions (no unique deconvolution)

– Group auditor can choose an optimal set of component distributions—to minimize group audit cost, for example

3. Group auditor determines prior distributions for the N components– Some or all may be “negligible” (uninformative)

4. A target likelihood function (a gamma distribution) is determined for each component sufficient to transform the component prior into the target component posterior.– Group auditor requires component auditors to “deliver” the likelihood function

– Component Materiality is the 95th percentile of the component likelihood function

Group AuditPlanning and Concluding

An Example

• Group Materiality, T = 100; Required Assurance = 95%

• Two equal components

• Component 1:– The Group Auditor (GA) component

prior and target posterior are g(x1;1, 100/1.0) and g(x1;1, 100/4.74), respectively.

– The required likelihood function is g(x1;1, 100/3.74)

– Component materiality is T1 = Q.95 = 80.

• Component 2:– Negligible group auditor prior; target

posterior g(x1;1, 100/4.74)

– Required likelihood function equals the target posterior

– Component materiality is T2 = Q.95 = 63.

Plan: (a) disaggregate group target posterior into component target posteriors, and (b) derive target likelihood functions from component posteriors and priors.

If the audit goes as planned, then

Conclude: (a) derive component posteriors from component priors and likelihood functions, and (b) aggregate the component posteriors to derive the group posterior.

0 20 40 60 80 100 120

Likelihood 2g(x2; 1, 100/4.74)

T2 = Q.95 = 63

0 20 40 60 80 100 120

GA Posterior 2g(x2; 1, 100/4.74)

Q.95 = 63

Group

Component 2

0 20 40 60 80 100 120

GA Prior 2Negligible

Component 1

0 20 40 60 80 100 120

GA Prior 1g(x1; 1, 100)

Q.95 = 300

0 20 40 60 80 100 120

Likelihood 1g(x1; 1, 100/3.74)

T1 = Q.95 = 80

0 20 40 60 80 100 120

GA Posterior Groupg(x1+x2; 2, 100/4.74)

T = Q.95 = 100

0 20 40 60 80 100 120

GA Posterior 1g(x1; 1, 100/4.74)

Q.95 = 63

Component Materiality—MACM Method (Glover, et al.)*Example with Group Materiality T = $400,000; 5 Components

• Look up multiple m in table provided by authors– For N = 5, m = 2.5

• Compute Maximum Aggregate Component Materiality as a multiple m of group materiality– MACM = m × T = 2.5 × $400,000 = $1,000,000

• Allocate MACM in proportion to relative square root of size

Limitations listed by the authors†

• The model does not consider the risk that multiple components might contain undetected misstatements that are immaterial at the component level but aggregate to an amount that is material at the group level.

• Model does not consider the need for redistribution of materiality between components due to statutory audits

• Model formula does not work if substantial variability in component size. [e.g., for N = 2, if Component 1 > 4 times Component 2.]

Also

• Model does not accommodate prior component assurance

• The model does not allow for optimizations (e.g., to minimize group audit cost)

• Group structure is not dealt with in the model

• The MACM tabulated values incorporate some unpublished judgmental factors.

* Glover, S., D. Prawitt, J. Liljegren, and W. Messier. 2008. Component materiality for group audits. Journal of Accountancy. (December). Available at: http://www.journalofaccountancy.com/Issues/2008/Dec/ComponentMaterialityforGroupAudits.htm. † ibid. Background on underlying probabilistic model. Online at http://www.journalofaccountancy.com/Web/ProbabilisticModel.htm.

SizeY √Y

Weight √Y

Component Materiality

Component 1 21,900,000 4,680 0.3094 309,385 Component 2 10,900,000 3,302 0.2183 218,268 Component 3 7,300,000 2,702 0.1786 178,624 Component 4 5,500,000 2,345 0.1550 155,045 Component 5 4,400,000 2,098 0.1387 138,677

50,000,000$ 15,126 1.0000 1,000,000$

Component Materiality MethodsGUAM (Stewart & Kinney)* versus MACM (Glover, et al.)†

• Two scenarios are illustrated for GUAM based on assumed component RMM.– For RMM = Max, the component priors are

negligible.

– For RMM = Low, exponential priors are incorporated—similar to earlier sampling example.

Advantages of GUAM Method

• Explicitly accommodates component priors

• Determines optimal solutions—to minimize group audit cost, for example

• Accommodates special requirements– Complex group structures

– Statutory audit requirements

– Different component audit cost structures

• Complete mathematical details and algorithms described in Stewart & Kinney paper.

* Stewart, T and W. Kinney. 2010. A general unified assurance and component materiality model for group audits. Paper in preparation.† Glover, S., D. Prawitt, J. Liljegren, and W. Messier. 2008. Component materiality for group audits. Journal of Accountancy. (December). Available at: http://www.journalofaccountancy.com/Issues/2008/Dec/ComponentMaterialityforGroupAudits.htm.

SizeY

GUAMRMM =Max

GUAMRMM =Low MACM

Component 1 21,900,000 180,441 270,854 309,385 Component 2 10,900,000 139,769 209,803 218,268 Component 3 7,300,000 120,177 180,394 178,624 Component 4 5,500,000 107,817 161,840 155,045 Component 5 4,400,000 98,871 148,413 138,677

50,000,000$ 647,075$ 971,304$ 1,000,000$

-

50,000

100,000

150,000

200,000

250,000

300,000

350,000

1 2 3 4 5

Clustering and FractionalizationFractionalization

• Sometimes a cluster of components can be treated as a virtual single entity and prior assurance determined for the cluster as a whole.

• If the prior distribution of the cluster random variable X = X1+X2+…+XL is gamma g(x;α,β) and the Xi are independent then fractional gamma priors g(xi;αi,β) can be imputed to the components where αi = α where the αi are proportional to component size.

• The fractional component priors convolute to the cluster prior.

x

g(x;½, β)

g(x;1, β)

If the prior for a cluster of two equal-sized components is g(x;1,β) then the imputed component priors are g(x1;½,β) and g(x2;½,β).

Applications

• Determining component materiality:– If cluster materiality is determined for the

cluster as a “virtual single component” then that component materiality can also be assigned to each component in the cluster

– This is a formal way to recognize that there is a point in the group structure below which component materiality needs no further reduction.

• Audit of shared-services entities:– Sometimes audit assurance is formed at the

service center level, but the reporting entities requires separate audits.

– This may be handled by imputing fractions of the service center prior to participating entities.

– Finally, for each entity the assurance “shortfall” can be determined and remedied through further audit procedures

Audit Assurance Modeling That Makes a Difference

FINI

TrevorStewart@verizon.net

28 april 2010- Symposium Statistical Auditing Last