Audit Assurance Modeling That Makes a
Difference
Trevor Stewart
Deloitte (Retired), Rutgers Business School, Vrije Universiteit
Slide 1
28 april 2010- Symposium Statistical Auditing
Assurance and Audit Risk in the ISAs
• ISAs require the auditor to obtain reasonable assurance about whether the
financial statements as a whole are free from material misstatement.
Reasonable assurance is a high level of assurance. It is obtained when the
auditor has obtained sufficient appropriate audit evidence to reduce audit
risk to an acceptably low level. (ISA 200, para 5).
• Audit Risk is the risk that the auditor expresses an inappropriate opinion
when the financial statements are materially misstated. Audit risk is a
function of the risks of material misstatement and detection risk. (ISA 200,
para 13(c))
• The Audit Risk Model (ARM) is commonly expressed as AR = RMM × DR.
– RMM = Risk of Material Misstatement
– RMM = IR × CR (Inherent Risk × Control Risk)
• As has been often noted, the ARM is a joint risk model and not a Bayesian
revision model and is not very useful.
• This presentation will focus on a more useful model and some examples of
its application.
Using Probability Distributions to Represent Audit
Assurance—a Simple Example
If the auditor
– Has no specific evidence of misstatement, and
– Believes that the probability that total misstatement X
exceeds x decreases exponentially as x increases
Then the auditor’s assurance can be described by
the exponential probability distribution
f ( x;  ) 
1

e x /  ; x  0,   0
Q.95 = 3.0β
x
Relationship to Errorless Monetary Unit Sampling (MUS) and the Poisson distribution
• If all the assurance comes from an errorless MUS applied to a population of size Y, then
the auditor’s (posterior) assurance can be represented by an exponential distribution with
parameter β equal to the sampling interval, i.e., β = Y/n.
• The 95th percentile is Q.95 = 3.0β where the factor 3.0 is also familiar from Poisson
distribution tables commonly used to evaluate samples
• The exponential and Poisson distributions are closely connected
– The likelihood function induced by an errorless Poisson-based MUS (k = 0, parameter x / β > 0) is effectively an
exponential distribution—a function of x > 0 with parameter β.
( x /  )0 e x / 
1
Poisson(k  0; x /  ) 
 e x /   e x /   f ( x;  ), for x  0; k  0,   0
0!

The Gamma Distribution
• Gammas provide intuitively plausible representations of auditors’ assurance
about total misstatement
– The exponential distribution, the simplest gamma, is often used (at least implicitly)
• Gammas can be used to represent judgmental prior assurance (RMM)
• MUS samples and evidentiallyequivalent other procedures
induce likelihood functions that
( x /  ) 1 e x / 
g ( x;  ,  ) 
, x  0;  ,   0
 ( )
are essentially gamma distributions
(normalized)
• The resulting posterior
assurance is also a gamma
distribution
• When accumulating evidence
and revising assurance it is
therefore possible to remain
within the gamma family of
distributions
α = 1 (exponential)
α= 2
α= 3
α= 4
x
0
1β
2β
3β
4β
5β
6β
7β
8β
Various gamma distributions with shape parameters
α = 1, 2, 3, 4 and scale parameter β. The 95th
percentiles are 3.0, 4.75, 6.30, 7.76 times β,
respectively. These are also the 95% Poisson MUS
evaluation factors for k = 0, 1, 2, 3 misstatements.
Sampling Example
• Materiality is $100
• RMM is Low and the AICPA Sampling
Guide (2001 ed.):
Prior g(x;1,100/1.0)
Likelihood g(x;1,100/2.0)
Posterior g(x;1,100/3.0)
– Equates this to a Reliability Factor
(Assurance Factor) of 1.0 (37% risk).
– Gives required Reliability Factor from
substantive procedures as 2.0 (14% risk).
• Thus AR = 37% × 14% = 5%, and,
logarithmically 1.0 + 2.0 = 3.0
• In Bayesian terms:*
– Auditor’s prior is the (exponential)
gamma g(x;1,100/1.0).
– The target posterior is g(x;1,100/3.0).
– The target likelihood function to be
induced by an errorless sample is
therefore g(x;1,100/2.0).
0
50
100
150
200
* Scale factor arithmetic per Bayes’ rule
• Prior scale parameter is βpri
• Likelihood scale parameter is βlik (sampling interval)
• Posterior scale parameter is βpos = (1/βpri + 1/βlik)–1
• Thus 100/3.0 = [1/(100/1.0)+1/(100/2.0)]–1
Sampling Example Continued…
• Materiality is $100
• MUS sample size, n = Y/(100/2.0); one (100%)
misstatement is found, k = 1.
• In Bayesian terms:*
– Auditor’s prior is the gamma g(x;1,100/1.0).
– The likelihood function induced by the sample is
g(x;2,100/2.0).
– The posterior is g(x;2,100/3.0).
– The achieved posterior 95th percentile is Q.95 = 4.75×(100/3.0)
= 158
– The factor 4.75 is the 95th percentile of the standard gamma
distribution (scale = 1) with shape 2 (= 1+k with k = 1). It can
also be obtained from the 95% Poisson sample evaluation
table with k = 1.
Prior g(x;1,100/1.0)
Likelihood g(x;2,100/2.0)
Posterior g(x;2,100/3.0)
0
50
100
150
200
250
300
* Bayes’ rule
• Prior distribution g(x;αpri,βpri)
• Poisson-induced likelihood function for k misstatements is proportional to g(x;1+k,βlik), where βlik is the
sampling interval
• Posterior distribution g(x;αpos,βpos) where αpos = αpri + k and βpos = (1/βpri + 1/βlik)–1
• Thus if the RMM prior is g(x;1,100/1.0) and a MUS sample is selected using a sampling interval of
100/2.0 reveals one misstatement (k = 1) so that the induced likelihood function is g(x;1+1,100/2.0), then
the posterior is g(x;1+1,100/3.0).
Aggregation Across a Group of Components
• If there are N components and the auditor’s assessment of total
misstatement is represented by random variables X1, X2,…, XN, then total
misstatement for the group is X = X1+X2+…+XN
• If the Xi are stochastically independent then the distribution of X is the
convolution of the distributions of the Xi.
• If the Xi are gamma-distributed then X is approximately gammadistributed for component distributions likely to be encountered in
auditing practice*
• X is exactly gamma-distributed if scale parameters are equal for all
components
– The shape parameter of the convolution equals the sum of the shape
parameters of the component distributions
– The scale parameter of the convolution equals scale parameter of the
component distributions.
* Stewart, T., L. Strijbosch, H. Moors, and P. van Batenburg. 2007. A simple approximation to the convolution of gamma distributions.
Discussion Paper, No. 2007-70. Tilburg University. Available at: http://arno.uvt.nl/show.cgi?fid=63976 .
Example of Aggregation:
Evaluation of Audit Results for Group
• Two equal components with auditor’s assurance represented by an exponential
distribution (α = 1) with scale β = 100/3.0.
– Component 95th percentile is Q.95 = (100/3.0)×3.0 = 100.
• Group assurance can be represented by a gamma distribution with shape α =
1+1 = 2 and scale β = 100/3.0
– Group 95th percentile is Q.95 = (100/3.0)×4.75 = 158
g(x1 ; 1, 100/3.0)
g(x2 ; 1, 100/3.0)
50
100
150
Q.80 = 100
Q.95 = 158
Q.95 = 100
Q.95 = 100
0
g(x1 +x2 ; 2, 100/3.0)
Aggregate
to
Conclude
200
0
50
100
150
200
0
50
100
150
200
• This is unsatisfactory if Group Materiality is $100 (only 80% assurance
achieved). Instead we would need achieve component posteriors g(xi;1,100/4.75)
– Then group 95th percentile is Q.95 = (100/4.75)×4.75 = 100.
Planning a Group Audit Requires Disaggregation
1.
2.
Group auditor starts with target group posterior (gamma) distribution, with
Group Materiality at 95th percentile.
Group auditor determines target (gamma) posteriors for the N components
that will convolute to the target group posterior.
– There is an infinite number of potential solutions (no unique deconvolution)
– Group auditor can choose an optimal set of component distributions—to
minimize group audit cost, for example
3.
Group auditor determines prior distributions for the N components
–
4.
Some or all may be “negligible” (uninformative)
A target likelihood function (a gamma distribution) is determined for each
component sufficient to transform the component prior into the target
component posterior.
–
–
Group auditor requires component auditors to “deliver” the likelihood function
Component Materiality is the 95th percentile of the component likelihood function
Group Audit
– The Group Auditor (GA) component
prior and target posterior are
g(x1;1, 100/1.0) and g(x1;1, 100/4.74),
respectively.
– The required likelihood function is
g(x1;1, 100/3.74)
– Component materiality is T1 = Q.95 = 80.
Q.95 = 300 
0
20
40
60
80 100 120
0
20
40
20
40
60
80 100 120
0
GA Posterior 1
g(x1; 1, 100/4.74)
20
40
60
20
40
60
80 100 120
80 100 120
Group
GA Posterior Group
g(x1+x2; 2, 100/4.74)
GA Posterior 2
g(x2; 1, 100/4.74)
T = Q.95 = 100
Q.95 = 63
Q.95 = 63
0
80 100 120
T2 = Q.95 = 63
T1 = Q.95 = 80
0
60
Likelihood 2
g(x2; 1, 100/4.74)
Likelihood 1
g(x1; 1, 100/3.74)
• Component 2:
– Negligible group auditor prior; target
posterior g(x1;1, 100/4.74)
– Required likelihood function equals the
target posterior
– Component materiality is T2 = Q.95 = 63.
GA Prior 2
Negligible
GA Prior 1
g(x1; 1, 100)
Planning and Concluding
An Example
• Group Materiality, T = 100;
Required Assurance = 95%
• Two equal components
• Component 1:
Component 2
Component 1
0
20
40
60
80 100 120
0
20
40
60
80 100 120
 Plan: (a) disaggregate group target posterior into component
target posteriors, and (b) derive target likelihood functions from
component posteriors and priors.
If the audit goes as planned, then
 Conclude: (a) derive component posteriors from component
priors and likelihood functions, and (b) aggregate the component
posteriors to derive the group posterior.
Component Materiality—MACM Method (Glover, et al.)*
Example with Group Materiality T = $400,000; 5 Components
• Look up multiple m in table provided by authors
– For N = 5, m = 2.5
• Compute Maximum Aggregate Component
Materiality as a multiple m of group materiality
– MACM = m × T = 2.5 × $400,000 = $1,000,000
• Allocate MACM in proportion to relative square
root of size
Component
Component
Component
Component
Component
1
2
3
4
5
Size
Y
21,900,000
10,900,000
7,300,000
5,500,000
4,400,000
$ 50,000,000
√Y
4,680
3,302
2,702
2,345
2,098
15,126
Weight Component
√Y
Materiality
0.3094
309,385
0.2183
218,268
0.1786
178,624
0.1550
155,045
0.1387
138,677
1.0000 $ 1,000,000
Limitations listed by the authors†
• The model does not consider the risk that
multiple components might contain
undetected misstatements that are immaterial
at the component level but aggregate to an
amount that is material at the group level.
• Model does not consider the need for
redistribution of materiality between
components due to statutory audits
• Model formula does not work if substantial
variability in component size. [e.g., for N = 2,
if Component 1 > 4 times Component 2.]
Also
• Model does not accommodate prior
component assurance
• The model does not allow for optimizations
(e.g., to minimize group audit cost)
• Group structure is not dealt with in the model
• The MACM tabulated values incorporate
some unpublished judgmental factors.
* Glover, S., D. Prawitt, J. Liljegren, and W. Messier. 2008. Component materiality for group audits. Journal of Accountancy. (December).
Available at: http://www.journalofaccountancy.com/Issues/2008/Dec/ComponentMaterialityforGroupAudits.htm.
† ibid. Background on underlying probabilistic model. Online at http://www.journalofaccountancy.com/Web/ProbabilisticModel.htm.
Component Materiality Methods
GUAM (Stewart & Kinney)* versus MACM (Glover, et al.)†
• Two scenarios are illustrated for GUAM
based on assumed component RMM.
– For RMM = Max, the component priors are
negligible.
– For RMM = Low, exponential priors are
incorporated—similar to earlier sampling example.
Component
Component
Component
Component
Component
Advantages of GUAM Method
• Explicitly accommodates component priors
• Determines optimal solutions—to minimize
group audit cost, for example
• Accommodates special requirements
– Complex group structures
– Statutory audit requirements
– Different component audit cost structures
1
2
3
4
5
Size
GUAM
GUAM
Y
RMM =Max RMM =Low
MACM
21,900,000
180,441
270,854
309,385
10,900,000
139,769
209,803
218,268
7,300,000
120,177
180,394
178,624
5,500,000
107,817
161,840
155,045
4,400,000
98,871
148,413
138,677
$ 50,000,000 $ 647,075 $ 971,304 $ 1,000,000
350,000
300,000
250,000
200,000
150,000
100,000
50,000
1
2
3
4
5
• Complete mathematical details and algorithms
described in Stewart & Kinney paper.
* Stewart, T and W. Kinney. 2010. A general unified assurance and component materiality model for group audits. Paper in preparation.
† Glover, S., D. Prawitt, J. Liljegren, and W. Messier. 2008. Component materiality for group audits. Journal of Accountancy. (December).
Available at: http://www.journalofaccountancy.com/Issues/2008/Dec/ComponentMaterialityforGroupAudits.htm.
Clustering and Fractionalization
Fractionalization
• Sometimes a cluster of components can
be treated as a virtual single entity and
prior assurance determined for the
cluster as a whole.
• If the prior distribution of the cluster
random variable X = X1+X2+…+XL is
gamma g(x;α,β) and the Xi are
independent then fractional gamma
priors g(xi;αi,β) can be imputed to the
components where αi = α where the αi
are proportional to component size.
• The fractional component priors
convolute to the cluster prior.
If the prior for a cluster
of two equal-sized
components is g(x;1,β)
then the imputed
component priors are
g(x1;½,β) and g(x2;½,β).
Applications
• Determining component materiality:
– If cluster materiality is determined for the
cluster as a “virtual single component” then
that component materiality can also be
assigned to each component in the cluster
– This is a formal way to recognize that there is
a point in the group structure below which
component materiality needs no further
reduction.
• Audit of shared-services entities:
– Sometimes audit assurance is formed at the
service center level, but the reporting entities
requires separate audits.
– This may be handled by imputing fractions of
the service center prior to participating
entities.
– Finally, for each entity the assurance
“shortfall” can be determined and remedied
through further audit procedures
g(x;½, β)
g(x;1, β)
x
Audit Assurance Modeling That Makes a
Difference
FINI
TrevorStewart@verizon.net
Last
28 april 2010- Symposium Statistical Auditing