3
UPDATE on Computer Audit, Control and Security AN ELECTRONIC SAMPLING TOOL KIT? L.G. Westwood Introduction Internal auditors have, for many years acknowledged the place of statistical sampling as a valuable tool for assisting them in their primary role-being of service to management. It is no longer considered good enough to undertake all tests solely based on judgement. At best they only provide meagre examples of an unsatisfactory situation. There is no reliable indication of extent. Increasingly, managers are questioning the validity of some sample tests on the grounds of: o sufficiency; o interpretation; o bias. This is not to say that every programme test should be carried out on a scientific basis. Clearly, that would not be possible, given the normal resource levels allocated to internal audit. However, some audits so obviously lend themselves to a scientific approach from the outset, or 'home in' on significant problem areas, that one wonders why statistical sampling was not employed. Barriers to successful usage of statistical sampling After many years of lecturing on this subject people have consistently outlined their fears to me about using statistical sampling, even though they regard it as a conceptually appropriate audit tool. The list runs as follows: o the mathematics over-complicate the subject, particu- larly where formulae have to be calculated frequently or repetitively; o tables are cumbersome and often inadequate; the exact population size for example may not be available causing the requirement to interpolate; o researching the population to be sampled (fileanalysis) isboth time-consuming and difficult, usually requiring a computer auditor's time too; o choosing an appropriate statistical sampling plan from the many available, is arduous; o the compilation of specific working papers is onerous, particularly when late changes dictate recalculations; o there are worries regarding the need to relate the exact working of a sampling plan to management. 14 The potential of the computer Thinking of typical features of computing, you wiII soon realise that most of the problem areas listed above can be readily catered for. In addition, interaction with large mainframe data provides that extra little bonus for the serious statistical sampler. Yet no dramatic increase in the use of statistical sampling by internal, or external auditors for that matter, has occurred. One asks why this is so? Most organisations are, at least, using very capable mainframe configurations with software facilities to: o analyse and interrogate large data files, including databases, in order to ascertain relevant populations or population strata for meaningful sampling; o picksample items quickly, using demonstrable selection techniques such as interval sampling or random number generation; o rapidly calculate and manipulate figures according to prescribed procedural steps and chosen risk parameters (confidence level and sampling error). The answer is simple, but did not really become apparent until the advent of the micro-computer. Prior to the prolific escalation of desk top computing, including widespread terminal access and mini-networks, too much restriction was held over the generalist auditor. Either specialist programmes would have to be written or the computer auditor's already precious time was required to enable statistical sampling to be done. It is not surprising, therefore, that little encouragement existed and the concept was further ignored, even though the mechanics had been made extremely viable. A further factor causing suppression of the technique was the general lack of knowledge or ability to retain the essentials of appropriate sampling plans, if some time had passed since they were last utilised. There was also the feeling that mainframe time was too expensive to allow generalist auditors statistical sampling facilities anyway, except, of course, for the most essential of cases. Then came the very cheap but sophisticated IBM PC compatibles, including portables. A marvellous breakthrough lu computing such that all could have the opportunity to achieve computer literacy and taste the variety of fruits obtainable from the electronic orchard of micro-software. For the generalist auditor, this has meant a substantial refurbishment of his toolbag, so that it is almost an everyday occurrence now, to find planning, reporting, flowcharting, timekeeping and indeed audit manuals kept and used on hard or floppy disk. What a tremendous environment to promote proper audit involvement with statistical sampling! Volume 1 Number 2 September/October 1988

An electronic sampling tool kit?

Embed Size (px)

Citation preview

Page 1: An electronic sampling tool kit?

UPDATE on Computer Audit, Control and Security

AN ELECTRONIC SAMPLING TOOL KIT?

L.G. Westwood

Introduction

Internal auditors have, for many years acknowledged theplace of statistical sampling as a valuable tool for assistingthem in their primary role-being of service to management.It is no longer considered good enough to undertake all testssolely based on judgement. At best they only provide meagreexamples of an unsatisfactory situation. There is no reliableindication of extent. Increasingly, managers are questioningthe validity of some sample tests on the grounds of:

o sufficiency;

o interpretation;

o bias.

This is not to say that every programme test should becarried out on a scientific basis. Clearly, that would not bepossible, given the normal resource levels allocated tointernal audit. However, some audits so obviously lendthemselves to a scientific approach from the outset, or 'homein' on significant problem areas, that one wonders whystatistical sampling was not employed.

Barriers to successful usage of statistical sampling

After many years of lecturing on this subject people haveconsistently outlined their fears to me about using statisticalsampling, even though they regard it as a conceptuallyappropriate audit tool. The list runs as follows:

o the mathematics over-complicate the subject, particu­larly where formulae have to be calculated frequentlyor repetitively;

o tables are cumbersome and often inadequate; theexact population size for example may not be availablecausing the requirement to interpolate;

o researching the population to be sampled (fileanalysis)isboth time-consuming and difficult, usually requiringa computer auditor's time too;

o choosing an appropriate statistical sampling plan fromthe many available, is arduous;

o the compilation of specific working papers is onerous,particularly when late changes dictate recalculations;

o there are worries regarding the need to relate the exactworking of a sampling plan to management.

14

The potential of the computer

Thinking of typical features of computing, you wiII soonrealise that most of the problem areas listed above can bereadily catered for. In addition, interaction with largemainframe data provides that extra little bonus for theserious statistical sampler. Yet no dramatic increase in theuse of statistical sampling by internal, or external auditorsfor that matter, has occurred. One asks why this is so? Mostorganisations are, at least, using very capable mainframeconfigurations with software facilities to:

o analyse and interrogate large data files, includingdatabases, in order to ascertain relevant populations orpopulation strata for meaningful sampling;

o picksample items quickly, using demonstrable selectiontechniques such as interval sampling or randomnumber generation;

o rapidly calculate and manipulate figures according toprescribed procedural steps and chosen risk parameters(confidence level and sampling error).

The answer is simple, but did not really become apparentuntil the advent of the micro-computer. Prior to the prolificescalation of desk top computing, including widespreadterminal access and mini-networks, too much restrictionwas held over the generalist auditor. Either specialistprogrammes would have to be written or the computerauditor's already precious time was required to enablestatistical sampling to be done. It is not surprising, therefore,that little encouragement existed and the concept wasfurther ignored, even though the mechanics had been madeextremely viable.

A further factor causing suppression of the technique wasthe general lack of knowledge or ability to retain theessentials of appropriate sampling plans, if some time hadpassed since they were last utilised. There was also thefeeling that mainframe time was too expensive to allowgeneralist auditors statistical sampling facilities anyway,except, of course, for the most essential of cases.

Then came the very cheap but sophisticated IBM PCcompatibles, including portables. A marvellous breakthroughlu computing such that all could have the opportunity toachieve computer literacy and taste the variety of fruitsobtainable from the electronic orchard of micro-software.For the generalist auditor, this has meant a substantialrefurbishment of his toolbag, so that it is almost an everydayoccurrence now, to find planning, reporting, flowcharting,timekeeping and indeed audit manuals kept and used onhard or floppy disk. What a tremendous environment topromote proper audit involvement with statistical sampling!

Volume 1 Number 2 September/October 1988

Page 2: An electronic sampling tool kit?

UPDATE on Computer Audit, Control and Security

What is statistical sampling and what can it do?

Before going any further, it is important to attempt to definestatistical sampling in the context of internal audit testingrequirements. It is really no more than:

The random selection of a scientifically adequatesample of transactions from the entire number oftransactions, so as to make analyses and mathematicalprojections, within limits ofrisk, such that conclusionscan be reasonably related to the entire number ofitems from which the sample was drawn.

Obviously, this can benefit auditors in a number of ways:

o where error, fraud or maladministration is known toexist but knowledge of the extent of this existence isrequired, either in percentage or value terms;

o where knowledge is required about a population butlimited resources are available in order to ascertain it;

o where audit findings are likely to be challenged asbeing biased;

o where a whole check is likely to achieve unrealisticresults because of the boredom factor induced by greatvolume.

It is a common mistake to think that a mathematicalapproach isjust a way of eradicating an auditor's skill andjudgement. The very opposite is the case. Skill and judgementare the very factors depended upon in order to set reliabilitylevels and risk parameters. These must be decided upon bythe auditor before commencement with statistical sampling,as only the auditor can know the objectives ofthe test and theneeds and reactions that management might have. Therewill be no harm in consulting occasionally with managementon these matters, but much will depend upon volumes,complexities, resources, timescales, sensitivityand, of course,objectives. Statistical sampling, therefore, is not 'moronicauditing'!Skill and judgement relating to risk parameters all soundsterribly complicated and off-putting; but really, the basicstatistical projection theory is simplicity itself. It is thecommonsense procedure of taking a few items from many,to determine an average, so that it can be 'grossed up' interms of the lot. However, mathematics is needed to ensurethe right sample size to encapture a reliable average for thisprocess and to qualify the accuracy of the final estimation,and also to say how sure the sampler is about this qualifiedestimation. This really boils down to stating a confidence leuel(e.g. 95%confidence) regarding something about the entirepopulation to a precision/sampling error (e.g. plus or minussome degree of accuracy). A typical conclusion fromstatistical sampling activity might well be:

o I am 95% confident that the population figure is£200,000 give or take £5,000.

Another might be:

o I am 95% confident that the rate of non-compliancewith a key systems control is 35% give or take 3%.

Volume 1 Number 2 September/October 1988

These two statements tend to further simplify the conceptby indicating that there are basically only two types ofstatistical sampling plan:

COMPLIANCE PLANS-which test for error ratepercentage of non-compliance with key controls in asystem;

SUBSTANTIVE PLANS-which are used to verify,within limits, the product of systems controls. Thisproduct is usually made up of individual variableamounts providing a total in length, weight, volume,capacity or money.

However, there are many names for the different variationsof these two types of statistical sampling plan and theirdescription and procedures are well beyond an article ofthislength.

Thinking about these features it is clear that there areadvantages in having such estimation procedures for auditors:

o results are more objective and defensible;

o the proper sample size (i.e, workload) is achieved;

o as well as providing examples of evidence, projectionsabout the entirety can also be provided;

o the image of the auditor is uplifted and a feeling ofbeing more positive in service to management isgenerated.

There are, of course, some drawbacks:

o statistical sampling can confuse and be misinterpreted;

o in some circumstances, it can be time-consuming;

o there can be problems in researching, accessing andauditing large populations;

o there is confusion as to which is the best plan to usegiven certain audit objectives.

This brings us back to the point of electronic sampling onmicro-computers,

Micro-computer facilities

If sample sizes are to be kept reasonable, large populationswill have to be stratified. There are excellent mainframesoftware facilities for this which would mean completeviability for downloading auditable mainframe data on tomicro-computer disks (floppy or hard disk). There will belimited capacity of these disks, but certainly enough to copewith the fragmentation of data in this way.

Taking this a stage further, it is also conceivable that randomselection of stipulated sample sizes can also be undertakenon the mainframe for downloading to a micro.

Given that the micro-computer could calculate sample sizesafter input of risk parameters relating to the population dataand audit objectives, and recalculate projection accuracy

15

Page 3: An electronic sampling tool kit?

UPDATE on Computer Aud it, Control and Security

(AUDITOR PRODUCTIV'ITY )after sampling has taken place, then such a concept wouldform the basis of a statistical sampling facility which enablesa tremendous enhancement to the testing capabilities of thegeneralist auditor. This would free the computer auditor formore appropriate work. At most the computer specialistshould only be required to assist in the downloading of data .

All that may be missing when such a stage is reached, is thewill to learn and the confidence to get involved with realdata.

Embellishments

Properly constructed, the sampling software itself should beconducive to creating enthusiasm amongst its potentialusers. It should be very 'user friendly' in a machineoperating sense, but also, it should be 'sampling friendly' ina way that it can prompt the sampler steadily and carefullythrough any chosen plan or selection technique, thuseradicating 'fear'.

It would be almost ideal if a micro-based statistical samplingpackage could have some tutorial facility embedded, with anoption to practise anything learned on safe, demonstrationdata which could be held on-board. A text tutorial would notonly assist the auditor in sampling, but would also provide ameans of explanation to questioning managers who aresceptical of any concept or plan which has been used.

It would also be desirable to have 'what if facilities. In theevent of a projection being unacceptable, this would allow a

changed projection after new ris-k parameters have beeninserted.

One last thought might be given to the need to save samplesto disk in order to work on them at later dates or so as to havethe ability to pass samples between statistical samplingplans. For example, it may be that as a result of a statisticalcompliance test, the auditor wishes to make some assess­ment of the monetary consequences of non-compliance. Ifthis were the case, the compliance sample could be retainedand passed into a substantive plan where it may requireextension or 'cropping' according to the rules of thatparticular plan.

Conclusions

This article has addressed the special needs of the generalistauditor in using a complicated, Jut crucial mechanism fortesting, known as stat istical or scientific sampling. With theenhancement of computing facilities into desk-top/Iap-topmicro -computers, the generalist is given a marvellousopportunity to take hold of organisational data, 'off-line' andwork on it, without fear of corruption. This undoubtedlyfacilitates the employment of statistical sample testing.

Regarding the concept of statistical sampling, I am in nodoubt that the need is there. The technology is certainlythere! Auditors need to embrace what amounts to an'electronic sampling tool-kit' and use it to provide moremeaningful interpretations from sample tests-as a serviceto management!

L G Westwood FCCA, IPFA,FilA is a freelance Financial ManagementConsultant, engaged extensively in financial training by a variety oforganisations and educational establishments. He also acts as anInternal Audit Consultant, specialising in audit techniques.

16

We will be pleased to receiveNEWS, VIEWS, LETTERS

ANDDETAILS OF FORTHCOMING

COURSES AND CONFERENCESfor publication

Volume 1 Number 2 September/October 1988


"Entwurzelt" Electronic Press Kit

"Entwurzelt" Electronic Press Kit

Documents
Ghostkick Electronic Press Kit 2012

Ghostkick Electronic Press Kit 2012

Documents
Electronic Press Release Kit

Electronic Press Release Kit

Documents
Consumer Brand Sampling Kit - GalleryBoard Packaging

Consumer Brand Sampling Kit - GalleryBoard Packaging

Documents
Electronic Musician Media Kit

Electronic Musician Media Kit

Documents
Misty love (Electronic Press Kit)

Misty love (Electronic Press Kit)

Documents
Gas Powered Core Sampling Kit - Geotech Env

Gas Powered Core Sampling Kit - Geotech Env

Documents
JMCC Electronic Press Kit

JMCC Electronic Press Kit

Spiritual
Download Electronic Press Kit

Download Electronic Press Kit

Documents
Media Kit - Traditional & Electronic

Media Kit - Traditional & Electronic

Documents
The Electronic Hobby Kit

The Electronic Hobby Kit

Education
Bianca's Electronic Press Kit

Bianca's Electronic Press Kit

Documents
Electronic press kit 06.25.2014

Electronic press kit 06.25.2014

Marketing
Electronic Drum Kit - Simmons

Electronic Drum Kit - Simmons

Documents
SILO Electronic Press Kit

SILO Electronic Press Kit

Documents
SK-M17P Method 17 Plus (Rigid & Flexible) Sampling Kit€¦ · The Apex Instruments Method 17 Sampling Kit is a convenient package for sampling particulate matter. Multiple fitting

SK-M17P Method 17 Plus (Rigid & Flexible) Sampling Kit€¦ · The Apex Instruments Method 17 Sampling Kit is a convenient package for sampling particulate matter. Multiple fitting

Documents
Carlín Electronic Press Kit

Carlín Electronic Press Kit

Documents
SUU Electronic Press Kit

SUU Electronic Press Kit

Documents
Clinger Electronic Press Kit

Clinger Electronic Press Kit

Documents
Electronic Press Kit (EPK)

Electronic Press Kit (EPK)

Documents
Electronic Sales Kit

Electronic Sales Kit

Documents
Electronic Tool Kit

Electronic Tool Kit

Documents
Tuxton Electronic Press Kit

Tuxton Electronic Press Kit

Documents
k.s. Electronic Press Kit

k.s. Electronic Press Kit

Documents
The Nest, Electronic Press Kit

The Nest, Electronic Press Kit

Documents
Nu Entertainment - Electronic Press Kit

Nu Entertainment - Electronic Press Kit

Documents
Limelight Electronic Press Kit 2013

Limelight Electronic Press Kit 2013

Documents
Electronic Press Kit

Electronic Press Kit

Documents
Electronic Fetal Monitoring (EFM), Fetal Blood Sampling (FBS) … · 2020-02-20 · Electronic Fetal Monitoring (EFM), Fetal Blood Sampling (FBS) and Paired Cord Sampling Clinical

Electronic Fetal Monitoring (EFM), Fetal Blood Sampling (FBS) … · 2020-02-20 · Electronic Fetal Monitoring (EFM), Fetal Blood Sampling (FBS) and Paired Cord Sampling Clinical

Documents
Digital Artistry Electronic Press Kit

Digital Artistry Electronic Press Kit

Documents