Determining operation of a process with sampling
When auditors want to determine the operation of an IT or business process, they often take a partial observation. There are numerous examples on the Internet of tables that indicate the minimum number of items to be assessed, depending on how often a process is performed in a year (see, for example, the Control Framework Horizontal Supervision of Healthcare, accessed Nov. 24, 2020). A partial observation is not a sample. Because fewer items are usually checked with a partial observation, the expressiveness is much lower than what is possible with a sample. This article explains how a statistical sample could be used to make a statement about the operation of a process. It discusses exactly what a sample is, what steps it consists of, and what alternatives are available.
What are samples?
Sampling involves checking a limited number of items. The number must be large enough to make a statistically valid statement about the entire population. In a money sample, that population is made up of the amounts reported in the financial statements. In an item sample, the population consists of the number of times an event has occurred, such as how often a process was performed in a period. This article deals exclusively with the item sample. It is then checked whether a control measure has been effective in all cases examined, for example, whether the impact of a change request has been correctly determined.
The population consists of a set of elements whose characteristics are determined. In the example mentioned earlier, the elements are the set of change requests and determining the impact is a characteristic. In a sample, a judgment is made as to whether a characteristic of an element is right or wrong and, based on this, statistically tested to determine whether the number of errors in the population is below a predetermined limit. Statisticians then refer to this as a Bernoulli experiment. That statement is made with a certain reliability. Inverse to reliability is the probability that the judgment is wrong across the entire population. Usual reliability is 95%. That means that in at most 5% of cases, the auditor gives an unqualified opinion incorrectly. Furthermore, the opinion is associated with a certain accuracy, or estimate of the number of errors in the population. Usually, at most 1% errors in the population is acceptable. Auditors speak of materiality instead of accuracy.
Conducting a sample is bound by a number of ground rules. First, it must be clear which elements belong to the population and which do not. Second, there must be no misunderstanding of how characteristics are measured and when they are labeled "good. Third, elements are selected randomly and independently of the characteristics to check. Finally, an element should not be approved until sufficient information has been collected to conclude that all criteria have been met.
Roadmap
Curious about the six steps of good sampling? Download the full article here.
By: Wout Schiphorst, interim consultant through ARC People
Source: auditinfo.com
This text is made available under the Creative Commons license Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0). The full text of the license can be read at: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.nl
