Look Up Tables
CCH Audit Automation evaluates risk, and obtains other information, by reference to a series of look up tables. These tables are user definable and hence allow the system to cater for different risk models and simulate the calculation of risk as it may have been done manually in the past.
Note: Audit Automation uses these look up tables in a slightly different way when the ISA model is in use. These differences are identified separately for each look up table.
To edit the tables, load the pack for editing and click on the Look up tables option within Risk Model in the Master pack index. The system will display the Look up tables dialog that contains a tabbed notebook holding 6 pages.
Look up table dialog
Each page of the notebook contains a table as described in the name on the tab. To move to a page click on the tab and it will be brought to the front.
To edit the information shown in a table, position the mouse pointer in a field on the table and click the left mouse button. You may then move from cell to cell using the arrow keys, overwrite the contents of a cell by typing, or edit the contents of the cell by pressing <Enter> or <F2>.
Printing a table
Each page of the notebook contains a [Print] button displaying an icon of a printer. If you wish to print a copy of the table, click on this button and the system will ask you to confirm that you would like a copy of the dialog printed. If you select [Yes] a copy of the dialog will be printed as it currently appears on the screen.
Band names
It is possible to have Audit Automation print names for the risk levels selected in each area, rather than the percentage or points score selected from the table. On each page of the dialog where the table will result in the selection of a risk level included in the Sample Sizes report, a [Band names] button appears.
To enter or edit the names associated with each band of risk, click on this button and the Band names dialog will appear. This contains a table of either band limits and the name associated therewith, or reliance levels and the name for the level. The information is shown in a grid that can be edited as described above.
Band names dialog
When you have finished editing the bands and names, select [OK] to save the changes or [Cancel] to discard the amendments that you have made.
Risk level table
This page contains the table that is used to lookup general inherent risk based on the answers to the inherent risk questions.
Risk level table
The risk model used by the computer assumes that the higher the points scored when the inherent risk checklist is answered, the higher the audit risk involved with the client. The maximum audit risk is level 1 and the minimum is 5.
The matrix allows you to enter the total points score above which a client falls into the next risk level, as well as tests that can be applied to the total of each general risk area as an alternative criterion for a client falling into a higher risk level.
For example, your risk model may indicate that if one risk area has a score of more than 16, or two risk areas have a score of more than 9, or the overall total of all risk areas is greater than 21, the client is allocated a risk level of 2.
Up to three limits, and the number of areas to exceed the limits, can be entered, together with an overall limit.
The edit field Description of risk for override dialog, provides a text line that you can specify to appear next to the calculated level of risk in the override dialog that is presented to the user after the risk elements have been edited for a client.
ISA Model Variations: There is no change to the way this table is used when the ISA model is in use.
Specific risk table
Specific risk table
The specific risk table allows you to enter the percentage risk level, or score in points, that is deemed to arise from a combination of general risk for the client and specific risk within each audit area. The general risk levels are fixed at 1 - 5 but the specific risk scores can be changed to indicate what column of the matrix is to be picked up if a certain score is exceeded. The specific risk scores can range from negative to positive scores, however, it should be noted that the scores must be entered in ascending order.
If you would like a narrative used to display risk levels, rather than percentages, click on [Band names] and enter in the Band to column the upper limit of the percentage for the band and in the Name column the name to be associated with that band. For example, in the table shown above, the narrative used may be as follows:
Band to Name
25 Very low
50 Low
75 Medium
100 High
ISA Model Variations
Only the first column is used to look up the level of risk, expressed as a percentage associated with the overall risk settings for each area/assertion combination. The top figure is associated with the highest level of risk, the fifth with no risk, the last figure is not used. The name associated with each of the 5 levels is drawn from the [Band names] button.
For the band names, Band to is ignored. If you wish to restrict the options to less than 5, just repeat the name of the last option and the system will take the last unique name to be the minimum setting i.e. use the same name for band 4 and 5.
Non-sampling detection risk table
Non-sampling detection table
The non-sampling detection risk table allows you to enter the audit risk that is deemed to arise at each level of reliance on non-sampling auditing methods.
The model assumes that a reliance level of 1 indicates that the maximum reliance is being placed on these methods, whereas 5 indicates no reliance at all. In addition, where the firm prepares the client’s trial balance and accounts, this fact provides non-sampling audit comfort, as any material errors are likely to have been picked up during the work carried out. The non-sampling detection risk matrix therefore provides the means of entering the audit risk, expressed as a percentage or score in points, which is associated with the audit area, for each level of reliance on non-sampling methods and the combination of this with whether or not the firm prepares the TB and accounts.
Note: in our standard packs the increased audit comfort taken as a result of the firm preparing the nominal ledger and accounts is taken into account within control risk. Hence the table shown above does not differentiate the level of risk in the two columns.
If you would like a narrative used to display risk levels, rather than percentages, click on [Band names] and enter in the Band to column the upper limit of the percentage for the band and in the Name column the name to be associated with that band. For example, in the table shown above, the narrative used may be as follows:
Band to Name
12 Minimal
25 Very low
50 Low
75 Medium
100 High
Control risk table
Control Risk Table
When carrying out risk analysis, the user is either invited to enter a reliance level for control risk, or he is asked to answer the control risk questions which are set for the area. When reliance is being placed on internal controls, further comfort is obtained that the accounts do not contain a material error. The level of reliance runs from 1 for maximum reliance down to 5 for no reliance at all, and the factor is the percentage audit risk, or score in points, that exists at each reliance level. Where control risk questions have been set up, the answers provided by the user will result in a points score for the audit area. The system will compare this points score with the above table and select the appropriate reliance level and risk factor. If no questions have been set up, or the client is set for user entered reliance, the user will enter the reliance level manually and from that the system will determine the risk factor.
The sample column can hold the number of items that are to be tested at each level of reliance to determine if the control is being operated. The sample size entered here can be applied to any test that is designed to test the controls in question.
Control Environment
Two scores can be entered here, representing the score above which the control level moves from Strong to Neutral and then to Weak. If you only wish to have 2 levels, Strong and Weak set both figures to be the same.
Where the client is set to allow reliance to be placed on proprietorial controls, the system will present the appropriate questions, see page 69, and arrive at a total points score based on the answers given. This points score is then compared with the scores entered in the Control environment group.
If you would like a narrative used to display risk levels, rather than percentages, click on [Band names] and enter in the name to be associated with each level of reliance. For example, in the table shown above, the narrative used may be as follows:
Band to Name
1 Low
2 Medium
3 High
4 High
5 High
ISA Model Variations
This operates in the same way as the Specific Risk table, the top band being the audit risk associated with high reliance, down to the fifth with no reliance.
Sample size table
The risk model used by Audit Automation is explained in the reference manual. The ultimate result of the various percentages or scores which are entered for:
- Inherent risk
- Non-sampling detection risk
- Control risk
are multiplied together, or deducted from a base score, to arrive at the overall audit risk which exists before any detailed sampling is carried out. The sample size table allows you to enter the number of items to be selected at each level of audit risk, calculated on the above basis.
In our standard model, the sample size entered within the table is such that it reduces the overall audit risk to 5% or less. For example, assume that the total audit risk, before sampling, was 10%. To reduce this to 5% the sample taken needs to provide 50% confidence that any material errors will be discovered, i.e. 10% x 50% = 5%. Statistical sampling tables will show us the sample size which gives a 50% confidence level, and this is therefore the sample size which would be used.
The sample size table therefore allows you to enter, within the band limit column, the upper level of risk for each row and, within the sample size column, the sample size which is required at that level of risk.
In some cases, it is appropriate to use interval sampling, or a stratified sample, as a method of selecting samples to test. The final column in the sample matrix is therefore the sample interval factor, which can be multiplied by the materiality factor of each audit area to arrive at a sample interval, or used in a stratification calculation. The lower the audit risk, the higher the factor and therefore the lower the sample which will be extracted.
The columns between the band limit and the sample size allow the user to insert the band limits that apply to the sample size where small populations are in existence. Where small populations are being tested, the same sample size will give a higher confidence level that any material errors will be discovered and it is therefore possible to increase the audit risk band limit associated with the same sample size in these cases.
Sample size table
If you would like a narrative used to display risk levels, rather than percentages, click on [Band names] and enter in the name to be associated with each level of audit risk shown in the Band to column.
If the checkbox Use look up table in the Master audit pack settings dialog is not ticked, the system will ignore the sample interval column in the above table and use the calculated audit risk figure, scaled if appropriate, as the risk factor for each audit area.
ISA Model Variations
When the system calculates residual risk, it compares the percentage arrived at with the Band limit column in this table. This results in the selection of a name to display in the area risk grid and also the selection of a sample size and interval. The small sample size columns are ignored. If the user manually changes the residual risk level, the factors and sample sizes shown in the rows with the name shown in red are used.
Charge rate table
The system stores a table of up to thirty charge rates, identified by grades of 1 to 30. The figures entered are the hourly rate charged for each grade.
Reference is made to this table when carrying out budgeting for the audit. Each member of staff is allocated a charging grade, and the system multiples the number of hours allocated for the member of staff by the charge rate stored in this table.
Charge rate table
Enter the rate for each grade, using the scroll bar to display grades above grade 13.
Charge rates import
The facility is provided to allow you to import the charge rate table from another master pack and hence makes it easier to install new masters as you can set the master rates in one and then import them to other new packs. To use the new facility, click on the [Import charge rates] button and select the master pack from which they are to be imported. Click on [OK] and the chart will be updated.