In Part 1 of this 3-part series on statistical compliance auditing, I outline why enterprises should avoid ad-hoc and rule-of-thumb sampling methods and how they can improve the effectiveness and efficiency of their compliance audits by using a simple statistical sampling tool. I also outline why “bigger is not always bigger” when selecting the right sample-size for a compliance audit.
A lot of enterprises conduct compliance audits on their systems and processes over the slower holiday period. This is often a regulatory requirement in other cases a method of improving their performance in preparation for the new year.
Due to time and cost constraints, many enterprises choose to use a sample of activities and outputs to estimate their compliance performance rather than trying to check everything they do or produce. But determining how big to make this sample is often a challenge. Make it too small and audit accuracy will suffer. Make it too big and audit costs can blow out.
Despite the crucial role the size of the sample plays in determining the accuracy and cost of a compliance audit many enterprises continue to use ad-hoc and rule-of-thumb methods to make this important decision.
Pitfalls of ad-hoc and rule-of-thumb sampling
The biggest pitfall associated with ad-hoc and rule-of-thumb sampling is the accuracy of the audit result remains unknown. This often results in a lack of confidence in the audit results, suboptimal decision-making and worse still – no decision-making at all.
Many auditors try to compensate for their lack of sampling knowledge by selecting the biggest sample they can afford, but bigger is not always better. Many auditors that employ this approach end up spending more time and effort collecting and analysing compliance data than is necessary to accurately assess compliance levels.
A much more reliable and efficient approach to compliance auditing is to use statistical sampling methods.
Benefits of statistical sampling
Statistical sampling enables enterprises to;
- Specify the reliability (confidence and accuracy) of their audit results in advance
- Strike a desired balance between the accuracy and cost of their compliance audits
- Produce consistently reliable compliance results over time
- Quantifiably justify the time and effort needed to perform compliance audits
- Factor in a known degree of risk when reporting compliance results to key decision-makers
- Combine audit results from different auditors and assessors
- Defend their audit results to internal and external stakeholders; including regulators
Unfortunately, a lot of small to medium-sized enterprises are failing to take advantage of the above benefits because they believe they don’t have the necessary in-house expertise to use them, but in many cases, they are mistaken; as I outlined below.
Statistical sampling made easy
Anyone with the help of a suitable online sampling tool and a basic understanding of some simple statistical terms and principles can take advantage of these methods to improve the effectiveness and efficiency of their compliance audits.
There is a wide variety of sampling tools available on the web, most are free to use and download; including the sampling tool available on the Compliance Master website, here. Just make sure the tool you select is designed specifically for the type of compliance audit you’re intending to conduct i.e. attribute or variable.
If you would like to learn more about how to use a statistical sampling tool to optimise your enterprise’s compliance audits make sure you check out Part 2 in my 3-part series on statistical sampling here.