A Pocket Guide to Risk Mathematics: Key Concepts Every Auditor Should Know


This uniquely accessible, breakthrough book lets auditors grasp the thinking behind the mathematical approach to risk without doing the mathematics.

Risk control expert and former Big 4 auditor, Matthew Leitch, takes the reader gently but quickly through the key concepts, explaining mistakes organizations often make and how auditors can find them.

Spend a few minutes every day reading this conveniently pocket sized book and you will soon transform your understanding of this highly topical area and be in demand for interesting reviews with risk at their heart.

"I was really excited by this book - and I am not a mathematician. With my basic understanding of business statistics and business risk management I was able to follow the arguments easily and pick up the jargon of a discipline akin to my own but not my own."
Dr Sarah Blackburn, President at the Institute of Internal Auditors - UK and Ireland

Start here.

Good choice!

This book.

How this book works.

The myth of mathematical clarity.

The myths of quantification.

The auditor’s mission.

Auditing simple risk assessments.

1 Probabilities.

2 Probabilistic forecaster.

3 Calibration (also known as reliability).

4 Resolution.

5 Proper score function.

6 Audit point: Judging probabilities.

7 Probability interpretations.

8 Degree of belief.

9 Situation (also known as an experiment).

10 Long run relative frequency.

11 Degree of belief about long run relative frequency.

12 Degree of belief about an outcome.

13 Audit point: Mismatched interpretations of probability.

14 Audit point: Ignoring uncertainty about probabilities.

15 Audit point: Not using data to illuminate probabilities.

16 Outcome space (also known as sample space, or possibility space).

17 Audit point: Unspecified situations.

18 Outcomes represented without numbers.

19 Outcomes represented with numbers.

20 Random variable.

21 Event.

22 Audit point: Events with unspecified boundaries.

23 Audit point: Missing ranges.

24 Audit point: Top 10 risk reporting.

25 Probability of an outcome.

26 Probability of an event.

27 Probability measure (also known as probability distribution, probability function, or even probability distribution function).

28 Conditional probabilities.

29 Discrete random variables.

30 Continuous random variables.

31 Mixed random variables (also known as mixed discrete-continuous random variables).

32 Audit point: Ignoring mixed random variables.

33 Cumulative probability distribution function.

34 Audit point: Ignoring impact spread.

35 Audit point: Confusing money and utility.

36 Probability mass function.

37 Probability density function.

38 Sharpness.

39 Risk.

40 Mean value of a probability distribution (also known as the expected value).

41 Audit point: Excessive focus on expected values.

42 Audit point: Misunderstanding ‘expected’.

43 Audit point: Avoiding impossible provisions.

44 Audit point: Probability impact matrix numbers.

45 Variance.

46 Standard deviation.

47 Semi-variance.

48 Downside probability.

49 Lower partial moment.

50 Value at risk (VaR).

51 Audit point: Probability times impact.

Some types of probability distribution.

52 Discrete uniform distribution.

53 Zipf distribution.

54 Audit point: Benford’s law.

55 Non-parametric distributions.

56 Analytical expression.

57 Closed form (also known as a closed formula or explicit formula).

58 Categorical distribution.

59 Bernoulli distribution.

60 Binomial distribution.

61 Poisson distribution.

62 Multinomial distribution.

63 Continuous uniform distribution.

64 Pareto distribution and power law distribution.

65 Triangular distribution.

66 Normal distribution (also known as the Gaussian distribution).

67 Audit point: Normality tests.

68 Non-parametric continuous distributions.

69 Audit point: Multi-modal distributions.

70 Lognormal distribution.

71 Audit point: Thin tails.

72 Joint distribution.

73 Joint normal distribution.

74 Beta distribution.

Auditing the design of business prediction models.

75 Process (also known as a system).

76 Population.

77 Mathematical model.

78 Audit point: Mixing models and registers.

79 Probabilistic models (also known as stochastic models or statistical models).

80 Model structure.

81 Audit point: Lost assumptions.

82 Prediction formulae.

83 Simulations.

84 Optimization.

85 Model inputs.

86 Prediction formula structure.

87 Numerical equation solving.

88 Prediction algorithm.

89 Prediction errors.

90 Model uncertainty.

91 Audit point: Ignoring model uncertainty.

92 Measurement uncertainty.

93 Audit point: Ignoring measurement uncertainty.

94 Audit point: Best guess forecasts.

95 Prediction intervals.

96 Propagating uncertainty.

97 Audit point: The flaw of averages.

98 Random.

99 Theoretically random.

100 Real life random.

101 Audit point: Fooled by randomness (1).

102 Audit point: Fooled by randomness (2).

103 Pseudo random number generation.

104 Monte Carlo simulation.

105 Audit point: Ignoring real options.

106 Tornado diagram.

107 Audit point: Guessing impact.

108 Conditional dependence and independence.

109 Correlation (also known as linear correlation).

110 Copulas.

111 Resampling.

112 Causal modelling.

113 Latin hypercube.

114 Regression.

115 Dynamic models.

116 Moving average.

Auditing model fitting and validation.

117 Exhaustive, mutually exclusive hypotheses.

118 Probabilities applied to alternative hypotheses.

119 Combining evidence.

120 Prior probabilities.

121 Posterior probabilities.

122 Bayes’s theorem.

123 Model fitting.

124 Hyperparameters.

125 Conjugate distributions.

126 Bayesian model averaging.

127 Audit point: Best versus true explanation..

128 Hypothesis testing.

129 Audit point: Hypothesis testing in business.

130 Maximum a posteriori estimation (MAP).

131 Mean a posteriori estimation.

132 Median a posteriori estimation.

133 Maximum likelihood estimation (MLE).

134 Audit point: Best estimates of parameters.

135 Estimators.

136 Sampling distribution.

137 Least squares fitting.

138 Robust estimators.

139 Over-fitting.

140 Data mining.

141 Audit point: Searching for ‘significance’.

142 Exploratory data analysis.

143 Confirmatory data analysis.

144 Interpolation and extrapolation.

145 Audit Point: Silly extrapolation.

146 Cross validation.

147 R2 (the coefficient of determination).

148 Audit point: Happy history.

149 Audit point: Spurious regression results.

150 Information graphics.

151 Audit point: Definition of measurements.

152 Causation.

Auditing and samples.

153 Sample.

154 Audit point: Mixed populations.

155 Accessible population.

156 Sampling frame.

157 Sampling method.

158 Probability sample (also known as a random sample).

159 Equal probability sampling (also known as simple random sampling).

160 Stratified sampling.

161 Systematic sampling.

162 Probability proportional to size sampling.

163 Cluster sampling.

164 Sequential sampling.

165 Audit point: Prejudging sample sizes.

166 Dropouts.

167 Audit point: Small populations.

Auditing in the world of high finance.

168 Extreme values.

169 Stress testing.

170 Portfolio models.

171 Historical simulation.

172 Heteroskedasticity.

173 RiskMetrics variance model.

174 Parametric portfolio model.

175 Back-testing.

176 Audit point: Risk and reward.

177 Portfolio effect.

178 Hedge.

179 Black-Scholes.

180 The Greeks.

181 Loss distributions.

182 Audit point: Operational loss data.

183 Generalized linear models.


Useful websites.