I am a lowly Java developer (not a mathematician) coming to this community with the need of some pretty simple help solving a business problem for a client. I need to make absolute sure that the math I'm using here is correct, and I promise I'm not some HS or college kid looking for help with his homework!
So, the problem at hand:
- On average, a "client" has a 6% chance of being selected for a random SOC2 audit during a given audit season
- There are 4 clients to a given "client group" (grouping of clients)
- So to me, this means that although each client has a 6% chance of being selected for a random audit, that there is a 6% x 4 = 24% chance that a given client group gets audited
I MUST be correct here: can someone please confirm that what I am saying is true (that the group as a whole has a 24% of being audited)?
No, this is incorrect. You are counting the cases where more than one client is audited more than once. Consider that if there were $20$ clients in the group, your reasoning would say that there is a $120\%$ probability that at least one is audited, which doesn't make sense. You need to apply the principle of inclusion and exclusion.
The probability is $$\binom{4}{1}.06-\binom{4}{2}.06^2+\binom{4}{3}.06^3-\binom{4}{4}.06^4\approx.21925,$$
assuming that audits are independent.
EDIT
An easier way to do it is to note that the probability that at least one gets audited is $1$ minus the probability that none is audited or $$1-.94^4$$ This gives the same answer, reassuringly.