Auditing Use Case

Title: Auditing Diagram - Description: Auditing Diagram. This diagram highlights post-election auditing in the election process between vote tallying and election reporting.It also shows the auditing relationship between ballot casting and election verification.

The most essential purpose of post-election auditing technology is to verify election outcomes as well as how those outcomes were produced. Typically, this may be done in a completely offline manner.

A full recount occurs in the case when every voter-verified ballot that was properly cast is recounted for a given election. Such a process may be employed as a means for checking whether or not originally reported outcomes and recounted outcomes are the same. To perform full recounts is a lengthy, manual, and potentially error-prone process.

To provide evidence for the correct outcome more efficiently, one may perform various kinds of audits, such as risk-limiting audits, which do not necessarily require a full recount, but are designed to limit the risk of an incorrect election outcome when given an appropriate (representative, random) sample of an election’s voter-verified/cast paper ballots. The sample size typically depends on the reported margin of victory in the contest. If cast vote records (CVR) that can be efficiently associated with paper ballots are available, a risk-limiting audit may be performed at the ballot level by comparing the CVR to the paper ballot. If batch tallies can be easily linked to the relevant paper ballots, then multiple-ballot (batch) level comparison auditing may also be performed. If tallies can't be easily linked to the ballots they report on (e.g. if only precinct result reports are available, but ballots for a given precinct are scattered across many days of mail-in ballot batches), then a ballot polling audit can be performed.

This use case may also provide the opportunity for discussion of additional auditing types or approaches as well. Different auditing approaches may make use of different kinds of election process information and utilize different strategies in order to establish their conclusions. For example

  • evidence-based elections require good evidence that the chain of custody of the paper ballots has been securely preserved.
  • targeted auditing of specific audit units (individual ballots, precincts, batches or other auditable collections of ballots) based on timely reporting of results by audit unit, mark density information in Cast Vote Records, indications of breaches in chain of custody, and other evidence or claims that the audit unit deserves scrutiny
  • poll book accounting or ballot reconciliation processes compare evidence of how many voters showed up at the polls or properly returned their ballots and cast votes, with the number of ballots counted. Discrepancies should be investigated, documented and factored into the overall assessment of the evidence. Secure and auditable methods of preserving event logs that document voter authorization, signature verification, ballot casting, ballot counting, etc. can be used to facilitate these forms of accounting.
  • security checks can be performed on seals, seal logs and surveilance tapes, and event logs can be checked for anomalies
More information is available at

<img alt="Title: Auditing Scenarios - Description: Image showing Auditing Scenarios. WHAT? Verify election results. HOW? Scenarios: 1. Typical-offline, manual: Fully, manually all voter-verified and cast ballots. 2. Risk-limiting. Case 1: Single-ballot auditing. Case 2: Multiple-ballot (batch) auditing. 3. Other auditing types…

Image also shows the relationship between auditing and voters, election officials, and vote tallying." src="" />

(note - update image above)

Use Case Scenarios

WHAT | Verify election results

HOW | Scenarios

  1. Recount - Typical-offline, manual: Fully, manually recount all voter-verified and cast ballots

  2. Risk-limiting audit

    1. ballot-level comparison auditing

    2. Multiple-ballot (batch) comparison auditing

    3. Ballot polling audit
  3. Ballot accounting audit

  4. Chain of custody checks
  5. Security checks

Request for Feedback

For each use case scenario, please address these questions:

  1. Is the use case scenario in scope for the Next Generation VVSG for development of requirements that will undergo testing and certification? or
  2. Is the use case scenario in scope to develop as guidelines for election officials and voting system manufacturers? or
  3. Is the use case scenario not in scope for this work?
  4. If different parts of the use case scenario fall in 1., 2., and/or 3. Please identify as such.
  5. Is anything missing?


The auditing use case is highly relevant and in scope for the VVSG (e.g. supporting efficient audits via effective cast vote records, event logs, etc). The auditing use case is also highly relevant and in scope for developing guidelines for election officials and voting system manufacturers. Each part of the use case would be relevant to both VVSG and guidelines.

-- Neal McBurnett - 2016-10-31

Topic attachments
ISorted ascending Attachment History Action Size Date Who Comment
PNGpng image012.png r1 manage 149.7 K 2016-08-23 - 02:08 BenjaminLong  
PNGpng image013.png r1 manage 34.6 K 2016-08-23 - 03:10 BenjaminLong  

This topic: Voting > WebHome > AuditingUseCase
Topic revision: r12 - 2017-01-24 - NealMcBurnett
This site is powered by the TWiki collaboration platform Powered by PerlPLEASE NOTE: This wiki is a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain, including any text, diagrams, or images, unless indicated explicitly. Don't share anything on this site that you do not want to be public. Do not pass any proprietary documents or put any on the TWiki with implied public disclosure. If you do, it shall be deemed to have been disclosed on a non-confidential basis, without any restrictions on use by anyone, except that no valid copyright or patent right shall be deemed to have been waived by such disclosure. Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. Any data provided on this site is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.