Chapter 8 Audit Sampling An Overview and Application

Chapter 8 Audit Sampling: An Overview and Application to Tests of Controls © Mc. Graw-Hill Education 2014

Introduction Auditing standards recognize and permit both statistical and non-statistical methods of audit sampling. Two technological advances have reduced the number of times auditors need to apply sampling techniques to gather audit evidence: 1 Development of well-controlled, automated accounting systems. 2 Advent of powerful PC audit software to download and examine entity data © Mc. Graw-Hill Education 2014

Introduction However, technology will never eliminate the need for auditors to rely on sampling to some degree because: 1. Many control processes require human involvement. 2. Many testing procedures require the auditor to physically examine an asset. 3. In many cases auditors are required to obtain and examine evidence from third parties. © Mc. Graw-Hill Education 2014

Definitions and Key Concepts On the following slides we will define: 1. Audit Sampling 2. Sampling Risk 3. Confidence Level 4. Tolerable and Expected Error © Mc. Graw-Hill Education 2014

Audit Sampling The application of audit procedures to less than 100 per cent of items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population. © Mc. Graw-Hill Education 2014

Sampling Risk Sampling risk is the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk. Risk of incorrect rejection (Type I) – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is not operating effectively when, in fact, it is operating effectively. In substantive testing, it is the risk that the sample indicates that the recorded balance is materially misstated when, in fact, it is not. Risk of incorrect acceptance (Type II) – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is operating effectively when, in fact, it is not operating effectively. In substantive testing, it is the risk that the sample supports the recorded balance when it is, in fact, materially misstated. © Mc. Graw-Hill Education 2014

Sampling Risk Three Important Factors in Determining Sample Size 1. The desired level of assurance in the results (or confidence level), 2. Acceptable defect rate (or tolerable error), and 3. The historical defect rate (or expected error). © Mc. Graw-Hill Education 2014

Confidence Level Confidence level is the complement of sampling risk. The auditor may set sampling risk for a particular sampling application at 5 per cent, which results in a confidence level of 95 per cent. © Mc. Graw-Hill Education 2014

Tolerable and Expected Error Once the desired confidence level is established, the sample size is determine largely by how much the tolerable error exceeds expected error. Precision, at the planning stage of audit sampling, is the difference between the expected and tolerable deviation rates. The term allowance for sampling risk is used to reflect the concept of precision in a sampling application. © Mc. Graw-Hill Education 2014

Audit Evidence: To Sample or Not to Sample? © Mc. Graw-Hill Education 2014

Audit Evidence: To Sample or Not? v Inspection of tangible assets. Auditors typically attend the entity’s year-end inventory count. When there a large number of items in inventory, the auditor will select a sample to physically inspect and count. v Inspection of records or documents. Certain controls may require the matching of documents. The activity may take place many times a day. The auditor may gather evidence on the effectiveness of the control by testing a sample of the document packages. © Mc. Graw-Hill Education 2014

Audit Evidence: To Sample or Not to Sample? v Reperformance. The auditor may reperform a sample of the tests performed by the entity. v Confirmation. Rather than confirm all customer account receivable balances, the auditor may select a sample of customers. © Mc. Graw-Hill Education 2014

Testing All Items with a Particular Characteristic When an account or class of transactions is made up of a few large items, the auditor may examine all the items in the account or class of transaction. When a small number of large transactions make up a relatively large percentage of an account or class of transactions, auditors will typically test all the transactions greater than a particular monetary amount. © Mc. Graw-Hill Education 2014

Testing Only One or a Few Items Automated information systems process transactions consistently unless the system or programs are changed. The auditor may test the general controls over the system and any program changes, but test only a few transactions processed by the IT system. © Mc. Graw-Hill Education 2014

Types of Audit Sampling Auditing standards recognize and permit both statistical and non-statistical methods of audit sampling. In non-statistical sampling, the auditor does not strictly follow statistical techniques to determine the sample size, select the sample and/or measure sampling risk when evaluating results. Statistical sampling uses the laws of probability to compute sample size and evaluate the sample results. The auditor is able to use the most efficient sample size and quantify sampling risk. © Mc. Graw-Hill Education 2014

Types of Audit Sampling Advantages of statistical sampling 1. Design an efficient sample. 2. Measure the sufficiency of evidence obtained. 3. Quantify sampling risk. Disadvantages of statistical sampling 1. Training auditors in proper use. 2. Cost to design and conduct sampling application. 3. Lack of consistent application across audit engagement teams. © Mc. Graw-Hill Education 2014

Statistical Sampling Techniques 1. Attribute Sampling. 2. Monetary-Unit Sampling. 3. Classical Variables Sampling. © Mc. Graw-Hill Education 2014

Attribute Sampling Used to estimate the proportion of a population that possesses a specified characteristic. The most common use of attribute sampling is for tests of controls. © Mc. Graw-Hill Education 2014

Monetary-Unit Sampling Monetary-unit sampling uses attribute sampling theory to estimate the monetary amount of misstatement for a class of transactions or an account balance. This technique is used extensively because it has a number of advantages over classical variables sampling © Mc. Graw-Hill Education 2014

Classical Variables Sampling Auditors sometimes use variables sampling to estimate the monetary value of a class of transactions or account balance. It is more frequently used to determine whether an account is materially misstated. © Mc. Graw-Hill Education 2014

Attribute Sampling Applied to Tests of Controls In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly plan, perform, and evaluate the sampling application and to adequately document each phase of the sampling application. Plan Perform Evaluate Document © Mc. Graw-Hill Education 2014

Planning The objective of attribute sampling when used for tests of controls is to evaluate the operating effectiveness of the internal control. © Mc. Graw-Hill Education 2014

Planning All of the items that constitute the class of transactions make up the sampling population. © Mc. Graw-Hill Education 2014

Planning Each sampling unit makes up one item in the population. The sampling unit should be defined in relation to the specific control being tested. © Mc. Graw-Hill Education 2014

Planning A deviation is a departure from adequate performance of the internal control. © Mc. Graw-Hill Education 2014

Planning The confidence level is the desired level of assurance that the sample results will support a conclusion that the control is functioning effectively. Generally, when the auditor has decided to rely on controls, the confidence level is set at 90% or 95%. This means the auditor is willing to accept a 10% or 5% risk of accepting the control as effective when it is not. © Mc. Graw-Hill Education 2014

Planning The tolerable deviation rate is the maximum deviation rate from a prescribed control that the auditor is willing to accept and still consider the control effective. Example Suggested Tolerable Deviation Rates: © Mc. Graw-Hill Education 2014

Planning The expected population deviation rate is the rate the auditor expects to exist in the population. The larger the expected population deviation rate, the larger the EXAMPLE: sample size must be, all else equal. Assume a desired confidence level of 95%, and a large population, the effect of the expected population deviation rate on sample size is shown right: © Mc. Graw-Hill Education 2014

Population Size: Attributes Sampling Population size is not an important factor in determining sample size for attributes sampling. The population size has little or no effect on the sample size, unless the population is relatively small, say less than 500 items. © Mc. Graw-Hill Education 2014

Performance Every item in the population has the same probability of being selected as every other sampling unit in the population. © Mc. Graw-Hill Education 2014

Performance The auditor determines the sampling interval by dividing the population by the sample size. A starting number is randomly selected in the first interval and every nth item is selected thereafter. © Mc. Graw-Hill Education 2014

Performance For example, assume a sales invoice should not be prepared unless there is a related shipping document. If the shipping document is present, there is evidence the control is working properly. If the shipping document is not present a control deviation exists. © Mc. Graw-Hill Education 2014

Performance Unless the auditor finds something unusual about either of these items, they should be replaced with a new sample item. © Mc. Graw-Hill Education 2014

Performance If the auditor is unable to examine a document or to use an alternative procedure to test the control, the sample item is a deviation for purposes of evaluating the sample results. © Mc. Graw-Hill Education 2014

Performance If a large number of deviations are detected early in the tests of controls, the auditor should consider stopping the test, as soon as it is clear that the results of the test will not support the planned assessed level of control risk. © Mc. Graw-Hill Education 2014

Evaluation After completing the audit procedures, the auditor summarizes the deviations for each control tested and evaluates the results. For example, if the auditor discovered two deviations in a sample of 50, the deviation rate in the sample would be 4% (2 ÷ 50). The upper deviation rate is the sum of the sample deviation rate and an appropriate allowance for sampling risk. © Mc. Graw-Hill Education 2014

Evaluation The auditor compares the tolerable deviation rate to the computed upper deviation rate. © Mc. Graw-Hill Education 2014

Attribute Sampling Example The auditor has decided to test a control at Calabro Wireless Services. The test is to determine the sales and service contracts are properly authorized for credit approval. A deviation in this test is defined as the failure of the credit department personnel to follow proper credit approval procedures for new and existing customers. Here is information relating to the test: © Mc. Graw-Hill Education 2014

Attribute Sampling Example Part of the table used to determine sample size when the auditor specifies a 95% desired confidence level. If there are 125, 000 items in the population numbered from 1 to 125, 000, the auditor can use Excel to generate random selections from the population for testing. © Mc. Graw-Hill Education 2014

Attribute Sampling Example The auditor examines each selected contract for credit approval and determines the following: Let’s see how we get the computed upper deviation rate. © Mc. Graw-Hill Education 2014

Attribute Sampling Example Part of the table used to determine the computed upper deviation rate at 95% desired confidence level: © Mc. Graw-Hill Education 2014

Attribute Sampling Example Tolerable Deviation Rate (6%) < Computed Upper Deviation Rate (8. 2%) Auditor’s Decision: Does not support reliance on the control. © Mc. Graw-Hill Education 2014

Non-Statistical Sampling for Tests of Control Determining the Sample Size An auditing firm may establish a non-statistical sampling policy like the one below: Such a policy will promote consistency in sampling applications. © Mc. Graw-Hill Education 2014

Non-Statistical Sampling for Tests of Control Selecting the Sample Items Non-statistical sampling allows the use of random or systematic selection, but also permits the use of other methods such as haphazard sampling. When haphazard sample selection is used, sampling units are selected without any bias, that is to say, without a special reason for including or omitting the item in the sample. © Mc. Graw-Hill Education 2014

Non-Statistical Sampling for Tests of Control Calculating the Upper Deviation Rate With a non-statistical sample, the auditor can calculate the sample deviation rate, but cannot mathematically quantify the computed upper deviation rate and sampling risk associated with the test. © Mc. Graw-Hill Education 2014

Control Tests for Low Control Frequency The sample size tables in the chapter assume a large population. Sample size can be adjusted using the ‘finite correction factor’ in the Advanced Module or by using the table below for very small populations (control performed less frequently): Control Frequency and Population Size : Sample Size Quarterly (4) 2 Monthly (12) 2 -4 Semimonthly (24) 3 -8 Weekly (52) 5 -9 © Mc. Graw-Hill Education 2014

Terminology Comparison for Attribute Sampling ACL versus Sampling Tables © Mc. Graw-Hill Education 2014