Audit Sampling

1
Chapter 9

• Audit Sampling Part a

2
Overview

• Audit sampling is defined as applying audit
  procedures to less than 100 percent of a
  population in order to estimate some
  characteristic about that population
• Typically, auditors sample to determine whether
• A control procedure is operating effectively
  (test of controls)
• An account balance is presented fairly
  (substantive test)
• Fraud exists

3
Overview (continued)

• In some cases, sampling may not be the best
  approach
• Some audit procedures do not provide sufficient
  evidence when applied on a sample basis
• Example auditors read minutes of all BOD
  meetings to identify related party transactions
• Reading the minutes of a sample of BOD meetings
  would not be sufficient
• Audit procedures that provide high quality
  evidence at low cost may be applied more
  extensively simply because its cheaper to test
  all items rather than sampling
• Example auditors typically confirm all bank
  account balances
• Account balances that are immaterial (or where
  the potential misstatement is immaterial) may not
  be worth sampling
• Such accounts may be audited more efficiently
  with analytics

4
Overview (continued)

• From the results of sampling, the auditor makes
  an inference about the underlying population
• For this inference to be valid, the sampling
  units tested must be representative of the
  underlying population
• The auditor needs to make four important
  decisions to ensure the sample is representative
  and to control against making an incorrect
  inference
• Which population should be tested and for what
  characteristics? (population)
• How many (Sample size)?
• Which items should be included in the sample?
  (selection)
• What inferences can be made from the sample?
  (evaluation)

5
Non-sampling and sampling risk

• When auditors draw an erroneous inference from
  sampling, the cause is either non-sampling or
  sampling risk
• Non-sampling Risk
• Occurs when auditor does not appropriately carry
  out audit procedures or misinterprets results
• Results from human error
• Cannot be quantified
• CPA firms try to minimize through quality control
  practices
• Sampling Risk
• Occurs when sample is not representative of the
  underlying population
• Can be controlled through sample size - as sample
  size increases, sampling risk decreases
• If the sample is 100 of the population, sampling
  risk is zero however, this is often not
  practical

6
Sampling Risks Related to Tests of Controls

• If the sample is not representative of the
  population, the auditor may draw an incorrect
  conclusion about the effectiveness of a control
• Auditor assesses control risk too high
• Sample indicates control is worse than it really
  is
• As a result, the auditor does not rely on the
  control and does more substantive testing than
  necessary
• Assessing control risk too high does not directly
  affect audit quality, but does lead to audit
  inefficiencies

7
Sampling Risks Related to Tests of Controls

• Auditor assesses control risk too low (worst
  type)
• Sample indicates control is better than it really
  is
• As a result, the auditor relies on an ineffective
  control (without realizing it's unreliable) and
  substantive testing is not rigorous as it should
  be
• This increases the risk that material
  misstatements are not found and an incorrect
  audit opinion issued

8
Sampling Risks Related to Substantive Testing

• If the sample is not representative of the
  population, the auditor may draw an incorrect
  conclusion about whether an account balance is
  presented fairly
• Incorrect acceptance (worst type)
• Sample indicates account balance is not
  materially misstated when it is
• Auditor may issue unqualified opinion on
  materially misstated statements
• Because of the potential costs associated with
  incorrect acceptance, auditors control for this
  risk

9
Sampling Risks Related to Substantive Testing
(Continued)

• Incorrect rejection
• Sample indicates account balance is materially
  misstated when it isn't
• There are things that reduce this risk
• Before telling client to adjust its books,
  auditor usually performs additional tests
• If client believes account balance is correct,
  client will ask auditor to perform more tests
• These increase probability that incorrect
  rejection will be discovered
• Incorrect rejection affects the efficiency of the
  audit, but does not affect the fairness of the
  audited financial statements

10
Selecting a Sampling Approach

• Auditors use both statistical and non-statistical
  sampling techniques
• Non-statistical sampling
• Auditor judgment used to determine sample size,
  sample selection, and evaluate sample results
• Does not provide objective way to control and
  measure sampling risk
• Because its subjective, results are less
  defendable in legal proceedings
• May take less time to perform
• Frequently used in audits of small clients

11
Selecting a Sampling Approach (Continued)

• Statistical sampling
• Allows auditor to statistically design an
  efficient sample, measure sufficiency of
  evidence, and evaluate sample results
• Provides quantified measures of control procedure
  failure rates, amount of error in account
  balances, and sampling risk
• Requires precise definitions of acceptable risk
  and sample objectives
• Requires knowledge of statistical sampling
  methods
• Efficient method for testing large populations

12
Testing Controls and Compliance

• If an auditor believes a control is effective and
  plans to rely on that control, s/he must test the
  control to see if it is operating effectively
• Attribute estimation sampling and discovery
  sampling are the statistical methods frequently
  used to test controls
• In this context, an attribute is the
  characteristic that indicates the control is
  working effectively
• Example the organization requires all sales on
  account be approved by the credit manager
• Approval is evidenced by the manager's initials
  on the sales invoice
• The manager's initials are the attribute
• The auditor would examine sales invoices and look
  for the initials

13
Attribute Estimation Sampling

• The appropriate sample size depends on a number
  of factors including
• Statistical Risk (Risk of assessing control risk
  too low)
• Risk of concluding controls are effective when,
  in fact, they are not
• Means auditor relies on an ineffective control
  without realizing it
• The lower the risk, the larger the sample size

14
Attribute Estimation Sampling (continued)

• Tolerable failure rate
• Failure rate at which auditor will determine the
  control is not operating effectively
• Based on the importance of the control
• If a control is crucial, the tolerable failure
  rate is set at low level
• The lower the tolerable failure rate, the larger
  the sample size
• Expected failure rate
• Based on auditor's experience with the client
• The higher the expected failure rate, the larger
  the sample size

15
Attribute estimation sampling as an audit
objective?

• The steps to implement an attribute estimation
  sampling plan are
• Identify the attribute to be tested and define
  conditions of failure
• Define the population to be tested including the
  period covered by the test, sampling unit, and
  ensuring population is complete
• Determine appropriate sample size
• Determine effective and efficient method of
  selecting the sample
• Select and audit sample items
• Evaluate sample results and reach conclusion on
  audit objectives
• Document all phases of the sampling plan

16
Attribute Estimation Sampling - Sample Size

• The appropriate sample size depends on a number
  of factors including statistical risk, and the
  tolerable and expected failure rates
• Other issues
• Multiple Attributes
• Auditors frequently test several attributes using
  the same set of source documents
• While the sampling risk should be the same, the
  tolerable and expected failure rates may differ
  between controls
• The result is a different sample size for each
  control
• There are several approaches to select items for
  the sample
• Small Populations (Appendix)
• - If the sample is a large portion of the
  population, auditor may be able to reduce the
  sample size
• - Use a finite adjustment factor

17
Attribute Estimation Sampling - Sample Selection

• Once the appropriate sample size has been
  determined, the auditor must decide how to select
  sample
• Random-based methods eliminate the possibility of
  unintentional bias in the selection process and
  help ensure the sample is representative
• - Random number - efficient selection method if
  there is an easy way to relate random numbers to
  the population
• Examples sales invoice number, purchase order
  number
• Computer programs typically used to generate
  random numbers

18
Attribute Estimation Sampling - Sample Selection
(continued)

• Systematic selection - selects every nth item in
  the population from a randomly selected starting
  point
• Sampling interval (n) is determined by dividing
  population size by desired sample size
• To use this method, auditor must be sure there is
  not a systematic pattern of failures in the
  population

19
Attribute Estimation Sampling - Sample Selection
(continued)

• Haphazard selection (non-statistical method)
• Arbitrary selection
• Not random based
• Judgmental sampling (non-statistical method)
• Auditor may use judgment to select sample
• Not random based

20
Attribute Estimation Sampling - Evaluate Sample
Results (1)

• The auditor projects the results of sampling to
  the population before drawing a conclusion
• If the sample failure rate is no greater than the
  expected failure rate, the auditor can conclude
  the control is as effective as expected

21
Attribute Estimation Sampling - Evaluate Sample
Results (2)

• If the sample failure rate exceeds the expected
  failure rate, the auditor must determine whether
  the projected maximum failure rate is likely to
  exceed the tolerable failure rate
• To do this, the auditor must determine the upper
  limit of the potential failure rate in the
  population
• The upper limit is based on the sample failure
  rate and sample size and is adjusted upward for
  sampling error

22
Attribute Estimation Sampling - Evaluate Sample
Results (continued)

• If the upper limit exceeds the tolerable failure
  rate, the internal control process has
  deficiencies
• The auditor should either
• Test a compensating control (if available)
• Increase the rigor of the subsequent substantive
  testing
• The auditor should also evaluate
• The nature of the control procedure failures
  (pattern of error)
• The effect of such failures on potential
  financial statement misstatement

23
Attribute Estimation Sampling - Evaluate Sample
Results (Continued)

• When control failures are found, they should be
  analyzed qualitatively as well as quantitatively
• Auditor should try to determine whether the
  failures
• Were intentional or unintentional
• Were random or systematic
• Had a direct dollar effect

24
Searching for Fraud

• Discovery sampling may be used to help identify
  potential fraud
• Tolerable rate is set very low and expected rate
  is set at zero percent
• Results in large sample size
• At any point, if evidence of just one potential
  fraud is found, the auditor stops sampling and
  starting investigating to determine if fraud
  actually occurred