SAMPLING FOR EFFECTIVE

INTERNAL AUDITING
By
Mwenya P. Chitalu CIA
EXPECTED PRESENTATION OUTCOMES

 Why Do Auditors Sample?

 Sampling Policy
 Statistical & Non-statistical Sampling
 Statistical Terminologies
 Statistical Sampling Plans
 External Auditing Standards
 Sample Selection Methods
 Illustrations
 DEMYSTIFYING STATISTICAL SAMPLING
 The Principle (or Law) of Parsimony: That things are usually
connected in the simplest or most economical way.

 Reducing ideas to small, easy-to-write symbols & saying a lot in a small

area covered by a formula.
 Eliminate the Greek, Arabic & Roman language barrier in symbols & Formulae
that mystify Mathematics or Statistics.

 Just like any other audit, Probe Statistical Assertions-Life can be made easy
with appropriate sampling.

 If it cannot be measured, then it cannot be managed economically,

efficiently, & effectively.
 Mathematics or statistics is commitment to logical thinking.
 It squeezes the most learning about the population from limited sample
data.
 WHY DO AUDITORS SAMPLE?

 International Standards for the Professional Practice of Internal Auditing:

 Guides Information should be: Sufficient, Reliable, Relevant & Useful
 Acknowledges Sampling Techniques in Evidence Acquisition
 Opinions are NOT ABSOLUTE GUARANTEE but REASONABLE
ASSURANCE of Accuracy
 Proficiency & Due Professional Care

 Cost-Benefit Considerations: The Economy, Efficiency & Effectiveness, …

 Corroborating Evidence for Control Processes & Account Balances

 SAMPLING POLICY

 Written Policy Statement

 When to Sample?

 Who Should Sample?

 How to Sample?

 Inappropriate Uses for Sampling:

 When a Total is easily Audited
 Inquiry & Observation Procedures
 Analytical Procedures
 STATISTICAL & NON-STATISTICAL SAMPLING

 Three Characteristics in Common:

 Both Require Auditor judgment in Planning, Implementing, &
Evaluating the Sampling Plan

 Actual Audit Procedures Performed are the same

 Both Non-Statistical & Statistical Techniques are Permitted by the

IPPF
 STATISTICAL & NON-STATISTICAL SAMPLING

 Differences between Statistical & Non-statistical Sampling

 Sampling Risk is Controlled & Measurable

 Technical Training & Knowledge is Required

 Computer Accessibility
 STATISTICAL & NON-STATISTICAL SAMPLING

 In Summary, the following should be addressed:

 What is the Internal Audit Department’s Recommended Policy or

Procedure?
 Is a Quantitative measure of Sampling Risk Desired?
 What is the relative Cost & Benefit of Statistical versus Non-
statistical Sampling?
 Is Technical Expertise Available?
 Is Computer Software Accessible or Expertise to Write a Program?
 STATISTICAL TERMINOLOGIES

 Confidence Level (C): Is the Reliability Level or Degree of Belief in

the Obtained Results.

 Measure of Central Tendency:

 Mean (µ): The arithmetic average of a set of numbers.

 Median: The halfway value of raw data arranged in numerical order from
lowest to highest.

 Mode: The most frequently occurring value.

 STATISTICAL TERMINOLOGIES

 Standard Deviation (𝝈): The statistical measurement of the variability

of values in a sample (the square root of the variance).

 Range: The difference between the largest and smallest values of any
group.

 Population (N): The total number of items from which the sample is
drawn-It’s the focus of interest comprising sampling units.

 Sampling Unit: Individual items making up a Population.

 Sample (n): Collection of sampling units on which audit procedures are

performed.
 STATISTICAL TERMINOLOGIES
 Logical Unit: Account or transaction selected to be sampled.

 Expected Population Deviation Rate (𝝆): Estimate of the actual deviation

rate in the population, usually based on prior experience, inquiries, and
observations.

 Precision (P): An assumed amount of possible unknown or the range of

allowable error.

 Tolerable Misstatement: The auditor’s assessment of materiality with

respect to the population.

 Upper Precision Limit: Upper limit on deviations expected in the

population.
 STATISTICAL TERMINOLOGIES

 Tainting: Percentage of misstatement in a logical unit in a PPS sample.

 Upper Misstatement Limit (UML): Estimated maximum misstatement

existing in the population at a specified reliability in PPS sampling.

 Sampling Risk: Conclusions based on sample differing with

conclusions that could be reached if the entire population were
examined.

 Non-sampling risk: Drawing incorrect conclusion for reasons other than

sampling due to poor judgment or failure to adhere to professional
standards.
 STATISTICAL SAMPLING

Advantages Disadvantages

 May yield desired results from  Can be costly and time-

minimum number of items consuming
 Yields quantified data  May require training and
 Includes measures of sampling software costs
risk, confidence level, and  May preclude experienced
precision auditors’ insights
 Is adaptable to computer testing
 Lends credibility to audit
conclusions/recommendations
 NON-STATISTICAL SAMPLING

Advantages Disadvantages

 Flexibility  Results not statistically valid

 Use of internal auditor’s
judgment
 Allows reasonable reliability
at reasonable cost
 No objective measure of
sampling risk provided
 Chance of wrong sample size
 Effectiveness depends upon
auditor’s skill
 STATISTICAL SAMPLING PLANS
1. ATTRIBUTES SAMPLING (TESTS OF CONTROLS)
 Concerns binary, yes/no, or error/non-error populations
 It tests the effectiveness of controls.

2. VARIABLES SAMPLING (SUBSTANTIVE TESTS)

 Concerns monetary amounts & other measures.
 It assesses materially misstated account balances & ...

3. THE PPS SAMPLING ( THE CAV SAMPLING)

 Concerns primary engagement objective of few overstatements & not
understatement.
 Difference & Ratio Estimations may not be efficient.
 EXTERNAL AUDITING STANDARDS
Internal & External Audit Work Coordination & Recognition:
 Statement on Auditing Standards (SA) No. 39: Audit Sampling & SAS
No. 47: Audit Risk & Materiality in Conducting an Audit – AICPA.

 Audit Risk Model:

Audit Risk = Inherent Risk x Control Risk x Detection Risk

 Audit Risk: Issuing unmodified opinion on financial statements that are

materially misstated.
 Inherent Risk: Material misstatement occurring in the absence of
appropriate controls.
 Control Risk: Controls ineffective & fails to prevent or detect material
misstatement in a timely manner.
 Detection Risk: Substantive procedures failing to detect a material
misstatement.
 EXTERNAL AUDITING STANDARDS
 Sampling risk impacts the Efficiency & Effectiveness of an audit

Components of Sampling Risk

Audit Test Audit Efficiency Audit Effectiveness

Tests of Risk of Assessing Control Risk Risk of Assessing Control Risk
Controls Too High (i.e., not depending Too Low (i.e., depending upon
upon effective controls) ineffective controls)

Substantive Risk of Incorrect Rejection (i.e., Risk of Incorrect Acceptance

Tests rejecting a materially correct (i.e., accepting a materially
balance) incorrect balance)

Statistical Term Alpha Risk (∝) Beta Risk ( 𝛽)

 EXTERNAL AUDITING STANDARDS
 Non-sampling Risk
“The audit failing to detect an internal control weakness or material
misstatement for reasons other than the fact that sampling was used.”
 Application of an inappropriate audit procedure
 Failure to recognize an error condition
 Omission of an essential audit step

 Materiality: Amount of difference tolerated by the auditor & concluding the

assertion tested as reasonable:
 Tolerable deviation rate for tests of control
 Tolerable misstatement for substantive testing

 Materiality is inversely related to sample size

 Materiality assessment must be a cost versus benefit decision

 SAMPLE SELECTION METHODS
 Methods Appropriate for Both Statistical & Non-statistical Sampling:
 Simple Random Sampling: Items with equal chance of selection.
 Systematic Sampling: nth item selection with random start within the n
interval. PPS uses systematic sampling.

 Methods Used Only for Non-statistical Sampling:

 Haphazard Selection: Selecting sample items without intentional bias.
 Block Selection: Audit of a group of contiguous transactions like delivery
notes for March or invoices in a sequence.
 Block Amount: Whole amount is audited.

 Other Considerations in Sample Selection:

 Void Items: Select additional sampling units for voided items.
 Missing Items: Must be treated as an error condition- In attributes,
control is not effective & in substantive testing, audited value is ZMK 0.00
 ATTRIBUTE SAMPLING

When to use To estimate the number of times a certain

characteristic may occur in a population
.

Size of sample (n) Based on judgment about probability that errors

(or other characteristics) will occur or based on
statistical tables
𝐂 𝟐 𝝆𝒒
𝐧=
𝐏𝟐
Statistical table • Population size (N)
specifications • Confidence level (C)
• Precision (P)
• Expected rate of errors (𝝆) &q=100-𝝆
 Attributes Sampling Illustrations

.ITEM ACCOUNTS RECEIVABLES AS AT 31ST DECEMBER 2013

1 Population Size of Accounts Receivable N 4,000 Accounts

2 Confidence Level 90%
Confidence Coefficient C 1.64
3 Tolerable Deviation Rate (TDR) 5%
(Based on Prior Years of Findings or Pilot Sample)
4 Planned Risk of Assessing Control Risk Too Low (Beta Risk) 𝛽 5%
5 Planned Risk of Assessing Control Risk Too High (Alpha Risk) 10%
6 Desired Precision = Beta x TDR/Alpha P 2.50%

7 Sample Size n 204 Accounts

8 Expected Number of Errors (From Statistical Tables) 5
Assuming Control Procedures Anticipated Deviation Rate = Zero 0%
Upper Precision Limit (UPL) from the Statistical Tables 1.50%
(And is Less than Tolerable Deviation Rate=5%)

9 Assuming 2 Actual Control Procedure Errors: 2

Upper Precision Limit (from the Tables) UPL 3.20%

10 And UPL < ρ Conclusion???

11 CONCLUSION Controls are Effective

 Attributes Sampling Variations

 Stop-or-Go Sampling: The Auditor guards against selecting an

unnecessarily large sample.

 Discovery Sampling: The Auditor targets discovering at least one

deviation if the percentage of deviations in the population is at or
above a specified level, e.g. Fraud, Substantial mistake or
Compliance failure.
 VARIABLES SAMPLING

When to use When size matters; e.g., amount of a

. discrepancy in monetary or weight terms

Size of sample (n)

𝐂 𝟐 𝝈𝟐
𝐧= 𝟐
𝐏

Statistical table • Population size (N)

specifications • Confidence level/Coefficient (C)
• Precision (P)
• Standard deviation (𝝈)
 Variables Sampling Illustration

ITEM ACCOUNTS RECEIVABLES AS AT 31ST DECEMBER 2013

.
1 Recorded Amount of Accounts Receivable (N) RM 360,000 ZMK
2 Tolerable Misstatement TM 18,000 ZMK
3 Planned Risk of Incorrent Acceptance (Beta Risk) 𝛽 5%
4 Planned Risk of Incorrect Rejection (Alpha Risk) 10%
5 Number of Accounts Receivable (N) 4,000 Accounts
6 Estimated Population Standard Deviation 8.68 ZMK
(Based on Prior Years of Findings or Pilot Sample)
7 Confidence Level 90%
Confidence Coefficient C 1.64
8 Desired Precision = Beta x TM/Alpha 9,000 ZMK
9 Precision per-item basis (Desired Precision/N) P 2.25 ZMK

7 Sample Size n 40 Accounts

 Three Types of Variables Sampling

 Mean-per-unit Estimation: Estimates the total monetary amount of the

population by calculating a sample mean & multiplying by the number of items
in the population.

 Difference Estimation: Estimates the total error in the population.

 Useful only if population contains enough errors to generate a reliable sample

estimate & the differences are not proportional to the book values.

 Ratio Estimation: Estimates the total monetary amount of the population

by calculating the ratio between the audited & book values in the sample and
using this ratio to make the estimate.

 Useful when differences between book & sample values are proportional to book
values.
 Variables Sampling:
Mean-per-Unit Estimation

Case example Step 1: Calculate average audit value (i.e., mean-per-

Population: unit value for audited samples).
4,000 Accounts
Total book value:
K3,400.00/40 = K85.00 / Account.
ZMK 360,000.00
Sample size: Step 2: Multiply mean-per-unit value by number of
40 Accounts accounts in the population.
Sample book value:
ZMK 3,600.00 K85.00  4,000 Accounts = K340,000.00
Sample audit value: Over-count = K20,000.00
ZMK 3,400.00
(K340,000.00 – K360,000.00)
 Variables Sampling:
Difference Estimation

Step 1: Calculate average difference between audit value and

Case example book value for the sample.
Population:
(K3,400.00 – K3,600.00)/40 Accounts = (K5.00)
4,000 Accounts
Total book value: Step 2: Determine the difference estimate for the
ZMK 360,000.00 population.
Sample size: (K5.00)  4,000 accounts = (K20,000.00)
40 Accounts Step 3: Estimate actual value by adding the difference
Sample book value: estimate and book value for the population.
ZMK 3,600.00
Sample audit value: (K20,000.00) + K360,000.00 = K340,000.00
ZMK 3,400.00
Book value is Overstated by K20,000.00
 Variables Sampling:
Ratio Estimation

Case example Step 1: Audit value for sample = K3,400.00

Population:
4,000 Accounts Step 2: Book value for sample = K3,600.00
Total book value:
ZMK360,000.00 Step 3: Find ratio of audit value to book value:
Sample size:
K3,400.00 / K3,600.00 = 0.94
40 Accounts
Sample book value: Step 4: Estimate actual population value by multiplying
ZMK3,600.00 ratio by population book value:
Sample audit value: 0.94  K360,000.00 = K338,400.00
ZMK 3,400.00
Book value is Overstated by K21,600.00
 PROBABILITY-PROPORTIONAL-TO-SIZE (PPS) SAMPLING

When to use When auditing

. account balances for few
overstated items; e.g., in inventory,
receivables, disbursements, etc.
Size of sample (n)
(n1: AM=0, & n2:
AM>=1) 𝐑𝐌 𝐱 𝐑𝐅 𝐑𝐌 𝐱 𝐑𝐅
𝐧𝟏 = or 𝐧𝟐 = 𝐓𝐌−(𝐀𝐌 𝐱 𝐄𝐅)
𝐓𝐌

Statistical • Recorded Amount of the Account (RM)

specifications • Reliability Factor (RF)
• Tolerable Misstatement (TM)
• Anticipated Misstatement (AM)
• Expansion Factor (EF)
 PPS ILLUSTRATION
ACCOUNTS RECEIVABLE AS AT 31ST DECEMBER 2013
.Recorded Amt of A/C Receivables RM 360,000
Tolerable Misstatement TM 18,000
Anticipated Misstatement AM 0
Risk of Incorrect Acceptance 5%

AMT CUM Kw acha Sampling Observed Tainting Sampling Projected

A/C No. ZMK AMT Selected Unit Amount % Interval Misstatement
ACT0001 9,450 9,450 9,000 9,450 7,875 * * 1,575
ACT0002 480 9,930
ACT0003 2,800 12,730
ACT0004 5,106 17,836
ACT0005 2,100 19,936 18,000 2,100 0 100% 9,000 9,000
ACT0006 8,000 27,050 27,000 8,000 8,000 0 9,000 0
. . . . .
. . . . .
. . . . .
ACT4000 6,000 360,000 360,000 6,000 4,500 25% 9,000 2,250

TOTAL 360,000 12,825

Basic Precision(SI x RF = K9,000 x 3) ZMK 27,000

Total Projected Misstatment ZMK 12,825
Allowance for Precision Gap Widening:
(4.75-3.00-1.00) x K9,000 ZMK 6,750
(6.30-4.75-1.00) x K2,250 ZMK 1,238
Upper Misstatement Limit (UML)>TM ZMK 47,813

CONCLUSION Accounts Receivable Materially Overstated

 CONCLUSION/RECOMMENDATIONS

It is Concluded & Recommended that Internal Auditors comply with

the Proficiency & Due Professional Care IIA Standards by Appropriate
Application of both Statistical & Non Statistical Sampling to
Reasonably Assure that Opinion Evidence is: Sufficient, Reliable,
Relevant and Useful.
 REFERENCES FOR FURTHER READING

1. Sampling for Internal Auditors:Text-based Self Study Course-

The Institute of Internal Auditors by Barbara Apostolou, PhD,
CPA, DABFA.

2. Internal Audit Practice-Part 1:The IIA’s CIA Learning

System by The Institute of Internal Auditors.

3. Internal Audit Practice-Part 1: Gleim CIA Review by

Professor Irvin N. Gleim, PhD, CPA, CIA, CMA, CFM.
COMMENTS, REMARKS & QUESTIONS
 Confidence coefficient, C,
Based on the Risk of Incorrect
Rejection

Risk of
Incorrect Confidence Confidence
Rejection Level Coefficient
20% 80% 1.28
10% 90% 1.64
5% 95% 1.96
1% 99% 2.58
 Attributes Sample Size Statistical Tables
For Tests of Controls
Five Percent (5%) Risk of Assessing Control Risk Too Low
(Number of Expected Errors in parentheses)
.Expected
Population
Deviation Tolerable Deviation Rate
Rate (%) 2% 3% 4% 5% 6% 7% 8% 9% 10% 15% 20%
0.00 149(0) 99(0) 74(0) 59(0) 49(0) 42(0) 36(0) 32(0) 29(0) 19(0) 14(0)
0.25 236(1) 157(1) 117(1) 93(1) 78(1) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
0.50 * 157(1) 117(1) 93(1) 78(1) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
0.75 * 208(2) 117(1) 93(1) 78(1) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
1.00 * * 156(2) 93(1) 78(1) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
1.25 * * 156(2) 124(2) 78(1) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
1.50 * * 192(3) 124(2) 103(2) 66(1) 58(1) 51(1) 46(1) 30(1) 22(1)
1.75 * * 227(4) 153(3) 103(2) 88(2) 77(2) 51(1) 46(1) 30(1) 22(1)
2.00 * * * 181(4) 127(3) 88(2) 77(2) 68(2) 46(1) 30(1) 22(1)
2.25 * * * 208(5) 127(3) 88(2) 77(2) 68(2) 61(2) 30(1) 22(1)
2.50 * * * * 150(4) 109(3) 77(2) 68(2) 61(2) 30(1) 22(1)
2.75 * * * * 173(5) 109(3) 95(3) 68(2) 61(2) 30(1) 22(1)
3.00 * * * * 195(6) 129(4) 95(3) 84(3) 61(2) 30(1) 22(1)
3.25 * * * * * 148(5) 112(4) 84(3) 61(2) 30(1) 22(1)
3.50 * * * * * 167(6) 112(4) 84(3) 76(3) 40(2) 22(1)
3.75 * * * * * 185(7) 129(5) 100(4) 76(3) 40(2) 22(1)
4.00 * * * * * * 146(6) 100(4) 89(4) 40(2) 22(1)
5.00 * * * * * * * 158(8) 116(6) 40(2) 30(2)
6.00 * * * * * * * * 179(11) 50(3) 30(2)
7.00 * * * * * * * * * 68(5) 37(3)
 Attributes Sample Evaluation Tables
For Tests of Controls
Upper Limits at Five Percent (5%) Risk of Assessing Control Risk Too Low
Sample Actual Number of Deviations Found
Size . 0 1 2 3 4 5 6 7 8 9 10
25 11.3 17.6 * * * * * * * * *
30 9.5 14.9 19.6 * * * * * * * *
35 8.3 12.9 17.0 * * * * * * * *
40 7.3 11.4 15.0 18.3 * * * * * * *
45 6.5 10.2 13.4 16.4 19.2 * * * * * *
50 5.9 9.2 12.1 14.8 17.4 19.9 * * * * *
55 5.4 8.4 11.1 13.5 15.9 18.2 * * * * *
60 4.9 7.7 10.2 12.5 14.7 16.8 18.8 * * * *
65 4.6 7.1 9.4 11.5 13.6 15.5 17.4 19.3 * * *
70 4.2 6.6 8.8 10.8 12.6 14.5 16.3 18.0 19.7 * *
75 4.0 6.2 8.2 10.1 11.8 13.6 15.2 16.9 18.5 20.0 *
80 3.7 5.8 7.7 9.5 11.1 12.7 14.3 15.9 17.4 18.9 *
90 3.3 5.2 6.9 8.4 9.9 11.4 12.8 14.2 15.5 16.8 18.2
100 3.0 4.7 6.2 7.6 9.0 10.3 11.5 12.8 14.0 15.2 16.4
125 2.4 3.8 5.0 6.1 7.2 8.3 9.3 10.3 11.3 12.3 13.2
150 2.0 3.2 4.2 5.1 6.0 6.9 7.8 8.6 9.5 10.3 11.1
200 1.5 2.4 3.2 3.9 4.6 5.2 5.9 6.5 7.2 7.8 8.4
.
Reliability Factors (RF) for Overstatements

Number of Risk of Incorrect Acceptance

Overstatements
1% 5% 10% 15% 20%
0 4.61 3.00 2.31 1.90 1.61
1 6.64 4.75 3.89 3.38 3.00
2 8.41 6.30 5.33 4.72 4.28
 PPS Sampling Expansion Factors
For Expected Misstatements
. Risk of Incorrect Expansion
Acceptance (%) Factor
1 1.90
5 1.60
10 1.50
15 1.40
20 1.30
25 1.25
30 1.20
37 1.15
50 1.10