Professional Documents
Culture Documents
Chapter 1 - Audit Testing and Audit Sampling - To Be Print
Chapter 1 - Audit Testing and Audit Sampling - To Be Print
3
3. Observe Control- Related Activities
Other types of control related activities do not leave an evidential trial. For example, separation of
duties relies on specific persons performing specific tasks and there is typically no documentation of
the separate performance. For controls that leave no documentary evidence, the auditor generally
observes them being applied at various points during the year.
4. Re-perform Client Procedures
There are also control – related activities for which there are related documents and records, but their
content is insufficient for the auditor’s purpose of assessing whether controls are operating
effectively. For example, assume that prices on sales invoices are to be verified with a standard price
list by client personnel as an internal verification procedure, but no identification of performance is
entered on the sales invoices. In these cases, it is common for the auditor to actually re-perform the
control activity to see whether the proper results were obtained. For this example, the auditor can re-
perform the procedure by tracing the sales prices to the authorized price list in effect at the date of
the transaction. If no misstatements are found, the auditor can conclude that the procedure is
operating as intended.
Relationship of Tests of Controls to Procedures to obtain an understanding
There is a significant overlap between tests of controls and procedures to obtain an understanding.
Both include inquiry, documentation and observation. There are two primary differences in the
application of these common producers between phases.
First, in obtaining an understanding, the procedures are applied to all the controls identified as part
of the understanding of internal control. Tests of controls, on the other hand, are applied only when
the assessed control risk is blow the maximum, and then only to the key controls.
Second, procedures to obtain an understanding are performed only on one or a few transactions or, in
the case of observations, at a single point in time. Tests of controls are performed on larger sample
of transaction (perhaps 20 to 100) and often observations are made at more than one point in time.
Assessing Inherent Risk and Control Risk
4
While assessing IR and CR, the auditor should identify conditions that significantly increase
inherent and control risk. When considering control risk, the auditor would consider, among
other matters, identified control environment weakness.
The auditor identifies specific inherent risks and control risks based on information obtained
earlier in the planning phase, primarily from understanding the entity's operations and
preliminary analytical procedures.
The auditor can also consider misstatements found in previous years. If there were significant
audit adjustments, the auditor may not know if the misstatements were due to there being a high
inherent risk or a high control risk, but the auditor would know that the combined risk was high.
Similarly, if there have been no misstatements found in previous years, the auditor would have
an indication that the combined risk was low.
After considering his/her knowledge of the entity and factors affecting these risks, the auditor
should identify and document any significant inherent and control risk in the risk analysis form.
For each inherent and control risk identified, the auditor documents the nature and extent of the
risk; the conditions that gave rise to that risk and the specific accounts, line, items and related
assertions affected.
Finally, based on the information gathered and the factors identified, the auditor should
determine the assessment of each of inherent and control risk as low, moderate and high.
Low risk: based on the evaluation of inherent risk and control risk, but prior to the
application of substantive audit procedures, the auditor believes that any aggregate
misstatements do not exceed planning materiality.
Moderate risk: based on the evaluation of IR and CR, but prior to the application of
substantive audit procedures, the auditor believes that it is more likely than not that any
aggregate misstatements do not exceed planning materiality.
High risk: based on the evaluation of inherent risk and control risk, but prior to the
application of substantive procedures, the auditor believes that it is likely that any
aggregate misstatements exceed planning materiality. As a result, the auditor will need to
obtain most, if not all, audit reliance from substantive tests.
Detection Risk
Detection risk is the risk that an auditor's substantive procedures will not detect a misstatement
that exists in an account balance or class of transactions that could be material, individually or
when aggregated with misstatements in other balances or classes of transactions.
This figure is used to determine the extent of substantive testing required to ensure that we have
sufficient evidence to support the audit opinion.
Detection risk is usually grouped into two categories – analytical procedures and substantive
tests of details. The latter includes 100% examinations of individually significant transactions
(high value and key items), and sampling.
Detection risk arises partly from uncertainties that exist when the auditor does not examine 100%
of transactions and balances, and partly from uncertainties that exist even if he were to carry out
a 100% examination.
5
The auditor should consider the assessed level of inherent risk and control risk in determining the
nature, timing and extent of substantive procedures required to reduce the assessed level of audit
risk to an acceptable level. In this regard, the auditor would consider:
The nature of substantive procedures, for example, using tests directed towards independent
parties outside the entity rather than tests directed towards parties or documentation with in the
entity or using tests of details for particular audit objective in addition to analytical procedures.
The timing of substantive procedures, for example, performing at end of period rather than at an
earlier date; and
The extent of substantive procedures, for example, using a larger sample size.
For a given audit risk, there is a converse relationship between detection risk and the combined
level of inherent and control risks. When inherent and control risks are high, acceptable
detection risk needs to be low to reduce audit risk to an acceptably low level. On the other hand,
when inherent and control risks are low (and when the auditor does sufficient tests of controls to
support his/her assessment of control risk), an auditor can accept a higher detection risk and still
reduce audit risk to an acceptably low level.
The assessed level of inherent and control risks cannot be sufficiently low to eliminate the need
for the auditor to perform substantive procedures. Regardless of the assessed levels of inherent
and control risks, the auditor should perform some substantive procedures on material account
balances and classes of transactions.
The auditor's assessment of the components of audit risk may change during the course of an
audit.
For example, information may come to the auditor's attention when he/she performing
substantive procedures that differ significantly from information on which the auditor originally
assessed inherent and control risks. In such cases the auditor would modify the planned
substantive procedures based on a revision of the assessed levels of inherent and control risks.
The higher the assessment of inherent and control risks the more audit evidence the auditor
should obtain from the performance of substantive procedures. When both inherent and control
risks are assessed as high the auditor needs to consider whether or not substantive procedures can
provide sufficient appropriate audit evidence to reduce detection risk and, therefore, audit risk to
an acceptably low level.
Illustration of the Interrelationship of the Components of Audit Risk
The following table shows how the acceptably level of detection risk may vary based on
assessment of inherent and control risks:
Auditor's Assessment of control risk
High Medium Low
Auditor's Assessment High Lowest Lower Medium
of inherent risk Medium Lower Medium Higher
Low Medium Higher Highest
There is a converse relationship between detection risk and the combined level of inherent risk and
control risk.
6
Audit Risk Assessment
High Moderate Low
Inherent Risk 0.60 0.50 0.40
Control Risk 0.80 0.50 0.20
N.B. The auditor must remember that the assessment of audit risk is a subjective process and the
above values should not replace the exercise of professional judgment.
4. Analytical Procedures
Analytical procedures involve comparisons of recorded amounts to expectations developed by the
auditor. They often involve the calculation of ratios by the auditor for comparison. With the
previous years’ ratios and other related data. The two most important purposes of analytical
procedures in the audit of account balances are to(1) indicate the presence of possible misstatements
in the financial statements and (2) reduce tests of details of balances.
When the auditor develops expectations using analytical procedures and concludes that the client’s
ending balances in certain accounts appear reasonable, certain tests of details of balances audit
procedures may be eliminated or sample sizes may be reduced.
5. Tests of Details of Balances
Tests of details of balances focus on the ending general ledger balances for both balance sheet
and income statement accounts, but the primary emphasis in most tests of details of balances is on
the balance sheet. Examples include confirmation of customer balances for accounts receivable,
physical examination of inventory, and examination of vendor’s statements for accounts payable.
These tests of ending balances are essential because the evidence is usually obtained from a source
independent of the client and thus is considered highly reliable. The extent of these tests depends
on the results of tests of controls, substantive tests of transactions, and analytical procedures.
Tests of details of balances have the objective of establishing the monetary correctness of the
accounts they relate to end therefore are substantive tests. For example, confirmations test for
monetary misstatements and are therefore substantive. Similarly, counts of inventory and cash on
hand are also substantive tests.
Selecting which Types of Tests to be Perform
Typically, auditors use all five types of tests when performing an audit, but certain types are
emphasized, depending on the circumstances. Factors such as the availability of different types of
evidence, the cost of each type of test, the effectiveness of internal controls, and the existence of
8
inherent risks all affect the mix of the types of tests the auditor selects. Each of the five types of
tests involves only certain types of evidence (confirmation, documentation, and so forth).
Procedures to obtain an understanding of internal control and tests of controls involve only
observation, documentation, inquiry, and re-performance. Substantive tests of transactions
involve only the last three of these types of evidence. More types of evidence are obtained by using
tests of details of balances than by using any other type of test only tests of details of balances
involve confirmation and physical examination. Inquiries of clients are made with every type of test.
Documentation and re-performance are used for every type of test except analytical procedures.
This relationship between types of tests and evidence is summarized in the table below.
Relationship between types of tests and evidence
Type of Evidence
Inquiries of the
Documentatio
Confirmation
Examination
performance
Observation
procedures
Type of Test
Analytical
Physical
client
Re-
n
Procedures to obtain an understanding of
internal control
Tests of controls
Substantive tests of transactions
Analytical procedures
Tests of details of balances
In deciding which type of test to select for obtaining sufficient competent evidence, the cost of the
evidence is one important consideration. The types of tests are listed in order of increasing cost as
follows:
1. Analytical procedures ………(The least costly)
2. Procedures to obtain an understanding of internal control and tests of controls.
3. Substantive tests of transactions
4. Tests of details of balances ………(The highest costly)
The reason analytical procedures are least costly is the relative ease of making calculations and
comparisons. Often, considerable information about potential misstatements can be obtained by
simply comparing two or three numbers. Auditors often calculate these ratios using computer
software at almost no cost. Tests of controls are also low in cost because the auditor is making
inquiries and observations and examining such things as initials on documents, often, tests of
controls can be done on a large number of items in a few minutes. Auditors often take advantage of
computerized audit technologies to test controls embedded in clients’ computerized accounting
systems.
Test of details of balances are almost always considerably more costly than any of the other types of
procedures. It is costly to send confirmations and to count assets. Because of the high cost of tests of
details of balances, auditors usually try to plan the audit to minimize their use.
9
1.2 Audit Sampling
An audit sampling is the process of selecting and examining a portion of a group of related items for
the purpose of obtaining information or evaluation of some characteristics about the group as a
whole. The group as a whole is called the population. In audit sampling, the population may be
represented by an account balance or a class of transactions.
Audit sampling is based on the theory of probability, which say that a sample selected from a mass
will by and large have the same characteristics as are presented in the mass. Whenever auditors
select a sample from a population, the objective is to obtain a representative one. A representative
sample is one in which the characteristics in the sample are the same as those of the population.
The need for audit sampling has been recognized by many professional bodies or accountants. The
auditor must choose the particular item in the population to be included in the sample. Selection can
be conducted based on two methods:
a) Simple Random Selection: In using this method of selection, every sample unit should have
the same probability of being selected as every other sample unit in the population. In applying
this method, every item or transaction under evaluation is listed in separate paper and assigned a
number which has an association with specific item or document. Then, the auditor selects the
sample randomly from the numbers. For example, if the item under evaluation is a pre-
numbered sales invoice which has total of 1000 invoices, every invoice will be listed on a
separate paper by assigning a number, then the auditor can pick 100 samples randomly from the
list. The random selection can be made either using lottery method or random number table.
b) Systematic Sample Selection: In a systemic sample selection, first, the auditor determines the
population and sample size to be taken for evaluation. Then, the auditor picks the sample
systemically from the population. Assuming the above 1000 pre numbered sales invoices and
100 sample sizes; the auditor can calculate an interval to pick the sample item as follows:
The auditor then select one invoice randomly from 1 to 10; assumes the numbers selected is 5,
and then the remaining numbers are easily determined by adding the interval 10 on this
number. There for the samples selected are sales invoices with numbers: 5.15, 25, 35, 45, 55,
65,75,85,95,105, ---, 985,995.
10
c) Stratified Sampling: When populations vary, it is advantageous to sample each subpopulation
(stratum) independently. Stratification is the process of dividing members of the population
into homogeneous subgroups before sampling. The strata should be mutually exclusive: every
element in the population must be assigned to only one stratum. The strata should also be
collectively exhaustive: no population element can be excluded. Then random or systematic
sampling is applied within each stratum. This often improves the representativeness of the
sample by reducing sampling error.
d) Probabilistic Proportion to Sample Size (PPS): In this case, the representative samples are
usually selected based on the proportionate size of the amount on each sampling unit.
In non statistical sampling, the auditor does not quantify sampling risk. Instead conclusion is reached
about population more on judgmental basis. There are three common approaches to selecting non
probabilistic samples from accounting population.
a) Direct Method: is the use of professional judgment in selecting sample items for test of
transaction. When sample size is small, a random sample is often unlikely to provide a representative
sample. Therefore, it is better to use professional judgment to select the sample items.
b) Block Sampling: is the selection of several items in sequence. Example, the selection of a
sequence of 100 sales transactions from the sales journal for the third week of March is a block
sampling.
c) Haphazard Sampling : When the auditor goes through a population and selects items for the
sample without regard to their size, sources or other distinguishing characteristics, the auditors is
attempting to select without biases. This is called haphazard selection.
There are two statistical sampling method applied for test of detail of balances, namely monetary
unit sampling and variable sampling.
Here’s an example of how monetary unit sampling works. The audit client’s accounts receivable
book value is Br. 300,000, and the sample size is set at 96 records.
11
Figure the sampling interval by dividing book value by sample size (300,000/96 = 3,125). Arrange
the client’s accounts receivable in an ordered list using some sort of ordering sequence. For example,
you can arrange them alphabetically by customer name or numerically by customer number.
Pick a random number between 1 and 3,125. For this method to work correctly, the random number
has to be less than the sampling interval and greater than the smallest sampling unit. Auditors
usually use a random-number-generator computer program to pick the random number. The
sampling unit and sampling interval limits are programmed into the software before the task is run.
In this case, say the software selects the random number 556. The following table shows an example.
First, pick the records to test: Take the alphabetically ordered list shown in the Customer Name
column, which lists every customer balance by birr amount, and count each birr until you get to Br.
556 (remember that the random number generator gives you the number 556 in Step 3 in the
previous numbered list). The cumulative birr amount for ABC Electric is under Br. 556.
That tells you that the first sampling item is Best Friend Cat Care, which at a cumulative total of Br.
1,220 is the first customer in the list with a cumulative balance over Br. 556. The client gives you the
Best Friend Cat Care file. You go through these ordered invoices (usually the invoices are ordered
by date) to find the invoice with the 556th dollar. That invoice is your item to sample.
To select your next invoice to sample, add the sampling interval of Br. 3,125 to your random number
of Br. 556. This equal Br. 3,681, which is your next sampled item birr amount. Brandy’s Grill at Br.
2,730 cumulatively is under Br. 3,681, so skip past Brandy’s to Buddy’s. Follow the same procedure
you use for Best Friends to find the Buddy invoice with the 3,681st dollar.
Although the table only goes as far as Buddy’s, your client has many more customers. To pick the
next sampling item, add the sampling interval of Br. 3,125 to your prior sampling item of Br. 3,681,
which equals Br. 6,806, and so on until you reach the last name in the customer list.
When you’re sampling, you’re looking for misstatements. If an invoice should have been entered for
Br. 986, for example, and it was entered as Br. 896, the misstatement is 9 percent of the transaction
(the inverse of 896/986). If the total misstatements exceed your assessed tolerance level, you have to
decide whether to perform other procedures.
12
2. Variable Sampling
Variable sampling, like monetary unit sampling is a statistical method used by auditors. Variable
sampling and monetary unit sampling are similar in that both use probability proportional to size
sample selection method. The main difference between the two is MUS select samples in proportion
to sample size but in variable sampling, the population is divided in to subpopulation by size and
large sample is divided in to subpopulation by size and large sample is taken from the lager
subpopulation. This is called stratified proportional to size sample selection. Variable sampling
method include mean per unit estimation, ratio estimation and difference estimation. The discussion
of this method is postponed to a more advanced auditing course.
13
As with substantive testing and the risk of incorrect rejection, the risk of under-reliance on
internal control is normally assumed to be minimal. If the auditor wanted to report the
weaknesses/deviations in internal control, entity officials would often insist on more work being
done. The additional work would normally lead to the correct conclusion.
B. Non-Sampling Risk
Non-sampling risk is the risk that, even if the auditor carries out a 100% examination of all
transactions and balances, material error or irregularity may yet remain undetected owing to
human error in audit. It exists owing to factors such as inadequately trained audit staff, failure
to exercise due care and diligence, inappropriate audit procedures, inadequate audit
supervision etc. Given factors such as these, a much better term for “non-sampling risk” is
“audit performance risk”.
Because non-sampling risk is not subject to measurement and, unlike sampling risk, cannot be
controlled through changes in sample size, the following precautions should be taken:
Test objectives and descriptions of procedures to be performed and errors or deviations to
be found should be stated unambiguously.
Auditors should be properly instructed and supervised to ensure that errors or deviations
are recognized and correctly dealt with.
Audit working papers should be carefully reviewed.
The auditor normally assumes that non-sampling risk (audit performance risk) is nil when the auditor
complies with the Ethiopian Government Auditing Standards.
14