Auditing Sampling

Gloria Ivana - 211526334

[Basic Auditing Sampling Concept]

Nature and Purpose of audit Sampling

Audit Sampling : application of an audit Procedure to less than 100% of the items
within an account balance or class of transactions for the purpose of evaluating some
characteristics of the entire balance or class.

Audit sampling is applicable to:

· tests of controls
· substantive tests.

However, it is not equally applicable to all the auditing procedures that may be used in
performing these tests. For example, audit sampling is widely used in vouching, confirming, and
tracing, but it is ordinarily not used in inquiring, observing, and analytical procedures.

Uncertainty and Audit Sampling

The auditor is justified in accepting some uncertainty when the cost and time required to make a
100 percent examination of the data are greater than the adverse consequences of possibly
expressing an erroneous opinion from examining only a sample of the data.

The uncertainties inherent in audit sampling are collectively referred to as audit risk.

The uncertainty associated with audit sampling applies to two components of audit risk:

1) control risk
2) test of details risk.

Sampling Risk

When sampling is used in meeting the second and third standards of fieldwork, it should be
recognized that uncertainties may result from factors.

(1) associated directly with the use of sampling (sampling risk)

 (2) unrelated to sampling (non-sampling risk).

Sampling risk relates to the possibility that a properly drawn sample may not be representative of
the population.

In performing tests of controls and substantive tests, the following types of sampling risk may
occur:

tests of controls

· The risk of assessing control risk too low is the risk that the assessed level of
control risk based on the sample supports the planned assessed level of control risk
when the true operating effectiveness of the internal control, if known, would not be
considered adequate to support the planned assessed level.
· The risk of assessing control risk too high is the risk that the assessed level of
control risk based on the sample does not support the planned assessed level of
control risk when the true operating effectiveness of the internal control, if known,
would be considered adequate to support the planned assessed level.

substantive tests

· The risk of incorrect acceptance is the risk that the sample supports the conclusion
that the recorded account balance is not materially misstated when it is materially
misstated.
· The risk of incorrect rejection is the risk that the sample supports the conclusion that
the recorded account balance is materially misstated when it is not materially
misstated.

Non sampling Risk

Sources of non-sampling risk include

(1) human mistakes, such as failing to recognize errors in documents

(2) applying auditing procedures inappropriate to the audit objective
(3) misinterpreting the results of a sample
 (4) relying on erroneous information received from another party, such as an erroneous
confirmation response.

Nonsampling risk can never be mathematically measured. However, proper planning and
supervision and adherence to the quality control standards can hold nonsampling risk held to a
negligible level.

nonstatistical sampling the auditor determines sample size and evaluates sample results entirely
on the basis of subjective criteria and his or her own experience.

statistical sampling the auditor determines sample size and evaluates sample results using the
laws of probability.

statistical sampling should benefit the auditor in

(1) designing an efficient sample

(2) measuring the sufficiency of the evidence obtained
(3) evaluating sample results.

Steps in statistical or nonstatistical sampling

[Test Of Control]

Test of controls that do not involve audit sampling.

The concepts associated with audit sampling do not apply to:

· Tests that rely primarily on inquiry and observation (e.g., many tests of the control
environment, tests of segregation of duties, or observation of physical controls).
· Tests of computer application controls because they can test a programmed decision
point with only two elements of test data (one test to determine that the control
appropriately accepts transactions that meet the control criteria and one to see that it
appropriately rejects transactions that fail to meet control criteria).
 · Tests of computer application controls that may show exceptions on a computer
screen and prevent further processing of a transaction (tested with inquiry and
observation, and by submitting transactions that may generate expected error
messages).

Framework for Audit sampling for test of Controls

(1) Determine the Objectives of the Tests of Controls

The overall objective of a test of controls is to estimate the rate of deviations from
prescribed controls in a population.
The following are several examples of the objective of various tests of controls:
· To determine the rate of deviation from expected control environment or risk
assessment procedures.
· To determine the rate of deviation from computer general controls related to
system documentation and documentation of system changes.
· To determine the rate of deviation from prescribed manual follow up
procedures where individuals clear items appearing on exception reports.
· To determine the rate of deviation from prescribed performance reviews.
· To determine the rate of deviation from prescribed controls over management
discretion in financial reporting. To determine the rate of deviation from
prescribed antifraud programs and controls.
· To determine the rate of deviation from prescribed monitoring activities.

(2) Determine the Procedures to Evaluate Internal Controls

The audit procedures that are used to evaluate the controls discussed above
include inquiry of a variety of individuals, observation of people in the performance of
their duties, inspection of documents, reports, and electronic files, and reperformance of
the control by the auditor.

(3) Make a Decision about the Audit Sampling Technique

The major decision for the auditor is to determine whether to use nonstatistical sampling
or statistical attribute sampling.
examples where the auditor might find it more effective to use nonstatistical sampling for
tests of controls:
· Some tests of computer general controls such as inspecting logs that document
program changes may be such that the auditor wants to review the entire
population of logs documenting program changes and the auditor might use
nonstatistical sampling to investigate individual changes to specific computer
programs.
· Computer-programmed control procedures usually flag exceptions for manual
followup. If exceptions are printed on daily or weekly exception reports for
followup and correction, and employees make notations on printed exception
reports, nonstatistical sampling may be an appropriate way to select exception
reports to test the effectiveness of the manual followup procedure.
· Many performance reviews involve having management review various
reports of financial and business performance. Revenue cycle reports may
rank-order customers by profitability, report new customers, report customers
with no activity in the last quarter, or show the volume of activity, sales prices,
and margins by product. Payroll cycle reports may show the individual
employees whose pay was charged to a responsibility center during a given
pay period. These controls expect management to review and approve the
completeness, accuracy, and reasonableness of the period’s transactions. The
auditor might obtain 100 percent of the reports reviewed by a given manager
and use nonstatistical sampling to select individual reports to test the
effectiveness of management’s performance review.
· Controls over management discretion in financial reporting may occur
infrequently, such as at the end of a quarter. If the control only functions at the
end of the month or the end of the quarter, nonstatistical sampling is probably
the most efficient way to determine how often the auditor wants to test the
effectiveness of the control. If the auditor is sampling daily or weekly reports,
he or she will want to use professional judgment to select a sample that is
representative of the entire population.
(4) Define the Population and Sampling Unit
The population is defined by the internal control of interest and represents all situations
when the control should be performed. The sampling unit represents the way the auditor
identifies the performance of internal controls of interest. For example, the auditor might
want to examine the population of all program changes during the year to test general
controls over program changes. In this example, the individual sampling unit would be a
program change.

(5) Use Professional Judgment to Determine Sample Size

· Nature of Control
The nature of the control refers to whether a control is manual or automated. It also refers
to whether a control in place affects the consistency of operation of other controls
· Frequency of Operation
The frequency of operation refers to how often the control operates. Some controls
operate on every transaction, such as various authorization controls. Alternatively, some
controls operate only at month-end, with month-end reviews of accounting information
by management.
· Importance of the Control
The importance of the control relates to the importance of the control to the auditor’s
audit strategy. For example, controls like the control environment and computer general
controls have a pervasive impact on other controls and are very important to an audit
strategy that relies on those other controls.
· Risk of Assessing Control Risk too Low
Two types of sampling risk are associated with tests of controls: (1) the risk of assessing
control risk too high, which relates to the efficiency of the audit, and (2) the risk of
assessing control risk too low, which relates to the effectiveness of the audit. Because of
the potentially serious consequences associated with an ineffective audit, the auditor
desires to keep the risk of assessing control risk too low at a low level.
· Tolerable and Expected Deviation Rates
Tolerable deviation rate is the maximum rate of deviation from a control that an auditor is
willing to accept and still use the planned control risk.
 · Population Size
When planning a test of controls, population size has little or no effect on sample size.

(6) Select a Representative Sample

The process of selecting a sample should be unbiased, and the auditor should attempt to
obtain a representative sample of the application of the control throughout the period
being tested.
(7) Apply Audit Procedure
Once the auditor selects a sample, the auditor should apply audit procedures to determine
whether the control has been consistently applied and the degree to which it operates
effectively.
(8) Evaluate the Sample Results
Deviations from prescribed control procedures should be tabulated, summarized, and
evaluated. Professional judgment is required in the evaluation of quantitative and
qualitative results.
(9) Document Conclusions
Once the auditor has completed the sampling process, the auditor should document the
results of tests of controls in his or her working papers.

[Substantive Tests]

Substantive Tests that don’t involve audit sampling

the logic behind audit sampling does not apply to substantive tests. In a few instances, audit
sampling does not apply to initial procedures, substantive analytical procedures, and many tests
of details of accounting estimates and tests of details of disclosures. An auditor might audit the
allowance for doubtful accounts by using generalized audit software to identify every customer
that has had a history of having receivables more than 30 or 60 days past due.

Framework for audit Sampling for Substantive test

(1) Determine the Objectives of the Substantive Test

· Estimating total amount of population
 · Estimating amount of misstatement

(2) Determine the Substantive Audit Procedures to Perform

· Tests of Details of Transactions
· Tests of Details of Balances

(3) Make a Decision About the Audit Sampling Technique

PPS sampling is an approach that uses attribute sampling theory to express a conclusion in
dollar amounts rather than as a rate of deviations.
The model in the Audit Sampling Guide is primarily applicable in testing transactions and
balances for overstatement. It may be especially useful in tests of:
· Receivables when unapplied credits to customer accounts are insignificant
· Investment securities
· Inventory price tests when few differences are anticipated.
· Plant asset additions

The advantages of PPS sampling are:

· It is generally easier to use than classical variables sampling because the

auditor can calculate sample sizes and evaluate sample results by hand or with
the assistance of tables.
· The size of a PPS sample is not based on any measure of the estimated
variation of audit values.
· PPS sampling automatically results in a stratified sample because items are
selected in proportion to their dollar values.
· PPS systematic sample selection automatically identifies any item that is
individually significant if its value exceeds an upper monetary cutoff.
· If the auditor expects no misstatements, PPS sampling will usually result in a
smaller sample size than under classical variables sampling.

PPS sampling has the following disadvantages:

 · It includes an assumption that the audit value of a sampling unit should not be
less than zero or greater than book value. When understatements or audit
values of less than zero are anticipated, special design considerations may be
required.
· If understatements are identified in the sample, the evaluation of the sample
may require special considerations.
· The selection of zero balances or balances of a different sign (e.g., credit
balances) requires special consideration.
· PPS evaluation may overstate the allowance for sampling risk (ASR) when
misstatements are found in the sample. As a result, the auditor may be more
likely to reject an acceptable book value for the population.
· As the expected number of misstatements increases, the appropriate sample
size increases. Thus, a larger sample size may result than under classical
variables sampling.
(4) Define the Population and Sampling Unit
· Reciprocal Population, that will be overstated if the account balance of interest is
understated. For example, if accounts payable at year-end is understated, the voucher
register for the period subsequent to year-end will likely be overstated because
liabilities that are unrecorded at year-end are normally recorded in the subsequent
period
· Logical Sampling Unit, The item snagged (e.g., account or document)

(5) Use Professional Judgment and Statistical Methods to Determine Sample Size
BV = Book Value of Population Tested (the larger BV, the larger n)

RF = Reliability Factor for Specified Risk of Incorrect Acceptance (the larger RF,
the smaller n)

TM = Tolerable Misstatement (the larger TM, the smaller n)

AM = Anticipated Misstatement and Expansion Factor (the greater AM, the smaller n)

EF = Calculation of Sample Size

 Reliability Factor for specified risk of incorrect acceptance
In specifying an acceptable level of risk of incorrect acceptance, the auditor should
consider
· the level of audit risk that he or she is willing to take that a material
misstatement in the account will go undetected
· the assessed levels of inherent and control risks
· the results of other tests of details and substantive analytical procedures that
are relevant to the assertion.
the risk of incorrect acceptance is determined using :
The risk of incorrect acceptance has an inverse effect on sample size—the lower the
specified risk, the larger the sample size.

(6) Select a Representative Sample

· Sampling Risk is a measure of whether or not the sample is representative. The
auditor’s best opportunity to obtain a representative sample is to select a random
sample.
· Calculate Sampling Interval, The most common selection method used in PPS
sampling is systematic selection. This method divides the total population of dollars
into equal intervals of dollars. A logical unit is then systematically selected from each
interval.
· Select Random Sample, The initial step in the selection process is to pick a starting
random number between 1 and 6,818. The sample will then include each logical unit
that contains every 6,818th dollar thereafter in the population.

(7) Apply Audit Procedures

apply audit procedures to determine the magnitude of misstatement in the items selected for
auditing.
(8) Evaluate Sample Results
· Upper Misstatement Limit
· No Misstatements Found in the Sample
· Some Misstatements Found in the Sample
A projected misstatement (PM) amount is calculated for each logical unit containing a
misstatement. These amounts are then summed to arrive at PM for the entire population.
The projected misstatement is calculated differently for (1) logical units with book value
less than the sampling interval and (2) logical units with book value equal to or greater
than the sampling interval.
· Qualitative Considerations

(9) Document Conclusions

The working papers also make cross references to other working papers where important
audit planning decisions, or other audit evidence, is documented.