1. Audit Sampling: An Overview and Application to Tests of Controls
Chapter 8
Audit Sampling: An Overview and Application to Tests of Controls
McGraw-Hill/Irwin
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

2. Definitions and Key Concepts
LO# 1 and 2
Definitions and Key Concepts
On the following slides we will define:
Audit Sampling.
Sampling Risk.
Confidence Level.
Tolerable and Expected Error.
8-2

3. LO# 1
Audit Sampling
The selection and evaluation of less than 100 percent of the items in a population of audit relevance selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population.
8-3

4. LO# 2
Sampling Risk
Sampling risk is the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk.
Risk of incorrect rejection (Type I) – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is not operating effectively when, in fact, it is operating effectively. In substantive testing, it is the risk that the sample indicates that the recorded balance is materially misstated when, in fact, it is not.
Risk of incorrect acceptance (Type II) – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is operating effectively when, in fact, it is not operating effectively. In substantive testing, it is the risk that the sample supports the recorded balance when it is, in fact, materially misstated.
8-4

5. Three Important Factors in Determining Sample Size
Sampling Risk
LO# 2
Three Important Factors in Determining Sample Size
The desired level of assurance in the results (or confidence level),
Acceptable defect rate (or tolerable error), and
The historical defect rate (or expected error).
8-5

6. Confidence level is the complement of sampling risk.
LO# 2
Confidence Level
Confidence level is the complement of sampling risk.
The auditor may set sampling risk for a particular sampling application at percent, which results in a confidence level of 95 percent.
8-6

7. Tolerable and Expected Error
LO# 2
Tolerable and Expected Error
Once the desired confidence level is established, the sample size is determined largely by how much the tolerable error exceeds expected error.
Precision, at the planning stage of audit sampling, is the difference between the expected and tolerable deviation rates.
Auditing Standards
refer to Precision
as the “Allowance for sampling risk.”
8-7

8. Types of Audit Sampling
LO# 4
Types of Audit Sampling
Auditing standards recognize and permit both statistical and nonstatistical methods of audit sampling.
In nonstatistical (or judgmental) sampling, the auditor does not use statistical techniques to determine sample size, select the sample items, or measure sampling risk.
Statistical sampling uses the laws of probability to compute sample size and evaluate results. The auditor is able to use the most efficient sample size and quantify sampling risk.
8-8

9. Types of Audit Sampling
LO# 4
Advantages of statistical sampling:
Design an efficient sample.
Measure the sufficiency of evidence obtained.
Quantify sampling risk.
Disadvantages of statistical sampling:
Training auditors in proper use.
Time to design and conduct sampling application.
Lack of consistent application across audit teams.
8-9

10. Statistical Sampling Techniques
LO# 4
Statistical Sampling Techniques
Attribute Sampling.
Monetary-Unit Sampling.
Classical Variables Sampling.
8-10

11. LO# 4
Attribute Sampling
Used to estimate the proportion of a population that possess a specified characteristic. The most common use of attribute sampling is for tests of controls.
Our client’s controls require that all checks have two independent signatures.
Yes, I know. We are planning a test of that control using attribute sampling.
8-11

12. Attribute Sampling Applied to Tests of Controls
LO#
5, 6, & 7
Attribute Sampling Applied to Tests of Controls
In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly plan, perform, and evaluate the sampling application and to adequately document each phase of the sampling application.
Plan
Perform
Evaluate
Document
8-12

13. LO#
5, 6, & 7
Planning
The objective of attribute sampling when used for tests of controls is to evaluate the operating effectiveness of the internal control.
8-13

14. LO#
5, 6, & 7
Planning
All of the items that constitute the class of transactions make up the sampling population.
8-14

15. LO#
5, 6, & 7
Planning
Each sampling unit makes up one item in the population. The sampling unit should be defined in relation to the specific control being tested.
8-15

16. LO#
5, 6, & 7
Planning
A deviation is a departure from adequate performance of the internal control.
8-16

17. LO#
5, 6, & 7
Planning
The confidence level is the desired level of assurance that the sample results will support a conclusion that the control is functioning effectively. Generally, when the auditor has decided to rely on controls, the confidence level is set at 90% or 95%. This means the auditor is willing to accept a 10% or 5% risk of accepting the control as effective when it is not.
8-17

18. Example Suggested Tolerable Deviation Rates:
LO#
5, 6, & 7
Planning
The tolerable deviation rate is the maximum deviation rate from a prescribed control that the auditor is willing to accept and still consider the control effective.
Example Suggested Tolerable Deviation Rates:
8-18

19. LO#
5, 6, & 7
Planning
The expected population deviation rate is the rate the auditor expects to exist in the population. The larger the expected population deviation rate, the larger the sample size must be, all else equal.
EXAMPLE: Assume a desired confidence level of 95%, and a large population, the effect of the expected population deviation rate on sample size is shown right:
8-19

20. Population Size: Attributes Sampling
LO#
5, 6, & 7
Population Size: Attributes Sampling
Population size is not an important factor in determining sample size for attributes sampling. The population size has little or no effect on the sample size, unless the population is relatively small, say less than 500 items.
8-20

21. LO#
5, 6, & 7
Performance
Every item in the population has the same probability of being selected as every other sampling unit in the population.
8-21

22. LO#
5, 6, & 7
Performance
The auditor determines the sampling interval by dividing the population by the sample size. A starting number is randomly selected in the first interval and every nth item is selected thereafter.
8-22

23. LO#
5, 6, & 7
Performance
For example, assume a sales invoice should not be prepared unless there is a related shipping document. If the shipping document is present, there is evidence the control is working properly. If the shipping document is not present, a control deviation exists.
8-23

24. LO#
5, 6, & 7
Performance
Unless the auditor finds something unusual about either of these items, they should be replaced with a new sample item.
8-24

25. LO#
5, 6, & 7
Performance
If the auditor is unable to examine a document or to use an alternative procedure to test the control, the sample item is a deviation for purposes of evaluating the sample results.
8-25

26. LO#
5, 6, & 7
Performance
If a large number of deviations are detected early in the tests of controls, the auditor should consider stopping the test, as soon as it is clear that the results of the test will not support the planned assessed level of control risk.
8-26

27. LO#
5, 6, & 7
Evaluation
After completing the audit procedures, the auditor summarizes the deviations for each control tested and evaluates the results. For example, if the auditor discovered two deviations in a sample of 50, the deviation rate in the sample would be 4% (2 ÷ 50). The upper deviation rate is the sum of the sample deviation rate and an appropriate allowance for sampling risk.
8-27

28. LO#
5, 6, & 7
Evaluation
The auditor compares the tolerable deviation rate to the computed upper deviation rate.
8-28

29. Attribute Sampling Example
LO#
5, 6, & 7
Attribute Sampling Example
The auditor has decided to test a control at Calabro Wireless Services. The test is to determine that the sales and service contracts are properly authorized for credit approval. A deviation in this test is defined as the failure of the credit department personnel to follow proper credit approval procedures for new and existing customers. Here is information relating to the test:
8-29

30. Attribute Sampling Example
LO#
5, 6, & 7
Attribute Sampling Example
Part of the table used to determine sample size when the auditor specifies a 95% desired confidence level.
If there are 125,000 items in the population numbered from 1 to 125,000, the auditor can use Excel to generate random selections from the population for testing.
8-30

31. Attribute Sampling Example
LO#
5, 6, & 7
Attribute Sampling Example
The auditor examines each selected contract for credit approval and determines the following:
Let’s see how we get the computed upper deviation rate.
8-31

32. Attribute Sampling Example
LO#
5, 6, & 7
Attribute Sampling Example
Part of the table used to determine the computed upper deviation rate at 95% desired confidence level:
8-32

33. Attribute Sampling Example
LO#
5, 6, & 7
Attribute Sampling Example
Tolerable Deviation Rate (6%)
Computed Upper Deviation Rate (8.2%)
<
Auditor’s Decision:
Does not support reliance on the control.
8-33

34. Nonstatistical Sampling for Tests of Controls
LO# 8
Nonstatistical Sampling for Tests of Controls
Determining the Sample Size
An auditing firm may establish a nonstatistical sampling policy like the one below:
Such a policy will promote consistency in sampling applications.
8-34

35. Nonstatistical Sampling for Tests of Controls
LO# 8
Nonstatistical Sampling for Tests of Controls
Calculating the Upper Deviation Rate
With a nonstatistical sample, the auditor can calculate the sample deviation rate, but cannot mathematically quantify the computed upper deviation rate and sampling risk associated with the test.
8-35