Audit Sampling

Audit Sampling

Overview of Audit Sampling

  • Audit Sampling: Applying an audit procedure to less than 100% of items within a population (e.g., accounts receivable, transactions). Results from testing the sample are used to provide a reasonable basis for conclusions about the population.
  • The auditor decides the extent (NET - Nature, Extent, Timing) of the population to be tested based on their judgment.
  • The auditor provides reasonable assurance, not absolute assurance.
Methods of Selecting Items for Testing:
  • Select Specific Items: Testing items with a specific attribute or those above a certain dollar amount. Results cannot be projected to the entire population.
  • Select All Items: Useful for populations with a small number of large-value transactions/balances.
  • Audit Sampling: Testing a sample to project results to the population.
When to Use Audit Sampling:
  • Tests of Controls (Internal Control Phase): To determine if internal controls are operating effectively.
  • Substantive Tests of Details (Substantive Testing Phase): To obtain sufficient appropriate audit evidence regarding transactions, accounts, and disclosures.
  • Audit sampling is typically used in both the Internal Control (I/C) phase and the substantive testing phase.
  • Not practical for all parts of the audit:
    • Planning the audit
    • Analytical procedures (application to some accounts cannot be considered evidence applicable to all accounts)
    • Risk assessment procedures
    • Understanding internal control structure (cannot just look at one part of the structure)
    • Few audit procedures like inquiry and often for observation
    • Tests of automated application controls (since these are tested only once/few times when effective IT general controls are present)
    • Procedures applied to every item in the population (e.g., large transactions, accounts with all large balances)
    • Few audit procedures like inquiry and often for observation
    • Analytical procedures
    • Test of controls with no documentary evidence
    • Tests for security & access controls
Types of Audit Sampling:
  • Attributes Sampling:
    • Applicable to tests of controls.
    • Used to determine if the auditor can rely on internal controls or not.
    • Aims to determine the deviation rate or frequency of occurrence.
  • Variables Sampling:
    • Applicable to substantive tests of details.
    • Used to determine if amounts are correct or misstated.
    • Aims to determine dollar value variations.

How to Do Audit Sampling

  • Statistical Sampling:
    • Involves quantitative measures and formulae for sample size and evaluation of sample results, including measuring sampling risk.
    • Advantages:
      • Designs efficient sample.
      • Evaluates sample results.
      • Measures sufficiency of evidence obtained.
      • Objectively quantifies sampling risk to limit it to an acceptable level.
    • Additional costs include training due to the need for specialized expertise, but can reduce costs by using audit sampling software.
    • Difficulties in using statistical sampling:
      • Population is in manual records (not electronic) - Inefficient to use sampling software.
      • Client does not maintain perpetual inventory records - Difficult to use statistical sampling to test physical inventory count.
    • Auditor will still use professional judgment to:
      • Define the population and sampling unit.
      • Select appropriate sampling method.
      • Determine the acceptable level of sampling risk.
      • Evaluate results: Appropriateness of audit evidence, nature of deviations/errors, and project the results to the population.
    • Statistical sampling does not eliminate the need for judgment.
  • Non-Statistical Sampling:
    • Auditor uses judgment to determine the appropriate sample size and evaluation of sample results, including measurement of sampling risk.
    • Even if the auditor rigorously selects a random sample, it is considered non-statistical if the auditor does not use statistics for evaluation of sample results or measurement of sampling risk.
    • Sample size would ordinarily be comparable to the sample size in statistical sampling, but auditors often end up taking a larger sample size.
    • Auditor is not required to compute a corresponding sample size using an appropriate statistical technique.
    • Additional risk exists as significant divergence from sampling concepts may make testing ineffective.
    • Address risk by providing audit team with non-statistical sampling guidance and encouraging consistent sampling applications (which are grounded in sampling theory).
  • Statistical vs. Non-statistical sampling approaches:
    • Auditor uses judgment to decide on which approach to use; sample size is not a valid criterion.
    • Statistical Sampling:
      • Use quantitative methods to determine sample size and evaluate sample results.
      • Select sample via random selection techniques.
    • Non-Statistical Sampling:
      • Use judgment to determine sample size and evaluate sample results.
      • Select sample via random/haphazard selection.
    • Both require the use of professional judgment by the auditor in planning, executing the sampling plan, and evaluating the results of the sample.
    • Both can provide sufficient appropriate audit evidence and are allowed per Generally Accepted Auditing Standards (GAAS).
    • Both involve sampling risk.

Sample Design, Sample Size, Sample Selection

Sample Design
  • Auditor should consider:
    • Purpose of the audit procedure.
    • Characteristics of the population from which the sample will be drawn.
  • Auditor should consider the nature of the audit evidence sought and possible deviation or misstatement conditions to define what constitutes a deviation or misstatement and what population to use for sampling.
Example: Test of Details Relating to the Existence of A/R (Confirmation)
  • Payments made by the customer before the confirmation date but received shortly after that date by the client are not considered a misstatement.
  • An incorrect posting between customer accounts does not affect the total A/R balance and may not be considered a misstatement in relation to the existence assertion, even though it may have an important effect on other areas of the audit, such as the assessment of fraud risk or the adequacy of the allowance for doubtful accounts.
  • Need to obtain evidence that population from which the audit sample is drawn is complete.
  • For tests of controls, the auditor assesses the expected rate of deviation based on the auditor's understanding of internal control. This assessment is made to design an audit sample and determine sample size. If the expected rate of deviation is unacceptably high, the auditor normally decides not to perform tests of controls and goes for a substantive approach.
  • For tests of details, the auditor assesses expected misstatement in the population. If the expected misstatement is high, 100% examination or increasing the sample size may be appropriate.
  • In considering the characteristics of the population from which the sample will be drawn, the auditor may determine that stratification or value-weighted selection is appropriate.
Sample Size
  • Auditor should determine a sample size sufficient to reduce sampling risk to an acceptably low level. Lower the risk the auditor is willing to accept, greater the sample size needed.
  • Sample size can be determined by the application of a statistically based formula (statistical sampling) or through the exercise of professional judgment (non-statistical sampling).
  • Auditor decides (per auditor's professional judgment) whether to use a statistical or non-statistical sampling approach. Both approaches ordinarily result in a comparable sample size. The auditor using non-statistical sampling need not compute a corresponding sample size using a statistical sampling technique.
Factors Which Influence Sample Size (Mnemonic: TEAR/TEARS)
  • Test of Controls [TEAR]:
    • Tolerable deviation rate - inverse effect
    • Expected deviation rate of population - direct effect
    • Allowable Risk of assessing RMM too low - inverse effect
    • Population size - direct effect [but don't consider if the population is large]
  • Substantive Tests of Details [TEARS]:
    • Tolerable misstatement - inverse effect
    • Expected misstatement of population - direct effect
    • Allowable Risk of incorrect acceptance - inverse effect
    • Population size - direct effect [but don't consider if the population is large]
    • Standard deviation - direct effect
Sample Selection
  • Auditor should select items for the sample in such a way that the auditor can reasonably expect the sample to be representative of the relevant population and likely to provide a reasonable basis for conclusions about the population.

  • Rule #1: Assume that the population is normally distributed (bell-shaped curve).

  • Rule #2: If the sample is randomly selected AND is large enough, the sample is likely to be representative of the population, i.e., have the same statistical characteristics (mean and standard deviation) as the underlying population.

  • Rule #2.1: Samples have to be unrestricted and randomly selected so that the auditor's projection of sample results to the population have mathematical validity.

    • Every item in a population must have an absolutely equal chance of being selected.
    • Cannot use 'bias' in deciding the selection of the sample.
    • Cannot use substitutes.
Sampling Methodologies
  • The following apply for both statistical & non-statistical sampling except for haphazard sampling which is only applicable for non-statistical sampling:
    • Simple Random Sampling: A