Study Notes on Attributes Sampling

Introduction to Attributes Sampling

  • Definition: Attributes sampling is a statistical method used to estimate the existence of a certain characteristic (attribute) within a population.

  • Applicability: Utilized during auditors’ tests of controls to evaluate the performance and reliability of internal controls.

Key Concepts in Attributes Sampling

Objectives of Sampling

  • Determine the objective of sampling: Auditors must identify which key controls they intend to rely upon during an audit.

  • Define deviation condition: A situation where an internal control is not functioning as intended.

  • Define the population: This should encompass all potential applications of the control throughout the reviewed period.

Major Topics

  1. Attributes Sampling

    • Planning

    • Determining Sample Size

    • Selecting and Measuring Sample Items

    • Evaluating Sample Results

  2. Other sampling methods

    • Sequential Sampling

    • Discovery Sampling

    • Nonstatistical Sampling

Factors Affecting Sample Size

  • Sampling Risk (Risk of Overreliance):

    • Determined based on the desired level of control risk. Higher reliability requires lower sampling risk.

  • Tolerable Rate of Deviation:

    • Set according to the acceptable level of control risk; lower control risk results in a lower tolerable rate of deviation.

  • Expected Population Deviation Rate:

    • Estimated from previous audits or pilot samples to predict the anticipated rate of deviation.

  • Population Size:

    • Generally applicable only when the sample population is relatively small.

Risks in Attributes Sampling

Risk of Overreliance

  • Definition: Occurs when a sample indicates that controls are functioning effectively, while in reality, they are not.

  • Consequence: Auditors may mistakenly conclude that controls are effective, leading to loss of effectiveness and not sufficiently reducing audit risk.

Risk of Under-reliance

  • Definition: Arises when the sample suggests that controls are ineffective, while they are actually functioning properly.

  • Consequence: Auditors may assess control risk at unnecessarily high levels, resulting in efficiency loss and unwarranted extensive substantive procedures.

Sampling Decisions Based on Attributes Sampling

  • Decision Path based on Population vs. Sample:

    • Rely on controls as planned if (ARDTRD)(ARD ≤ TRD) (where ARD=Actual Rate of Deviation)

    • If (ARD > TRD), reduce reliance on controls.

    • Evaluate using adjusted sample rate of deviation (ASRDASRD):

      • If (ASRDTRD)(ASRD ≤ TRD), a correct decision;

      • If (ASRD > TRD), a risk of underreliance.

Sample Size Determination

Sample Size Determination Process

  1. Use AICPA Sample Size table tailored to desired risk of overreliance.

  2. Select appropriate row for the expected population deviation rate.

  3. Identify the suitable column for the tolerable rate of deviation.

  4. Establish sample size at the intersection of the selected row and column.

Sample Size Examples

  • Example 1:

    • Parameters:

      • Risk of overreliance = 5%

      • Tolerable rate of deviation = 6%

      • Expected population deviation rate = 2%

  • Example 2:

    • Process Steps:

      • Step 1: Risk of overreliance = 5%

      • Step 2: Select row for expected population deviation rate (EPDR) of 2%

      • Step 3: Select column for tolerable rate of deviation (TRD) of 6%

      • Example output from the table might show sample sizes at various tolerance and deviation levels.

Selecting Sample Items

Methods of Selection

  • Unrestricted Random Selection: Selects items using random numbers matched to items in the population.

  • Systematic Random Selection: Involves selecting every nth item after bypassing a fixed number of items in the sequence.

  • Block Selection: Involves selecting contiguous units of items.

  • Haphazard Selection: Selection in a non-systematic manner, though only unrestricted random or systematic methods should be used in statistical sampling.

Measuring Sample Items

  • Performance of appropriate controls testing is essential.

  • Look for whether the control was present or absent as applied by the entity.

  • Should an item be unlocatable, it is regarded as a deviation.

  • The adjusted sample rate of deviation must be determined to evaluate results.

Evaluating Sample Results

Upper Limit Rate of Deviation (ULRD)

  • Definition:

    • ULRD=1ext(riskofoverreliance)ULRD = 1 - ext{(risk of overreliance)}

    • Represents the probability that the true rate of deviation is less than or equal to the ULRD.

    • Conversely, the risk of overreliance indicates the probability that the true rate exceeds the ULRD.

  • Components:

    • Sample rate of deviation and allowance for sampling risk.

Determine ULRD Process

  1. Use AICPA Sample Evaluation table appropriate for the desired risk of overreliance.

  2. Select the row corresponding to sample size.

  3. Pick the column that represents the number of deviations.

  4. Read the ULRD at the row and column intersection.

Outcomes Based on ULRD

  • If ULRD is less than or equal to Tolerable Rate of Deviation:

    • Rely on controls as planned and maintain the predetermined level of control risk and detection risk.

  • If ULRD exceeds Tolerable Rate of Deviation:

    • Reduce reliance on controls, increase control risk, and decrease detection risk.

    • May require expanding the sample size to reassess results.

Qualitative Considerations

  • Beyond just count of deviations, auditors must assess qualitative factors:

    • Are deviations pervasive or isolated?

    • Are deviations unintentional or intentional?

    • Are they caused by misunderstanding or carelessness?

Alternative Sampling Methods

Sequential Sampling

  • Also known as “stop-or-go” sampling.

  • Process:

    • Select an initial sample and analyze it.

    • Options following analysis include: concluding effectiveness, determining ineffectiveness, or examining additional items if results are inconclusive.

  • Advantage: Potential for more efficiency over a fixed sampling plan.

Discovery Sampling

  • Preferred when deviations are rare but critical.

    • Mostly used when controls are vital or when fraud is suspected.

  • Finding any deviation results in the conclusion that the control is not functioning effectively.

Nonstatistical Sampling

  • Permitted under GAAS but does not allow auditors control over sampling risk.

  • Key differences involve how to determine sample size, select sample items, and evaluate results.

Appendix Information

  • AICPA Sampling Tables for sample size and evaluation processes are available, corresponding to 5% and 10% risks of overreliance, along with examples of results generated by the IDEA software.