1 / 67

Audit Sampling Concepts

Audit Sampling Concepts. Importance of Sampling. Auditor does not look at everything How does this affect the opinion? Only looks at material items Fair presentation, in all material respects Not absolute assurance Auditor CANNOT look at everything Why? Time and cost efficiency

rpankey
Download Presentation

Audit Sampling Concepts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit Sampling Concepts

  2. Importance of Sampling • Auditor does not look at everything • How does this affect the opinion? • Only looks at material items • Fair presentation, in all material respects • Not absolute assurance • Auditor CANNOT look at everything • Why? • Time and cost efficiency • Very often there is just too much

  3. Introduction to Audit Sampling Audit sampling is: • The application of an audit procedure to less than 100 percent of the items within an account balance population or class of transactions. • For the purpose of evaluating some characteristic of the balance or class. Audit procedure – computation, observation, confirmation, enquiry, inspection, analysis Account balance – substantive testing Class of transactions – test of controls

  4. Purpose of Sampling • The auditor examines only a portion of the population in order to estimate • the value or quality of the whole population • must be a representative sample • How much is a portion? • There is a maximum sample size. Going above this will not make any difference. E.g. at 95% confidence level with a confidence interval of +- 5%, maximum sample size is about 380. For any population above 30,000 this sample size does not change appreciably. Even with a population of 10,000 the sample size is 370.

  5. Risk and Materiality Risk and materiality form the basis for determining the extent of procedures to be undertaken. • Extent • Sample size • Materiality is related to sampling precision • Precision is a measure of how close an estimator is expected to be to the true value of a parameter. • Less precision is reflected by a larger standard error. • The standard erroris the standard deviation of the sampling distribution of a statistic, most commonly of the mean. • Risk is related to confidence from sampling • Sampling will allow us to determine a balance ± an amount with a given % confidence. • E.g. $200,000 ± $10,000, with 95% confidence.

  6. Sigma = standard deviation

  7. When to Do Sampling • When? • The nature and materiality of the balance or class of transactions does not demand a 100% audit • Note that with some accounts it is possible to do a 100% audit. E.g. Fixed assets. • Immaterial balance does not need to be audited • A decision must be made about the balance or class of transactions. • Can extend from the sample to the balance being examined, not other balances • The time and cost to audit 100% of the population would be too great

  8. When is Sampling Used? • To conduct: • For tests of controls • To see if they can be relied upon • To assess control risk • Tests of details • Transactions and balances

  9. Inclusions and Exclusions Related to Audit Sampling Sampling involves looking at part of a population in order to reach a conclusion on the entire population. • Sampling would not include: • 100% audit of a balance or class of transactions, • analytical procedures, • a walk-through of a transaction, or • enquiries, scanning or observations.

  10. Representative Sampling • Having a representative sample is important • why? • because the results can be extended to the whole population • What does representative mean? • The characteristics in the sample of audit interest are approximately the same as those of the population

  11. Sampling and Non-Sampling Risk Sampling risk: • The probability that an auditor’s conclusion based on a sample might be different from the conclusion based on an audit of the entire population. • Beta risk or risk of incorrect acceptance (RIA). The risk of accepting an account as materially accurate when it is in fact materially misstated. More audit work would actually be needed and it is not performed. • Alpha risk or risk of incorrect rejection (RIR). The risk of rejecting an account as materially accurate when it is in fact not materially misstated. This would require more audit work when it is really not needed. Auditors are primarily concerned with Beta risk. Why? More audit work would actually be needed and it is not performed, whereas alpha risk will require more work when it is really not needed. Both types of risk can be controlled by auditing sufficiently large samples.

  12. Non-sampling risk: • The risk of auditor error that arises from the possibility that the auditor may sample the wrong population to test an assertion • Failure to detect a misstatement when applying an audit procedure, or misinterpretation of the audit result.

  13. Statistical Sampling • Uses the laws of probability for selecting and evaluating a sample from a population • for the purposes of reaching a conclusion about the population • Selected at random • Random sample: • Each population item has an equal likelihood of being selected in the sample. • A random sample is required for statistical sampling. • Probably using a random number generator • Statistical calculations are used • to measure and express the results

  14. Nonstatistical (Judgmental) Sampling Non-statistical sampling is audit sampling in which auditors do not utilize statistical calculations to express the results. • The sample selection technique could be random or not.

  15. Statistical vs. Non-Statistical • Similarities • Both require a structured process • this involves planning, selection, conducting, evaluating • The use of stratification • a non-uniform population is subdivided into smaller uniform populations • Differences • Sampling risk cannot be quantified • in statistical sampling it can be quantified using mathematical formulae • can be difficult to extend the results of sampling to the population • use judgment to extend results

  16. Non-Probabilistic Sample Selection Methods • Directed sample selection • A non-probabilistic method • Each sample item selected is based on judgmental criteria of the auditor • When used? • Auditor often able to identify items likely to contain errors • E.g. Complex transactions, old A/R • Easily investigated by auditor • Results can be extended to the population judgmentally • Items containing selected characteristics • e.g. old amounts, negative dollar amounts in A/R • Select one or more items of each type • Large dollar item coverage • Material items as an example • Covers a large portion of the total population dollars • Conclusions reach by not examining small items would not be a concern

  17. Block sample selection • a selection of several items in a sequence • The first item in the block determines the rest of the block • E.g. selecting a block of 50 sales invoices • If number 5973 is chosen (random, chosen using a CAAT) • Then 5973 to 6022 • Reasonable number of blocks must be chosen • probably scattered throughout the year • Done all the time with numerical sequence checks • Haphazard sample selection • Auditor goes through the population and haphazardly selects items • Without regard to any characteristics • Difficulty is remaining unbiased. Auditor’s training and cultural bias. • Randomness helps get rid of bias, but this is not haphazard selection

  18. Probabilistic Sample Selection Methods • Sampling risk requires • Probabilistic sample selection • Generalized Audit Software can run most of these methods • Simple random sample selection • Every member of the population has an equal chance of being selected • Random number selectors • Selects number that have an equal chance of being chose over the long run • Systematic sample selection or systematic sampling • Auditor calculates an interval and use the interval to select sample • Population size / Sample size required • If the sample of A/P vouchers ranges from 1247 to 5247, the population = 4000 • If the desired sample size is 50, then the interval is 4000/50 = 80 • A random number is chose between 0 and 79, say 64 • The first voucher number is 1247 + 64 = 1311 • The second 1311 + 80 = 1381, the third 1381 + 80 = 1461, and so on.

  19. Major problem with systematic sampling is bias • Once the first item is chosen • the rest are automatically chosen • No problem if • population characteristics are uniformly distributed • But some characteristics • may not be uniformly distributed • Thus sample may not be representative

  20. Attribute Sampling Methodology • Another key statistical methodology • very useful for tests of controls • look in the population for a particular attribute or characteristic • Such a attribute could be an exception or deviation in internal control • The proportion of an attribute in the sample would be called the exception rate • The main question to be answered is • How many items contain errors? • If the auditor can allow 5% deviations • This means that TER or TDR is 5%, allowed in the population • Anything great than 5% would be a breakdown in internal control • Thus the control cannot be relied upon • Attribute sampling works well in this situation

  21. Probability Proportionate-to-Size Sampling Methodology • A key statistical methodology • Also known as • monetary unit sampling (MUS) or dollar unit sampling • The sampling unit is • the individual dollar not a physical unit • but each dollar unit has an equal chance to be chosen • E.g. If inventory is valued at $10 Million and there are 2000 items • The sampling unit is not each inventory item but each of the $10 Million • MUS allows the result to be stated • in dollar terms • Important to the auditor • also increases the chance that larger valued items will be chosen

  22. Advantages of Statistical Sampling • Provides: • for quantitative evaluation of the sample results • Can be quantitatively extended to the population in mathematical terms • a more defensible expression of the test results • Due to the nature statistics • Not so for judgmental sampling • It is more objective • Again based on the statistical/mathematical approach • E.g. recommendations for management would then be more objective, not subjective

  23. Disadvantages of Statistical Sampling • Requires random sample selection which may be more costly and time consuming. • Random sampling does take more time than simple judgmental or haphazard sampling • May require the use of auditors expert in this area • Might require additional training costs for staff members to use statistics or specialized software • Specialized courses in this are cost a lot of money

  24. Advantages of non-statistical sampling • Allows the auditor to inject his or her subjective judgment in determining the sample size • allows auditor to concentrate on audit items of greatest value and highest risk. • May be designed so that it is equally effective and efficient as statistical sampling while being less costly • Do not need to have expensive expertise

  25. Disadvantages of non-statistical sampling • Cannot draw objectively valid statistical inferences from the sample results • key word here is objective • Cannot quantitatively measure and express sampling risk. • since it is a non-statistical method

  26. The Main Phases of the Sampling Process • Both statistical and non-statistical methods • four basic phases • Planning the sample • Selecting the sample • Performing the tests • Evaluating the results

  27. Sampling Process • Fourteen steps in the sampling process. • Look at tests of controls versus tests of details • There are similarities and there are differences

  28. 1. State the Objectives of the Test • normally determined as part of audit planning • Test of control: • Are the controls working as specified? • Throughout the period • Are there monetary errors or fraud or other irregularities • Could there be material misstatement? • Test of detail: • Auditor wants to determine the maximum amount of overstatement and understatement that could exist based on the sample • Is there material misstatement?

  29. 2. Decide if Audit Sampling Applies • Test of control: • some controls can be sampled • e.g. is a shipping document attached to the sales invoice? • others cannot be • e.g. segregation of duties • Test of detail: • sampling test of details depends on the nature of the population • e.g. capital assets may not be sampled • high volume can be • e.g. A/R confirmations

  30. 3. Define attributes and exception or error conditions

  31. 4. Define the population • Population can be defined in a way to suit the audit tests • E.g. Select all material A/R. The population now becomes those items that are not material. Sample from them. • Must sample from the entire population as defined • Otherwise the sample will not be representative • In testing controls over sales, what is the population? • The population is likely the recorded sales invoices • In testing details in accounts receivable it is the recorded dollar population • Thus each dollar unit of the non-material A/R • Most populations can be stratified, if needed. • If A/R can be stratified into different populations with unique characteristics, this should be done • E.g. Intercompany receivables vs. receivables from customer

  32. 5. Define the sampling unit • Tests of control: • Usually a physical unit • e.g. invoice, shipping document, purchase order • Test of detail: • If MUS • the individual dollar • If non-statistical sampling • likely the unit making up the balance, e.g. an unpaid invoice

  33. 6. Specify tolerable exception rate (TER) or specify materiality • Test of control: • TDR (Also TER) • the exception rate the auditor will permit in the population and still be willing to use the assessed control risk • As TDR increases • the sample size decreases • Test of detail: • Materiality is used • to determine the tolerable misstatement amount for the audit of each account • These decisions require the use of • professional judgment

  34. 7. Specify RACR or RIA • What is examined here is really sampling risk. • i.e. An inherent part of sampling from not testing the entire population • There is always a chance that the sample is not representative • Test of control: • What is RACR or ARACR? • Risk of Assessing Control Risk Too Low • the risk that the auditor will take of accepting controls as effective when population error rates are actually greater • whenever sampling is used, this is a possibility • Test of detail: • What is RIA (ARIA)? • Risk of Incorrect Acceptance • the risk the auditor will take of accepting a balance as correct when the true misstatement is greater than materiality • Again, always possible with sampling.

  35. Test of control: • Assume • TDR 6% • Auditor can tolerate a 6% error rate in the population • ARACR 10% • Sampling risk of 10%. i.e. a 10% risk that the sample is not representative • But unknown to the auditor the true error rate is 8% • so population is NOT acceptable • Thus auditor needs to estimate the true error rate because they cannot know it unless they test the entire population • Based on judgment or last years work • Test of detail: • If RIA changes from 10% to 5% • since assurance required increases • sample size increases, • When controls are good • control risk is low (20%) • this means controls can be relied upon • thus ARIA can be increased

  36. 8. Estimate population exception rate or misstatements • Test of control: • Estimated population deviation rate (EPDR or EPER) • this is an advance estimate of the percentage of exceptions in the population • The lower the EPDR, the smaller the sample size • When the expected exception rate is low, a less precise estimate of EPER can be made • If a more precise estimate is required, a larger sample must be chosen • Common to use last years results to do an estimate, if available • A precise estimate is not essential because the current year’s sample exception rate is used to estimate the population error rate • Test of detail: • Provide an advance estimate of the total dollar error, i.e. misstatements, in the population • Use prior year data and professional judgment.

  37. 9. Determine the initial sample size • For non-statistical or judgmental sampling, professional judgment is used to calculate the sample size • this obviously requires experience, but the firm may also have guidelines • For statistical sampling, mathematical formulae are used, either in specially prepared tables or using software designed for audit sampling • Using TER, ARACR and EPER for tests of controls • Using materiality, ARIA for test of balances • For stratified sampling, the sample is allocated among the strata

  38. 10. Select the sample • Using the number of items determined in Step #9, choose the items from the population using the sampling unit defined in Step #5 • i.e. the control attribute for attribute sampling • Or the dollar unit for MUS • Use probabilistic or non-probabilistic methods • important that the auditor use a method that enables meaningful results • To enable quantification of sampling risk, probabilistic, i.e. statistical, methods must be used • This is the key advantage of probabilistic methods

  39. 11. Perform the audit procedures • For test of controls, examine each item for the attribute defined in Step #3, recording all exceptions found • e.g. all time cards must be approved by the supervisor • or the second person independent check on the PO • For test of details, apply the audit procedures designed in the audit program • Want to see if each item is correct or contains a misstatement • e.g. send out A/R confirmations • reconcile returned confirmations • conduct alternative procedures such as subsequent payments • Subsequent payments for poor controls • With good controls, agree to sales invoices, because the system can be relied upon to prevent and detect error

  40. 12. Generalize from the sample to the population Can only do with a representative sample • Test of controls sample error rate (SER) • equals actual number of exceptions divided by actual sample size • n= 50, exceptions = 2 • Thus 2/50 = 4% • But that is not necessarily equal to the actual population rate • i.e. SER does not necessarily equal estimated population rate • want to calculate Computed Upper Exception Rate (CUER) • tables can be used to calculate this • In practice, auditors tend to test controls when they expect no exceptions • If no exception are found the controls are considered reliable • When exceptions are found, it is probable that the control is not reliable • But ultimately, the method of generalization depends on the sampling methodology used

  41. When generalizing tests of details, auditors deal with • dollar amounts rather than with exceptions • Misstatements found are projected from the sample results to the population • Must consider sampling error and sampling risk (ARIA) • E.g. the auditor finds $500 of misstatements in A/R • The auditor cannot conclude that A/R are overstated by $500 as this applies only to the sample • Auditor wants population results • Auditor must calculate a point estimate • Consider the following example

  42. To calculate the point estimate: • (Client Misstatement / Recorded Value of Sample) x Recorded Book Value of the Population • Thus for a misstatement of $500 in A/R with a sample value of $10,000 and a total book value of $25,000 • The point estimate = (500/10000) x 25000 = 1250 • Note that if the population is divided into strata • The point estimate must be calculated for each strata • Then the results for each strata are aggregated • This gives the total point estimate • See next slide • The total point estimate may not be an adequate result for the population • Due to sampling error • This means that because it is based on a sample, it will be close to the true population misstatement but will not be exactly the same • The auditor must consider this fact • Use professional judgment to determine if it is significantly different

  43. Calculating Point Estimate for a population • The point estimate of the error in the population is $6,589, indicating an overstatement. • This point estimate is not an adequate measure of the population misstatement because of sampling error. • But because the estimate is based on a representative sample it will be close to the true population misstatement

  44. 13. Analyze exceptions or misstatements • Test of control • What breakdown in internal controls caused the exceptions? • is it really a breakdown • must look at cause • does it affect control risk? • Should additional substantive testing be conducted because of these results? • If it is a breakdown, then yes. • Test of detail • Were the misstatements caused by control exceptions? • i.e. a control breakdown • need to reassess control risk? • Is additional substantive testing required? • i.e. an increase in sample size above planned

  45. 14. Decide the acceptability of the population • Test of control • If TER is sufficiently larger than SER • TER = tolerable exception rate • SER = sample exception rate • will normally accept the population • If TER – SER is too small • Auditor may conclude that population is not acceptable • See next slide • Test of detail • Compare the difference between the projection to the population • To the established level of materiality • If projection is greater than materiality level • Adjusting entries must be made

  46. What if the auditor decides the population is NOT acceptable? What to do? • 1. Revise TER (tolerable error rate), ARACR, or ARIA (the risks of accepting incorrect populations) • This is not easily defensible • 2. Expand the sample size. • This will decrease the sampling error • or you could end up with the same result. • Then expand tests of details • 3. Revise assessed control risk. • This will likely mean an increase in tests of detail. • 4. Report weaknesses in management letter. • Must do this

  47. Problem 1 For the examination of the financial statements of Scotia Inc., Rosa Schellenberg, a public accountant, has decided to apply non-statistical audit sampling in the tests of sales transactions. Based on her knowledge of Scotia’s operations in the area of sales, she decides that the estimated population deviation rate is likely to be 3 percent and that she is willing to accept a 5 percent risk the true population rate is not greater than 6 percent. Given this information, Rosa selects a random sample of 150 sales invoices from the 5,000 prepared during the year and examines them for exceptions. She notes the following exceptions in her working papers. There is no other documentation. REQUIRED Which of the invoices in the table should be defined as an exception? Explain why it is inappropriate to set a single acceptable TER and EPER for the combined exceptions. State the appropriate analysis of exceptions for each of the exceptions in the sample.

  48. Solution a. b. It is inappropriate to set a single acceptable tolerable exception rate and estimated population exception rate for the combined errors because each attribute has a different significance to the auditor and should be considered separately in analyzing the results of the test.

  49. c. For each exception, the auditor should check with the controller to determine his explanation for the cause. In addition, the appropriate analysis for each type of exception is as follows:

  50. Problem 2note: good segregation of duties has the receptionist prepare a prelisting of cash receipts when they are received in the mail You have been asked to do planning for statistical testing of the audit of cash receipts. Following is a partial audit program for the audit of cash receipts. Review the cash receipts journal for large and unusual transactions. Trace entries from the prelisting of cash receipts to the cash receipts journal to determine whether each is recorded. Compare customer name, date, and amount on the prelisting with the cash receipts journal. Examine the related remittance advice for entries selected from the prelisting to determine whether cash discounts were approved. Trace entries from the prelisting to the deposit slip to determine whether each has been deposited. REQUIRED Identify which audit procedures can be tested using attribute sampling. Justify your response. State the appropriate sampling unit for each of the tests in part (a). Define the attributes that you would test for each of the tests in part (a). State the audit object associated with each of the attributes. Define exception conditions for each of the attributes that you have described in part (c). Which of the exceptions would be indicative of potential fraud? Justify your response.

More Related