Audit Sampling • Whenever we test less than 100% that is sampling • Most important concept: Representative sample. Does the sample you selected represent a typical error rate in the entire population? • Nonsampling risk: risk sample does not uncover existing exceptions (Error in planning and executing)
Audit Sampling • Sampling risk: risk conclusion is incorrect because sample is not representative. • control sampling risk by increasing sample size and proper selection methods
Statistical vs Nonstatistical • Math (quantify) vs judgment • Probabilistic selection vs. nonprobabilistic • Evaluation: • you can evaluate a statistical sample with either: statistical or nonstatistical method • you can only evaluate non statistical with non statistical method
Nonprobabilistic sample selection • Directed sample selection: • items most likely to contain misstates • items containing select population characteristics • each month, each bank account, each location • items with large dollar coverage of population • Block Sample • Several items in sequence
Nonprobabilistic sample selection • Haphazard sample selection • selection without any conscious bias
Probabilistic sample selection • Simple Random • random number tables • computer generation of random numbers • replacement (more than once) and nonreplacement (exclude the second time) • Systematic Sample Selection • Interval selection (i.e., every 9th number)
Probabilistic sample selection • Probability Proportional to size • Stratified Sample Selection
Sampling for Exception Rates • When testing controls or transactions we look for an “attribute” (yes or no question) • Occurrence rate or exception rate is the ratio of items containing the attribute to the total population • deviation from internal control • monetary misstatements in transaction • monetary misstatements in balances
Sampling for Exception Rates • Exception rate is the auditors best estimate of the population exception rate • Deviation means a control exception • Sampling error = sample error rate and population error rate differ • Sampling risk= reliability of sample • Example: 3% sample rate, 1% sampling error rate, 10% sampling risk • = 2-4% error rate and 10% risk of being wrong
Sampling for Exception Rates • CUER = computed upper exception rate • if rate is 2-4% then upper rate is 4%
Nonstatistical Audit Sampling • 14 Steps : • 1. State the objectives of the audit test • 2. Decide whether audit sampling applies • 3. Define attributes and exception conditions • 4. Define the population • 5. Define the sampling unit • 6. Specify the tolerable exception rate • 7. Specify acceptable risk of assessing control risk too low
Nonstatistical Audit Sampling • 14 Steps (continued) • 8. Estimate the population exception rate • 9. Determine the initial sample size • 10. Select the sample • 11. Perform the audit procedures • 12. Generalized from the sample to the population • 13. Analyze exceptions • 14. Decide the acceptability of the population
Nonstatistical Audit Sampling • 1. Objectives • operating effectiveness for controls • monetary misstatements for transactions • 2. Audit sampling applies? • Audit sampling inappropriate for analytical procedures and observations • 3. Define Attributes • See table 15-3 for examples page 485
Nonstatistical Audit Sampling • 4. Define the population • i.e. all sales in one year • 5. Sampling unit • customer order • shipping document • 6. Specify tolerable exception rate • TER - exception rate that the auditor will permit in the population and still be willing to conclude the control is effective
Nonstatistical Audit Sampling • 6. TER (continued) • Larger sample size is needed for low TER • See Figure 15-2, page 487 and 15-4, page 493 • 7. Acceptable Risk of Overreliance • There is always a risk that the conclusion about the population will be wrong • Risk auditor is willing to take of accepting control as effective when it is not. (or when the exceptions in the population are greater than tolerable exception rate. (Low means more testing) Table 15-4, page 488.
Nonstatistical Audit Sampling • 8. Estimate Population Exception Rate • EPER - Use prior year audit • 9. Determine sample size • use TER, ARO and EPER to determine • population size is not nearly as significant as the above • consider precision (TER minus EPER) refer to precision on page 487
Nonstatistical Audit Sampling • 10. Select the sample • 11. Perform audit procedures (Test) • result is list of exceptions to the attribute • See figure 15-3, page 491. • 12. Generalize to the population • determine SER: sample exception rate • exceptions divided by sample size • determine CUER: computed upper exception rate • add sampling error to SER for CUER
Nonstatistical Audit Sampling • 12. Generalize to the population (cont.) • Determine calculated sampling error is • TER - SER • Decide if error rate is acceptable • if SER is greater than TER not acceptable • If SER greater than EPER than control risk is probably assessed too low • See Figure 15-4
Nonstatistical Audit Sampling • 13. Analyze Exceptions • carelessness • misunderstood instructions • intentional failure to perform procedures • internal control problem (Fig 15-5). • 14. Acceptability of population • See Figure 15-4
What if test fails? • Revise TER or ARO • not advisable unless original estimate was too conservative • Expand the Sample Size • Revise Assessed Control Risk • this will increase substantive tests of transactions and tests of details of balances • Communicate with Audit Committee
Nonstatistical Audit Sampling • Adequate documentation of methodology is essential • See figure 15-6 for calculating tests of balances in chapter 16.
Statistical Audit Sampling • Attributes sampling is the most common to use for tests of controls and substantive tests of transactions • Most of the 14 steps are the same for both nonstatistical and statistical sampling except for using tables for sample size and calculation of estimated upper exception rate from tables.
Statistical Audit Sampling • Sampling Distribution • refer to Table 15-7 (concept only) • Attributes sampling-yes or no question • 14 Steps are the same • 1. State objectives • 2. Decide whether sampling applies • 3. Define attributes and exceptions • 4. Define population
Statistical Audit Sampling • 14 Steps (continued) • 5. Define sampling unit • 6. Specify tolerable exception rate • 7. Specify acceptable risk of overreliance (HERE YOU USE NUMBERs RATHER THAN high, medium, low) • 8. Estimate population exception rate • 9. Determine sample size (HERE YOU USE TABLEs)
Sample Size • Note statistical theory shows that in populations where attributes sampling applies, population size is a minor consideration in determining sample size
Statistical Audit Sampling • 14 Steps (continued) • 10. Select sample (Random or systematic) • 11. Perform tests • 12. Generalize from sample to populations • HERE YOU USE TABLES • 13. Analyze exceptions • Decided the acceptability of the population
Stop here • You are not required to know how to evaluate the results of an attributes sample using the tables. • You do need to learn the definitions in essential terms pages 505-506.