Basic Sampling Concepts • Definition of Audit Sampling Audit sampling is the application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. (SAS No. 39) • Why do we use sampling? • What are the two primary uses of sampling? • Test of Controls • Substantive Detail Tests • Less often used with inquiring, observing or analytical procedures unless dealing w/ multiple locations
Intuitiveness of Sampling • Skydiving • How many parachutes would you want to have tested before you jumped out of a plane with one? • Odwalla • How would Odwalla ensure that their juice is good (in terms of health quality)?
Basic Steps for all sampling • Basic Steps • Planning: start to develop an idea of how much comfort is necessary and how a sample of transactions can satisfy the relevant specific audit or internal control objective taking into consideration factors affecting sample size & audit efficiency • Selection: Select items so that they are representative of the population. • Evaluation: Interpret the results of the sample and what to the items from which the sample was selected and consider the “sampling risk” • Reliability of steps depends on: • Type of sampling plan used • Professional judgment
Sampling Risks (p.555) True State of what is being tested Combined for both control and balance/transaction sampling Effective/Correct Ineffective/Incorrect • Risk of Assessing CR too low • Risk of Incorrect Acceptance Sample = clean results Correct Decision Results of Testing • Risk of Assessing CR too high • Risk of Incorrect Rejection Sample ≠ clean results Correct Decision
Sampling & Non-sampling errors • Sampling risks – inherent risk of sampling • Effectiveness: assess CR too low or think bal is ok when not (beta risk) • Efficiency: assess CR too high or think bal is not ok when is (alpha risk) • In stat sampling sampling risk can be quantified as: one minus reliability. • Non-sampling risks – operator error • Select from pop that is not appropriate for objective • Failure to recognize deviations • Failure to evaluate findings properly
Two primary uses of sampling • Test of Controls • Test of Details
Control Testing • Testing of an attribute – does it work or not? • To determine the rate of deviation from a control operating effectively • Control environment control • Computer general control • Preventative control • Manual follow-up control • When does sampling not apply? • Inquiry & observation • Computer application controls
Attributes Sampling and the Assessment of Control Risk Attributes sampling appropriate when: • Want to support CR below maximum • Documentary evidence of control procedure • Controls performed by individuals on transaction-by-transaction basis • Generally controls involve authorization, documents and records or independent checks • Doesn’t work for segregation of duties
Test of Details Sampling • Testing that an assertion is materially correct – is the “number” right or not? • Completeness • Existence • Accuracy • Rights & Obligations (?) • Presentation& Disclosure (?) • When does sampling not apply? • When significant judgment is involved • When it is more efficient & effective to test 100% of the population (CAAT)
“Coverage” testing • What is it? (p.567 2nd paragraph) • Is it “sampling”?
Judgment Based Sampling (non-statistical) • Judgmental or Non-Statistical Requirements • Need to have subjective criteria and auditor experience – target the risk or higher $ amount • Sample results are evaluated and a conclusion is made regarding the entire population • Auditor’s judgment must be supported by documentation – fully explained
Statistical Sampling • Statistical (Probability based): • Requirements • Homogonous population • Sample items should have a known probability of selection (i.e. generally random) • Sample results are evaluated mathematically in accordance with probability theory • Advantages • Can calculate the sample reliability and risk of reliance • Permits optimizing sample size given the mathematically measured risk they are willing to accept • Enables making objective statements about the population
Question • Does Statistical sampling enable the auditor to quantify and control sampling risk? How and how not?
Selecting a Representative Sample • Systematic Sampling • Select every nth item • Often used with random start, but this is still not ok for statistical sampling • What is random sample selection? • Must use for statistical sampling, can use for non-statistical sampling • Use a random number table or random number generator • Generally sample without replacement
Selecting a Representative Sample cont… • To ensure a simple random sample: • Define the population and items included: • All y/e AR Accts w/ zero, negative and positive balances • All checks written for year all checks including voided and unrecorded checks • Define sampling frame: listing or other physical representation of items in the population – specific name of report you selected from • 12/31/0X AR Aging report • Check register for 1/1/0X to 12/31/0X
What if an item can’t be found? • Ok to pick another? • No, usually not okay. This is a deviation for purposes of evaluating the sample
Attributes Sampling and the Assessment of Control Risk • Recall: • For F/S audit, auditors must “obtain an understanding of internal control sufficient to plan the audit and to assess control risk” • Components of internal control are: • Control environment • Risk assessment • Information & communication • Control activities • Monitoring • Which component(s) of internal control can be sampled?
Steps in Statistical Sampling for Controls • Determine the audit objectives. • Define the population and sampling unit. • Specify the attributes of interest. • Determine the sample size. • Determine the sample selection method. • Execute the sampling plan. • Evaluate the sample results.
Attributes Sampling: Initial Planning Steps Step 1. Determining Audit Objective • Ensure you understand audit objectives the controls are addressing • May have to design different tests to ensure controls over all objectives are tested Step 2. Define Population and Sampling Unit • Population: the class of transactions being tested • Sampling Frame: where the selections were made from • Sampling unit: what is actually being tested Step 3. Specify Attributes of Interest • Attribute: evidence control is present or not
Attributes Sampling: Determining Sample Size (step 4) For each attribute or control to be tested, the auditor must specify a numerical value for: • Risk of assessing control risk too low (1-reliability) • Inverse relationship w/ sample size 2. Tolerable deviation rate • Inverse relationship w/ sample size 3. Expected population deviation rate • Direct relationship w/ sample size • Note: Pop size has direct effect only if pop < 5000 4. Select sample size based on tables or sampling program (PCAOB set minimums)
Attributes Sampling: Determining Sample Selection (step 5) Must use random method • To use, need to have way of associating a unique number with each item in population (i.e., use document sequence, etc) • Methods • Random number generator
Attributes Sampling: Execute Sampling Plan (step 6) • Examine selected items to determine the nature and frequency of deviations from prescribed controls. • Deviations include • missing documents • absence of initials indicating performance of a control • discrepancies in the details of related documents and records • unauthorized values and mathematical errors found through reperformance of controls by the auditor.
Attributes Sampling: Evaluate Sampling Results (step 7) • Calculate the sample deviation rate (which is the best estimate of the true deviation rate in pop) # deviations found / sample size examined • Determine the upper deviation or precision limit given your risk of assessing CR too low (use tables) • Why do the sample deviation rate and upper deviation limit differ???? • If sample deviation rate < UDL then can conclude at x% reliability that the true deviation rate is below the tolerable rate.
Statistical Sampling for Test of Details • How does it differ from statistical sampling for controls?
Non-Statistical Sampling for Tests of Controls • Programmed controls can be tested with a very small sample (appx 2) IF • General controls are strong) AND • There is comfort over program changes
Steps in Non-Stat Sampling for Controls • Determine audit objectives and procedures • Determine population and sampling unit • Specify control of interest & evidence that control was effective or not • Judgmentally determine sample size • Risk of assessing CR too low => inverse • Tolerable deviation rate (TDR) =>inverse • Expected pop deviation rate => direct • Judgmentally select sample (gen haphazard) • Apply audit procedures for tests of controls • Evaluate sample results w/ comparison to TDR
Non-stat sampling for controls: Sample size (firm “x” guidelines) Assuming NO errors Frequency of ControlSample size > 1 per day 25 Daily 15 Weekly 5 Monthly 2 Quarterly 1 Annually 1 What happens to sample size if expect errors?