Créer une présentation
Télécharger la présentation

Télécharger la présentation
## Chapter 13: Audit Sampling Spring 2007

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Basic Sampling Concepts**• Definition of Audit Sampling Audit sampling is the application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. (SAS No. 39) • Why do we use sampling? • What are the two primary uses of sampling? • Test of Controls • Substantive Detail Tests • Less often used with inquiring, observing or analytical procedures unless dealing w/ multiple locations**Intuitiveness of Sampling**• Skydiving • How many parachutes would you want to have tested before you jumped out of a plane with one? • Odwalla • How would Odwalla ensure that their juice is good (in terms of health quality)?**Basic Steps for all sampling**• Basic Steps • Planning: start to develop an idea of how much comfort is necessary and how a sample of transactions can satisfy the relevant specific audit or internal control objective taking into consideration factors affecting sample size & audit efficiency • Selection: Select items so that they are representative of the population. • Evaluation: Interpret the results of the sample and what to the items from which the sample was selected and consider the “sampling risk” • Reliability of steps depends on: • Type of sampling plan used • Professional judgment**Sampling Risks (p.555)**True State of what is being tested Combined for both control and balance/transaction sampling Effective/Correct Ineffective/Incorrect • Risk of Assessing CR too low • Risk of Incorrect Acceptance Sample = clean results Correct Decision Results of Testing • Risk of Assessing CR too high • Risk of Incorrect Rejection Sample ≠ clean results Correct Decision**Sampling & Non-sampling errors**• Sampling risks – inherent risk of sampling • Effectiveness: assess CR too low or think bal is ok when not (beta risk) • Efficiency: assess CR too high or think bal is not ok when is (alpha risk) • In stat sampling sampling risk can be quantified as: one minus reliability. • Non-sampling risks – operator error • Select from pop that is not appropriate for objective • Failure to recognize deviations • Failure to evaluate findings properly**Two primary uses of sampling**• Test of Controls • Test of Details**Control Testing**• Testing of an attribute – does it work or not? • To determine the rate of deviation from a control operating effectively • Control environment control • Computer general control • Preventative control • Manual follow-up control • When does sampling not apply? • Inquiry & observation • Computer application controls**Attributes Sampling and the Assessment of Control Risk**Attributes sampling appropriate when: • Want to support CR below maximum • Documentary evidence of control procedure • Controls performed by individuals on transaction-by-transaction basis • Generally controls involve authorization, documents and records or independent checks • Doesn’t work for segregation of duties**Test of Details Sampling**• Testing that an assertion is materially correct – is the “number” right or not? • Completeness • Existence • Accuracy • Rights & Obligations (?) • Presentation& Disclosure (?) • When does sampling not apply? • When significant judgment is involved • When it is more efficient & effective to test 100% of the population (CAAT)**“Coverage” testing**• What is it? (p.567 2nd paragraph) • Is it “sampling”?**Judgment Based Sampling (non-statistical)**• Judgmental or Non-Statistical Requirements • Need to have subjective criteria and auditor experience – target the risk or higher $ amount • Sample results are evaluated and a conclusion is made regarding the entire population • Auditor’s judgment must be supported by documentation – fully explained**Statistical Sampling**• Statistical (Probability based): • Requirements • Homogonous population • Sample items should have a known probability of selection (i.e. generally random) • Sample results are evaluated mathematically in accordance with probability theory • Advantages • Can calculate the sample reliability and risk of reliance • Permits optimizing sample size given the mathematically measured risk they are willing to accept • Enables making objective statements about the population**Question**• Does Statistical sampling enable the auditor to quantify and control sampling risk? How and how not?**Selecting a Representative Sample**• Systematic Sampling • Select every nth item • Often used with random start, but this is still not ok for statistical sampling • What is random sample selection? • Must use for statistical sampling, can use for non-statistical sampling • Use a random number table or random number generator • Generally sample without replacement**Selecting a Representative Sample cont…**• To ensure a simple random sample: • Define the population and items included: • All y/e AR Accts w/ zero, negative and positive balances • All checks written for year all checks including voided and unrecorded checks • Define sampling frame: listing or other physical representation of items in the population – specific name of report you selected from • 12/31/0X AR Aging report • Check register for 1/1/0X to 12/31/0X**What if an item can’t be found?**• Ok to pick another? • No, usually not okay. This is a deviation for purposes of evaluating the sample**Attributes Sampling and the Assessment of Control Risk**• Recall: • For F/S audit, auditors must “obtain an understanding of internal control sufficient to plan the audit and to assess control risk” • Components of internal control are: • Control environment • Risk assessment • Information & communication • Control activities • Monitoring • Which component(s) of internal control can be sampled?**Steps in Statistical Sampling for Controls**• Determine the audit objectives. • Define the population and sampling unit. • Specify the attributes of interest. • Determine the sample size. • Determine the sample selection method. • Execute the sampling plan. • Evaluate the sample results.**Attributes Sampling: Initial Planning Steps**Step 1. Determining Audit Objective • Ensure you understand audit objectives the controls are addressing • May have to design different tests to ensure controls over all objectives are tested Step 2. Define Population and Sampling Unit • Population: the class of transactions being tested • Sampling Frame: where the selections were made from • Sampling unit: what is actually being tested Step 3. Specify Attributes of Interest • Attribute: evidence control is present or not**Attributes Sampling: Determining Sample Size (step 4)**For each attribute or control to be tested, the auditor must specify a numerical value for: • Risk of assessing control risk too low (1-reliability) • Inverse relationship w/ sample size 2. Tolerable deviation rate • Inverse relationship w/ sample size 3. Expected population deviation rate • Direct relationship w/ sample size • Note: Pop size has direct effect only if pop < 5000 4. Select sample size based on tables or sampling program (PCAOB set minimums)**Attributes Sampling: Determining Sample Selection (step 5)**Must use random method • To use, need to have way of associating a unique number with each item in population (i.e., use document sequence, etc) • Methods • Random number generator**Attributes Sampling: Execute Sampling Plan (step 6)**• Examine selected items to determine the nature and frequency of deviations from prescribed controls. • Deviations include • missing documents • absence of initials indicating performance of a control • discrepancies in the details of related documents and records • unauthorized values and mathematical errors found through reperformance of controls by the auditor.**Attributes Sampling: Evaluate Sampling Results (step 7)**• Calculate the sample deviation rate (which is the best estimate of the true deviation rate in pop) # deviations found / sample size examined • Determine the upper deviation or precision limit given your risk of assessing CR too low (use tables) • Why do the sample deviation rate and upper deviation limit differ???? • If sample deviation rate < UDL then can conclude at x% reliability that the true deviation rate is below the tolerable rate.**Statistical Sampling for Test of Details**• How does it differ from statistical sampling for controls?**Non-Statistical Sampling for Tests of Controls**• Programmed controls can be tested with a very small sample (appx 2) IF • General controls are strong) AND • There is comfort over program changes**Steps in Non-Stat Sampling for Controls**• Determine audit objectives and procedures • Determine population and sampling unit • Specify control of interest & evidence that control was effective or not • Judgmentally determine sample size • Risk of assessing CR too low => inverse • Tolerable deviation rate (TDR) =>inverse • Expected pop deviation rate => direct • Judgmentally select sample (gen haphazard) • Apply audit procedures for tests of controls • Evaluate sample results w/ comparison to TDR**Non-stat sampling for controls: Sample size (firm “x”**guidelines) Assuming NO errors Frequency of ControlSample size > 1 per day 25 Daily 15 Weekly 5 Monthly 2 Quarterly 1 Annually 1 What happens to sample size if expect errors?