View
231
Download
3
Tags:
Embed Size (px)
Citation preview
Chapter 13: Audit Sampling
Spring 2007
Overview of Sampling
Basic Sampling Concepts Definition of Audit Sampling
Audit sampling is the application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. (SAS No. 39)
Why do we use sampling? What are the two primary uses of sampling?
Test of Controls Substantive Detail Tests Less often used with inquiring, observing or
analytical procedures unless dealing w/ multiple locations
Intuitiveness of Sampling Skydiving
How many parachutes would you want to have tested before you jumped out of a plane with one?
Odwalla How would Odwalla ensure that their
juice is good (in terms of health quality)?
Basic Steps for all sampling Basic Steps
Planning: start to develop an idea of how much comfort is necessary and how a sample of transactions can satisfy the relevant specific audit or internal control objective taking into consideration factors affecting sample size & audit efficiency
Selection: Select items so that they are representative of the population.
Evaluation: Interpret the results of the sample and what to the items from which the sample was selected and consider the “sampling risk”
Reliability of steps depends on: Type of sampling plan used Professional judgment
Sampling Risks (p.555)
Correct Decision
Correct Decision
• Risk of Assessing CR too high
• Risk of Incorrect Rejection
• Risk of Assessing CR too low
• Risk of Incorrect Acceptance
Effective/Correct
Ineffective/Incorrect
True State of what is being tested
Sample = clean results
Sample ≠ clean results
Results of Testing
Combined for both control and
balance/transaction sampling
Sampling & Non-sampling errors
Sampling risks – inherent risk of sampling Effectiveness: assess CR too low or think bal is ok
when not (beta risk) Efficiency: assess CR too high or think bal is not
ok when is (alpha risk) In stat sampling sampling risk can be quantified
as: one minus reliability. Non-sampling risks – operator error
Select from pop that is not appropriate for objective
Failure to recognize deviations Failure to evaluate findings properly
Two primary uses of sampling Test of Controls Test of Details
Control Testing Testing of an attribute – does it work or
not? To determine the rate of deviation from a control
operating effectively Control environment control Computer general control Preventative control Manual follow-up control
When does sampling not apply? Inquiry & observation Computer application controls
Attributes Sampling and the Assessment of Control Risk
Attributes sampling appropriate when: Want to support CR below maximum Documentary evidence of control
procedure Controls performed by individuals on
transaction-by-transaction basis Generally controls involve authorization,
documents and records or independent checks
Doesn’t work for segregation of duties
Test of Details Sampling Testing that an assertion is
materially correct – is the “number” right or not? Completeness Existence Accuracy Rights & Obligations (?) Presentation & Disclosure (?)
When does sampling not apply? When significant judgment is involved When it is more efficient & effective to test
100% of the population (CAAT)
“Coverage” testing What is it? (p.567 2nd paragraph)
Is it “sampling”?
Judgment Based Sampling (non-statistical)
Judgmental or Non-Statistical Requirements
Need to have subjective criteria and auditor experience – target the risk or higher $ amount
Sample results are evaluated and a conclusion is made regarding the entire population
Auditor’s judgment must be supported by documentation – fully explained
Statistical Sampling Statistical (Probability based):
Requirements Homogonous population Sample items should have a known probability of
selection (i.e. generally random) Sample results are evaluated mathematically in
accordance with probability theory Advantages
Can calculate the sample reliability and risk of reliance
Permits optimizing sample size given the mathematically measured risk they are willing to accept
Enables making objective statements about the population
Question Does Statistical sampling enable
the auditor to quantify and control sampling risk? How and how not?
Selecting a Representative Sample
Systematic Sampling Select every nth item Often used with random start, but this is still not
ok for statistical sampling What is random sample selection?
Must use for statistical sampling, can use for non-statistical sampling
Use a random number table or random number generator
Generally sample without replacement
To ensure a simple random sample: Define the population and items included:
All y/e AR Accts w/ zero, negative and positive balances
All checks written for year all checks including voided and unrecorded checks
Define sampling frame: listing or other physical representation of items in the population – specific name of report you selected from
12/31/0X AR Aging report Check register for 1/1/0X to 12/31/0X
Selecting a Representative Sample cont…
What if an item can’t be found?
Ok to pick another? No, usually not okay. This is a
deviation for purposes of evaluating the sample
Sampling in Tests of Controls
Attributes Sampling and the Assessment of Control Risk
Recall: For F/S audit, auditors must “obtain an
understanding of internal control sufficient to plan the audit and to assess control risk”
Components of internal control are: Control environment Risk assessment Information & communication Control activities Monitoring
Which component(s) of internal control can be sampled?
1. Determine the audit objectives.2. Define the population and sampling unit.3. Specify the attributes of interest.4. Determine the sample size.5. Determine the sample selection method.6. Execute the sampling plan.7. Evaluate the sample results.
Steps in Statistical Sampling for Controls
Attributes Sampling: Initial Planning Steps
Step 1. Determining Audit Objective Ensure you understand audit objectives the
controls are addressing May have to design different tests to ensure
controls over all objectives are tested
Step 2. Define Population and Sampling Unit Population: the class of transactions being tested Sampling Frame: where the selections were
made from Sampling unit: what is actually being tested
Step 3. Specify Attributes of Interest Attribute: evidence control is present or not
For each attribute or control to be tested, the auditor must specify a numerical value for:1. Risk of assessing control risk too low (1-reliability)
Inverse relationship w/ sample size
2. Tolerable deviation rate Inverse relationship w/ sample size
3. Expected population deviation rate Direct relationship w/ sample size Note: Pop size has direct effect only if pop < 5000
4. Select sample size based on tables or sampling program (PCAOB set minimums)
Attributes Sampling: Determining Sample Size (step 4)
Attributes Sampling: Determining Sample Selection (step 5)
Must use random method To use, need to have way of
associating a unique number with each item in population (i.e., use document sequence, etc)
Methods Random number generator
Attributes Sampling: Execute Sampling Plan (step 6)
Examine selected items to determine the nature and frequency of deviations from prescribed controls.
Deviations include missing documents absence of initials indicating performance of a
control discrepancies in the details of related documents
and records unauthorized values and mathematical errors found
through reperformance of controls by the auditor.
Attributes Sampling: Evaluate Sampling Results (step 7)
Calculate the sample deviation rate (which is the best estimate of the true deviation rate in pop)
# deviations found / sample size examined Determine the upper deviation or precision
limit given your risk of assessing CR too low (use tables) Why do the sample deviation rate and upper
deviation limit differ???? If sample deviation rate < UDL then can conclude
at x% reliability that the true deviation rate is below the tolerable rate.
Statistical Sampling for Test of Details
How does it differ from statistical sampling for controls?
Non-Statistical Sampling for Tests of Controls
Programmed controls can be tested with a very small sample (appx 2) IF General controls are strong) AND There is comfort over program changes
Steps in Non-Stat Sampling for Controls
1. Determine audit objectives and procedures2. Determine population and sampling unit3. Specify control of interest & evidence that
control was effective or not4. Judgmentally determine sample size
Risk of assessing CR too low => inverse Tolerable deviation rate (TDR) =>inverse Expected pop deviation rate => direct
5. Judgmentally select sample (gen haphazard)6. Apply audit procedures for tests of controls7. Evaluate sample results w/ comparison to
TDR
Non-stat sampling for controls: Sample size (firm “x” guidelines)
Assuming NO errorsFrequency of Control Sample size> 1 per day 25Daily 15Weekly 5Monthly 2Quarterly 1Annually 1
What happens to sample size if expect errors?