Module F

1. Module F Attribute Sampling “There are five kinds of lies: lies, damned lies, statistics, politicians quoting statistics, and novelists quoting politicians on statistics.” – Stephen K. Tagg

2. Learning Objectives • Identify the objectives of attribute sampling, define deviation conditions, and define the population for an attribute sampling application. • Understand how various factors influence the size of an attribute sample. • Determine the sample size for an attribute sampling application.

3. Learning Objectives (Continued) • Identify various methods of selecting an attribute sample. • Evaluate the results of an attribute sampling application by determining the computed upper limit (CUL).

4. Attribute Sampling • Used to estimate the extent to which a characteristic (attribute) exists within a population • Used in tests of controls • Estimate the rate at which internal control policies or procedures are not functioning as intended (deviation conditions) • Compare rate to some allowable rate (tolerable deviation rate)

5. Major Steps in Attribute Sampling • Determine the objective • Define deviation conditions • Define the population • Determine sample size • Select the sample • Measure sample items • Evaluate sample results Planning Performing Evaluating

6. Major Steps in Attribute Sampling: Planning • Determine the objective of sampling • Identify key controls that the auditor intends to rely upon • Define deviation conditions • Instance in which control is not functioning as intended • Define the population • Should reflect all potential applications of the control during the period being examined

7. Major Steps in Attribute Sampling: Performing • Determine sample size • Sampling risk (Risk of assessing control risk too low) • Expected deviation rate • Tolerable deviation rate • Population size (not applicable in most instances) • Select sample items • Measure sample items

8. How to Determine Sample Size? • Select AICPA Sample Size table corresponding to desired risk of assessing control risk too low • Identify row related to appropriate expected deviation rate (EDR) • Identify column related to appropriate tolerable deviation rate (TDR) • Determine sample size at junction of row for EDR and column for TDR

9. Sample Size Example • Parameters • Risk of assessing control risk too low = 5% • Expected deviation rate = 2% • Tolerable deviation rate = 7%

10. Sample Size Example (Continued) • From AICPA Table (5% risk) Tolerable Deviation Rate EDR 2% 3% 4% 5% 6% 7% 1.00% * * 156 93 78 66 2.00% * * * 181 127 3.00% * * * * 195 129 88

11. Major Steps in Attribute Sampling: Performing • Determine sample size • Select sample items • For statistical sampling, use unrestricted random selection or systematic random selection • Haphazard selection or block selection are not appropriate for statistical sampling • Measure sample items

12. Major Steps in Attribute Sampling: Performing • Determine sample size • Select sample items • Measure sample items • Perform appropriate test of controls • Calculate sample deviation rate = No. deviations  sample size

13. Major Steps in Attribute Sampling: Evaluating • Evaluate sample results • Problem with sample deviation rate is that it may result from a nonrepresentative sample • Need to “adjust” sample deviation rate to control for the risk of assessing control risk too low • Calculate a Computed Upper Limit (CUL)

14. Computed Upper Limit (CUL) • There is a (1 minus risk of assessing control risk too low) probability that the true population deviation rate is less than or equal to the CUL • There is a (risk of assessing control risk too low) probability that the true population deviation rate exceeds the CUL • Example: CUL = 6%, Risk of assessing control risk too low = 5% 95% probability5% probability 0% 6%

15. One Way to Determine the CULDo Not Use this on Exam • Select AICPA Sample Evaluation Table corresponding to desired risk of assessing control risk too low • Identify row related to appropriate sample size • If cannot locate exactly, round down to next lowest sample size • Identify column related to number of deviations noted • Determine CUL at junction of row for sample size and column for deviations

16. How to Determine the CULUse this on Exam • Determine Sample Deviation Rate and use in the EDR column of Tables F.5 and F.6 (Be conservative) • Slide across until you find the sample size taken (Be conservative) • Determine CUL from the top row of table

17. CUL Example • Parameters • Sample size = 50 • Risk of assessing control risk too low = 5% • No. of deviations = 3 • Sample deviation rate 3  50 = 6%

18. Making the Decision • If CUL > Tolerable Deviation Rate: • Conclude that internal control is not functioning effectively • Options • Increase sample size in hopes of supporting planned level of control risk • Increase level of control risk, leading to more effective substantive procedures (lower detection risk)

19. Making the Decision • If CUL  Tolerable Deviation Rate • Conclude that the internal control is functioning effectively • Options • Maintain planned level of control risk, leading to planned effectiveness of substantive tests • Consider a further reduction in control risk, leading to less effective substantive procedures (higher detection risk)

20. Factors Affecting Sample Size

21. Sampling Risks in Attribute Sampling