260 likes | 1.05k Views
Chapter 9. Audit Sampling – Part a. Overview. Audit sampling is defined as applying audit procedures to less than 100 percent of a population in order to estimate some characteristic about that population Typically, auditors sample to determine whether
E N D
Chapter 9 Audit Sampling – Part a
Overview Audit sampling is defined as applying audit procedures to less than 100 percent of a population in order to estimate some characteristic about that population Typically, auditors sample to determine whether • A control procedure is operating effectively (test of controls) • An account balance is presented fairly (substantive test) • Fraud exists
Overview (continued) In some cases, sampling may not be the best approach Some audit procedures do not provide sufficient evidence when applied on a sample basis • Example: auditors read minutes of all BOD meetings to identify related party transactions • Reading the minutes of a sample of BOD meetings would not be sufficient Audit procedures that provide high quality evidence at low cost may be applied more extensively simply because its cheaper to test all items rather than sampling • Example: auditors typically confirm all bank account balances Account balances that are immaterial (or where the potential misstatement is immaterial) may not be worth sampling • Such accounts may be audited more efficiently with analytics
Overview (continued) From the results of sampling, the auditor makes an inference about the underlying population For this inference to be valid, the sampling units tested must be representative of the underlying population The auditor needs to make four important decisions to ensure the sample is representative and to control against making an incorrect inference: • Which population should be tested and for what characteristics? (population) • How many: (Sample size)? • Which items should be included in the sample? (selection) • What inferences can be made from the sample? (evaluation)
Non-sampling and sampling risk When auditors draw an erroneous inference from sampling, the cause is either non-sampling or sampling risk Non-sampling Risk • Occurs when auditor does not appropriately carry out audit procedures or misinterprets results • Results from human error • Cannot be quantified • CPA firms try to minimize through quality control practices Sampling Risk • Occurs when sample is not representative of the underlying population • Can be controlled through sample size - as sample size increases, sampling risk decreases • If the sample is 100% of the population, sampling risk is zero; however, this is often not practical
Sampling Risks Related to Tests of Controls If the sample is not representative of the population, the auditor may draw an incorrect conclusion about the effectiveness of a control: Auditor assesses control risk too high: • Sample indicates control is worse than it really is • As a result, the auditor does not rely on the control and does more substantive testing than necessary • Assessing control risk too high does not directly affect audit quality, but does lead to audit inefficiencies
Sampling Risks Related to Tests of Controls Auditor assesses control risk too low: (worst type) • Sample indicates control is better than it really is • As a result, the auditor relies on an ineffective control (without realizing it's unreliable) and substantive testing is not rigorous as it should be • This increases the risk that material misstatements are not found and an incorrect audit opinion issued
Sampling Risks Related to Substantive Testing If the sample is not representative of the population, the auditor may draw an incorrect conclusion about whether an account balance is presented fairly: Incorrect acceptance(worst type) • Sample indicates account balance is not materially misstated when it is • Auditor may issue unqualified opinion on materially misstated statements • Because of the potential costs associated with incorrect acceptance, auditors control for this risk
Sampling Risks Related to Substantive Testing(Continued) Incorrect rejection • Sample indicates account balance is materially misstated when it isn't • There are things that reduce this risk • Before telling client to adjust its books, auditor usually performs additional tests • If client believes account balance is correct, client will ask auditor to perform more tests • These increase probability that incorrect rejection will be discovered • Incorrect rejection affects the efficiency of the audit, but does not affect the fairness of the audited financial statements
Selecting a Sampling Approach Auditors use both statistical and non-statistical sampling techniques Non-statistical sampling • Auditor judgment used to determine sample size, sample selection, and evaluate sample results • Does not provide objective way to control and measure sampling risk • Because its subjective, results are less defendable in legal proceedings • May take less time to perform • Frequently used in audits of small clients
Selecting a Sampling Approach(Continued) Statistical sampling • Allows auditor to statistically design an efficient sample, measure sufficiency of evidence, and evaluate sample results • Provides quantified measures of control procedure failure rates, amount of error in account balances, and sampling risk • Requires precise definitions of acceptable risk and sample objectives • Requires knowledge of statistical sampling methods • Efficient method for testing large populations
Testing Controls and Compliance If an auditor believes a control is effective and plans to rely on that control, s/he must test the control to see if it is operating effectively Attribute estimation sampling and discovery sampling are the statistical methods frequently used to test controls In this context, an attribute is the characteristic that indicates the control is working effectively • Example: the organization requires all sales on account be approved by the credit manager • Approval is evidenced by the manager's initials on the sales invoice • The manager's initials are the attribute • The auditor would examine sales invoices and look for the initials
Attribute Estimation Sampling The appropriate sample size depends on a number of factors including: • Statistical Risk (Risk of assessing control risk too low) • Risk of concluding controls are effective when, in fact, they are not • Means auditor relies on an ineffective control without realizing it • The lower the risk, the larger the sample size
Attribute Estimation Sampling (continued) • Tolerable failure rate • Failure rate at which auditor will determine the control is not operating effectively • Based on the importance of the control • If a control is crucial, the tolerable failure rate is set at low level • The lower the tolerable failure rate, the larger the sample size • Expected failure rate • Based on auditor's experience with the client • The higher the expected failure rate, the larger the sample size
Attribute estimation sampling as an audit objective? The steps to implement an attribute estimation sampling plan are: • Identify the attribute to be tested and define conditions of failure • Define the population to be tested including the period covered by the test, sampling unit, and ensuring population is complete • Determine appropriate sample size • Determine effective and efficient method of selecting the sample • Select and audit sample items • Evaluate sample results and reach conclusion on audit objectives • Document all phases of the sampling plan
Attribute Estimation Sampling - Sample Size The appropriate sample size depends on a number of factors including statistical risk, and the tolerable and expected failure rates Other issues: Multiple Attributes • Auditors frequently test several attributes using the same set of source documents • While the sampling risk should be the same, the tolerable and expected failure rates may differ between controls • The result is a different sample size for each control • There are several approaches to select items for the sample Small Populations (Appendix) • - If the sample is a large portion of the population, auditor may be able to reduce the sample size • - Use a finite adjustment factor
Attribute Estimation Sampling - Sample Selection Once the appropriate sample size has been determined, the auditor must decide how to select sample Random-based methods eliminate the possibility of unintentional bias in the selection process and help ensure the sample is representative • - Random number - efficient selection method if there is an easy way to relate random numbers to the population • Examples: sales invoice number, purchase order number • Computer programs typically used to generate random numbers
Attribute Estimation Sampling - Sample Selection (continued) • Systematic selection - selects every nth item in the population from a randomly selected starting point • Sampling interval (n) is determined by dividing population size by desired sample size • To use this method, auditor must be sure there is not a systematic pattern of failures in the population
Attribute Estimation Sampling - Sample Selection (continued) • Haphazard selection (non-statistical method) • Arbitrary selection • Not random based • Judgmental sampling (non-statistical method) • Auditor may use judgment to select sample • Not random based
Attribute Estimation Sampling - Evaluate Sample Results (1) The auditor projects the results of sampling to the population before drawing a conclusion If the sample failure rate is no greater than the expected failure rate, the auditor can conclude the control is as effective as expected
Attribute Estimation Sampling - Evaluate Sample Results (2) If the sample failure rate exceeds the expected failure rate, the auditor must determine whether the projected maximum failure rate is likely to exceed the tolerable failure rate • To do this, the auditor must determine the upper limit of the potential failure rate in the population • The upper limit is based on the sample failure rate and sample size and is adjusted upward for sampling error
Attribute Estimation Sampling - Evaluate Sample Results(continued) If the upper limit exceeds the tolerable failure rate, the internal control process has deficiencies The auditor should either • Test a compensating control (if available) • Increase the rigor of the subsequent substantive testing The auditor should also evaluate • The nature of the control procedure failures (pattern of error) • The effect of such failures on potential financial statement misstatement
Attribute Estimation Sampling - Evaluate Sample Results (Continued) When control failures are found, they should be analyzed qualitatively as well as quantitatively Auditor should try to determine whether the failures • Were intentional or unintentional • Were random or systematic • Had a direct dollar effect
Searching for Fraud Discovery sampling may be used to help identify potential fraud • Tolerable rate is set very low and expected rate is set at zero percent • Results in large sample size At any point, if evidence of just one potential fraud is found, the auditor stops sampling and starting investigating to determine if fraud actually occurred