Professional Documents
Culture Documents
FOR TEST OF
CONTROLS
MODULE 09
KARL GUERRA
DLSAU
Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09
SAMPLING
MODULE O9
LEARNING OBJECTIVES:
Audit sampling for tests of control is generally appropriate when application of the control
leaves evidence of performance. Examples:
• Signatures on the documents indicating approvals.
• Document references for audit trails.
STEPS
1. Determine the control to be tested or audit objective of the test
2. Define the attributes and deviation conditions LECTURER’S
3. Define the population to be sampled and the sampling unit NOTE:
4. Specify the risk of assessing control risk too low (overreliance) Attributes are
the qualities to
and the tolerable deviation rate
say that a
5. Estimate the expected population deviation rate control is
6. Determine the sample size working
7. Select the sample effectively.
8. Perform the test of controls procedures on sample items
9. Evaluate the sample results
10. Document the sampling procedures
ILLUSTRATIONS
SECTION 2
ATTRIBUTES SAMPLING
a. It will help if the entity maintains a risk register. Risk register as defined in
operational accounting, is the list of all risks identified to be present or relevant to
the entity or the industry in which the entity operates.
b. For external auditing, focus on controls that will have an impact on the assertions
relevant to the preparation and presentation of financial statements.
c. Deviation occurs when a sample item does not have one or more of the identified
attributes.
d. You need to fully understand the message of the control description to come up
with the right attributes to test that control.
e. The example provided in the book is on negative attributes. You can also change
that to a positive one. For example, “there is a supporting receiving document for
each purchase invoice”.
a. The auditor should determine that the population (field) from which the sample is to
be selected is appropriate for the specific audit objective.
b. Application: The client prepares a serially numbered voucher for every purchase of
materials. The receiving report and purchase invoice are attached to each voucher.
Therefore, the sampling unit for the test is an individual voucher. Since the test of
controls is being performed during the interim period, the population to be tested
consists of 6,350 vouchers (assumed) for purchases of material during the first 10
months of the year under audit. If at any point the auditor determines that the
physical representation of the population (6,350 vouchers) has omitted vouchers
that should be included in the first 10 months, the auditors should also test those
vouchers.
d. Before proceeding, you should be confident that you have a complete population.
Meaning, all transactions of the sampling unit is included in your master list.
4. Specify the risk of assessing control risk too low (overreliance) and the
tolerable deviation rate.
b. The risk of assessing control risk too low (overreliance), is critical in test of controls
because this risk impacts the effectiveness of audit. Overreliance translates to lesser
substantive testing since we rely that the controls are operating effectively.
d. Specify (1) planned assessed level of control risk and (2) degree of assurance desired
from the evidential matter in the sample (inversely related with tolerable deviation
rate).
e. Lower planned assessed level of control risk equals lower tolerable deviation rate.
f. Stated differently, lower overreliance (more assurance desired) equals low tolerance
to error. Therefore, more samples for testing.
a. Expected deviation rate is significant because it presents the rate that the auditors
expect to discover in their sample from the population.
b. To estimate the rate, the auditors often use the sample results from prior years, as
documented in their working papers.
c. Auditors may also estimate the rate based on their experience with similar tests on
other audit engagements, or by examining a small pilot sample.
a. The auditor should consider whether sampling risk is reduced to an acceptable low
level.
b. Sample size is affected by the level of sampling risk that the auditor is willing to
accept.
c. The lower the risk the auditor is willing to accept, the greater the sample size will
need to be. Stated differently, if you cannot accept errors, you need to look for
instances of errors by examining more samples.
e. Compliance tests are not performed when no reliance on internal control is planned.
f. PSA 530 illustrates the factors that the auditor considers when determining the
sample size for a test of control.
b. Random samples may be selected using random number tables, random number
generators or systematic sampling.
c. A random sample is one in which every sampling unit in the population has an equal
chance of being included in the sample.
d. At the end of the day, it is your judgment that will help you decide your sample. Just
ensure that every sampling unit in the population was given an equal chance to be
selected as a sample.
b. Each item will be classified as to whether it contains a deviation from the prescribed
internal control procedure
d. The main objective in this step is to validate your samples against the attributes
(your criteria).
c. Upper Deviation Rate = Sample Deviation Rate ÷ Allowance for Sampling Risk
f. Reach an overall conclusion. The auditor must relate the assessed control risk to
detection risk for each financial statement assertion.
g. Evaluate your validation of samples against the attributes (your criteria) to say that
the control is operating effectively. Considerations were grouped as follows:
• Effective
• Ineffective – Inconsistent, untimely, and/or improper application
• Ineffective – There is an indication of fraud
a. Document the significant aspects of the prior nine steps in the working papers.
b. There is a saying…” if it is not documented, then it didn’t exist or happen”. That goes
for both clients and the auditors.
1. The difference with Statistical Sampling is the steps for determining the sample size and
for evaluating sample results.
3. When evaluating results, the auditors should compare the deviation rate of the sample
tolerable deviation rate (see no. 9, letter d, section ii above).
4. The auditor must use professional judgment to determine the point at which the
assessed level of control risk should be increased above the planned level.
5. Auditors should exercise caution and professional judgment to properly evaluate the
sampling results, regardless of the testing method.
ACTIVITY 1:
Multiple Choices Questionnaires for assessment of understanding.
ACTIVITY 2:
Research and reporting.
REFERENCES:
Cabrera 2015 Auditing Theory
PSA 530
ACTIVITY 1
MULTPLE CHOICES
3. Nia Wilson was considering the sample size needed for a selection of sales invoices for the
test of controls audit of the Elmar Company’s internal controls. She presented the following
information for two alternative cases:
Case A Case B
Acceptable risk of underreliance High Low
Acceptable risk of overreliance High Low
Tolerable deviation rate High Low
Expected population deviation rate Low High
4. When auditors plan a test of controls and think about several control risk assessments that
could be made, they also can think about:
a. One relevant tolerable deviation rates.
b. Two relevant tolerable deviation rates.
c. Three relevant tolerable deviation rates.
d. Many relevant tolerable deviation rates.
5. Which of the following combinations results in a decrease in sample size in a sample for
attributes?
I. Risk of assessing control risk too low
II. Tolerable rate
III. Expected population error rate
I II III
a. Increase Decrease Increase
b. Decrease Increase Decrease
c. Increase Increase Decrease
d. Increase Increase Increase
ACTVITY 2
RESEARCH AND REPORTING
Read your textbook or find other learning materials. Equipped yourself of appropriate
knowledge and answer the requirements below.
REQUIREMENTS:
1. Define the attributes for the control objectives stated.
2. Define the population and the sampling unit.
CONTROLS TO BE TESTED:
Groups 1, 2, 3, and 4 are assigned for control numbers 1, 2, 3, and 4 respectively. Then,
everyone group should answer control numbers 5 and 6.
1. Inventory periodic counts are performed in accordance with count plans to verify
inventory on hand. Physical inventory counts are compared to perpetual inventory
records. Documentation is maintained to support recounting, investigation and
reconciliation of material differences (as defined in the policy and/or per local policy).
2. Assets (including ownership) are periodically verified via physical observation and
reconciled to the fixed assets register/sub-ledger. Any differences identified during asset
verification are properly recounted, investigated, and supported. Upon completion of
investigation provision or adjustments are made for reconciling items.
3. Bidding procedures are performed prior to contract initiation in accordance with policy.
Evidence is maintained to support supplier selection criteria and rationale. Contracts
contain terms/conditions in accordance with policy. Contracts are approved (in
accordance with policy requirements) and communicated to all parties before work is
initiated.
5. Balance sheet reconciliations for all balance sheet accounts are prepared to ensure
balances are supported, analyzed, and reconciling items are cleared in timely manner.
Balance sheet reconciliations are independently reviewed/approved. All balance sheet
accounts are tracked to ensure all reconciliations are performed and approved timely
per company policy.
6. Cash receipts are secured from the time they are received until deposited (while on the
premises or in transit to the bank) in accordance with policy. Cash receipts are
deposited timely in accordance with policy, and independently checked against cash
deposited.
1. Timeliness – 20 points
2. Presentation – 20 points
3. Delivery – 30 points
4. Content – 30 points