11/17/2020 AUDIT SAMPLING

FOR TEST OF
CONTROLS
MODULE 09

KARL GUERRA
DLSAU

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

SAMPLING
MODULE O9

LEARNING OBJECTIVES:

After studying this chapter, you should be able to:

1. Specify when tests of controls should be performed
2. Describe the steps in the application of sampling in tests of controls
3. Use attributes sampling or statistical sampling in tests of controls
4. Understand the use of nonstatistical sampling in test of controls.

STEPS IN THE APPLICATION OF TEST OF CONTROLS

SECTION 1

Audit sampling for tests of control is generally appropriate when application of the control
leaves evidence of performance. Examples:
• Signatures on the documents indicating approvals.
• Document references for audit trails.

STEPS
1. Determine the control to be tested or audit objective of the test
2. Define the attributes and deviation conditions LECTURER’S
3. Define the population to be sampled and the sampling unit NOTE:
4. Specify the risk of assessing control risk too low (overreliance) Attributes are
the qualities to
and the tolerable deviation rate
say that a
5. Estimate the expected population deviation rate control is
6. Determine the sample size working
7. Select the sample effectively.
8. Perform the test of controls procedures on sample items
9. Evaluate the sample results
10. Document the sampling procedures

Prepared by: KBG 1|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

ILLUSTRATIONS
SECTION 2

ATTRIBUTES SAMPLING

1. Determine the control to be tested or audit objective of the test.

a. It will help if the entity maintains a risk register. Risk register as defined in
operational accounting, is the list of all risks identified to be present or relevant to
the entity or the industry in which the entity operates.

b. For external auditing, focus on controls that will have an impact on the assertions
relevant to the preparation and presentation of financial statements.

2. Define the attributes and deviation conditions.

a. Professional judgment is applied by the auditor in defining the attributes and

deviation conditions for a test of controls.

b. Attributes are characteristics that provide evidence that an internal control

procedure was performed.

c. Deviation occurs when a sample item does not have one or more of the identified
attributes.

d. You need to fully understand the message of the control description to come up
with the right attributes to test that control.

e. The example provided in the book is on negative attributes. You can also change
that to a positive one. For example, “there is a supporting receiving document for
each purchase invoice”.

3. Define the population to be sampled and the sampling unit.

a. The auditor should determine that the population (field) from which the sample is to
be selected is appropriate for the specific audit objective.

b. Application: The client prepares a serially numbered voucher for every purchase of
materials. The receiving report and purchase invoice are attached to each voucher.
Therefore, the sampling unit for the test is an individual voucher. Since the test of

Prepared by: KBG 2|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

controls is being performed during the interim period, the population to be tested
consists of 6,350 vouchers (assumed) for purchases of material during the first 10
months of the year under audit. If at any point the auditor determines that the
physical representation of the population (6,350 vouchers) has omitted vouchers
that should be included in the first 10 months, the auditors should also test those
vouchers.

c. Based on the above, the following can be inferred

i. Population – List of vouchers processed for purchase of materials.
ii. Sampling Unit – Individual voucher with attached supporting documents, i.e.
the receiving report (delivery receipt) and purchase invoice.

d. Before proceeding, you should be confident that you have a complete population.
Meaning, all transactions of the sampling unit is included in your master list.

4. Specify the risk of assessing control risk too low (overreliance) and the
tolerable deviation rate.

a. Auditors apply professional judgment in determining the appropriate risk of

assessing control risk too low and the tolerable deviation rate for a test of control.

b. The risk of assessing control risk too low (overreliance), is critical in test of controls
because this risk impacts the effectiveness of audit. Overreliance translates to lesser
substantive testing since we rely that the controls are operating effectively.

c. Auditors usually specify a low level of risk – 5 or 10 percent is often used.

d. Specify (1) planned assessed level of control risk and (2) degree of assurance desired
from the evidential matter in the sample (inversely related with tolerable deviation
rate).

e. Lower planned assessed level of control risk equals lower tolerable deviation rate.

f. Stated differently, lower overreliance (more assurance desired) equals low tolerance
to error. Therefore, more samples for testing.

g. Guide from AICPA

Planned Assessed Level of Control Risk Tolerable Deviation Rate

Low 02% - 07%
Moderate 06% - 12%
Slight below the maximum 11% - 20%
Maximum Omit test

Prepared by: KBG 3|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

5. Estimate the expected population deviation rate.

a. Expected deviation rate is significant because it presents the rate that the auditors
expect to discover in their sample from the population.

b. To estimate the rate, the auditors often use the sample results from prior years, as
documented in their working papers.

c. Auditors may also estimate the rate based on their experience with similar tests on
other audit engagements, or by examining a small pilot sample.

6. Determine the sample size.

a. The auditor should consider whether sampling risk is reduced to an acceptable low
level.

b. Sample size is affected by the level of sampling risk that the auditor is willing to
accept.

c. The lower the risk the auditor is willing to accept, the greater the sample size will
need to be. Stated differently, if you cannot accept errors, you need to look for
instances of errors by examining more samples.

d. Sample size can be determined by the application of statistically-based formula or

through exercise of professional judgment objectively applied to the circumstances.

e. Compliance tests are not performed when no reliance on internal control is planned.

f. PSA 530 illustrates the factors that the auditor considers when determining the
sample size for a test of control.

FACTOR EFFECT ON SAMPLE SIZE

1. An increase in the extent to which the auditor’s Increase
risk assessment considers relevant controls
2. An increase in the tolerable rate of deviation Decrease
3. An increase in the expected rate of deviation of Increase
the population to be tested
4. An increase in the auditor’s desired level of Increase
assurance that the tolerable rate of deviation is
not exceeded by the actual rate of deviation in
the population.
5. An increase in the number of sampling units in Negligible Effect
the population

Prepared by: KBG 4|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

7. Select the sample

a. The auditor should select a random sample from the population.

b. Random samples may be selected using random number tables, random number
generators or systematic sampling.

c. A random sample is one in which every sampling unit in the population has an equal
chance of being included in the sample.

d. At the end of the day, it is your judgment that will help you decide your sample. Just
ensure that every sampling unit in the population was given an equal chance to be
selected as a sample.

8. Perform the test of controls procedures on sample items.

a. An auditor examines each sample item for the attributes of interest.

b. Each item will be classified as to whether it contains a deviation from the prescribed
internal control procedure

c. The auditor should be alert for evidence of any unusual matters.

d. The main objective in this step is to validate your samples against the attributes
(your criteria).

COMPLIANCE TEST RISK MATRIX

Decision Adequate for Planned Reliance Inadequate for Planned Reliance
Accepted Correct Decision Risk of Overreliance
Rejected Risk of Underreliance Correct Decision

9. Evaluate the sample results

a. The auditor summarizes and evaluate the results.

b. Sample Deviation Rate = Number of Deviations Observed ÷ Sample Size

c. Upper Deviation Rate = Sample Deviation Rate ÷ Allowance for Sampling Risk

Prepared by: KBG 5|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

d. Effectiveness of Control depends on:

i. Statistical Sampling Plan

• Upper Deviation Rate ≤ Tolerable Deviation Rate means

 Control is Effective

• Upper Deviation Rate ˃ Tolerable Deviation Rate means

 Control is Ineffective

ii. Non-Statistical Sampling Plan

• Sample Deviation Rate ≤ Tolerable Deviation Rate or Expected

Deviation Rate
 Control is Effective

• Sample Deviation Rate > Tolerable Deviation Rate or Expected

Deviation Rate
 Control is Ineffective

e. Consider qualitative factors such as evidence of deliberate manipulation or

circumvention of control.

f. Reach an overall conclusion. The auditor must relate the assessed control risk to
detection risk for each financial statement assertion.

g. Evaluate your validation of samples against the attributes (your criteria) to say that
the control is operating effectively. Considerations were grouped as follows:

• Effective
• Ineffective – Inconsistent, untimely, and/or improper application
• Ineffective – There is an indication of fraud

10.Document the sampling procedures.

a. Document the significant aspects of the prior nine steps in the working papers.

b. There is a saying…” if it is not documented, then it didn’t exist or happen”. That goes
for both clients and the auditors.

Prepared by: KBG 6|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

NON-STATISTICAL ATTRIBUTES SAMPLING

1. The difference with Statistical Sampling is the steps for determining the sample size and
for evaluating sample results.

2. Need to consider when determining the sample size:

a. Risk of assessing control risk too low, and

b. Tolerable deviation rate
c. Factors need not be quantified

3. When evaluating results, the auditors should compare the deviation rate of the sample
tolerable deviation rate (see no. 9, letter d, section ii above).

4. The auditor must use professional judgment to determine the point at which the
assessed level of control risk should be increased above the planned level.

5. Auditors should exercise caution and professional judgment to properly evaluate the
sampling results, regardless of the testing method.

Prepared by: KBG 7|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

ACTIVITIES AND REFERENCES

ACTIVITY 1:
Multiple Choices Questionnaires for assessment of understanding.

ACTIVITY 2:
Research and reporting.

REFERENCES:
Cabrera 2015 Auditing Theory
PSA 530

Prepared by: KBG 8|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

ACTIVITY 1
MULTPLE CHOICES

1. Test of control audit procedures are required for

a. Obtaining evidence about the financial statement assertions.
b. Accomplishing control over the validity of recorded transactions.
c. Analytical review of financial statement balances.
d. Obtaining evidence about the operating effectiveness of client control procedures.

2. When auditing the client’s performance of control to accomplish the completeness

objective related to ensuring that all sales are recorded, auditors should draw sample items
from:
a. The sales journal list of recorded sales invoices.
b. The file of shipping documents.
c. The file of customer order copies.
d. The file of receiving reports for inventory additions.

3. Nia Wilson was considering the sample size needed for a selection of sales invoices for the
test of controls audit of the Elmar Company’s internal controls. She presented the following
information for two alternative cases:
Case A Case B
Acceptable risk of underreliance High Low
Acceptable risk of overreliance High Low
Tolerable deviation rate High Low
Expected population deviation rate Low High

Nia should expect the sample size for Case A to be:

a. Smaller than the sample size for Case B.
b. Larger than the sample size for Case B.
c. The same as the sample size for Case B.
d. Not determinable relative to the Case B sample size.

4. When auditors plan a test of controls and think about several control risk assessments that
could be made, they also can think about:
a. One relevant tolerable deviation rates.
b. Two relevant tolerable deviation rates.
c. Three relevant tolerable deviation rates.
d. Many relevant tolerable deviation rates.

5. Which of the following combinations results in a decrease in sample size in a sample for
attributes?
I. Risk of assessing control risk too low
II. Tolerable rate
III. Expected population error rate

Prepared by: KBG 9|P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

I II III
a. Increase Decrease Increase
b. Decrease Increase Decrease
c. Increase Increase Decrease
d. Increase Increase Increase

ACTVITY 2
RESEARCH AND REPORTING

Read your textbook or find other learning materials. Equipped yourself of appropriate
knowledge and answer the requirements below.

REQUIREMENTS:
1. Define the attributes for the control objectives stated.
2. Define the population and the sampling unit.

CONTROLS TO BE TESTED:

Groups 1, 2, 3, and 4 are assigned for control numbers 1, 2, 3, and 4 respectively. Then,
everyone group should answer control numbers 5 and 6.

1. Inventory periodic counts are performed in accordance with count plans to verify
inventory on hand. Physical inventory counts are compared to perpetual inventory
records. Documentation is maintained to support recounting, investigation and
reconciliation of material differences (as defined in the policy and/or per local policy).

2. Assets (including ownership) are periodically verified via physical observation and
reconciled to the fixed assets register/sub-ledger. Any differences identified during asset
verification are properly recounted, investigated, and supported. Upon completion of
investigation provision or adjustments are made for reconciling items.

3. Bidding procedures are performed prior to contract initiation in accordance with policy.
Evidence is maintained to support supplier selection criteria and rationale. Contracts
contain terms/conditions in accordance with policy. Contracts are approved (in
accordance with policy requirements) and communicated to all parties before work is
initiated.

4. Goods / services received are appropriately verified by the receiving department or

requestor / purchaser before recording. Documentation (including communications,
project agreements, etc.) is maintained to support the amount/quantity of
goods/services received.

Prepared by: KBG 10 | P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.
AUDITING THEORY MODULE 09

5. Balance sheet reconciliations for all balance sheet accounts are prepared to ensure
balances are supported, analyzed, and reconciling items are cleared in timely manner.
Balance sheet reconciliations are independently reviewed/approved. All balance sheet
accounts are tracked to ensure all reconciliations are performed and approved timely
per company policy.

6. Cash receipts are secured from the time they are received until deposited (while on the
premises or in transit to the bank) in accordance with policy. Cash receipts are
deposited timely in accordance with policy, and independently checked against cash
deposited.

CRITERIA FOR GRADING WITH A TOTAL OF 100 POINTS:

1. Timeliness – 20 points
2. Presentation – 20 points
3. Delivery – 30 points
4. Content – 30 points

Prepared by: KBG 11 | P a g e

Classified as Confidential. Please do not forward this to unintended users. Otherwise, request necessary permission.