Professional Documents
Culture Documents
AUDIT SAMPLING
1. Sampling in Auditing
1.1 Rationale for and methods of Audit Sampling
What is sampling?
• Sampling allows an auditor to draw conclusions about the whole population without
incurring more time and cost of examining every transaction/account
• Sampling is generally used in field audits when it is not efficient to review 100% of the
records.
• Sampling may also be used if records are missing or other circumstances make reviewing all
of the records difficult.
Representative Sample
• A representative sample is one in which the characteristics in the sample of audit interest
are approximately the same as those of the population.
► Non-sampling risk
► Sampling risk
Non-Sampling Risk
• Non-sampling risk is the risk that the audit tests do not detect existing exception/material
misstatement in the sample.
Sampling Risk
• Sampling risk is the risk that an auditor reaches an incorrect conclusion because the sample
is not representative of the population. As a result the rate of deviation or monetary errors
may not be proportional to these found in the population.
• It is an inherent part of sampling that result from testing less than the entire population.
Statistical Sampling
Non-Statistical Sampling
Probabilistic sample selection selects a sample in a way that each population item has a
known probability of being included in the sample and the sample is randomly selected.
2
Common types:
• Simple Random sample Selection – all items of the population has an equal chance of being
selected.
• Systematic Sample Selection – auditor determines an interval and selects items on the basis
of the interval, the first interval having a random start.
o Interval is determined by dividing the population size by the number of sample items
designed.
1 $357 $357
2 1281 1638
3 60 1698
4 573 2271
5 691 2962
6 143 3105
7 1425 4530
8 278 4808
9 942 5750
10 826 6576
11 404 6980
12 396 7376
• In the above table the population size is 7376 (the cumulative total) and each dollar has
equal chance of being included in the sample.
• If the auditor wants to select four physical units, the auditor needs four random numbers
for instance: 6,586, 1,756, 850, and 6,499 . The physical units are determined by referring to
the cumulative total. These are item 11 containing (6577 to 6980), 4 (1699 to 2271), 2(358 to
1638), and 10 (5751 to 6576) .
3
Stratification Illustrated
• The process of dividing a population into subpopulations that have similar characteristics.
Strata must be defined so that each sampling unit can only be in one stratum.
In this case, those sample items that the auditor believes will provide the most useful
information are selected judgmentally.
► Direct sample selection – auditor selects items based on judgmental criteria such as
likelihood of misstatement, characteristics such as different time periods, or large dollar
amounts.
► Block sample selection – selection of a number of items in sequence. Auditor must use
several blocks to obtain a representative sample.
► Haphazard sample selection – selection of items without any conscious bias on the part
of the auditor. Selecting regardless of size, source, and other distinguishing characteristics.
The Risk of Assessing Control Risk Too High The Risk of Assessing Control Risk Too Low
(Risk of Under – reliance) (Risk of Over-reliance)
Not relying on the internal controls when, in Relying on internal controls when it is not
fact, the auditor should rely on internal appropriate.
control.
4
Risk of Incorrect Rejection Risk of Incorrect Acceptance
Auditor’s sample indicates that the account Auditor’s sample indicates that the account
balance is materially misstated even though it balance is fairly stated even though the
is fairly stated. account balance is materially misstated.
• If the auditors incorrectly reject an account balance/under-rely on controls, their audit lacks
efficiency since they will perform additional audit procedures that eventually reveal that the
account is not materially misstated/the control is effective.
• Therefore, the risk of incorrect acceptance is of the primary concern to auditors as failure to
detect a material misstatement may lead to accusation of negligence and to extensive legal
liability,
Test of Controls:
o Tests of controls are audit procedures to test the effectiveness of control policies and
procedures in support of a reduced control risk. Key internal controls must be supported by
tests of controls. The extent to which the tests of controls are applied depends on the
assessed control risk. The lower the assessed control risk, the more extensive the tests
should be in order to support the high degree of reliance upon internal control.
o How much and what evidence is sufficient to support a specific assessed level of control risk
is a matter of professional judgment depending on the auditor’s decisions about the nature,
timing, and extent of tests of controls.
Testing for Operating Effectiveness
o If an auditor’s low assessment of control risk is based on the expectation that controls are
operating effectively, he must perform tests of controls to obtain evidence that the controls
were operating effectively during the period. Testing for operating effectiveness is different
from determining if controls have been implemented. The auditor determines that the
relevant controls exist and that the company is using them to show implementation. When
performing tests of the operating effectiveness of controls, the auditor obtains audit
evidence about how controls were applied at relevant times during the audit period, the
5
consistency with which they were applied, and by whom or by what means they were
applied.
o The nature of tests of controls is that the tests generally consist of one (or a combination) of
four types of evidence-gathering techniques:
1 Inquiry of client personnel, Inquiries of appropriate entity personnel, which is also used in
the procedures to obtain an understanding, is a frequently used, although not very
conclusive, test.
Inquiry consists of seeking information of knowledgeable persons inside or outside
the entity.
Inquiry evidence is based on interviews concerning the effectiveness of controls
Inquiry may be either in a direct or an indirect form.
Direct inquiry involves asking questions of the persons who perform control
procedures or monitoring activities.
Indirect inquiry involves asking questions of other persons who are in a position to
know whether the control procedures are operating effectively even though they do
not perform the procedures themselves.
2. Observations, for controls that leave no documentary evidence, the auditor generally
observes them being applied (e.g. segregation of duties).
3. Inspection (examination of documents), Inspection of documents and reports is a strong
control procedure for control activities that leave a clear trail of documentary evidence (e.g.
written authorization of a sale).
4. Reperformance (or recalculation), reperformance of the application of the policy or
procedure by the auditor is important when you have controls with related documents, but
the contents of the documents are insufficient to assess reliability.
o Substantive tests are procedures designed to test for dollar misstatements directly affecting
the correctness of financial statement balances.
Substantive audit procedures are performed after selecting transactions from the
identified population
The auditor plans and performs substantive procedures to be responsive to the
related assessment of the risk of material misstatement to:
Detect material misstatements at the assertion level Include tests of details
for classes of transactions, account balance and disclosures
The Substantive procedures performance wp:
6
Lists down tested transactions
Contains results & description of problems found for each test
Should be completed for all components & material subcomponents
3. Tests of details of balances: focuses on ending general ledger account balances of both
income statement and balance sheet.