tests of Audit sampling for tests of controls is generally

control appropriate when application of the control

Reduction in Greater use Reduced use leaves evidence of performance.
detection of other of other
risk because substantive substantive STEPS IN THE APPLICATION OF SAMPLING TESTS
of other tests tests OF CONTROLS
substantive
PLANNING
tests relating
to the same 1. Define the test objectives
FS 2. Define the population characteristics
assertions
 Define the sampling population
Tolerable Larger Smaller
error measure measure  Define the sampling unit
Expected Smaller Larger  Define the control deviation
error expected expected conditions
errors, errors, 3. Determine the sample size using the
individually individually following inputs:
or in or in  The desired confidence level of
aggregate aggregate risk of incorrect acceptance
Population Smaller Larger  The tolerable deviation rate
value monetary monetary
 The expected population deviation
significance significance
rate
to the FS to the FS
No. of items Virtually no effect on sample PERFORMANCE
in population size unless population is
small 4. Selected sample items
Acceptable Higher Lower 5. Perform auditing procedures
level of
detection EVALUATION
risk 6. Analyze exceptions
Stratification Stratification No - Calculate the sample deviation and
of the stratification
the computed upper deviation rates
population, if of the
7. Draw final conclusions
appropriate population
ILLUSTRATIONS OF ATTRIBUTE SAMPLING FOR
BASIC STEPS IN AUDIT SAMPLING TESTS OF CONTROLS

Audit sampling is applied to tests of controls and PLANNING

substantive tests through a set of basic defined
steps. The following basic steps are divided into
three sections: PLANNING, PERFOMANCE, AND
EVALUATION
PLANNING
1. Define the test objectives
2. Define the population characteristics
3. Determine the sample size
PERFORMANCE
4. Select sample items
5. Perform the auditing procedures
EVALUATION
6. Analyze exceptions
7. Draw final conclusions
AUDIT SAMPLING FOR TESTS OF CONTROLS
Step 1: Determine the Test Objectives
The objective of tests of control is to provide
evidence about the design and operating
effectiveness of controls. It will support the
auditor’s planned assessed level of control risk.
Example:
The objective of the test is to determine if the
revenue process is functioning as documented.
More particularly, the auditor wants to
determine if the sales contracts are properly
authorized for credit approval. The auditor wants
to determine this control identified as reliable
are operating effectively and thus allow control
risk to be set below maximum level.
Step 2: Define the Population Characteristics
Define the sampling population. Auditors would
determine that the population from which the
sample was drawn is appropriate for the specific
audit objective and complete.
Define the sampling unit. Auditors define the
sampling unit to obtain an efficient and effective
sample to achieve the particular audit
objectives.
Example:
The physical representation of the population is
the sales contracts maintained in the sales
department. The population of the sales
contracts for the year contains 125,000 items
that are numbered from 1 to 125,000. The
sampling unit for this test is defined as the sales
contract. Auditor can perform all tests for the
control.
Define the control deviation definition.
Professional judgment is used by the auditor in
defining the attributes and deviation conditions
for particular tests of controls. Attributes are
characteristics that provide evidence that a
control was actually performed. Deviation
happens when a sample item does not have one
or more attributes.
Example:
The deviation is the failure of the credit
department personnel to follow proper credit
approval procedures for new and existing
customer such as
 Checking the creditworthiness of new
customers and establishing credit limit
based on the evaluation and
 Comparing the total accounts receivable
after the new order to the customer’s
credit limit. If it is less than the credit
limit, the order is processed. If more than
the credit limit, it is subject for review of
the credit manager before the sale is
approved.
Step 3: Determine the sample size
The three factors affecting sampling size for
tests of controls are:
The desired confidence level or risk of incorrect
acceptance. Professional judgment is used by
the auditor in determining the appropriate risk
of assessing control risk too low and the
tolerable deviation rate for a test of control. The
risk of assessing control risk too low – that is, the
risk of the actual deviation rate exceeds the
tolerable deviation rate – is a critical risk in the
tests of control. This is because the risk
influences the effectiveness of the audit. Since
the results of tests of control play a major role in
determining the nature, timing, and extent of
other audit procedures, auditors usually specify
a low level of risk – 5 or 10% is often used.
The tolerable deviation rate. Auditors specify the
tolerable deviation rat based on (1) their planned
assessed level of control risk, and (2) the degree
of assurance desired from the evidential matter
in the sample. The lower the planned level of
control risk (or more assurance desired from the
sample), the lower tolerable deviation rate.
The AICPA’s Auditing Procedure Study, titled
“Audit Sampling”, includes the following
overlapping ranges to illustrate between the
planned assessed level of control risk and
tolerable deviation rate.
Planned Assessed Tolerable Deviation
Level of Control Risk Rate
Low 2%-7%
Moderate 6%-12%
Slight below 11%-20%
maximum
Maximum omit test
The expected population deviation rate. The
expected population deviation rate also affects
the sample size in attribute sampling. This
deviation rate is significant because it
represents the rate that the auditors expect to
discover in their sample from the population.
In estimating the expected population deviation
rate, the auditors may also estimate the rate
based on their experience with similar tests for
other clients or by examining a small pilot
sample.
Example
The auditor decides to set the desired confidence
level at 95% (the risk of incorrect acceptance is
5%), the tolerable deviation rate at 6%, and the
expected deviation rate at 1%. The auditor has
planned a high confidence level. The sample size
is 94.
Table 9.4 is used to determine the sample size for
the 95% desired confidence level (5% risk of
incorrect acceptance).
PERFORMANCE
Step 4: Select Sample Items
It is essential for the auditor that the sample
items are selected in random manner. Random
samples may be selected using random number
sales, random number generators, or systematic
sampling. When selecting a sample, auditors
often select extra items to be substituted for any
voided, used, or inapplicable items.
Voided Documents. The auditor may occasionally
select voided document in a sample. If the
transaction has been properly voided, it does not
represent a deviation. The item should be
replaced with a new sample item.
Unused or inapplicable documents. Sometimes
a selected item it is not appropriate for the
definition of the control. The auditor would
simply replace the item with another item.
Example
Since the invoices are serially numbered, the
auditor decides to use generalized audit
software program to generate a list of random
numbers to select the sample for testing.
Table 9.4 Statistical Sample Sizes for Tests of
Controls – 95% Desired Confidence Level
Sample size too large to be cost-effective for
most audit applications
The number in parentheses represents the
maximum number of deviations in a sample of
that size that allows the auditor to conclude that
the tolerable deviation rate is not exceeded.
Step 5: Perform the Audit Procedures
When testing the sample items, an auditor
examines each sample item for the attributes of
interest. Each item will be classified as to
whether or not it contains a deviation from the
prescribed control. The auditor performing the
test should also be alert for evidence of any
unusual matters, such as evidence of fraud or
related-party transactions.
Example:
The auditors proceed to test the 78 sales
contracts for proper credit authorization
procedures by credit department personnel. The
result can be documented in a working paper.
Performing these tests, auditors must be alert
for evidence of any unusual matters such as
evidence of fraud.
Before calculating the sample results and
drawing final conclusions on the sampling plan,
the auditor investigates the nature and cause of
the exceptions. The auditor also considers
whether the deviations may impact the other
phases of audit.
Example:
Two deviations were detected during the test.
Auditor’s investigation indicates that both
deviations had occurred when sales in excess of
credit limits were made to existing customers.
Further investigation disclosed that the sales
manager instead of credit manager had
approved the sale. The auditor now knows the
nature and cause of the errors.
Step 6: Calculate the Sample Deviation and the
Computed Upper Deviation Rates
After testing the sample items and summarizing
the deviations from a control, the auditors
evaluate the sample result. Auditors may use the
following steps:
1. Determine the sample deviation rate
Sample deviation rate = No. of deviations
observed / Sample size
2. Determine the upper deviation rate by
using Table 9.5. The column for the actual
number of deviations is read down until
the appropriate sample size is found.
Allowance for sampling risk is the