Chapter 12

Managing
audit data

©2019 John Wiley & Sons Australia Ltd

 Learning objectives

After studying this presentation, you should be able to:

12.1 define audit sampling and discuss its applicability
12.2 distinguish between sampling and non-sampling risks
12.3 distinguish between statistical and non-statistical
sampling
12.4 explain the steps in planning to select a sample
12.5 describe the main methods of statistical sampling
used in auditing
12.6 indicate why auditors may use non-statistical
sampling
 Learning objectives

12.7 discuss the impact of technological disruption on

managing audit data
12.8 have an appreciation of integrated reporting and
related audit issues.
 Basic concepts of sampling

• Audit sampling is defined in ASA 530 as:

“the application of audit procedures to less than 100% of
items within a population of audit relevance such that all
sampling units have a chance of selection in order to provide
the auditor with a reasonable basis on which to draw
conclusions about the entire population.”
(ASA 530.5(a))
• Sampling is used in both tests of controls (deviations) and
substantive testing (misstatements).
• Important issue – risk of drawing an incorrect conclusion
from the sample selected.
4
 Basic concepts of sampling

Population Inference Sample

The sample must have characteristics that

are similar to those of the population
5
 Sampling risk and non-sampling risk

• When sampling is used to obtain evidence uncertainties

may result from:
– the use of sampling (sampling risk)
• the risk that the auditor’s conclusion based on a
sample may be different from the conclusion if
the entire population were subjected to the same
audit procedure.
– factors unrelated to sampling (non-sampling risk).

6
 Types of sampling risk

• In the case of tests of control, sampling risk is:

– the risk the auditor will conclude that controls are
more effective than they actually are (risk of over-
reliance)
– the risk the auditor will conclude that the controls
are less effective than they actually are (risk of
under-reliance).

7
Types of sampling risk for tests of controls
 Types of sampling risk

• In the case of substantive testing, sampling risk is:

– the risk that the auditor will conclude that a material
misstatement does not exist when in fact it does
(risk of incorrect acceptance)
– the risk that the auditor will conclude that a material
misstatement exists when in fact it does not (risk of
incorrect rejection).

9
Types of sampling risk for
substantive tests of details
 Types of sampling risk

• Risk of overreliance and the risk of incorrect acceptance

relate to audit effectiveness:
– Combined procedures may be insufficient to detect
material misstatements
– Auditor may not have a reasonable basis for an opinion.
• Risk of under-reliance and the risk of incorrect rejection
relate to the efficiency of the audit:
– Auditor increases substantive procedures unnecessarily
– Leads to a correct conclusion and the audit will be
effective.
 Non-sampling risk

• Non-sampling risk means the risk that the auditor reaches an

erroneous conclusion for any reason not related to sampling
risk.
• Sources of non-sampling risk:
– Human mistakes
– Reliance on wrong information received from
another party.
• How to keep this risk to a minimum?
– Proper planning and supervision
– Adherence to quality control standards.

12
 Statistical and non-statistical
sampling
• Statistical sampling means any approach to sampling that
has the following characteristics:
– random selection of the sample items
– use of probability theory to evaluate sample results,
including measurement of sampling risk.
• Non-statistical sampling means an approach to sampling
that does not have the above characteristics.
• In non-statistical sampling, the auditor uses judgement in
determining the sample size and in interpreting the results
against the audit objective.
13
 Current practice

• Some audit firms use non-statistical sampling, as the

auditor has a greater degree of judgement in:
– choosing a sample size
– evaluating results based on previous client knowledge.
• Common approach is the use of haphazard selection (this
approach is not appropriate when statistical sampling is
used).
• Common statistical sampling computer package used by
Australian auditors is ACL.

14
 Types of testing

• Selecting all items:

– 100% examination
– entire population is taken
– unlikely in tests of controls
– used in substantive testing when:
• a small number of large-value items
• inherent and control risks are high.
• Selecting specific items:
– based on the auditor’s knowledge of the business and
the characteristics of the population being tested.
15
 Use of samples for audit tests

• In sampling the auditor typically undertakes three

common steps:
1: planning the sample
2: selecting and testing the sample
3: evaluating the results.

16
Planning the sample

17
 Determining the objectives of the test

• The auditor should consider:

– the specific objectives
– combination of audit procedures.
• Need to determine what constitutes an error, and the
appropriate population from which to select the sample.
• Audit sampling is applicable to both tests of controls and
for substantive testing.
• Attribute sampling used to test of the operating
effectiveness of controls by measuring the deviation rate.

18
 Determining the objectives of the test

• Substantive tests of details:

– obtain evidence that an account balance is not
materially misstated
– make an independent estimate of some amount for
which no recorded carrying amount exists
– Monetary unit sampling is sometimes used because
it is a statistical technique to estimate the dollar
amount of an account balance.
 Defining what errors are being sought

• The auditor must consider what constitutes an error by

referring to the objectives of the test.
• Test of controls - the test objective is the identification of
‘deviations’ from the ‘laid-down’ control procedure.
• Substantive tests - the test objective is the identification of
errors or misstatements in recorded transactions or
balances.
• An audit procedure may also reveal errors not being
specifically sought and so extra tests may be required to
determine the extent of such errors.
20
Identifying the population and sampling unit

• The auditor must identify the population and the sampling

unit based on the objective of the audit test.
• Population:
“the entire set of data from which a sample is selected
and about which the auditor wishes
to draw conclusions.” (ASA 530.5(b))
• The auditor must ensure that the population is
appropriate to the objective of the sampling procedure
and is complete.

21
 Identifying the population and sampling unit

• Stratification:
– increases audit efficiency and focuses greater audit
work on areas that are of higher inherent risk or
potentially materially misstated
– Strata are commonly based on monetary value
– Stratification is commonly used in the audit of accounts
receivable.
• Sampling unit – the individual items constituting a
population:
– Examples include sales invoices, debtors’ balances, non-
current assets on a register and a listing of suppliers.
22
Specifying tolerable error and expected error

• Tolerable misstatement defined in ASA 530.5(i) as:

– a monetary amount set by the auditor in respect of
which the auditor seeks to obtain an appropriate level
of assurance that the monetary amount set by the
auditor is not exceeded by the actual misstatement in
the population.
• Tolerable rate of deviation means a rate of deviation from
prescribed internal control procedures set by the auditor
– The auditor seeks assurance that the actual rate of
deviation is not greater than the rate set by the auditor.
 Specify required confidence level

• Tests of controls:
– is the risk of over-reliance (the risk that the
allowable assessed control risk is lower than it
actually is)
• Substantive tests:
– is the risk of incorrect acceptance (the risk that the
testing suggests a material error does not exist when
it actually does)

24
 Deciding the size of the sample

• In determining an appropriate sample size, the auditor’s

main concern is with reducing sampling risk to an
acceptably low level.
• The level of sampling risk that the auditor is willing to
accept, will have an inverse relationship with the sample
size required.
• Sample selected needs to be representative of the
population from which it was drawn.
• Population size presumed major influence on sample size
but no effect for populations over 5,000.
25
Factors that influence sample size for
tests of control
Factors that influence sample size for
substantive procedures
Selecting and testing the sample
 Selecting the sample

• Basic principle:
– each item in the population has a chance of being
selected (though not necessarily an equal chance)
• Approaches to selecting a sample (ASA 530.A13 and
Appendix 4)
– Random
– Systematic
– Haphazard
– Block selection
• Not appropriate unless the auditor suspects fraud in
accounts payable – used to select all transactions for a
particular month
29
 Random selection

• Generally considered to be the best method of obtaining

a sample to evaluate the results statistically
• Each item in the population has a known (usually equal)
chance of selection
• Random samples can be selected using:
– auditing software
– random number tables.

30
 Systematic selection

• The process of dividing the number of sampling units in

the population by the sample size to give a sampling
interval.
• As long as the starting number is selected randomly, this
method can be used as a statistical sampling method.
• Drawback is the population may have a fixed pattern
which may lead to bias in the sampling.

31
 Haphazard selection

• Selection of a sample without following a structured

technique.
• Is only practical when the population is not ordered in any
numerical sequence.
• This method is not recommended where:
– other methods are available
– when statistical sampling is being used.

32
 Evaluating the results

• Having drawn the sample, the auditor then examines or

tests each item in accordance with the required audit
objective.
• Each error or deviation needs to be evaluated as to its
implications.
• Errors or deviations that appear to be consistent with
those expected, can then be projected to consider the
effect on the population.

33
 Evaluating the results

• Both non-statistically and statistical sampling require the

sample results to be projected on the population
– Non-statistical sampling results are assessed on a
more qualitative basis – effect whole population or
isolated occurrence.

34
 Projecting the error to the population

• When the analysis identifies errors consistent with the

objective of the test, the auditor then draws conclusions as to
the population.
• Test of control :
– A projected deviation rate should be estimated
– If the projected deviation rate exceeds the tolerable
deviation rate, the preliminary assessment of control
risk is not confirmed:
• reassess control risk at a higher level
• increase the level of substantive procedures.

35
 Projecting the error to the population

• Substantive tests
– The sample results are projected onto the population
– The most common method is the difference estimation
method:
• This method looks at the relative differences
between the recorded and audited amounts
• If the projected error approaches or exceeds the
tolerable error, more evidence may be necessary.
• Mean-per-unit method may be used with statistical
sampling.
36
 Statistical sampling techniques

• The major statistical sampling techniques used are:

– Attribute sampling plans
– Variable sampling plans
– Probability-proportional-to-size sampling.
 Attribute sampling plans

• Three different methods of sampling used to test the

operating effectiveness of controls by estimating the rate
of deviation:
– attribute sampling – used to estimate the proportion
of a characteristic in a population
– sequential sampling – stops testing when enough
assurance is obtained
– discovery sampling – when expected deviation rate is
low.
 Attribute sampling plans

• Auditor must assess the tolerable deviation rate, the

expected error rate and the required confidence level
• Sample size must be statistically determined
• Sample must be randomly selected.
 Variable sampling plans

• Generally used for substantive testing to estimate monetary

misstatement in an account balance.
• Two such methods include:
– unstratified mean-per-unit
• auditor estimates a total population amount by
calculating the mean for items in the sample and
projecting the mean onto the number of items in the
population.
– difference estimation
• auditor calculates the mean difference between
audited and recorded amounts of the sample items
and projects the mean difference onto the population.
 Probability-proportional-to-size sampling

• Most commonly used statistical sampling technique for

substantive testing.
• Also known as dollar unit sampling.
• Used to reach conclusions about a population in terms of a
monetary (dollar) amount.
• PPS takes each dollar of the population as the sampling
unit and tests whether it is correctly stated, incorrectly
stated or tainted.
• Incorrectly stated and tainted dollars are projected to the
number of dollars recorded as the population to estimate
the extent of monetary error in the population.
 Choice of statistical sampling method

• Tests of controls – use one of the attribute sampling plans.

• Substantive testing – use PPS sampling or variable
sampling.
• PPS sampling:
– useful for verifying the existence of assets and the
occurrence of recorded transactions where sampling
risk is moderate to low
• such as inventory pricing and accounts receivable
circularisation.
 Choice of statistical sampling method

• Variable sampling is preferable where:

– errors of understatement are expected or are being
sought
– the population includes zero and negative balances
– many errors are expected
– it may be necessary to extend the sample to estimate
the population value more reliably.
• Variable sampling is most likely to be useful in the audit of
large computerised accounting systems with the
assistance of computer audit software.
 Non-statistical sampling techniques

• Less costly and time consuming but can be just as effective in

satisfying audit objectives.
• Advantages:
– Lower training costs
– Ease of implementation
– Impracticality of random selection
– Proposed adjustment based on qualitative analysis.
Formal and informal non-statistical sampling

• Formal non-statistical sampling plan uses a structured

approach to determine the sample size and evaluate the
results.
• Informal approach is an unstructured approach to determine
the sample size and evaluate the results.
– disadvantages include:
• training difficulties
• absence of consistency and uniformity
• peer review exceptions
• incorrect evaluation of sampling risk.
 The impact of technological disruption on
managing audit data

• Is the auditing profession ripe for disruption?

– Big 4 firms are investing in technology – using data
analytics to make the audit more effective and
efficient.
• Examples of how auditing firms are adapting:
– developing automated data assurance services
• provide a real-time audit service incorporating
predictive analytics.
– embedding technology into the audit approach.
 Blockchain and Bitcoin

• Electronic virtual currencies are a technology that auditors

may need to work with:
– Blockchain: digitised, decentralised, public ledger of all
cryptocurrency transactions.
– Bitcoin: form of digital currency, created and held
electronically
• created by people and businesses using special
software
• decentralised
• no single institution controls the Bitcoin network.
 Data analytics

• auditor data analytics is about enhancing audit quality… a

high-quality, focused and effective audit is aligned with the
way the audited entity manages its data and operations…
data analytics offers a practical way for auditors to
manage some important aspects of IT systems in larger
audits (ICAEW)
• big data and analytics are providing auditors with the
means to better identify financial reporting, operational
business risks and fraud
– technology available to integrate big data and audits is
still in its infancy but progress is being made.
 Integrated reporting

• IR is designed to promote a more cohesive and efficient

approach than currently occurs with corporate reporting.
• Aim is to improve the quality of information available for
investors and regulators, and to ensure a more efficient
allocation of capital.
• Technical challenges currently exist for auditors due to
difficulty of developing suitable criteria for assuring an
integrated report.
 Integrated reporting

• Key authority – International Integrated Reporting Council

(IIRC):
– IR is a concise communication about how an
organisation’s strategy, governance, performance and
prospects, in the context of its external environment,
lead to the creation of value over the short, medium
and long term.