Auditing Sampling

examination of LESS THAN 100% of a population & using the results as a basis for drawing a GENERAL (not definitive) conclusion on the entire population (auditor is limited by time --- reasonable assurance)

Non-sampling risk

### human error

- wrong test

- do not perform tests correctly

Sampling Risk

### risk of drawing the wrong conclusion (i.e. risk of projecting a bad sample that does not represent population)

- 2 types of Sampling risk: Efficiency Error & Less Effective

What are the 2 types of Sampling Risk?

### Type I – Efficiency Error: population is OK but sample indicates NOT to rely on I/C (incorrectly reject)

Type II – Less Effective: population is BAD but sample indicates to rely on I/C (incorrectly accept)

Explain the effects of Type I (Sampling Risk)

### Type I – Efficiency Error ("too conservative")

Sample indicates NOT to rely on I/C when population is actually OK

- Under-Rely on I/C (too little), Assess RMM too HIGH, DR too LOW, Sub. Testing too HIGH

Therefore, inefficient (incorrectly reject) but still arrive at a valid opinion

Explain the effects of Type II (Sampling Risk)

### Type II – Less Effective ("over-aggressive", wrong answer)

Sample indicates to RELY on I/C when population is actually BAD

- Over-Rely on I/C (too much), Assess RMM too LOW, DR too HIGH, Sub. Testing too LOW

Therefore, less effective, incorrectly accept, & arrive at the wrong opinion

When is sampling used?

### 1. Test of Controls – to determine the operating effectiveness of controls Auditor's plan to rely on (doesn't deviate more than tolerable rate)

2. Test of Details (sub. procedures) – obtain S.A audit evidence to support management’s assertions

*not during planning phase

If the sample is BAD, and the population is GOOD, what is the sampling risk?

TYPE I – Efficiency Error (UNDER-RELY I/C, RMM TOO HIGH)

If the sample is GOOD & the population is BAD, what is the sampling risk?

TYPE II – Less Effective (OVER-RELY I/C, RMM TOO LOW) ---- Wrong Conclusion

When will the auditor want to rely on the control

### True Deviation Rate (actual) < Tolerable Deviation Rate

(RMM reduced, DR increased, SUB reduced)

True Deviation Rate (actual) < Tolerable Deviation Rate

### Auditor will want to RELY on I/C

(RMM reduced, DR increased, SUB reduced)

When will the auditor NOT want to rely on the control

### True Deviation Rate (actual) > Tolerable Deviation Rate

(RMM increased, DR reduced, SUB increased)

True Deviation Rate (actual) > Tolerable Deviation Rate

### Auditor will NOT want to rely on the control

(RMM increased, DR reduced, SUB increased)

Which sampling technique is usually applied to test of controls?

Attribute Sampling

What are the 2 risks associated with attribute sampling?

### 1. Risk of Assessing RMM too low (ineffective)

– Sample Deviation Rate < Tolerable Rate.... (Population True Dev > Tolerable) (over-rely on I/C)

2. Risk of Assessing RMM too high (Inefficient)

– Sample Deviation Rate > Tolerable Rate.. (under-rely on I/C)... (Population True Dev < Tolerable)

Which sampling technique is usually applied to substantive test of details?

Variable Estimation Sampling

What are the 2 risks risks associated with variable sampling?

### 1. Risk of Incorrect Acceptance (Ineffective):

– Estimated Amount (Sample) is close enough to recorded amount so, the Auditor concludes "materially correct". Amount is actually materially misstated (therefore, inappropriate conclusion)

2. Risk of Incorrect Rejection (Inefficient):

– Sample Amount is different enough from recorded amount . Auditor concludes "materially misstated", when population is actually "materially correct", but auditor does unnecessary amount of additional sub. Testing to arrive at the same conclusion

Statistical Sampling

### use of quantitative measures of the risk the auditor is taking in the use of sampling (formulas)

- auditor will still have to use judgement to det. Acceptable risk level

Non-statistical Sampling

### Judgmental Sampling

- using audit judgement to decided comfort level that conclusions are correct (usually overestimate required sample size)

- effective, but not as efficient using statistical techniques to determine a sufficient sample size

Judgmental Sampling

Non-statistical sampling

Incorrect Acceptance

ineffective Audit with inappropriate conclusion

Incorrect Rejection

inefficient audit with correct conclusion

Assess RMM too LOW

ineffective Audit with inappropriate conclusion

Assess RMM too HIGH

inefficient audit with correct conclusion

In regards to audit sampling, what will auditor often allow when the costs of additional testing is low?

### Higher risks of Assessing RMM too HIGH & Incorrect Rejection

***aka higher risks of inefficiency (more sub. testing)

## What are the effects on sample size (attribute sampling)?

1. Tolerable Rate

2. Expected Rate

3. Acceptable Risk

### 1. Tolerable Rate – Inverse Effect

2. Expected Rate – Direct Effect

3. Acceptable Risk – Inverse Effect

What are the types of attribute sampling?

### 1. Fixed Sample-Size Attribute Sampling

2. Stop-or-Go Sampling (Sequential Sampling)

3. Discover Sampling

Fixed Sample-Size Attribute Sampling

used to estimate the rate of deviations in the populations

Stop or Go Sampling (Sequential Sampling)

### type of attribute sampling

- allows the auditor to stop when sufficient data is gather

- appropriate when the expected deviation rate is low

- may provide the most efficient sample size in an attribute sampling plan (each step relies on the previous step - "sequential")

- auditor may stop sampling if no deviations are found

Discovery sampling

### type of attribute sampling

- used when expected deviation rate is very low, near zero

- sample size is usually large enough to find at least one deviation (if it exists)

- if population error rate > the tolerable rate... designed to measure the probability of at least one error occurring in a sample

Attribute Sampling

### examining sample of items from a population to determine what percentage of them contain a specific characteristic (deviation "attribute" - test of controls)

*cannot be used to verify a qty or dollar amount

What shouldn't an Auditor use attribute sampling?

to verify a quantity or dollar amount (substantive testing)

Which part of testing shouldn't sampling be used for?

### Risk assessment procedures to understand I/C – AIIO

(Step 3 in Audit Process)

Which test of controls should sampling normally not apply to?

### *not normally for inquiry or observation (RIIO)

1. Tests of automated application

2. Analyses of controls for determining appropriate Seg. Of Duties

3. Other analyses that do not examine documentary evidence of performance

4. Tests of certain documented controls

5. Analyses of effectiveness of security and access controls

6. Tests directed toward obtaining audit evidence about the operation of the control environment or accounting system

What is the Auditor look for in attribute sampling?

Deviations from the proper application of the I/C activity being tested (“Failures” of demonstration or to provide documents)

What is considered a deviation in attribute sampling?

### - failure to provide the document the auditor wishes to examine (might not be a true violation of control, just a misplacement but still a "deviation")

Or

- document fails to demonstrate proper application of controls being tested

Which issues should an Auditor consider for each deviation that is identified?

### - Qualitative & Quantitative issues

What should an Auditor consider if fraud is discovered while testing controls?

if fraud is discovered, consider broader implications of the impact on operations & fin. information as a whole(not only specific control being tested)

What is the relationship between deviations and misstatements?

### - deviations do not mean there is misstatements

- therefore, there are usually more deviations than misstatements

Which test of controls should sampling normally apply to?

### tests involving Re-performance or Inspection (RIIO)

1. There is an identifiable population of documents or records which the auditor can select a sample

TEA

### Auditor using attribute sampling will consider 3 different key factors to determine sample size

T – Tolerable Deviation Rate (inverse)

E – Expected Deviation Rate (direct) – [aka: "deviation rate"]

A – Allowable Risk of Assessing RMM too LOW (inverse)

Define Tolerable Deviation Rate & its effect on Sample Size

### the percentage of time a control can be violated but still lead the auditor to believe its operating effectively

- inverse effect on sample size (high acceptable T rate, then a smaller sample will satisfy a true deviation rate)

What is tolerable rate based on?

### Auditor's judgement of:

- The importance of the control being tested

&

- The impact each deviation could have on the accuracy of the F/S assertions

Define Expected Deviation Rate & its effect on Sample Size

### the percentage of time the auditor expects the control to have been violated (aka "expected population deviation rate")

- based on Auditor's prior experience & knowledge

- Direct effect on sample size: closer EDR gets to tolerable rate, the larger the sample size the auditor will need to be satisfied

Define Allowable risk for assessing RMM too LOW & its effect on sample size

### risk of drawing the wrong conclusion --- because sample inaccurately represents population (over-reliance on I/C)

- Inverse effect on sample size: if auditor is willing to accept a high Risk of Over-relying, they can reduce the sample size

Does an auditor need to know the size of the population when determining sample size?

No. the auditor does NOT need to know the population size to determine an adequate sample size

What is the purpose for an “allowance for sampling risk”?

### Aka: Precision Risk or Margin of sampling error (focus only "plus" for allowance) or

- the fact that the sample results ("expected deviation rate") are not precise requires the addition of an allowance for sampling risk to the sample results

*always provided in CPA exam problems

What are the steps to evaluate the results of a Sample

### 1. Sample Deviation rate: (# of Deviations Found / Sample Size)

2. Allowance for Sampling Risk (based solely on the sample size)

3. Maximum Deviation Rate (Upper Precision Limit): (Step 1 + Step 2)

4. Compare: Maximum Deviation Rate to Tolerable Deviation Rate

5. If MDR > TDR, modify reliance because control appears to be operating ineffectively (Rely decreases, CR increases)

6. If MDR < TDR, accept results (maintain increased Reliance & decreased CR)

Sample Deviations Rate (formula)

Number of Deviations Found / Sample Size

Maximum Deviation Rate (formula)

### Sample Deviation Rate + Allowance for Sampling Risk

*aka: Upper Precision Limit

What is the overall picture for attribute sampling?

### looking for whether:

1. we can rely on the control

Or

2. Are there too many deviations

Upper Precision Limit (formula)

### Sample Deviation Rate + Allowance for Sampling Risk

*aka: Maximum Deviation Rate

Precision

### Allowance for Sample Risk

- margin of sampling risk (focus on plus only)

- lower precision allowance, need a larger sample size

What is the relationship between confidence level (reliability) & sample size?

### Direct relationship

Confidence level (reliability) increases with increases in sample size

What is the relationship between precision (accuracy) & sample size?

### Direct Relationship

- accuracy increases with increases in sample size

Steps to develop an Attribute Sampling Plan

### 1. Determine Audit Objective (control being tested?)

2. Determine the Tolerable Rate

3. Determine Reliability (confidence level)

4. Determine the Expected Population Deviation Rate (aka Expected Deviation Rate)

5. Determine Method for selecting the sample (random, systematic, block/cluster)

6. Calculate Sample Size (Based on TEA)

7. Select & Test the Sample

8. Calculate Sample Deviation Rate (# of Dev's / S.S.)

9. COMPARE Upper Precision Limit & Tolerable Rate

10. Reach conclusions & Document Results

Define Level of confidence (reliability) in regards to Attribute Sampling

### - probability the sample will draw the correct conclusion (& represents the degree of sampling risk the auditor is willing to accept)

- i.e. 98% reliability indicates the auditor is willing to accept the risk that there is a 2% risk of drawing an incorrect conclusion based on the sample

What is the connection between reliability/confidence level & an ineffective audit in regards to attribute sampling?

If there is a X% risk of incorrect acceptance, then there is a (1-X%) level of confidence of correct acceptance (vice-versa)

Sample Size (formula)

### (Std. Deviation x Reliability Factor x BV Population) / Precision

* for SS to increase: numerator increases OR denominator decrease

What is important when working with a ratio in exam problems?

### Manipulation

To increase a Ratio:

Numerator factors increase OR Denominator factors decrease

(opposite for decreasing a ratio)

What are Sampling Methodologies?

### methods for selecting a sample. All items should have an equal opportunity to be selected

Random Sampling:

- Random-Number Sampling (simple R.S.)

- Systematic Sampling (systematic RS)

- Haphazard Sampling (systematic RS)

- Block Sampling (or Cluster Sampling) (systematic RS)

Random Number Sampling

Method for selecting a sample in which numbered documents or transactions are selected through the **use of random number tables or computer software**

Systemic Sampling

Method for selecting a sample in which every “Nth” item is selected from a randomly-distributed population from a randomly-selected starting point

Haphazard Sampling

Method for selecting a sample in which each unit is selected without any conscious bias from a randomly distributed of the population

Block Sampling (Or Cluster Sampling)

### method for selecting a sample in which a sample consists of grouped/adjacent/contiguous units (i.e. selecting 3 blocks of 10 invoice each)

* least desirable method because samples selected may not be representative

Which sample methodology is least desirable (or most likely to not be used)?

### Block /Cluster Sampling

Highest possibility of samples selected not being representative of the population

Variable Sampling

sampling to estimate the numerical value of the $$ account balance (focusing on misstatements, not deviations)

When is stratified sampling appropriate?

### Variable Sampling or PPS Sampling

- when the dollar values on the various documents are WIDELY different from each other. Otherwise, a $5 invoice would have the same chance to be selected as a $20,000 invoice.

How is stratified sampling performed?

### - dividing the documents into different groups quantitatively or qualitatively (larger sample sizes for the more important larger documents)

- sample is drawn from each group resulting in a smaller total sample size

* usually more efficient

## What are the effects on sample size (variable sampling)?

1. Tolerable Misstatement

2. Expected Misstatement

3. Allowable Risk of Incorrect Acceptance (RMM too Low)

**4. Standard Deviation

### TEAS (IDID)

1. Tolerable Misstatement – Inverse

2. Expected Misstatement - Direct

3. Allowable Risk – Inverse

**4. Standard Deviation – Direct

What is the relationship between Tolerable Misstatement & F/S Materiality?

### Tolerable Misstatement < F/S Materiality

* on all audit tests combined & generally for any specific audit procedure (variable sampling)

Expected Misstatement

### Amount by which the auditor expects the account to be misstated (variable sampling)

*based on previous audits & info. Gathered while obtaining an understanding of I/C

What is allowable risk of incorrect acceptance based on (variable sampling)?

### - Auditor's overall willingness to accept Audit Risk

&

- Assessed level of RMM (when RMM is TOO LOW, acceptable DR is greater)

Standard Deviation (Variable Sampling)

### variability of the dollar values of the individual items in the population

- usually based on previous audits or a tiny sample of the items in the current population

What is the difference between TEA & TEAS?

### TEA – Attribute Sampling (Percentages)

TEAS – Variable Sampling (TEA + S.d. In Amounts)

Mean-Per-Unit Estimation

### - type of classical variable sampling (MPU x Total Units)

($ average dollar value in the sample) x (# of Items in the Population)

Difference Estimation

### type of classical variable sampling

($ Avg of Excess x Total Pop Units) +/- Total Account Book Balance

Ratio Estimation

### type of classical variable sampling (Avg Ratio) X (Total Balance)

(Audited Amount / Book Amount) x (Total Account Book Balance)

What increases “likely misstatements”?

Use of Estimates

Define Misstatement (defined by AICPA)

### 1. Difference reported between F/S & GAAP (includes amount, classification, & presentation at the element, account, or item level)

2. Omission of F/S element, account, or item

3. Disclosure not presented in accordance with GAAP

4. Omission of information required to be disclosed in accordance with GAAP

How can misstatements be evaluated qualitatively?

### - affect profitability trends

- change losses into income

- affect segment information

- affect compliance with legal & contractual requirements

Probability Proportional to size (PPS)

### form of variable sampling in which the sampling unit is each dollar in a population (as opposed to each document as unit)

Aka: DUS (Dollar-Unit Sampling) or CMA (Cumulative Monetary Amount Sampling)

CMA

### Cumulative Monetary Amount Sampling

AKA PPS (Probability Proportional to Size)

Under PPS, what is the sample size equivalent to?

### Approx. ($ Total Population Amount in Dollars / Sampling Interval)

Under PPS, how many documents are examined?

### One document for each sampling interval

"pick one document every $XXX"

Sampling Interval (formula)

### Tolerable Misstatement / Reliability Factor

Or

Population Amount / Sample Size

Tainting Factor (formula)

Misstatement / Book Amount

Misstatement (formula)

Book Amount – Audited Amount

## Projected Misstatement (aka Projected Error)

[Formula & Evaluation]

### 1A. If SI > Book Amount

PM = (Misstatement / Book Amt)** x (SI)

1B. If SI < Book Amount

PM = Misstatement

2. Total all PM's vs. Tolerable Misstatement (if PM

** (Misstatement / Book Amount) = Tainting Factor

What are the advantages of PPS over classical variable sampling?

### - automatically stratifies the population (greater chance of larger accounts selected & individual accounts always > SI)

- Standard deviation not needed

- Smaller sample usually results if few errors expected

- Sample can be designed more easily

- Sample selection can begin without having entire population available

When is standard deviation not necessary?

When using PPS sampling

What are the disadvantages of PPS over classical variable sampling?

### - not useful in detecting UNDERSTATED accounts (smaller accounts have lesser chance of selection)

- Zero or Negative Balances require special handling (never selected under PPS)

- Large Sample results if many errors expected (less efficient)

- Identified understatements require special considerations

- Large understatements may lead to invalid projections/conclusions

When is PPS sampling best in regards to populations?

### when the population are NOT expected to contain a large number of misstatements

*PPS sampling is more conservative than Variable Sampling

*PPS is more likely to reject an account balance

Which tests is PPS more useful for?

### - Confirming AR or Loans Receivable (except when there is a large number of unapplied credits)

- Tests of pricing of investments securities or inventory

- Tests of fixed-assets additions where existence is the primary risk

Which tests is PPS NOT appropriate for?

### * when there is a significant number of misstatements

- converting inventory from FIFO to LIFO

- Populations without individual recorded amounts

- Any application in which the primary objective is to ESTIMATE an amount