Attribute Sampling Plans Article:

advertisement
Attribute Sampling Plans Article:



Attribute Sampling-represent the most common statistical application used by
internal auditors to test the effectiveness of controls and determine the rate of
compliance with established criteria.
When developing an attribute sampling plan, the auditor must first define the
audit test objective, population involved, sampling unit, and control items to be
tested
4 statistical parameters to determine an appropriate sample size:
1. Confidence level-reliability the auditor places on the samples results (a 95
percent confidence level means the auditor assumes the risk that 5 out of
100 samples will not reflect the true values in the population)
2. Expected Deviation Rate-auditor’s best estimate of the actual failure rate
of a control in a population-rate is based on client inquiries, changes in
personnel, process observations, prior year test results, or the results of a
preliminary sample
3. Tolerable Rate-Maximum rate of noncompliance the auditor will tolerate
and still rely on the prescribed control
4. Population-contains all items to be considered for testing-each must have
an unbiased chance of selection to ensure the final sample is representative
of the entire population
Example: Auditor estimates a 1.5% expected deviation rate of missing credit approvals
relative to total sales orders, establishes a tolerable rate of 6%, and accepts a 95%
confidence level that the sample results will reflect missing credit approvals fairly in the
population: See Statistical Sample Sizes for Test of Controls Chart below to find that the
appropriate sample size is 103 sales orders that should be tested
 Each of the sales orders can be randomly selected using a random-number table or
systematic selection-picking every nth sales order as long as the first item sampled
is randomly selected-the results may be skewed if missing credit approvals occur
in a systematic pattern
 Suppose 4 sales orders lacked appropriate credit approval in the sample test, the
auditor would project these results to the entire population by calculating the
upper deviation rate-a statistical estimate of the maximum deviation rate in the
population-this rate can be determined using a simple statistical table or a manual
or computer-generated computation
 Using the Statistical Sampling Results Evaluation Table for Tests of Controls-the
upper deviation rate in the example would be about 9%
 If the upper deviation rate is less than the auditor’s tolerable rate, the auditor
would consider the control effective
 If the upper deviation rate is greater than the tolerable rate, the auditor would
consider the control ineffective
 In this example the upper deviation rate (9%) is greater than tolerable rate (6%)therefore, the auditor would advise management not to rely on the control,
concluding with 95% certainty that the rate of missed credit approvals exceeds the
tolerable rate
http://www.theiia.org/intAuditor/back-to-basics/2010/attribute-sampling-plans/
A Practical Guide to Sampling Article:
 Sample design-method of selection, the sample structure and plans for analyzing
and interpreting the results-more complex the design, larger the sample size
 Sampling Frame-a list of all units in your population
 Sample Size-Depends on 5 key factors:
1. Population Size-total number of items in the population-only important if
the sample size is greater than 5% of the population in which case the
sample size reduces
2. Population Proportion-the portion of items in the population displaying the
attributes that you are seeking
3. Margin of error or precision-a measure of the possible difference between
the sample estimate and the actual population value-the better the design,
the less margin of error, smaller sample size required
4. Variability in the Population-the standard deviation is the most usual
measure and often needs to be estimated-more variability the less accurate
the estimate and the larger the sample size required
5. Confidence Level-how certain you want to be that the population figure is
within the sample estimate and its associated precision-higher the
confidence level, larger the sample size (usually 95%)
The following table shows the sample size needed to achieve the required precision
depending on the population proportion using simple random sampling. For example, for
a margin of error of 5% and a population proportion of 70%, a sample size of 323 is
required at the 95% confidence level.
Figure 1: Sample size lookup
table
Population Proportion Precision (at the 95 per cent confidence
level)
Margin of error
Population
proportion
±12% ±10% ±8%
±5%
±4%
50%
66
96
150
384
600
45% or 55%
66
95
148
380
594
40% or 60%
64
92
144
369
576
35% or 65 %
60
87
136
349
546
30% or 70%
56
81
126
323
504
25% or 75%
50
72
112
288
450
20% or 80%
42
61
96
246
384
15% or 85%
34
48
76
195
306
10% or 90%
24
35
54
138
216
5% or 95%
12
18
28
72
114
±3%
1,067
1,056
1,024
971
896
800
683
544
384
202
±2%
2,401
2,376
2,305
2,184
2,017
1,800
1,536
1,224
864
456
±1%
9,604
9,507
9,220
8,739
8,067
7,203
6,147
4,898
3,457
1,824
If you are expecting non-response or a difficulty in locating your sample selections then it is prudent to over sample
To ensure that the sample size achieved provides the required level of
precision.
Method-Definition-Uses-Limitations
1. Multi-Stage Sampling-the sample is drawn in 2 or more stages-usually the most
efficient and practical way to carry out large survey of the public-complex
calculations of the estimates and associated precision
2. Probability Proportional to Size-samples are drawn in proportion to their size
giving a higher chance of selection to the larger items-when you want each
element to have equal chance of selection rather than each sampling unit-can be
expensive to get the information to draw the sample. Only appropriate if you are
interested in the elements
3. Quota Sampling-The aim is to obtain a sample that is representative of the
population. The population is stratified by important variables and the required
quota is obtained from each stratum-It is a quick way of obtaining a sample, it can
be fairly cheap, if there is no sampling frame it may be the only way forward,
additional information may improve the credibility of the results-not random so
stronger possibility of bias, good knowledge of population characteristics is
essential, estimates of the sampling error and confidence limits probably can’t be
calculated
4. Simple Random Sampling-Ensures every member of the population has an equal
chance of selection-produces defensible estimates of the population and the
sampling error, simple sample design and interpretation-need complete and
accurate population listing, may not be practicable if a country-wide sample
would involve lots of audit visits
5. Stratified Sampling-The population is sub-divided into homogenous groups, the
strata can have equal sizes or you may wish a higher proportion in certain strataensures units from each main group are included and may therefore be more
reliably representative, should reduce the error due to sampling-selecting the
sample is more complex and requires good population information, the estimates
involve complex calculations
6. Systematic Sampling-After randomly selecting a starting point in the population
between 1 and n, every nth unit is selected, when n equals the population size
divided by the sample size-easier to extract the sample than simple random,
ensures cases are spread across the population-can be costly and time consuming
if the sample is not conveniently located, can’t be used where there is periodicity
in the population
Sampling Methodologies (http://www.occ.treas.gov/handbook/sampmeth.pdf)
 Examiners should consider quantity of risk, direction of risk, and quality
of risk management in determining precision levels to use. In designing
samples, the precision limit affects the sample size; the smaller the
precision limits, the larger the size of the sample selected and the smaller
amount of exceptions allowable
 When an examiner can tolerate few exceptions, a precision of 5% is
normally chosen. When an examiner can tolerate a large rate of
exceptions, a precision of 20% is normally chosen. Precision levels greater
than 20% is not recommended
AU Section 350-Audit Sampling:
Attribute Sampling
Attribute sampling is a statistical approach used with tests of controls. It requires the use
of a probabilistic sample selection method (random or systematic sampling). Attribute
sampling allows the auditor to estimate the proportion of population items containing a
specified characteristic. The characteristic auditors are concerned with for tests of
controls is deviations from internal controls.
Sample size for attribute sampling can be determined by reference to attribute sampling
tables. These sample determination tables require the auditor to establish three factors:



Risk of assessing control risk too low represents the risk that the auditor concludes
that the design and operation of an internal control is effective when in fact it is
not. The level used for this risk is based on the auditor's desired control risk
assessment. The lower the desired control risk assessment the lower the needed
risk of assessing control risk too low. This risk is inversely related to sample size.
Expected Population Deviation Rate represents the auditor's best estimate of the
population deviation rate. This rate is normally based on prior experience with the
client. This rate is directly related to sample size.
Tolerable Deviation Rate represents the highest deviation rate the auditor could
accept and still conclude that the design and operation of an internal control is
effective. This rate is based on the tolerable misstatement relative to the number
and dollar size of transactions included in the population. Tolerable misstatement
represents the maximum misstatement that could occur before the population
would be considered materially misstated. The lower the required tolerable
misstatement relative to the number and dollar size of transactions the lower the
needed tolerable deviation rate. This rate is inversely related to sample size.
Sample results are evaluated by comparing the computed maximum population deviation
rate to the tolerable deviation rate. The computed maximum population deviation rate
equals the sample deviation rate plus an allowance for sampling risk. If the maximum
population deviation rate is larger than the tolerable deviation rate the auditor will
conclude that the design and operation of the internal control is not effective. If the
computed maximum population deviation rate is less than or equal to the tolerable
deviation rate the auditor will conclude that the design and operation of the internal
control is effective.
Download