Chapter- One: - Testing and Audit Sampling
1.1.Audit Sampling Concepts
The use of sampling is common in auditing because of the need to gather evidence over large
populations of client data in a cost-effective manner. Auditing standards define audit sampling
as the application of an audit procedure to less than 100 percent of the items within an account
balance or class of transactions for the purpose of evaluating some characteristic of the balance
or class. Whenever auditors use sampling techniques, they face the risk that their sample is not
representative of the population, referred to us sampling risk.
Sampling Risk and Decision Error
Due to sampling risk, the auditor faces the chance that sampling may lead to one of two possible
types of decision errors: (I) deciding that the population tested is not acceptable when in reality it
is i.e (incorrect rejection) and (II) deciding that the population tested is acceptable when in
reality it is not i.e (incorrect Acceptance).
I.
Risk of incorrect rejection (Type I). In testing an internal control, this is the risk that the
sample supports a conclusion that the control is not operating effectively when, in truth, it is
operating effectively. This risk is also commonly referred to as the risk of under reliance or
the risk of assessing control risk too high. In the case of substantive testing, this is the risk
that the sample supports the conclusion that the recorded account balance is materially
misstated when it is actually not materially misstated.
The risk of incorrect rejection relates to the efficiency of the audit. This type of decision error
can result in the auditor conducting more audit work than necessary in order to reach the
correct conclusion.
II.
Risk of incorrect acceptance (Type II). In testing a control, this is the risk that the sample
supports a conclusion that the control is operating effectively when, in truth, it is not
operating effectively. This risk is also commonly referred to as the risk of overreliance or the
risk of assessing control risk too low. In the case of substantive testing, this is the risk that
the sample supports the conclusion that the recorded account balance is not materially
misstated when it is actually materially misstated.
The risk of incorrect acceptance relates to the effectiveness of the audit. It results that the
auditor may fail to detect a material misstatement in the financial statements due to
inadequate audit test performed. This can lead to litigation against the auditor by parties that
1
rely on the financial statements. Because of the potentially severe consequences of a Type II
decision error, auditors design their sampling applications to keep this risk to an acceptably
low level.
Three Important Factors of Sample Size Determination
The most important inputs to determine sample sizes for all types of audit sampling are (I)
desired level of assurance in the results (or confidence level), (II) acceptable defect rate (or
tolerable error), and (III) historical defect rate (or expected error).
Confidence Level: The first input, confidence level, is the complement of sampling risk. The
acceptable level of sampling risk determined by considering the amount of reliance to be placed
on the tests and the consequences of a decision error. In general the larger the sample, the higher
the confidence level and the lower the sampling risk.
Acceptable Vs Expected Error: Once the desired confidence level is established, the
appropriate sample size is determined largely by how much tolerable error exceeds expected
error. The smaller the difference between these two variables, is the larger the sample size
needed. For example assume that an apple buyers can accept up to 10 percent defective
shipments. Due to poor weather this year the planned level of expected defect rate of 7 percent
+/- 3 percent. Here there is less room to accommodate sampling risk in the interval between 7
and 10 percent. As a result larger sample is required in order to minimize sampling risk.
Precision in Sampling: In typical statistical sampling terminology, the term precision relates to
how close a sample estimate is to the population characteristic being estimated, given a specified
sampling risk. Thus, precision at the planning stage of an audit sampling application is the
difference between the expected and the tolerable deviation rate or misstatement. Auditing
standards use the term allowance for sampling risk to reflect the concept of precision in a
sampling application. For example, if an auditor expected that a control would have a 2 percent
deviation (failure) rate and he or she was willing to tolerate a deviation rate of 5 percent, the
allowance for sampling risk would be 3 percent.
Technology Vs Sampling: Technology reduces the number of times/ situations auditors need to
apply sampling techniques due to:
First, companies have developed well-controlled, automated accounting systems that can process
transactions with no or very few errors. Here auditors test the processing software control
2
configurations and general computer controls rather than rely on audit sampling to test
transactions.
Second, the advent of powerful audit software allows auditors, in some situations, to download
and examine electronic client data rather than sample.
On the contrary technology will never eliminate the need for auditors to rely on sampling to
some degree because (1) many control processes require human involvement to operate
effectively (e.g., reconciliations, review, and resolution of a system’s generated exception
reports), (2) many testing procedures require the auditor to physically inspect an asset (e.g.,
inventory) or inspect characteristics of a transaction or balance (e.g., terms in a contract), and (3)
in many cases auditors are required to obtain and evaluate evidence from third parties (e.g.,
letters confirming accounts receivable balances from client customers).
Audit Evidence choice Vs Sampling
Generally, the auditor applies a number of audit procedures in order to reach a conclusion. Some
audit procedures involve sampling as defined by auditing standards, while others do not involve
sampling. The following are some examples of typical sampling applications.
Inspection of tangible assets:- An auditor typically attends a client’s yearend inventory count.
Because the number of inventory items can be very large, the auditor may use audit sampling to
select inventory items to physically inspect and count.
Inspection of records or documents:- A control may require that before a check is written to a
vendor, the payables clerk must match an approved purchase order to an approved receiving
report and vendor invoice and indicate an acceptable match by initialing a copy of the check
stapled to the other three documents. The auditors can gather evidence on the effectiveness of the
control by testing a sample of the documentation packages.
Re-performance:- In assessing the competence and objectivity of the client’s work, the auditor
may re-performmance a sample of the tests performed by the client.
Confirmation:- A common technique to gather evidence on existence and accuracy of accounts
receivable records is to send letters to customers asking them to confirm their balance. Rather
than send a letter to all customers, the auditor can select a sample of customers.
Types of Sampling
There are two general approaches to audit sampling: non-statistical (Judgmental) and statistical.
3
In non-statistical sampling application, the auditor relays on his or her professional judgment, in
combination with audit firm guidance and knowledge of the underlying statistical sampling
theories, to reach a conclusion about the audit test.
In statistical sampling, on the other hand, uses the laws of probability to compute sample size
and evaluate the sample results, thereby permitting the auditor to use the most efficient sample
size and to quantify the sampling risk for the purpose of reaching a statistical conclusion about
the population.
Both approaches require the use of the auditor’s professional judgment to plan, perform, and
evaluate the sample evidence. The major advantages of statistical sampling are that it helps the
auditor (1) design an efficient sample, (2) measure the sufficiency of evidence obtained, and (3)
quantify sampling risk. The disadvantages of statistical sampling include additional costs of (1)
training auditors in the proper use of sampling techniques, (2) designing and conducting the
sampling application, and (3) lack of consistent application across audit teams due to the
complexity of the underlying concepts.
Non-statistical audit sampling can be simpler to use and more consistently applied in audit
sampling than statistical sampling method. As a result non-statistical sampling is used for the
sake of the following discussion.
1.2. Audit Sampling for Control Testing
The following are the Steps in conducting audit sampling for control testing
Step 1. Determine the test objectives.
The objective of sampling when used for tests of controls is to evaluate the operating
effectiveness of the internal control and to determine the degree of reliance that can be placed on
controls for a financial statement audit. Thus, the auditor assesses the deviation or error rate that
exists for each control selected for testing. Audit sampling for tests of controls is generally
appropriate when the completion of a control procedure leaves documentary evidence (e.g.,
initials of approval).
Step 2. Define the population characteristics:
The auditor must determine that the population from which the sample is selected is appropriate
for the specific assertion, because sample results can be projected only to the population from
which the sample was selected. Here the following activities are required to be undertaken.
4
i.
Define the sampling population:- All or a subset of the items that constitute the class of
transactions (or account balance when not testing controls) make up the sampling
population. For example, suppose the auditor is interested in examining the effectiveness
of a control designed to ensure that all shipments to customers are billed. If the auditor
uses the population of sales invoices as the sampling population, he or she is not likely to
detect goods shipped but not billed, because the population of sales invoices includes
only sales that were billed. In this example, the correct sampling population for testing
the completeness assertion would be the population of all shipped goods as documented
by shipping records such as bills of lading.
ii.
Define the sampling unit:- The individual members of the sampling population are
called the sampling units. In auditing, a sampling unit may be a document, an entry, or a
line item. Each sampling unit makes up one item in the population. The sampling unit
should be defined in relation to the control being tested.
iii.
Define the control deviation conditions:- For tests of controls, a deviation is a departure
from adequate performance of the internal control. It is important for the auditor to define
carefully what is considered a deviation.
Step 3. Determine the sample size,
Considerable judgment is required in determining the appropriate values for the inputs that are
used to compute sample. The following inputs are required to determine the sample size.
i.
The desired confidence level:- the complement of the confidence level is the risk that
the sample results will support a conclusion that the control is functioning effectively
when in truth it is not (i.e., the risk of incorrect acceptance). In a financial statement
audit, this can result in assessing control risk too low. This risk influences the
effectiveness of the audit. If the auditor sets control risk too low and over relies on the
controls, the level of substantive procedures may be too low to detect material
misstatements that may be present in the financial statement account. This is because
when control risk inappropriately decreases, the auditor increases the acceptable level of
detection risk associated with substantive testing to compensate
ii.
The tolerable deviation rate:- The maximum deviation rate from a prescribed control
that the auditor is willing to accept and still consider the control effective (i.e., the
control procedure would be relied on).
5
iii.
The expected population rate:- is the rate the auditor expects to exist in the population.
The rate is developed based on prior years’ results or on a pilot sample. If the auditor
believes that the expected population deviation rate exceeds the tolerable deviation rate,
no amount of sampling can reduce the population deviation rate below the tolerable rate.
Instead, the auditor should perform additional substantive procedures rather than relying
on the control. The expected population deviation rate has a direct relationship to sample
size: The larger the expected population deviation rate, the larger the sample size, all else
equal.
Step 4. Select sample items.
When using audit sampling, the auditor should avoid distorting the sample by selecting only
items that are unusual or large or items that are the first or last items in the frame, because the
auditor needs a sample that represents the population in order to draw inferences about the
population from the sample. This is not to say that selection of unusual, large, or risky events,
transactions, or balances should be avoided in other audit procedures that do not involve audit
sampling. To the contrary, the auditor should focus specific audit procedures on all such items
and not turn the selection of these items over to chance (i.e., random or haphazard selection),
which is required for audit sampling.
Step 5. Perform the auditing procedures: (Guidance in audit firm’s policy)
A number of public accounting firms establish guidelines for non-statistical sample sizes for tests
of controls. Typically, accounting firms’ non-statistical guidelines are consistent with sampling
theory and are designed to provide two primary benefits: (1) to simplify the judgments required
by field auditors by having experts at firm headquarters make firm wide judgments and (2) to
improve consistency in sampling applications within and across engagement teams. Personal
judgment For example, a firm might establish guidelines as follows: Assume an auditor might
consider each of the necessary factors and determine that a sample size of 30 is adequate.
Desired Level of Controls
Reliance Sample Size
Low
15–20
Moderate
25–35
High
40–60
In developing non-statistical sampling guidelines like those above, the firm’s experts have
decided what confidence levels achieve low, moderate, and high assurance (say, 70–75, 80–85,
6
and 90–95 percent confidence, respectively). The experts have decided reasonable levels of
tolerable deviation rates (say, 5 to 10 percent), and they have decided to base an initial sample on
zero expected deviations. Following this guidance, if one or more deviations are found in the
sample, the auditor needs to expand the sample or increase the assessed level of control risk.
Step 6. Calculate the sample deviation rate and the computed upper deviation rate.
With a non-statistical sample, the auditor can calculate the sample deviation rate but cannot
quantify the computed upper deviation rate and the sampling risk associated with the test. As per
AICPA Audit Guide Audit Sampling the sample results do not support the planned assessed level
of control risk if the rate of deviation identified in the sample exceeds the expected population
deviation rate used in designing the sample. In that case, there is likely that the true deviation
rate in the population exceeds the tolerable rate.
Step 7. Draw final conclusions
If the auditor concludes that there is an unacceptably high risk that the true population deviation
rate could exceed the tolerable rate, it might be practical to expand the test to sufficient
additional items to reduce the risk to an acceptable level. Rather than testing additional items,
however, it is generally more efficient to increase the auditor’s assessed level of control risk to
the level supported by the results of the original sample.
NB: The above seven steps can be reclassified under three stages of the audit work. The first
three steps are categorized under planning stage. The next two steps (i.e. Step 4 and 5) is
categorized as performance stage. The last two steps are categorized under evaluation stage.
1.3. Audit Sampling for substantive tests
The basic statistical concepts and steps discussed in above paragraphs are also applicable for
sampling approaches used to test account balances. Three important determinants of sample size
are desired confidence level, tolerable misstatement, and estimated misstatement. Misstatements
discovered in the audit sample must be projected to the population, and there must be an
allowance for sampling risk.
In substantive testing sampling may be used for to (1) test the reasonableness of assertions about
a financial statement amount (e.g., accuracy, existence) or (2) develop an estimate of some
amount. The first use, which is the most frequent application of sampling as a substantive
procedure in a financial statement audit, tests the assertion or hypothesis that a financial
statement account is fairly stated. The second is less frequent but is occasionally used to develop
7
an estimate of an amount as part of a consulting engagement or in some cases to provide
evidence on a client estimate (e.g., sales returns for a new product).
The sampling unit for non-statistical sampling is normally a customer account, an individual
transaction, or a line item on a transaction. In non-statistical sampling, the proper application of
the following items are necessary

Identifying individually significant items

Determining the sample size

Selecting sample items

Calculating the sample results
Identifying individually significant items
It is the determination of which items should be tested individually and which items should be
subjected to sampling. The items that will be tested individually are items that may contain
potential misstatements that individually exceed the tolerable misstatement. These items are
tested 100 percent because the auditor is not willing to accept any sampling risk. For example, an
auditor using non-statistical sampling may be examining a client’s accounts receivable balance in
which 10 customer account balances are greater than tolerable misstatement. The auditor would
test all 10 large accounts, and apply sampling for the remaining.
Determining the sample size
When determining the sample size, the auditor should consider the level of desired confidence,
the risk of material misstatement, the tolerable and expected misstatements, and the population
size. While an auditor may determine a non-statistical sample size by using professional
judgment, auditing standards indicate that the sample sizes for statistical and non-statistical
sampling should be similar (AU 350.22). Thus, it is common for firms to develop guidance for
non-statistical sampling based on statistical theory such as the formula provided below, which
was adapted from the AICPA Audit Guide Audit Sampling:
𝑆𝑎𝑚𝑝𝑙𝑒 𝑠𝑖𝑧𝑒 = ( 𝑎 𝑆𝑎𝑚𝑝𝑙𝑖𝑛𝑔 𝑝𝑜𝑝𝑢𝑙𝑎𝑡𝑖𝑜𝑛 𝑏𝑜𝑜𝑘/𝑇𝑜𝑙𝑒𝑟𝑎𝑏𝑙𝑒 − 𝐸𝑥𝑝𝑒𝑐𝑡𝑒𝑑 𝑚𝑖𝑠𝑠𝑡𝑎𝑡𝑒𝑚𝑒𝑛𝑡) ∗
𝐴𝑠𝑠𝑢𝑟𝑎𝑛𝑐𝑒 𝑓𝑎𝑐𝑡𝑜𝑟
The “sampling population book value” excludes the amount of items to be individually audited.
The assurance factor is identified by determining the level of desired confidence (largely driven
by the amount of other relevant audit evidence and the risk of material misstatement (i.e.,
8
inherent and control risk). the following table contains the assurance factors for various
combinations of desired confidence and risk assessment.
Table 1 Assurance factor for non-statistical sampling
Assessment
of
Risk
of
Material Desired Level of Confidence
Misstatement
Maximum
Slightly
Below Moderate
Low
Maximum
Maximum
3.0
2.7
2.3
2.0
Slightly Below Maximum
2.7
2.4
2.0
1.6
Moderate
2.3
2.1
1.6
1.2
Low
2.0
1.6
1.2
1.0
Selecting the Sample Items
When any form of audit sampling is used to gather evidence, auditing standards require that the
sample items be selected in such a way that the sample can be expected to represent the
population. While some form of random sample or systematic selection (e.g., probability
proportional to size) is required for statistical sampling, auditing standards allow the use of these
selection methods, as well as other selection methods including haphazard sampling when using
non-statistical sampling. Haphazard selection allows the auditor to “randomly” select items
judgmentally (i.e., with no conscious biases or reasons for including or omitting items from the
sample). This does not imply that the items are selected in a careless manner; rather, the
sampling units are selected such that they will be representative of the population.
Calculating the Sample Results
This illustration uses a non-statistical sampling design application to examine the accounts
receivable balance of Calabro Wireless Services at December 31, 2007. As of December 31,
there were 11,800 accounts receivable accounts with a balance of Br. 3,717,900, and the
population is composed of the following strata:
Number and Size of Accounts
Book Value of Stratum
15 accounts > Br. 25,000
Br. 550,000
250 accounts > Br. 3,000
850,500
11,535 accounts < Br3,000
2,317,400
The Auditor has made the following decisions:
9

Based on the results of the tests of controls, the risk of material misstatement is assessed
as low.

The tolerable misstatement allocated to accounts receivable is Br. 55,000, and the
expected misstatement is Br. 15,000.

The desired level of confidence is moderate based on the other audit evidence already
gathered.

All customer account balances greater than Br. 25,000 will be audited.
Based on these decisions, the sample size is determined as follows: First, individually significant
items are deducted from the account balance, leaving a balance of Br. 3,167,900 (Br. 3,717,900
– Br. 550,000) to be sampled. Second, the sample size for the remaining balance is determined
using the adapted AICPA sample size formula:
Sample Size =
Br.3,167,900
Br. 55,000 – Br. 15,000
* 1.2 = 95
The assurance factor of 1.2 is determined by using Table 1 and a “Low” assessment for risk of
material misstatement and “Moderate” level of desired confidence. The 95 sample items are
divided between the two strata based on the recorded amount for each stratum. Accordingly, 26=
[(Br. 850,500 / Br. 3,167,900) *95] of the 95 are allocated to the stratum of accounts greater than
$3,000 and 69 to the stratum of accounts less than Br. 3,000. The total number of items tested is
110, composed of 15 individually significant accounts tested 100 percent and a sample of 95
items.
The auditor mailed positive confirmations to each of the 110 accounts selected for testing. Either
the confirmations were returned to the auditor, or he was able to use alternative procedures to
determine that the receivables were valid. Four customers indicated that their accounts were
overstated, and the auditor determined that the misstatements had resulted from unintentional
errors by client personnel. The results of the sample are summarized as follows:
Stratum
Book Value Book Value Audit
Value Amount
of
of Stratum
of Sample
of Sample
Overstatement
> Br. 25,000
Br. 550,000
Br. 550,000
Br. 549,500
Br. 500
> Br. 3,000
850,500
425,000
423,000
2,000
< Br.3,000
2,317,400
92,000
91,750
250
10
Based on analysis of the misstatements found, the auditor concluded that the amount of
misstatement in the population was likely to correlate to the total Birr amount of the items in the
population and not to the number of items in the population. Thus, he decided to use ratio
estimation (applying the ratio of misstatement in the sampling strata) to project his results. His
projection of the misstatements follows:
Stratum
Amount
of Ratio of Misstatements in Stratum Tested
Misstatement
Projected
Misstatement
> Br. 25,000
Br. 500
Not Applicable—100% Tested
Br. 500
> Br. 3,000
2,000
(Br. 2,000/425,000)* Br. 850,500
4,002
<Br.3,000
250
(Br. 250/Br. 92,000)* Br. 2,317,400
6,298
Total projected misstatement
10,800
The total projected misstatement is Br. 10,800. The auditor should conclude that there is an
acceptably low risk that the true misstatement exceeds the tolerable misstatement because the
projected misstatement of Br. 10,800 is less than the expected misstatement of Br. 15,000.
Before reaching a final conclusion on the fair presentation of Calabro’s accounts receivable
balance, The Auditor would consider the qualitative characteristics of the misstatements detected
and the results of other auditing procedures. If these steps are successfully completed, the auditor
can conclude that the accounts receivable balance is fairly presented in conformity with IFRS.
Summary of the Effect of Sample Selection Factors on Sample Size
Factor
Relationship to Sample Change in Factor
Effect on Sample Size
Size
Desired confidence level
Tolerable misstatement
Expected misstatement
Population size
Direct
Inverse
Direct
Direct
Lower
Decrease
Higher
Increase
Lower
Increase
Higher
Decrease
Lower
Decrease
Higher
Increase
Lower
Decrease
Higher
Increase
11