3. Determine the sample size for an attribute sampling application.

advertisement
MODULE F
Attribute Sampling
LEARNING OBJECTIVES
Review
Checkpoints
Exercises, Problems,
and Simulations
1.
Identify the objectives of attribute sampling,
define deviation conditions, and define the
population for an attribute sampling
application.
1, 2, 3, 4
42, 43, 56 (partial), 58
(parts a and b), 59 (parts a
and b), 60 (partial), 61
(partial)
2.
Understand how various factors influence the
size of an attribute sample.
5, 6, 7
56 (partial), 57 (parts a and
b), 60 (partial), 61 (partial)
3.
Determine the sample size for an attribute
sampling application.
8, 9
47, 48, 49, 50, 56
(partial), 57 (part c), 58
(part c), 59 (part c)
4.
Identify various methods of selecting an
attribute sample.
10, 11, 12, 13
44 (partial), 45, 46, 56
(partial), 58 (part d), 59
(part d)
5.
Evaluate the results of an attribute sampling
application by determining the computed
upper limit (CUL).
14, 15, 16, 17,
18, 19, 20, 21
44 (partial), 51, 52, 53,
54, 55, 56 (partial), 57
(parts d - f), 58 (parts e
and f), 59 (parts e - g)
6.
Define sequential sampling and discovery
sampling and identify when these types of
sampling applications would be used.
22, 23
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 321
© The McGraw-Hill Companies, Inc., 2005
SOLUTIONS FOR REVIEW CHECKPOINTS
F.1
Attribute sampling is a method of sampling used to determine the extent to which some characteristic (or
attribute) exists within a population of interest. Attribute sampling is used by the auditor in performing tests
of controls to determine the operating effectiveness of internal control policies and procedures.
F.2
The auditor’s objective in attribute sampling is to determine the operating effectiveness of key controls that
influence the financial statement assertions of interest. As a result, the financial statement assertions
ultimately determine which control(s) are tested and are the subject of the auditor’s attribute sampling
application.
F.3
Deviation conditions represent situations in which key controls are not functioning as intended. Deviation
conditions are important in an attribute sampling application because they provide the auditor with
evidence regarding the operating effectiveness of the client’s internal control.
F.4
An appropriate definition of the population is important because auditor conclusions can only be extended
to the population from which the sample is selected.
F.5
a.
Sampling risk is the risk that the decision made by the auditor based on his or her sample is
different from the decision that would have been made if the entire population were examined.
b.
The tolerable deviation rate is the maximum rate of deviations permissible by the auditor without
modifying his or her reliance on an internal control policy or procedure.
c.
The expected deviation rate is the anticipated rate of deviations in the client’s internal control
policies or procedures.
The sampling risk and tolerable deviation rate are determined judgmentally by the auditor based on the
planned level of control risk (as the planned level of control risk is lower, the sampling risk and tolerable
deviation rate should be lower).
The expected deviation rate is assessed by the auditor based on either prior experience with the client (for
recurring engagements) or a small pilot sample of controls (for first-year engagements).
F.6
The risk of assessing control risk too high (risk of underreliance) occurs when the auditor’s sample
indicates that the control is not functioning effectively when, in fact, it is functioning effectively. When this
risk occurs, the auditor’s sample deviation rate exceeds the tolerable deviation rate. However, unknown to
the auditor, the true population deviation rate is less than the tolerable deviation rate.
The risk of assessing control risk too low (risk of overreliance) occurs when the auditor’s sample indicates
that the control is functioning effectively when, in fact, it is not functioning effectively. When this risk
occurs, the auditor’s sample deviation rate is less than the tolerable deviation rate. However, unknown to
the auditor, the true population deviation rate exceeds the tolerable deviation rate.
F.7
The risk of assessing control risk too low is more important because this risk may result in a less effective
audit being performed. That is, the auditor may not perform a sufficient level of substantive procedures
upon which to base his or her opinion on the financial statements.
McGraw-Hill/Irwin
322
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.8
a.
Sample size has an inverse relationship with sampling risk; that is, as the desired sampling risk is
lower, sample size increases.
b.
Sample size has an inverse relationship with the tolerable deviation rate; that is, as the tolerable
deviation rate is lower, sample size increases.
Sample size has a direct relationship with the expected deviation rate; that is, as the expected
deviation rate is higher, sample size increases.
c.
F.9
In an attribute sampling application, the sample size is determined as follows:
1.
Based on the desired level of the risk of assessing control risk too low, select the appropriate
sample size table.
2.
Identify the row of the table corresponding to the expected deviation rate for the control being
examined.
3.
Identify the column of the table representing the assessed tolerable deviation rate for the control
being examined.
4.
Determine the sample size by identifying the junction of the row from step (2) and the column
from step (3).
F.10
When selecting sample items, the auditor should take steps to ensure that the sample is representative of the
population from which it is drawn. For example, the auditor should select potential applications of control
procedures performed throughout the year, performed for larger and smaller dollar amounts, performed by
different individuals, and related to transactions with different parties or individuals in different geographic
areas.
F.11
Tests of controls are procedures performed by the auditor to determine the operating effectiveness of the
client’s key internal control policies and procedures. The auditor’s goal in performing tests of controls is to
determine the rate at which the client’s control policies and procedures are not functioning as intended, or
the sample deviation rate.
F.12
If the auditor is unable to find an item that provides evidence of the client’s performance of a control, that
item is classified as a deviation.
F.13
The sample deviation rate is the rate of deviations from key control policies and procedures noted by the
auditor in his or her sample. It can be calculated by dividing the number of deviations by the sample size.
F.14
The computed upper limit is an adjusted rate of deviations that provides a conservative measure of the
sample deviation rate. This measure allows the auditor to control his or her exposure to sampling risk to
desired levels.
The computed upper limit is the rate of deviation that has a (one minus the risk of assessing control risk too
low) probability of equaling or exceeding the true population deviation rate. Conversely, there is a (risk of
assessing control risk too low) probability that the true population deviation rate exceeds the computed
upper limit.
F.15
The computed upper limit is determined based on the risk of assessing control risk too low, sample size,
and number of deviations. Since the sample size and number of deviations determine the sample deviation
rate, the computed upper limit is essentially based on the sample deviation rate and the risk of assessing
control risk too low.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 323
© The McGraw-Hill Companies, Inc., 2005
F.16
The computed upper limit is determined as follows:
1.
Based on the desired risk of assessing control risk too low, select the appropriate evaluation table.
2.
Read down the “sample size” column to find the row representing the appropriate sample size.
3.
Identify the column corresponding to the number of deviations found by the auditor.
4.
The computed upper limit is the value found at the intersection of the row in step (2) and the
column in step (3).
F.17
If the sample size examined by the auditor is not included in the AICPA sample evaluation tables, the
auditor could (1) select additional items for examination to provide him or her with the next highest sample
size included on the tables, (2) evaluate the results of his or her sample using a smaller (more conservative)
sample size, or (3) interpolate the table values and estimate a computed upper limit for the number of items
examined.
F.18
Since the sample deviation rate is 6 percent (6 deviations  100 items = 6 percent) and the computed upper
limit is 8.3 percent, the allowance for sampling risk is 2.3 percent (8.3 percent - 6.0 percent = 2.3 percent).
F.19
If the computed upper limit is less than the tolerable deviation rate, the auditor would conclude that the
control is functioning effectively. If the computed upper limit is greater than or equal to the tolerable
deviation rate, the auditor would conclude that the control is not functioning effectively.
F.20
If the computed upper limit is less than the tolerable deviation rate, the auditor can choose to rely on
internal control at planned levels or consider obtaining a further reduction in the desired level of control
risk.
F.21
If the computed upper limit is greater than or equal to the tolerable deviation rate, the auditor can reduce his
or her reliance on internal control and increase control risk or expand his or her sample to achieve an
observed computed upper limit less than the tolerable deviation rate.
F.22
Sequential sampling is a sampling plan in which an initial sample is selected and the auditor (1) draws a
final conclusion regarding the effectiveness of the control policy or procedure or (2) selects additional
items before drawing a final conclusion regarding the effectiveness of the control policy or procedure.
The primary advantage of sequential sampling is that these types of plans may allow the auditor to form a
conclusion on internal control with a relatively small sample size. The primary disadvantage of sequential
sampling is that the allowable rate of deviations in the sample is lower than that in a fixed sampling plan
(i.e., sequential sampling is more conservative). In addition, sequential sampling may ultimately result in
the auditor examining an extremely large number of items if he or she decides to expand the sample.
F.23
Discovery sampling is a form of attribute sampling that is utilized when deviations from controls are very
critical, yet are expected to occur at a relatively low rate. Discovery sampling should be utilized when a
control is extremely important for the auditor’s examination or when the auditor is suspicious of the
existence of fraud.
McGraw-Hill/Irwin
324
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS
F.24
F.25
F.26
F.27
F.28
F.29
F.30
a.
b.
Incorrect
Correct
c.
d.
Incorrect
Incorrect
a
Correct
b.
c.
d.
Incorrect
Incorrect
Incorrect
a.
b.
Incorrect
Correct
c.
Incorrect
d.
Incorrect
a.
b.
Incorrect
Incorrect
c.
Correct
d.
Incorrect
a.
b.
Incorrect
Incorrect
c.
Correct
d.
Incorrect
Determining preliminary levels of materiality is related to variables sampling.
Attribute sampling selects occurrences of key controls for the auditor to examine
using tests of controls.
Substantive procedures are related to variables sampling.
Searching for the possible occurrence of subsequent events is not an example of
sampling.
Identifying key controls is necessary when determining the objective of
sampling.
Prior to defining a deviation condition, the key controls must be identified.
Prior to defining the population, the key controls must be identified.
Prior to determining the sample size, the key controls must be identified.
The tolerable deviation rate has an indirect relationship with sample size.
The expected deviation rate has a direct relationship with sample size; the
tolerable deviation rate has an indirect relationship with sample size.
The expected deviation rate has a direct relationship with sample size; the
tolerable deviation rate has an indirect relationship with sample size.
The expected deviation rate has a direct relationship with sample size.
The auditor does not control the RACTH in an attribute sampling application.
The auditor does not control the RACTH in an attribute sampling application;
however, he or she does control the RACTL.
The auditor does not control the RACTH in an attribute sampling application;
however, he or she does control the RACTL.
The auditor controls the RACTL in an attribute sampling application.
Both sampling risks result in incorrect decisions by the auditor.
The risk of assessing control risk too high is related to the study and evaluation
of internal control
The risk of assessing control risk too low may result in the failure to control
audit risk to desired levels.
Performing tests during an interim period does not influence the risk of
assessing control risk too high.
Note to instructor: Since this question asks students to identify the statement that will not result in an
increased sample size, the response labeled “correct” will not result in an increased sample size and those
labeled “incorrect” will result in an increased sample size.
a.
Incorrect
b.
c.
d.
Correct
Incorrect
Incorrect
Reducing the risk of assessing control risk too low will result in a larger sample
size.
Increasing the tolerable deviation rate will reduce (not increase) the sample size.
Increasing the expected deviation rate will result in a larger sample size
Choice (b) above will not result in a larger sample size.
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 325
© The McGraw-Hill Companies, Inc., 2005
F.31
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
b.
Correct
Incorrect
c.
Incorrect
d.
Incorrect
F.34
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
See (d) below.
See (d) below.
See (d) below.
Without knowledge of the risk of assessing control risk too low, it is impossible
to calculate the computed upper limit for a sample of 100 transactions with one
deviation. For example, with a risk of assessing control risk too low of 5
percent, the computed upper limit is 4.7 and options (a), (b), and (c) would not
allow the auditor to assess control risk at the appropriate level. However, if the
risk of assessing control risk too low is 10 percent, the computed upper limit
would be 3.9 and choice (c) would allow the auditor to assess control risk at the
appropriate level.
F.35
a.
Incorrect
b.
Correct
c.
Incorrect
d.
Incorrect
Because the computed upper limit exceeds the tolerable deviation rate, the
auditor cannot support a control risk assessment based on the tolerable deviation
rate.
The auditor can support a control risk assessment at level of the computed upper
limit.
Despite the fact that the computed upper limit exceeds the tolerable deviation
rate, the auditor can support a control risk assessment at less than the maximum
level.
To support control risk assessments at the minimum level, the computed upper
limit would need to be less than the tolerable deviation rate (which would
ordinarily be established at less than 4 percent).
F.32
F.33
McGraw-Hill/Irwin
326
RACTL increases as control risk increases; as a result, a 1% RACTL cannot
logically be associated with a control risk of 0.80.
RACTL increases as a function of control risk; as a result, a 10% RACTL
cannot logically be associated with a control risk of 0.20 if a 1% control risk is
assigned to a control risk of 0.50.
RACTL increases as a function of control risk; as a result, a 10% RACTL
cannot logically be associated with a control risk of 0.50 if a 5% RACTL is
assigned to a control risk of 0.80.
RACTL increases as control risk increases; this series is consistent with this
relationship.
From the AICPA sample evaluation tables, the computed upper limit is 6.9
percent.
From the AICPA sample evaluation tables, the computed upper limit is 6.9
percent.
From the AICPA sample evaluation tables, the computed upper limit is 6.9
percent.
From the AICPA sample evaluation tables, the computed upper limit is 6.9
percent.
This is the correct interpretation of the computed upper limit.
The probability that the actual deviation rate in the population is lower than the
computed upper limit is one minus the risk of assessing control risk too low.
The computed upper limit does not provide an estimate with certainty; in
addition, the probability that the actual deviation rate in the population is lower
than the computed upper limit is one minus the risk of assessing control risk too
low.
The computed upper limit does not provide an estimate with certainty.
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.36
F.37
F.38
F.39
F.40
F.41
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
a.
Incorrect
b.
Correct
c.
Incorrect
d.
Incorrect
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
b.
Incorrect
Correct
c.
d.
Incorrect
Incorrect
a.
Incorrect
b.
Correct
c.
d.
Incorrect
Incorrect
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
Selecting customer accounts for confirmation as a part of the audit of accounts
receivable would utilize variables sampling.
Selecting inventory items for verification as a part of the audit of inventory
would utilize variables sampling.
Selecting purchase orders for indication of authorization is a test of controls that
would utilize attribute sampling.
Selecting additions to property, plant and equipment for verification would
utilize variables sampling.
The auditor would compare the tolerable deviation rate to the sum of the
allowance for sampling risk and sample deviation rate (not expected deviation
rate).
In this example, the sample deviation rate of 4 percent (5  125 = 4 percent) plus
the allowance for sampling risk of 3 percent equals the computed upper limit (7
percent). Since the computed upper limit exceeds the tolerable deviation rate of
5 percent, the auditor should assess a higher control risk.
The expected deviation rate is not considered in evaluating the results of the
sample.
The sample results would support a low control risk assessment if the sample
deviation rate plus the allowance for sampling risk is less than (not greater than)
the tolerable deviation rate.
From the AICPA sample evaluation tables, the computed upper limit is 12.8
percent.
From the AICPA sample evaluation tables, the computed upper limit is 12.8
percent.
From the AICPA sample evaluation tables, the computed upper limit is 12.8
percent.
From the AICPA sample evaluation tables, the computed upper limit is 12.8
percent.
See the response to choice (b).
The auditor noted 7 deviations in the 90 items examined; therefore, the sample
deviation rate is 7.8 percent (7  90 = 7.8 percent). If the CUL is 12.8 percent
(see the answer to F.38), the allowance for sampling risk would be 5.0 percent
(12.8 percent – 7.8 percent = 5.0 percent).
See the response to choice (b).
See the response to choice (b).
The tolerable deviation rate must exceed the computed upper limit in order for
the auditor to rely on internal control as planned.
The tolerable deviation rate must exceed the computed upper limit in order for
the auditor to rely on internal control as planned.
The expected deviation rate is not utilized in evaluating sample results.
The expected deviation rate is not utilized in evaluating sample results.
See the response to choice (d).
See the response to choice (d).
See the response to choice (d).
While (a), (b), and (c) are correct responses, (d) is a more appropriate response
because it includes all possible alternatives for the auditor.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 327
© The McGraw-Hill Companies, Inc., 2005
SOLUTIONS FOR EXERCISES, PROBLEMS, AND SIMULATIONS
F.42
Test of Controls Objectives and Deviations
1.
2.
3.
4.
Credit Approval
a.
Objective: Determine whether credit is approved in accordance with company policy.
b.
Deviation: Absence of notation of approval or disapproval on customers’ orders.
Validity of Sales and Proper Period Recording
a.
Objective: Determine whether (i) recorded sales invoices are supported by written notices
of shipment, (ii) the sales record date is the same as the shipment date.
b.
Deviation: (i) Absence of written shipment notice, (ii) Sales record date and shipment
date are not the same.
Accuracy of Sales Invoices
a.
Objective: Determine whether (i) quantities on shipping notices and invoices are the
same, (ii) unit prices on the invoices are correct and agree with catalog prices, and (iii)
invoices are arithmetically correct.
b.
Deviation: (i) Quantities on shipping notices and invoices do not match, (ii) Unit prices
do not agree with catalog prices, (iii) Invoices include mathematical mistakes.
Classification of Sales
a.
Objective: Determine whether invoices are properly coded for intercompany sales.
b.
Deviation: (i) Invoice to an affiliated company not marked “9” and (ii) Invoice to an
outside customer marked “9”.
McGraw-Hill/Irwin
328
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.43
Examples of Deviations
a.
b.
1.
While not technically conforming to the control policy, the fact that some indication was
placed next to the quantities suggests that this would not be classified as a deviation.
2.
Professional standards are explicit in noting that a missing document should be classified
as a deviation.
3.
The fact that the invoice is marked as “VOID” provides some evidence that the shipment
was not made; accordingly, it does not appear that this would be classified as a deviation.
4.
While the quantities may have been properly checked, the fact that this is not noted on an
item-by-item basis may indicate that the employee hurriedly reviewed the invoice and did
not perform the work. This would likely be classified as a deviation.
5.
The fact that check marks were only placed adjacent to items located in the same location
of the warehouse indicates that only these quantities were verified. Accordingly, this
invoice would be classified as a deviation.
The fallacy in assuming that the controls relating to the remaining 95 invoices were being
performed properly is that an employee could merely place a check mark on the invoice without
reviewing the quantities (because of time pressure, lack of care, etc.).
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 329
© The McGraw-Hill Companies, Inc., 2005
F.44
Timing of Test of Controls and Sample Selection
TO:
FROM:
DATE:
SUBJECT:
Audit Manager
Auditor Hill
October 1
Interim evaluation of control over cash disbursement authorization
I audited 80 cash disbursements as of September 30 for compliance with the company control procedure
requiring authorization of cash disbursements. I found no deviations. Had this audit sampling been
performed at December 31 for the entire year’s disbursements, I would be prepared to assign a low control
risk (20 percent). This favorable evaluation would enable us to perform the planned analytical procedures
to expenses and perform the level of inventory observation work specified in the preliminary audit
program. With a higher control risk, the audit team would need to do more work in both areas.
Requirements
According to auditing standards, the audit team needs to determine whether the authorization control
procedure worked as well during October-December period as it did for the period January-September. I
think the audit team should audit the other 20 disbursements to make this determination.
Options
1.
The audit team cannot elect to forgo all further work on the control for the October-December
remaining period.
2.
The audit team can complete the sampling application by examining 20 additional sampling units
selected at random. This approach will probably be the least costly because it will be relatively
easy to evaluate the additional 20 sampling units to determine whether the control is functioning
effectively.
3.
The audit team could make inquiries about the operating effectiveness of the authorization control
during the time period from October-December. However, declarations from client personnel that
the control “was functioning just fine” would not be good evidence of continued operating
effectiveness. Unless this inquiry reveals that the control is no longer performed, inquiry would
not provide much information.
4.
The three-month length of the remaining period is enough for concern. The audit team should not
merely presume the control continued to operate effectively during this period.
5.
If the dollar amount of transactions affected by the operating effectiveness of the authorization
control were substantially reduced, the audit team would not need to be as concerned about the
control. However, cash disbursements are not likely to become unimportant under these
circumstances.
6.
The audit team could forgo examining an additional 20 items and take its chances that the planned
amount of analytical procedures for expenses and work on inventory observation would also
reveal any control breakdown in October-December. I do not recommend such action in the
circumstances because (a) we should evaluate control risk in order to plan the extent of the other
work, (b) the cost of examining an additional 20 items is not high, (c) audit completion might be
delayed if we detect a control breakdown later in the audit, and (d) in these circumstances the
dual-purpose nature of the other work may turn out to be circular and inefficient.
I trust I have made my preference for completing the test of controls for the authorization control related to
cash disbursements clear. I think this work should be done no earlier than December 20.
McGraw-Hill/Irwin
330
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.45
Sample Selection
a.
In this case, the challenge is the fact that the checking accounts have overlapping check numbers.
Checks written on Account 2 could be considered as numbers 0001 through 6,000 and checks
written on Account 1 could be considered as 6001 through 9000 (simply add 2,368 to each check
number).
For unrestricted random selection, you could identify random numbers between 1 and 9,000 and
select the associated check. For systematic random selection, you would choose a random starting
point, calculate the sampling interval, and proceed through the population of checks.
b.
In this case, the challenge is that random numbers 1 through 8,999 would be discarded in an
unrestricted random selection method. You could convert the five-digit sequence (9,000 – 13,999)
to a four-digit sequence by subtracting the constant 8,999 from each purchase order number. This
would yield purchase orders numbered 0001 through 5,000.
If the above adjustments are made, when using unrestricted random selection, identifying random
numbers between 0001 and 5,000 would provide you with the item selected. If you are concerned
about discarding random numbers 5,001 through 9,999, you could create a duplicate set of
purchase order numbers by adding the constant 5,000 to each number. As a result, item 1 would
have two random numbers: 0001 and 5,001. However, you should be certain not to select the same
item using two different random numbers.
With respect to systematic random selection, you would choose a random starting point, calculate
the sampling interval, and proceed through the population of purchase orders. However, you
would not create a duplicate set of purchase orders; when you reached the end of the population,
you merely begin applying the sampling interval to the beginning of the population until the
desired number of items is selected.
c.
In this case, the challenge is the sheer magnitude of the listing and the time it would take to select
the sample. You can think of this listing as containing a total of 3,750 records [(74 pages x 50
items = 3,700) + 40 items on last page = 3,740 items].
If unrestricted random selection is used, you would identify random numbers corresponding to
items 0001 through 3,740. While this is relatively straightforward, the physical act of moving
through the population is quire time consuming. If you are concerned about discarding random
numbers 3,741 through 9,999, you could create a duplicate set of purchase order numbers by
adding the constant 3,741 to each number. As a result, item 1 would have two random numbers:
0001 and 3,742. However, you should be certain not to select the same item using two different
random numbers.
If systematic random selection is used, you would choose a random starting point, calculate the
sampling interval, and proceed through the perpetual inventory records. Depending upon the
sample size, you may be able to bypass entire pages of the perpetual inventory records.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 331
© The McGraw-Hill Companies, Inc., 2005
F.46
Sample Selection
Based on the document numbers on the vendor invoices, a total of 25,327 invoices (#38121 –
#12794 = 25327) were issued during the year.
(1)
Janice would select either 50, 100, or 500 random numbers from a random number table or
computer program and match those numbers to items in the population. For ease of selection, a
computer program could be requested to generate the desired number of random numbers between
12,794 and 38,121.
(2)
Janice would select a random starting point (a number somewhere between 12,794 and 38,121)
and bypass a fixed number of items based on the sampling interval, as follows:
Sample size of 50:
Sample size of 100:
Sample size of 500:
F.47
25,327  50 items = 507 items
25,327  100 items = 254 items
25,327  500 items = 51 items
Sample Size Determination
a.
Using the sample size tables for a 5 percent risk of assessing control risk too low, 3 percent
expected deviation rate, and 9 percent tolerable deviation rate results in a sample size of 84 items.
b.
The risk of assessing control risk too low would be determined judgmentally by Landry based on
the desired level of control risk (as the desired level of control risk is lower, the risk of assessing
control risk too low should be established at lower levels).
The expected deviation rate is established based on prior years’ audits (for recurring engagements)
or a pilot sample of controls (for first-year engagements).
The tolerable deviation rate is established based on the desired level of control risk (as the desired
level of control risk is lower, the tolerable deviation rate should be established at lower levels).
c.
The revised sample size is 58 items.
d.
Because the desired level of sampling risk has increased, Landry’s sample does not need to be as
effective as when sampling risk is lower (the original level of 5 percent). As a result, Landry can
examine a smaller sample.
McGraw-Hill/Irwin
332
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.48
Sample Size Determination
a.
b.
c.
d.
Sample size = 42
Sample size = 129
Sample size = 195
Sample size = 32
Comparing the necessary sample sizes in (a) and (b), the only difference in sample size is related to an
increase in the expected deviation rate from 0 percent in (a) to 3 percent in (b). As a result, the increase in
sample size from 42 to 129 indicates that the expected deviation rate has a direct relationship with sample
size.
Comparing the necessary sample sizes in (b) and (c), the only difference in sample size is related to a
decrease in the tolerable deviation rate from 7 percent in (b) to 6 percent in (c). As a result, the increase in
sample size from 129 to 195 indicates that the tolerable deviation rate has an inverse relationship with
sample size.
Comparing the necessary sample sizes in (a) and (d), the only difference in sample size is related to an
increase in the risk of assessing control risk too low from 5 percent in (a) to 10 percent in (d). As a result,
the decrease in sample size from 42 to 32 indicates that the risk of assessing control risk too low has an
inverse relationship with sample size.
F.49
Sample Size Determination
a.
b.
c.
d.
Sample size = 156
Sample size = 192
Sample size = 103
Sample size = 132
Comparing the necessary sample sizes in (a) and (b), the only difference in sample size is related to an
increase in the expected deviation rate from 1 percent in (a) to 1.5 percent in (b). As a result, the increase in
sample size from 156 to 192 indicates that the expected deviation rate has a direct relationship with sample
size.
Comparing the necessary sample sizes in (b) and (c), the only difference in sample size is related to an
increase in the tolerable deviation rate from 4 percent in (b) to 6 percent in (c). As a result, the decrease in
sample size from 192 to 103 indicates that the tolerable deviation rate has an inverse relationship with
sample size.
Comparing the necessary sample sizes in (b) and (d), the only difference in sample size is related to an
increase in the risk of assessing control risk too low from 5 percent in (b) to 10 percent in (d). As a result,
the decrease in sample size from 192 to 132 indicates that the risk of assessing control risk too low has an
inverse relationship with sample size.
F.50
Sample Size Determination
a.
b.
c.
d.
66
9 percent
3.25 percent
5 percent
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 333
© The McGraw-Hill Companies, Inc., 2005
F.51
Sample Results Evaluation
a.
Sample Deviation Rate = No. of Deviations  Sample Size
Sample Deviation Rate = 3  60 = 0.05 or 5 percent
b.
Using the sample evaluation table, the computed upper limit is 12.5 percent
Allowance for Sampling Risk = Computed Upper Limit - Sample Deviation Rate
Allowance for Sampling Risk = 12.5 percent - 5 percent = 7.5 percent
F.52
c.
The computed upper limit considers the likelihood that the sample selected by the auditor may
underrepresent the deviation rate in the population. The computed upper limit provides a
conservative measure of the sample deviation rate to control the auditor’s exposure to sampling
risk to desired levels.
d.
Because the computed upper limit (12.5 percent) exceeds the tolerable deviation rate (6 percent),
Joan would conclude that the control is not functioning effectively. At this point, she could either
reduce her planned level of reliance on internal control or expand the sample to examine a larger
number of controls.
e.
Using the sample evaluation table for a 10 percent risk of assessing control risk too low yields a
computed upper limit of 10.8 percent; while lower than the computed upper limit determined for a
5 percent risk of assessing control risk too low (12.5 percent), this computed upper limit still
exceeds the tolerable deviation rate of 6 percent. As a result, Joan would still conclude that the
control is not functioning effectively.
Sample Results Evaluation
a.
(1)
(2)
(3)
Sample deviation rate = 4  60 = 6.7 percent
CUL = 14.7 percent
Allowance for sampling risk = 14.7 percent – 6.7 percent = 8.0 percent
b.
(1)
(2)
(3)
Sample deviation rate = 6  60 = 10 percent
CUL = 18.8 percent
Allowance for sampling risk = 18.8 percent – 10 percent = 8.8 percent
c.
(1)
(2)
(3)
Sample deviation rate = 6  60 = 10 percent
CUL = 16.9 percent
Allowance for sampling risk = 16.9 percent – 10 percent = 6.9 percent
Comparing the CUL in (a) and (b), the only difference in the CUL is related to an increase in the number of
deviations from 4 in (a) to 6 in (b). As a result, the increase in CUL from 14.7 percent to 18.8 percent
indicates that the number of deviations (and sample deviation rate) has a direct relationship with the CUL.
Comparing the CUL in (b) and (c), the only difference in the CUL is related to an increase in the risk of
assessing control risk too low from 5 percent in (b) to 10 percent in (c). As a result, the decrease in the
CUL from 18.8 percent to 16.9 percent indicates that the risk of assessing control risk too low has an
inverse relationship with the CUL.
McGraw-Hill/Irwin
334
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.53
Sample Results Evaluation
a.
(1)
(2)
(3)
Sample deviation rate = 8  100 = 8.0 percent
CUL = 14.0 percent
Allowance for sampling risk = 14.0 percent – 8.0 percent = 6.0 percent
b.
(1)
(2)
(3)
Sample deviation rate = 4  100 = 4.0 percent
CUL = 9.0 percent
Allowance for sampling risk = 9.0 percent – 4.0 percent = 5.0 percent
c.
(1)
(2)
(3)
Sample deviation rate = 8  100 = 8.0 percent
CUL = 12.7 percent
Allowance for sampling risk = 12.7 percent – 8.0 percent = 4.7 percent
Comparing the CUL in (a) and (b), the only difference in the CUL is related to a decrease in the number of
deviations from 8 in (a) to 4 in (b). As a result, the decrease in CUL from 14.0 percent to 9.0 percent
indicates that the number of deviations (and sample deviation rate) has a direct relationship with the CUL.
Comparing the CUL in (a) and (c), the only difference in the CUL is related to an increase in the risk of
assessing control risk too low from 5 percent in (a) to 10 percent in (c). As a result, the decrease in the CUL
from 14.0 percent to 12.7 percent indicates that the risk of assessing control risk too low has an inverse
relationship with the CUL.
F.54
Sample Results Evaluation
a.
Sample deviation rate = 2  30 = 0.0667 or 6.7 percent
b.
Computed upper limit = 19.6 percent
c.
Allowance for sampling risk = 19.6 percent – 6.7 percent = 12.9 percent
d.
Using 4 deviations, a risk of assessing control risk too low of 5 percent, and a computed upper
limit of 12.6 percent yields a sample size of 70.
e.
Sample deviation rate = 4  70 (see (d) above) = 0.057 or 5.7 percent
f.
Allowance for sampling risk = 12.6 percent – 5.7 percent = 6.9 percent
g.
No. of deviations = 200 x 0.025 = 5
h.
Computed upper limit = 4.6 percent
i.
Sample deviation rate = 2  50 = 4 percent
j.
[Note: The student must complete (k) prior to completing (j)] Reviewing the sample evaluation
tables for 2 deviations, a sample size of 50, and a computed upper limit of 12.1% reveals a risk of
assessing control risk too low of 5 percent.
k.
Computed upper limit = 8.1 percent + 4 percent = 12.1 percent
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 335
© The McGraw-Hill Companies, Inc., 2005
F.55
Sample Results Evaluation
This case is one of Robert Ashton’s behavioral decision cases (Accounting Review, January, 1984, pp. 7897). He gives credit to W. Uecker and W. Kinney, “Judgment Evaluation of Sample Results: A Study of the
Type and Severity of Errors Made by Practicing CPAs,” Accounting, Organizations and Society, Vol. 2,
No. 3 (1977), pp. 269-75. The “answer” below is taken from Ashton’s study (with modifications).
NOTE TO INSTRUCTOR: Take a look at this answer. You may want to get the students to discuss Cases 1,
2, and 3 first, then give them a chance to think about Cases 4 and 5. See if they can be fooled to change
their minds to choose the larger samples for Cases 4 and 5, then discuss them.
In this exercise, information about the sample size and sample deviation rates is available for each pair of
outcomes. While sample size is independent of population parameters, sample deviation rate is
representative of the population characteristic of interest (i.e., the population deviation rate). Use of the
representativeness heuristic could cause one to ignore the size of the sample, and to base choices solely on
the sample deviation rate. Thus one might choose Sample A in Case 1 and Sample B in Case 2 and 3,
because their sample deviation rates are lower.
The AICPA sample evaluation tables show, however, that none of these three sample outcomes provides
adequate assurance that the population deviation rate is below 5 percent. The other sample outcome
(Sample B in Case 1 and Sample A in Case 2 and 3) does provide the desired assurance at a 95 percent
confidence level (5 percent risk of assessing control risk too low). Thus reliance on the representativeness
of the sample outcomes could lead one to choose the weaker evidence in these cases.
Notice that the correct choice in Cases 1, 2, and 3 is the larger sample. It might be tempting to conclude
that this will always be true (that is, larger samples are always superior to smaller samples). But this
simplification will not always work either. Consider Cases 4 and 5. The correct answers are the smaller
samples (although neither sample provides desired assurance in Case 5). Interestingly, use of the
representativeness heuristic (i.e., focusing on the smaller deviation rates) would lead to the correct choices
in these two instances, but would result in incorrect choices in the first three pairs of sample outcomes.
This illustrates that while use of simplifying heuristics can lead to good decisions, it can also lead the
decision maker into making sub optimal decisions.
McGraw-Hill/Irwin
336
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.56
Evaluating a Sampling Application
Mistake
Explanation
1.
The statistical criteria call for a sample of 181,
not 100.
1.
Tom Barton apparently did not utilize
AICPA sampling tables in determining
sample size or misread the AICPA sampling
tables.
2.
Tom Barton used two test months for his
selection of sample items.
2.
A selection of two months does not make the
sample representative of the year’s
population; checks should be examined for
selections from months throughout the year.
3.
Tom Barton did not define the deviation
conditions carefully before beginning his
sampling application.
3.
Tom subsequently decided that the two
deviations he found were not control
deviations.
4.
Tom Barton did not follow up sufficiently on
the deviations he found.
4.
The pay rate mistake has dollar-value impact
that Tom made no effort to recognize (i.e.,
liability for underpayment of wages).
5.
Tom Barton improperly combined a stratified
sample into a single evaluation.
5.
When stratification is done properly, the two
samples should be evaluated independently.
6.
The reviewers (senior and partner) were not
competent to review the statistical application.
6.
This is not Tom’s mistake, but it is
worthwhile to point out that competence is as
necessary at the review level as it is at the
performance level.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 337
© The McGraw-Hill Companies, Inc., 2005
F.57
Comprehensive Attribute Sampling
a.
The risk of assessing control risk too low would be determined judgmentally by Dodge based on
the desired level of control risk (as the desired level of control risk is lower, the risk of assessing
control risk too low should be established at lower levels).
The expected deviation rate is established by Dodge based on prior years’ audits (for recurring
engagements) or a pilot sample of controls (for first-year engagements).
The tolerable deviation rate is established by Dodge based on the desired level of control risk (as
the desired level of control risk is lower, the tolerable deviation rate should be established at lower
levels).
F.58
b.
If Dodge wishes to place additional reliance on this control, she would reduce the risk of assessing
control risk too low and the tolerable deviation rate. Dodge’s decision to place additional reliance
on the control would not influence the level of the expected deviation rate.
c.
Using the AICPA sample size tables, the necessary sample size corresponding to a risk of
assessing control risk too low of 5 percent, an expected deviation rate of 2.75 percent, and a
tolerable deviation rate of 7 percent would be 109 items.
d.
Sample deviation rate = No. of deviations  Sample size
Sample deviation rate = 4  109 = 0.037 or 3.7 percent (rounded)
e.
Using a 5 percent risk of assessing control risk too low, 4 deviations, and a sample size of 100 (the
next highest sample size on the table), the computed upper limit is 9.0 percent.
f.
Because the computed upper limit (9.0 percent) exceeds the tolerable deviation rate (7.0 percent),
Dodge would not be able to conclude that the control is functioning effectively. She would either
reduce her reliance on internal control (increase the assessed level of control risk) or select
additional items and reevaluate the results of her tests of controls.
Comprehensive Attribute Sampling
a.
A deviation would be defined as a situation in which the receiving reports do not have an
indication that they have been verified by Rock’s receiving personnel (this indication is in the
form of marks adjacent to the quantities verified and a signature on the receiving report).
b.
The population would be defined as all receiving reports prepared during the year (or period)
under audit. The completeness of the population would be verified by identifying the document
numbers corresponding to the first and last receiving reports prepared by Rock’s personnel during
the year (or period) under audit.
c.
Using the AICPA sample size tables, the necessary sample size corresponding to a risk of
assessing control risk too low of 5 percent, an expected deviation rate of 1.5 percent, and a
tolerable deviation rate of 4 percent would be 192 items.
McGraw-Hill/Irwin
338
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.58
Comprehensive Attribute Sampling (Continued)
d.
Rock’s electronic listing can be used to select items for examination using the following selection
methods:
1.
Unrestricted random selection: Alicia could use computer programs to identify 192
random numbers that correspond to receiving reports and select the related reports.
2.
Systematic random selection: Alicia could use computer programs to randomly select a
starting point in the population and select every nth (corresponding to the sampling
interval) receiving report in the population.
3.
Haphazard selection: Alicia could nonsystematically select receiving reports from the
electronic listing without any rationale for including or excluding various receiving
reports.
4.
Block selection: Alicia could use computer programs to reorganize the electronic listing
to select receiving reports prepared by certain individuals, for certain types of vendors, or
during certain dates.
The primary precaution that should be taken by Alicia is to be sure that the electronic listing is
randomly arranged, particularly if systematic random selection is utilized.
e.
1.
Sample deviation rate = 2  100 = 2.0 percent
Computed upper limit = 6.2 percent
Allowance for sampling risk = 6.2 percent – 2.0 percent = 4.2 percent
Because the computed upper limit (6.2 percent) exceeds the tolerable deviation rate (4
percent), Alicia could not rely on the internal control as planned and would need to
reduce her reliance on internal control or expand her sample to examine additional
items.
2.
Sample deviation rate = 4  100 = 4.0 percent
Computed upper limit = 9.0 percent
Allowance for sampling risk = 9.0 percent – 4.0 percent = 5.0 percent
Because the computed upper limit (9.0 percent) exceeds the tolerable deviation rate (4
percent), Alicia could not rely on the internal control as planned and would need to
reduce her reliance on internal control or expand her sample to examine additional
items.
3.
Sample deviation rate = 10  100 = 10.0 percent
Computed upper limit = 16.4 percent
Allowance for sampling risk = 16.4 percent – 10.0 percent = 6.4 percent
Because the computed upper limit (16.4 percent) exceeds the tolerable deviation rate (4
percent), Alicia could not rely on the internal control as planned and would need to
reduce her reliance on internal control or expand her sample to examine additional
items.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 339
© The McGraw-Hill Companies, Inc., 2005
F.58
Comprehensive Attribute Sampling (Continued)
f.
Increasing the risk of assessing control risk too low from 5 percent to 10 percent would affect both
the sample size selected for examination (by decreasing the sample size) and the calculation of the
computed upper limit used to evaluate the sample (by decreasing the computed upper limit).
The advantages of increasing the risk of assessing control risk too low is that Alicia would
examine a smaller sample and would have a higher likelihood (all other factors held constant) of
obtaining results that would allow her to rely on Rock’s internal control. The primary
disadvantage is that Alicia would increase the likelihood that she is inappropriately relying on
Rock’s internal control and, ultimately, failing to control audit risk at the desired level.
F.59
Comprehensive Attribute Sampling
a.
The appropriate population would be all receiving reports evidencing goods received by Jason’s
Inc.
b.
The electronic database will include evidence of all receiving reports during the year and can be
used as a sampling frame from which William Tortorice can draw his sample.
c.
Using AICPA sample size tables, the appropriate sample size for a risk of assessing control risk
too low of 5 percent, a tolerable deviation rate of 10 percent, and an expected deviation rate of 2
percent would be 46 receiving reports.
d.
(1)
Unrestricted random selection: William can select 46 random numbers that represent
receiving report numbers prepared during the year and identify the related receiving
reports.
(2)
Systematic selection: William can determine a sampling interval by dividing the number
of receiving reports in the population by the desired sample size (146). A random starting
point would be selected from within the population and every nth receiving report
(corresponding to the sampling interval) thereafter would be selected for examination.
(3)
Haphazard selection: William can select 46 receiving reports without any specific
rationale for including or excluding receiving reports.
(4)
Block selection: William can select receiving reports prepared from March 1 through
March 4 (coincidentally, a total of 46 receiving reports were prepared during these four
days).
(1)
Sample deviation rate = 0  50 = 0.0 percent
Computed upper limit = 5.9 percent
Allowance for sampling risk = 5.9 percent – 0.0 percent = 5.9 percent
(2)
Sample deviation rate = 1  50 = 2.0 percent
Computed upper limit = 9.2 percent
Allowance for sampling risk = 9.2 percent – 2.0 percent = 7.2 percent
(3)
Sample deviation rate = 3  50 = 6.0 percent
Computed upper limit = 14.8 percent
Allowance for sampling risk = 14.8 percent – 6.0 percent = 8.8 percent
e.
McGraw-Hill/Irwin
340
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.59
Comprehensive Attribute Sampling (Continued)
f.
(1)
Comparing the computed upper limit of 5.9 percent to the tolerable deviation rate of 10
percent, it appears that William can choose to rely on internal control as planned.
Examining the matrix, it appears that William could reduce the assessed level of control
risk to 0.30 without any further testing, since the tolerable deviation rate associated with
this level of control risk is 6 percent. William may even consider a further reduction in
control risk lower than 0.30, if the benefits of doing so exceed the costs of additional tests
of controls. However, reductions in control risk beyond the planned level typically
require very strong levels of evidence.
(2)
Comparing the computed upper limit of 9.2 percent to the tolerable deviation rate of 10
percent, it appears that William can choose to rely on internal control as planned.
Examining the matrix, to achieve a further reduction of control risk to 0.40, William
would need to achieve a computed upper limit below 8 percent (the tolerable deviation
rate associated with a control risk of 0.40). From the AICPA sample evaluation table, if a
total of 60 items were examined with one deviation detected, the computed upper limit is
7.7 percent. Therefore, William would need to examine an additional 10 items and find
no deviations to support a control risk assessment of 0.40. However, reductions in control
risk beyond the planned level typically require very strong levels of evidence.
(3)
Comparing the computed upper limit of 14.8 percent to the tolerable deviation rate of 10
percent, it appears that William cannot choose to rely on internal control as planned.
Based on the achieved computed upper limit, William could increase the assessment of
control risk to 0.80 (which is associated with a tolerable deviation rate of 16 percent).
Alternatively, to support a control risk assessment of 0.50 (which is associated with a
tolerable deviation rate of 10 percent), William would need to expand his sample. From
the AICPA sample evaluation table, if a total of 80 items were examined with three
deviations detected, the computed upper limit is 9.5 percent. Therefore, William would
need to examine an additional 30 items and find no deviations to support a control risk
assessment of 0.50.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 341
© The McGraw-Hill Companies, Inc., 2005
F.59
Comprehensive Attribute Sampling (Continued)
g.
(1)
As noted in (f) above, William’s evidence currently supports a reduction in control risk to
0.30. To obtain a reduction to 0.20, the AICPA sample evaluation tables note that the
computed upper limit for a sample size of 80 items and zero deviations is 3.7 percent,
which is below the necessary tolerable deviation rate of 4 percent. The costs and benefits
of this strategy are as follows:
Costs of additional tests of controls ([80 – 50] x $7) .................
Savings in substantive tests (20 items x $10) ............................
Net additional costs (savings) ....................................................
$210
(200)
$ 10
As a result, it appears that William would choose to maintain a level of control risk of
0.30.
(2)
As noted in (f) above, William’s evidence currently supports a control risk of 0.50 and
that examining an additional 10 items would permit him to reduce control risk to 0.40,
assuming that no deviations were noted. The costs and benefits of this strategy are as
follows:
Costs of additional tests of controls ([60 – 50] x $7) .................
Savings in substantive tests (20 items x $10) ............................
Net additional costs (savings) ....................................................
$ 70
(200)
$(130)
As a result, it appears that William would choose to expand his sample and attempt to
obtain evidence to permit a reduction in control risk to 0.40. However, recall that
reductions in control risk beyond the planned level typically require very strong levels of
evidence.
(3)
As noted in (f) above, William’s evidence currently supports a control risk of 0.80 and
that examining an additional 30 items would permit him to assess control risk at the
originally planned level of 0.50, assuming that no deviations were noted. The costs and
benefits of this strategy are as follows:
Costs of additional tests of controls ([80 – 50] x $7) .................
Savings in substantive tests ([20 items x 3) x $10) ....................
Net additional costs (savings) ....................................................
$ 210
(600)
$(390)
Note: The savings in substantive procedures are multiplied by a factor of 3 because
William is attempting to reduce control risk by 0.30 and each 0.10 reduction in control
risk results in a savings of 20 items.
As a result, it appears that William would choose to expand his sample and attempt to
obtain evidence to permit a reduction in control risk to 0.50.
McGraw-Hill/Irwin
342
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.60
General Attribute Sampling Simulation
a.
Joe’s statement is not correct. Generally accepted auditing standards permit the use of either
statistical sampling or nonstatistical sampling (AU 350.04).
b.
Joe’s statement is not correct. Control risk should be determined prior to the determination of
detection risk. In fact, the level of detection risk will be dependent upon the assessed level of
control risk (AU 312.32, AU 319.03, AU 319.05).
c.
Joe’s statement is correct. The risk of assessing control risk too low relates to the effectiveness of
an audit. If control risk is assessed at inappropriately low levels, the extent of substantive
procedures will not be sufficient to control audit risk to desired levels (AU 350.14).
d.
Joe’s statement is not correct. While segregation of duties is an important control, sampling is
generally not appropriate for controls that do not provide documentary evidence (such as
segregation of duties) (AU 350.32).
e.
Joe’s statement is correct. As the degree of assurance required by a control increases, the
necessary tolerable deviation rate should be lower (AU 350.34).
f.
Joe’s statement is not correct. Joe needs to consider the sampling risk that may be present in this
situation (AU 350.41).
g.
Joe’s statement is not correct. While all deviations do have the same effect on the computed upper
limit, it is important for auditors to consider qualitative aspects of deviations, such as (1) whether
deviations are intentional or unintentional and (2) the possible relationship of the deviation to
other phases of the audit (AU 350.42).
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 343
© The McGraw-Hill Companies, Inc., 2005
F.61
Comprehensive Attribute Sampling Simulation
a.
Control risk is the risk that a material misstatement that could occur in an assertion will not be
prevented or detected on a timely basis by the entity’s internal control (AU 312.27).
John would assess control risk at the maximum level when (1) controls are unlikely to pertain to
an assertion, (2) controls are unlikely to be effective, or (3) evaluating the effectiveness of controls
would be inefficient (AU 319.04).
John would assess control risk at less than the maximum level when controls pertain to an
assertion, controls are likely to be effective, and doing so would be more efficient than performing
only substantive procedures (AU 319.03).
b.
The three objectives of internal control are financial reporting, operations, and compliance. The
five components of internal control are the control environment, risk assessment, control activities,
information and communications, and monitoring (AU 319.07- AU 319.08).
The combination of objectives and components that is most closely related to attribute sampling
are the control activities related to the financial reporting objective, since this objective relates to
the fairness of the company’s financial statements (AU 319.10).
c.
The two broad types of sampling risk related to attribute sampling are (AU 319.12):
The risk of assessing control risk too low is the likelihood that the auditor’s sample provides
evidence that the client’s controls are functioning effectively when the population would indicate
they are not functioning effectively.
The risk of assessing control risk too high is the risk that the auditor’s sample provides evidence
that the client’s controls are not functioning effectively when the population would indicate that
they are functioning effectively.
The risk of assessing control risk too low exposes John to effectiveness losses, in terms of
impacting his ability to detect material misstatements. The risk of assessing control risk too high
exposes John to efficiency losses, through performing additional substantive procedures (AU
350.13 – AU 350.14).
d.
John should consider (1) the relationship of the sample to the objective of the tests of controls, (2)
the maximum rate of deviations from prescribed controls that would support his planned assessed
level of control risk (tolerable deviation rate), (3) the allowable risk of assessing control risk too
low, and (4) characteristics of the population (AU 350.31).
e.
The tolerable deviation rate is the maximum rate of deviations from the prescribed control that the
auditor would be willing to accept without altering his planned assessed level of control risk (AU
350.34).
In assessing the appropriate level of the tolerable deviation rate, John should consider the level of
control risk and the degree of assurance desired by the evidential matter in the sample (AU
350.34).
f.
In establishing the desired level of sampling risk, John should consider the degree of assurance
desired from his tests of controls. As the degree of assurance desired from his tests of controls is
higher, John would assess sampling risk at lower levels (AU 350.37).
McGraw-Hill/Irwin
344
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
F.61
Comprehensive Attribute Sampling Simulation (Continued)
g.
If John cannot locate an item for examination, he should consider the reasons for this limitation
and ordinarily consider these items to be deviations (AU 350.40).
h.
John should consider whether additional evidence to support a further reduction in control risk is
likely to be available and whether it would be efficient to perform tests of controls to obtain that
evidence (AU 319.87).
.
McGraw-Hill/Irwin
Auditing and Assurance Services, Louwers et al., 1/e 345
© The McGraw-Hill Companies, Inc., 2005
McGraw-Hill/Irwin
346
© The McGraw-Hill Companies, Inc., 2005
Instructor’s Manual/Solutions Manual
Download