CHAPTER 8 AUDIT SAMPLING: AN OVERVIEW AND APPLICATION TO TESTS OF CONTROLS Answers to Review Questions 8-1 Audit sampling is the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. The justification for accepting some uncertainty from sampling is due to the trade-off between the cost to examine all of the data and the cost of making an incorrect decision based on a sample of the data. 8-2 Audit evidence choices that do not involve audit sampling include: Inquiry and observation. Analytical procedures. Procedures applied to every item in the population. Classes of transactions or account balances not tested. Tests of automated information technology controls. 8-3 Type I and Type II errors are the two types of decision errors an auditor can make when deciding that sample evidence supports or does not support a test of controls or a substantive test based on a sampling application. In reference to a test of controls, SAS No. 39 refers to Type I and Type II errors as follows: Risk of assessing control risk too high (Type I or alpha): the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control. Risk of assessing control risk too low (Type II or beta): the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control. In reference to substantive tests, SAS No. 39 refers to Type I and Type II errors as follows: Risk of incorrect rejection (Type I or alpha): the risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated. Risk of incorrect acceptance (Type II or beta): the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when it is materially misstated. 1 The risk of assessing control risk too high and the risk of incorrect rejection relate to the efficiency of the audit because such errors can result in the auditor's conducting more audit work than necessary in order to reach the correct conclusion. The risk of assessing control risk too low and the risk of incorrect acceptance relate to the effectiveness of the audit because such errors can result in the auditor failing to detect a material misstatement in the financial statements. This can lead to litigation against the auditor by the parties who relied on the financial statements. 8-4 Nonstatistical sampling is an approach in which the auditor considers sampling risk when evaluating the results of an audit sample without using statistical theory to measure sampling risk. Statistical sampling, on the other hand, uses the laws of probability to select and evaluate the results of an audit sample, thereby permitting the auditor to quantify the sampling risk for the purpose of reaching a conclusion about the population. The major advantages of a statistical sampling application are that it helps the auditor (1) design an efficient sample, (2) measure the sufficiency of evidence obtained, and (3) quantify sampling risk. The disadvantages of statistical sampling include the additional costs of (1) training auditors in the proper use of sampling techniques and (2) the added complexity of designing and conducting the sampling application. 8-5 Attribute sampling is used to estimate the proportion of a population that possesses a specified characteristic. For tests of controls, the auditor wants to measure the deviation rate to determine whether the control procedure can be relied upon to properly process accounting transactions and therefore support the auditor's assessed level of control risk. 8-6 Once the population has been defined, the auditor must determine (1) that the physical representation of the population is complete, (2) the period to be covered by the test, and (3) whether to conduct additional tests in the remaining period. 8-7 The four factors that enter into the sample size decision and their relationship with sample size are: Factor Relationship to Sample Size The acceptable risk of assessing control risk too low Inverse The tolerable deviation rate Inverse The expected population deviation rate Direct The population size Increases sample size only when population size is small (<5,000 items) 2 8-8 In conducting the audit procedures for tests of controls, the auditor may encounter voided documents, inapplicable documents, or missing documents. Each of these situations should be handled in the following manner for an attribute-sampling application: Voided documents: If the transaction has been properly voided, it does not represent a deviation. The item should be replaced with a new sample item. Unused or inapplicable documents: Sometimes a selected item is not appropriate for the definition of the control. In such a case, the item is not a deviation and the auditor would simply replace the item with another purchase transaction. Missing documents: If the auditor is unable to examine a document or use an alternative procedure to test whether the control was adequately performed, the sample item is a deviation for purposes of evaluating the sample results. 8-9 The auditor's purposes in evaluating the qualitative aspects of deviations in performing error analysis involves considering (1) the nature of the deviations and their causes and (2) how these deviations may impact the other phases of the audit. 8-10 The AICPA Audit Procedures Study Audit Sampling provides the following advice for considering sampling risk in a nonstatistical test of controls ...it is generally appropriate for the auditor to assume that the sample results do not support the planned assessed level of control risk if the rate of deviation identified in the sample exceeds the expected population deviation rate used in designing the sample. In that case there is likely to be an unacceptably high risk that the true deviation rate in the population exceeds the tolerable rate. If the auditor concludes that there is an unacceptably high risk that the true population deviation rate could exceed the tolerable rate, it might be practical to expand the test to sufficient additional items to reduce the risk to an unacceptable level. Rather than testing additional items, however, it is generally more efficient to increase the auditor's assessed level of control risk because the results of the sample would generally support a higher level of control risk. Answers to Multiple-Choice Questions 8-11 8-12 8-13 8-14 8-15 C A A C A 8-16 8-17 8-18 8-19 8-20 B B D D C 3