Risk Based Audit Approach
Session 6.1
This session will cover the following
important points:
invoice, or any other constituent of the
accounting population, which has some
real or physical significance. Attribute
sampling is directed towards estimating
the proportion of the population that either
has or does not have a particular attribute.
For example, either the payment has been
authorised or not; either the debt is
overdue or it is not. In both cases, there are
only two possible outcomes for each
sample item: yes or no, compliance or
exception/error, right or wrong. Attribute
sampling is concerned with the rates of
occurrence and therefore, from an
auditor’s point of view, with error rates.

(b) Exception/error:
Attribute Sampling
Session Overview
The previous session was devoted to
discussions on the basic concepts of audit
sampling and the sampling considerations
generally. This session will focus on one
of the two main sampling for compliance
plans, viz., attribute sampling and its
application in control procedures.
Relevance of attribute sampling to
control procedures; and
 Stages involved in attribute sampling
-Determining the sample size
-Selection of sample for performing
control procedures
 Evaluation of sample results
This session will only provide a broad
overview of attribute sampling and does
not cover complex attribute sampling
problems for which books have to be
referred.
An exception/error is a condition observed
in a particular sample item, which provides
evidence of a departure from a key control
procedure on which the auditor had wished
to place reliance. For example, if the
payroll is not prepared according to the
guideline prescribed by the management, it
is an exception/error if the auditor had
decided to derive assurance from the
preparation of payroll according to the
guidelines.
Learning Objectives
(c) Expected occurrence rate:
At the end of the session, you would be in
a position to apply attribute sampling for
control procedures, to the extent that they
are correct and keeping in mind the
relevance of attribute sampling for control
procedures.
Expected occurrence rate is the rate of
exception/errors which the auditor expects
in the sample. This is decided based on
past experience. This may be stated in
terms of a number or a percentage.
(d) Tolerable error:
Basic Concepts
Some of the basic concepts discussed in
this session are explained briefly below:
(a) Attribute sampling:
Attribute sampling is defined as a
sampling plan in which the sampling unit
is defined as an account balance, a
purchase invoice, a line item on a sales
Note 6.1
RTI, JAIPUR
1
Tolerable error (TE) is the maximum
percentage of exception/errors which the
auditor is willing to accept and still
conclude that the expected assurance from
the control is warranted. For example, the
auditor may decide that TE will be 3% for
overtime payments made to bus drivers
without supporting time card. This means
that if the maximum possible error
computed on the basis of actual results of
Risk Based Audit Approach
Session 6.1
sample, exceeds 3%, then the auditor may
decide that the assurance expected by him
from the control procedure is not
warranted.
Control procedures and attribute
sampling
Control procedure is a testing conducted to
evaluate internal controls. The objective of
control procedures is not to search for
monetary errors, but to search for
exception/errors, in order to evaluate the
effectiveness of internal controls. If the
number of exceptions/errors found, equals
or is less than the number of deviations
allowed for, then the auditor can conclude
that the level of assurance planned from
the internal control is warranted. Thus the
result of the control procedures will be
either that the control is working or not
working, ie., the test result can be
expressed in the form of clearly distinct
attribute (compliance or non-compliance).
While defining attribute sampling earlier,
we had mentioned that it is directed
towards estimating the proportion of
population, which either has or does not
have an attribute. Hence it is used to
determine if controls are working
effectively or not.
Stages involved in attribute
sampling
The stages involved in attribute sampling
are:
(a) Determining the sample size
(b) Selecting the sample for evaluating
internal control and
(d) Evaluating the test results.
In this session, we will also in brief be
discussing internal control procedures and
for this we will use Handout 6.1.2 it will
be seen that it relates to general auditing
skills rather than sampling skills. The other
stages are explained in detail below:
Note 6.1
RTI, JAIPUR
2
(a) Determining the sample size:
Determining the sample size is a decision,
which is to be taken at the audit planning
stage. However, the technique of computing
sample size was not discussed in that
session, as it requires basic knowledge of
statistical sampling.
The procedure to be followed for
calculating the sample size is as follows:
(i) Define the population on which you
wish to draw conclusions, determine
the controls on which you intend to
rely and define what constitutes an
exception/error.
(ii) Determine the Tolerable error (TE).
As explained earlier in the session, TE
is the maximum deviation, which the
auditor is willing to accept and still
conclude that the assurance that he
wishes to derive from the control
procedure is warranted. This is
computed based on the level of
assurance the auditor intends to place
on internal controls. Statistical tables
provide the levels of assurance
possible from a sample size with
different error rates.
(iii) Determine the expected occurrence
rate, i.e., the rate of exception/errors,
which the auditor expects in the
sample. This is computed based on
past experience.
(iv) Select the statistical table (Appendix
A) for the required assurance level.
(v) Locate the tolerable error at the top
of the table.
(vi) Read down the table in that column to
the line that contains the expected
occurrence rate to obtain the sample
size to use.
As the session is meant only to provide a
broad overview of attribute-sampling
concepts like statistical table or the
binomial equation for calculation of
sample size is not explained in this
session. Participants may refer to the
books for further understanding of the
subject.
Risk Based Audit Approach
Session 6.1
Selection of sample size is explained with
an illustration below:
Example
An auditor is conducting file reviews of
concession tickets issued to commuters, to
determine whether eligibility criteria are
being met. The auditor is willing to rely
upon the system of ensuring eligibility
criteria are met if the rate of payments to
ineligible claimants does not exceed 4% at
90% confidence level. Past experience
indicates that the error rate has been 2%.
The sample size can be calculated using
the statistical table as follows:
Use the 90% confidence table (appendix
a). Read down the 2% column until 4% is
reached. From the table we find that when
4% is reached, the sample size is 198.
The above procedure is explained with an
illustration below:
(b) Selecting the sample:
In the earlier session four different
methods of sample selection were
explained. Any one of the above methods
may be used for selecting the sample. If
the haphazard method is used it should be
ensured that there is no bias in the sample
selection.
(c) Evaluating sample results:
Once the control procedures are
performed, the test results should be
evaluated to arrive at a conclusion on the
effectiveness of the control procedure. The
process for evaluating the test results is as
explained below:
(i)
Select the statistical table (Appendix
B) for the given assurance level.
(ii) Locate the actual number of sample
items in the far left column and read
to the right.
(iii) Locate the actual number of errors
found column and read downward.
(iv) Locate the intersection of steps (ii)
and (iii). The result is the Computed
Note 6.1
Tolerable error (CTE) in percent at
the assurance level stated for the
table.
(v) Compare the CTE with the TE desired
earlier. If the CTE is less than TE,
then the auditor can conclude that the
assurance that he wished to derive
from the control procedure is
warranted. On the other hand, if CTE
is more than TE, then the assurance,
which the auditor wished to derive
from the control procedure, is not
justified. In such a case the auditor
can
perform
further
control
procedures to see whether assurance
planned earlier is justified. As an
alternative, he may also reduce the
assurance from the control procedure
and correspondingly increase the
assurance from substantive tests,
resulting in more substantive tests to
be carried out.
RTI, JAIPUR
3
Example
Assume that in the earlier example the
auditor found 2 ineligible claimants in the
sample of 200. Then using the statistical
table, the CTE can be computed as
follows:
(i) Find the intersection of the row
containing sample size 200 and
column containing actual number of
errors found as 2. The figure 2.6% at
the point of intersection is the CTE.
(ii) The auditor can thus state that:
- he is 90% confident that the true
population error rate does not
exceed 2.6%; or
- there is a 10% statistical risk that
the true population error rate
exceeds 2.6%.
(iii) In any event, since 2.6% is less than
the auditor’s TE of 4%, reliance on
the system of ensuring eligibility
criteria are met is warranted.
Risk Based Audit Approach
Session 6.1
It is thus clear that attribute sampling is
used both at the stage of planning the
sample size as well as at the stage of
evaluation of sample results when
performing control procedures.
Summary
The important points discussed in the
session are:
•
•
•
Definition of attribute sampling;
Control procedures and relevance of
attribute
sampling
for
control
procedures; and
Steps involved in attribute sampling.
Note 6.1
RTI, JAIPUR
4