Risk Based Audit Approach Session 6.1 This session will cover the following important points: invoice, or any other constituent of the accounting population, which has some real or physical significance. Attribute sampling is directed towards estimating the proportion of the population that either has or does not have a particular attribute. For example, either the payment has been authorised or not; either the debt is overdue or it is not. In both cases, there are only two possible outcomes for each sample item: yes or no, compliance or exception/error, right or wrong. Attribute sampling is concerned with the rates of occurrence and therefore, from an auditor’s point of view, with error rates. (b) Exception/error: Attribute Sampling Session Overview The previous session was devoted to discussions on the basic concepts of audit sampling and the sampling considerations generally. This session will focus on one of the two main sampling for compliance plans, viz., attribute sampling and its application in control procedures. Relevance of attribute sampling to control procedures; and Stages involved in attribute sampling -Determining the sample size -Selection of sample for performing control procedures Evaluation of sample results This session will only provide a broad overview of attribute sampling and does not cover complex attribute sampling problems for which books have to be referred. An exception/error is a condition observed in a particular sample item, which provides evidence of a departure from a key control procedure on which the auditor had wished to place reliance. For example, if the payroll is not prepared according to the guideline prescribed by the management, it is an exception/error if the auditor had decided to derive assurance from the preparation of payroll according to the guidelines. Learning Objectives (c) Expected occurrence rate: At the end of the session, you would be in a position to apply attribute sampling for control procedures, to the extent that they are correct and keeping in mind the relevance of attribute sampling for control procedures. Expected occurrence rate is the rate of exception/errors which the auditor expects in the sample. This is decided based on past experience. This may be stated in terms of a number or a percentage. (d) Tolerable error: Basic Concepts Some of the basic concepts discussed in this session are explained briefly below: (a) Attribute sampling: Attribute sampling is defined as a sampling plan in which the sampling unit is defined as an account balance, a purchase invoice, a line item on a sales Note 6.1 RTI, JAIPUR 1 Tolerable error (TE) is the maximum percentage of exception/errors which the auditor is willing to accept and still conclude that the expected assurance from the control is warranted. For example, the auditor may decide that TE will be 3% for overtime payments made to bus drivers without supporting time card. This means that if the maximum possible error computed on the basis of actual results of Risk Based Audit Approach Session 6.1 sample, exceeds 3%, then the auditor may decide that the assurance expected by him from the control procedure is not warranted. Control procedures and attribute sampling Control procedure is a testing conducted to evaluate internal controls. The objective of control procedures is not to search for monetary errors, but to search for exception/errors, in order to evaluate the effectiveness of internal controls. If the number of exceptions/errors found, equals or is less than the number of deviations allowed for, then the auditor can conclude that the level of assurance planned from the internal control is warranted. Thus the result of the control procedures will be either that the control is working or not working, ie., the test result can be expressed in the form of clearly distinct attribute (compliance or non-compliance). While defining attribute sampling earlier, we had mentioned that it is directed towards estimating the proportion of population, which either has or does not have an attribute. Hence it is used to determine if controls are working effectively or not. Stages involved in attribute sampling The stages involved in attribute sampling are: (a) Determining the sample size (b) Selecting the sample for evaluating internal control and (d) Evaluating the test results. In this session, we will also in brief be discussing internal control procedures and for this we will use Handout 6.1.2 it will be seen that it relates to general auditing skills rather than sampling skills. The other stages are explained in detail below: Note 6.1 RTI, JAIPUR 2 (a) Determining the sample size: Determining the sample size is a decision, which is to be taken at the audit planning stage. However, the technique of computing sample size was not discussed in that session, as it requires basic knowledge of statistical sampling. The procedure to be followed for calculating the sample size is as follows: (i) Define the population on which you wish to draw conclusions, determine the controls on which you intend to rely and define what constitutes an exception/error. (ii) Determine the Tolerable error (TE). As explained earlier in the session, TE is the maximum deviation, which the auditor is willing to accept and still conclude that the assurance that he wishes to derive from the control procedure is warranted. This is computed based on the level of assurance the auditor intends to place on internal controls. Statistical tables provide the levels of assurance possible from a sample size with different error rates. (iii) Determine the expected occurrence rate, i.e., the rate of exception/errors, which the auditor expects in the sample. This is computed based on past experience. (iv) Select the statistical table (Appendix A) for the required assurance level. (v) Locate the tolerable error at the top of the table. (vi) Read down the table in that column to the line that contains the expected occurrence rate to obtain the sample size to use. As the session is meant only to provide a broad overview of attribute-sampling concepts like statistical table or the binomial equation for calculation of sample size is not explained in this session. Participants may refer to the books for further understanding of the subject. Risk Based Audit Approach Session 6.1 Selection of sample size is explained with an illustration below: Example An auditor is conducting file reviews of concession tickets issued to commuters, to determine whether eligibility criteria are being met. The auditor is willing to rely upon the system of ensuring eligibility criteria are met if the rate of payments to ineligible claimants does not exceed 4% at 90% confidence level. Past experience indicates that the error rate has been 2%. The sample size can be calculated using the statistical table as follows: Use the 90% confidence table (appendix a). Read down the 2% column until 4% is reached. From the table we find that when 4% is reached, the sample size is 198. The above procedure is explained with an illustration below: (b) Selecting the sample: In the earlier session four different methods of sample selection were explained. Any one of the above methods may be used for selecting the sample. If the haphazard method is used it should be ensured that there is no bias in the sample selection. (c) Evaluating sample results: Once the control procedures are performed, the test results should be evaluated to arrive at a conclusion on the effectiveness of the control procedure. The process for evaluating the test results is as explained below: (i) Select the statistical table (Appendix B) for the given assurance level. (ii) Locate the actual number of sample items in the far left column and read to the right. (iii) Locate the actual number of errors found column and read downward. (iv) Locate the intersection of steps (ii) and (iii). The result is the Computed Note 6.1 Tolerable error (CTE) in percent at the assurance level stated for the table. (v) Compare the CTE with the TE desired earlier. If the CTE is less than TE, then the auditor can conclude that the assurance that he wished to derive from the control procedure is warranted. On the other hand, if CTE is more than TE, then the assurance, which the auditor wished to derive from the control procedure, is not justified. In such a case the auditor can perform further control procedures to see whether assurance planned earlier is justified. As an alternative, he may also reduce the assurance from the control procedure and correspondingly increase the assurance from substantive tests, resulting in more substantive tests to be carried out. RTI, JAIPUR 3 Example Assume that in the earlier example the auditor found 2 ineligible claimants in the sample of 200. Then using the statistical table, the CTE can be computed as follows: (i) Find the intersection of the row containing sample size 200 and column containing actual number of errors found as 2. The figure 2.6% at the point of intersection is the CTE. (ii) The auditor can thus state that: - he is 90% confident that the true population error rate does not exceed 2.6%; or - there is a 10% statistical risk that the true population error rate exceeds 2.6%. (iii) In any event, since 2.6% is less than the auditor’s TE of 4%, reliance on the system of ensuring eligibility criteria are met is warranted. Risk Based Audit Approach Session 6.1 It is thus clear that attribute sampling is used both at the stage of planning the sample size as well as at the stage of evaluation of sample results when performing control procedures. Summary The important points discussed in the session are: • • • Definition of attribute sampling; Control procedures and relevance of attribute sampling for control procedures; and Steps involved in attribute sampling. Note 6.1 RTI, JAIPUR 4