Sampling Strategies in Financial Statement Audits
advertisement
Presenting a live 110‐minute teleconference with interactive Q&A Sampling Strategies in Financial Statement Audits Devising a Sampling Methodology That Meets AICPA Standards and Fortifies the Auditor's Opinion WEDNESDAY, MARCH 23, 2011 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Jeanne Yamamura, Yamamura Director of Professional Services Services, Mark Bailey & Co., Co. Reno Reno, Nev Nev. Laura Schweitzer, Director, PricewaterhouseCoopers, Washington, D.C. Lyn Graham, CPA, PhD., CFE, Bentley University, Waltham, Mass. Trevor Stewart, Senior Research Fellow, Rutgers University, New Brunswick, N.J. For this program, attendees must listen to the audio over the telephone. Please refer to the instructions emailed to the registrant for the dial-in information. Attendees can still view the presentation slides online. If you have any questions, please contact Customer Service at1-800-926-7926 ext. 10. Conference Materials If you have not printed the conference materials for this program, please complete the following steps: • Click on the + sign next to “Conference Materials” in the middle of the lefthand column on your screen. screen • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. • Print the slides by clicking on the printer icon. Continuing Education Credits FOR LIVE EVENT ONLY Attendees must listen to the audio over the telephone. Attendees can still view the presentation slides online but there is no online audio for this program. Please refer to the instructions emailed to the registrant for additional information. If you have any questions, please contact Customer Service at 1 1-800-926-7926 800 926 7926 ext. 10. Tips for Optimal Quality S Sound d Quality Q lit For this program, you must listen via the telephone by dialing 1-866-871-8924 and entering your PIN when prompted. There will be no sound over the web co ect o . connection. If you dialed in and have any difficulties during the call, press *0 for assistance. You may also send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again. again Sampling S li Strategies St t i iin Fi Financial i l Statement Audits Seminar March 23, 2011 Lyn Graham, CPA, Bentley University lgrahamcpa@verizon.net Laura Schweitzer, PricewaterhouseCoopers laura.schweitzer@us.pwc.com Trevor Stewart, Deloitte (Retired), Jeanne Yamamura, Mark Bailey & Co. yamamura@unr.edu Rutgers University trsny@verizon.net y Today’s Program Background On Relevant Guidance; Evolution Of Sampling Techniques [Lyn Graham] Slide 7 – Slide 16 Important Sampling Concepts [Laura Schweitzer] Slide 17 – Slide 23 The Audit Risk Model And Its Applicability [Trevor Stewart] Slide 24 – Slide 32 Current Sampling Priorities And Best Practices [Trevor Stewart, Laura Schweitzer and Jeanne Yamamura] Slide 33 – Slide 49 Frequently Faced Issues [All speakers] Slide 50 – Slide 52 Lyn Graham, CPA, Bentley University BACKGROUND ON RELEVANT GUIDANCE; EVOLUTION OF SAMPLING TECHNIQUES A di Objective Audit Obj i I. Gather sufficient evidence to support an audit opinion that the financial statements are free of material misstatement II. Seek a high g assurance ((or a low risk)) III. Sampling tests of controls and tests of balances and transactions are important sources of audit evidence. 8 Implications To Entities And Auditors I. Lower-risk entities require less auditor testing, and that can reduce audit costs. costs II. Entities with reliable controls can reduce audit costs;; risks are “covered” by controls. III. Internal auditors’ attention to controls and financial reporting accuracy will allow external auditors to rely on their work and reduce audit costs. 9 Further Implications I. All public companies must report on the effectiveness of internal controls (SEC requirement – SOX Section 404). A. Some non-public companies also report. II. Auditors of accelerated filers also separately report. III. Tests of controls provide the support for the company assertion re: controls’ effectiveness. IV. Quality testing by entities can reduce auditor testing and reduce auditor costs. 10 R Recent T Trends d And A d IImplications li i I. More attention was given to controls after frauds and business failures such as Enron, Enron Worldcom, Worldcom etc. etc A. Many studies of fraud and misstatement II Improving controls reduces business and audit risks and audit costs. II. costs III. Year one investment costs vs. subsequent returns from improved financial reporting processes IV. Role of the COSO framework V. Separate sampling guidance for compliance audits under OMB A-133 11 Professional Audit Sampling Standards I. Audit sampling (SAS 39, 111, 107) II. AICPA Audit Sampling Guide (2008) A. Sufficiency of sample sizes to meet audit objectives B. Determining sample sizes – tables, formulae C. Evaluating sample results and implications D. Practical application issues 12 A di Risk Audit Ri k M Model d l I. Audit risk (AR) is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated [SAS 107, para. 2]. II A 5% audit II. dit risk i k iis generally ll considered id d llow-risk. i k AR = IR x CR x DR I. Components of audit risk (AR) A. Inherent Risk (IR) Misstatement Risk Of Material B. Control Risk (CR) C. Detection Risk (DR) – Analytics and Detail Tests 13 A di Ri Audit Risk kM Model: d l Audit A di S Strategy IR x CR = RMM x DR = AR (5%) Inherent Risk Control Risk Risk of Material Misstatement 100% 100% 100% 5% 80% 50% 40% 12.5% 50% 10% 5% N/A 14 Detection Risk SAS 111 A Appendix di A 15 How Does The Audit Risk Model Aff Affect Audit? A di ? I. Sampling procedures are used in: A. Tests of controls B. Tests of details (substantive) II. Analytical procedures are also substantive tests and are a factor (DR = AP x Substantive Details Test Risk) III Tests of controls do not always involve sampling. III. sampling A. Automated controls vs. manual controls B Control environment assessments – Competence B. IV. Special consideration for small populations 16 Laura Schweitzer, PricewaterhouseCoopers IMPORTANT SAMPLING CONCEPTS Sampling Terminology Audit sampling • Audit sampling is the application of audit procedures to less than 100% of the population. • Audit samples can be non-statistical or statistical (probability based). • Anytime a sample is selected, there is some risk that the estimates p do not accuratelyy reflect the p population. p In derived from the sample statistical audit sampling, it is customary to quantify this risk using two parameters: • s o of incorrect co ect accepta acceptance ce Risk • Precision Sampling Basics PwC March 2011 18 Sampling Terminology (Cont.) (Cont ) Risk of incorrect acceptance • The risk that the sample supports the conclusion that the population is not materially misstated, when in fact it is misstated (this is the confidence level in statistical terms). terms) • Typically, 90% and 95% are used. Precision • The range around the sample estimate • We typically want to be as precise as possible, within time and budget constraints. Sampling Basics PwC March 2011 19 Sampling Terminology (Cont.) (Cont ) Expected misstatement • The expected amount of error in the population Tolerable misstatement • The h amount off error iin the h population l i that h iis d deemed d acceptable bl to the auditor. The tolerable misstatement should include the expected misstatement and an allowance for sampling risk (precision in statistical terms). terms) Sampling Basics PwC March 2011 20 Sampling Parameters The selection of sampling parameters affects the sample size: Sampling Basics PwC Precision Sample Size Confidence Sample Size Attribute Expected Accuracy y Rate Sample Size Variability Sample Size March 2011 21 Sampling Plan Basics A sampling plan should address the following: • Objective - What is the purpose of the sample? - Is sampling appropriate? - What will be measured from the sample? • Population definition • Target parameters - How much uncertainty is tolerable? Sampling Basics PwC March 2011 22 Sampling Plan Basics (Cont.) (Cont ) A sampling plan should address the following (Cont.): • Sample design • Sample size - What sample size is necessary to achieve the target sampling parameters? • Sample selection methods • Extrapolation methodology - How will sample results be evaluated? Sampling Basics PwC March 2011 23 Trevor Stewart, Deloitte (Retired), Rutgers University THE AUDIT RISK MODEL AND ITS APPLICABILITY Revised Audit Sampling Guide • • Updated from 2008 edition Expanded controls guidance – Small population guidance • • • New tables and more guidance I l d guidance/terms Includes id /t from f risk i k assessmentt standards t d d Multi-location auditing guidance Technical Notes on the AICPA Audit Guide Audit Sampling New Edition as of May 1, 2008 Trevor R. Stewart Deloitte & Touche LLP Member of the 2008 Audit Sampling Guide Task Force • Companion publication • Contains a detailed technical analysis of the tables in the Sampling Guide • Includes the Excel and Excel VBA algorithms used to compute the tables, thus providing extensibility beyond the tabulated values • PDF available il bl free f online li from f the h AICPA at http://www.aicpa.org/Publications/AccountingAuditing /KeyTopics/Pages/AuditSampling.aspx 25 The Audit Risk Model (ARM), AU 312.21-.26 = = AR = RMM × DR IR × CR AP × TD Acceptable cceptab e Sampling Sa p g Risk s AR TD RMM AP AR = Audit Risk RMM = Risk of Material Misstatement IR = Inherent Risk CR = Controls Risk DR = Detection Risk AP = Analytical Procedures Risk TD = Test of Details Risk In planning an audit sample to achieve AR, where h RMM has h bbeen assessedd and d AP is i known, TD is the acceptable sampling risk of incorrect and can be calculated by pp y g the ARM in reverse. applying For example, AR 5% If AR 5%, RMM 50%, AP 30%, then TD 33% RMM AP 50% 30% 26 Types Of Tests (AICPA Sampling Guide §2.09-2.12) Tests of controls • Provide evidence about the effectiveness of the design, implementation or operation of a control in preventing or detecting material misstatements in a financial statement assertion • Are necessary when the audit strategy is to rely on the effectiveness of the control • Some controls cannot be tested using audit sampling Substantive tests • Are audit procedures designed to obtain evidence about the validity and propriety of the accounting treatment of transactions and balances or to detect misstatements (they may also reveal deficiencies in controls) • The h auditor di is i interested i d primarily i il in i a conclusion l i about b dollars, d ll which hi h is i not necessarily il the h case in tests of controls. • Substantive tests include (1) tests of details of transactions and balances, and (2) analytical procedures. procedures Dual-purpose tests • Test the effectiveness of controls and also whether a recorded balance or class of transactions is materially misstated. In sampling, the same sample is used for both purposes. • Requires a preliminary judgment about the effectiveness of controls — which may need to be revised, thus also affecting the associated substantive test 27 Design Of Attribute Samples For Controls Testing Table A.2 Statistical sample sizes for tests of controls: 5% risk of overreliance (abbreviated table) Expected Deviation Rate 0.00% 0.25% 0.50% 0.75% 1.00% 1.25% 1 50% 1.50% 1.75% 2.00% 2.25% 2.50% 2.75% 3.00% 3.25% 3.50% 3.75% 4.00% 5.00% Tolerable Deviation Rate 2% 3% 4% 5% 6% 7% 8% 9% 10% 149 (0) 236 (1) 313 (2) 386 (3) 590 (6) 1,030 (13) 99 (0) 157 (1) 157 (1) 208 (2) 257 (3) 303 (4) 392 (6) 562 (10) 846 (17) 1,466 (33) 74 (0) 117 (1) 117 (1) 117 (1) 156 (2) 156 (2) 192 (3) 227 (4) 294 (6) 390 (9) 513 (13) 722 (20) 1,098 (33) 1,936 (63) 59 (0) 93 (1) 93 (1) 93 (1) 93 (1) 124 (2) 124 (2) 153 (3) 181 (4) 208 (5) 234 (6) 286 (8) 361 (11) 458 (15) 624 (22) 877 (33) 1,348 (54) 49 (0) 78 (1) 78 (1) 78 (1) 78 (1) 78 (1) 103 (2) 103 (2) 127 (3) 127 (3) 150 (4) 173 (5) 195 (6) 238 (8) 280 (10) 341 (13) 421 (17) 1,580 (79) 42 (0) 66 (1) 66 (1) 66 (1) 66 (1) 66 (1) 66 (1) 88 (2) 88 (2) 88 (2) 109 (3) 109 (3) 129 (4) 148 (5) 167 (6) 185 (7) 221 (9) 478 (24) 36 (0) 58 (1) 58 (1) 58 (1) 58 (1) 58 (1) 58 (1) 77 (2) 77 (2) 77 (2) 77 (2) 95 (3) 95 (3) 112 (4) 112 (4) 129 (5) 146 (6) 240 (12) 32 (0) 51 (1) 51 (1) 51 (1) 51 (1) 51 (1) 51 (1) 51 (1) 68 (2) 68 (2) 68 (2) 68 (2) 84 (3) 84 (3) 84 (3) 100 (4) 100 (4) 158 (8) 29 (0) 46 (1) 46 (1) 46 (1) 46 (1) 46 (1) 46 (1) 46 (1) 46 (1) 61 (2) 61 (2) 61 (2) 61 (2) 61 (2) 76 (3) 76 (3) 89 (4) 116 (6) Example (see Table 3.3 in Guide): • Deviation rates: 2% expected, 5% tolerable • Sample S l size i = 181 it items • Expected number of deviations in sample, 2% × 181 = 4 28 Table A.3 Statistical sampling results evaluation table for tests of controls: Upper limits at 5% risk of overreliance (abbreviated table) Evaluation Of Attribute Samples p For Controls Testing 95% 5% ▲ 0.03 ▲ 0.076 Actual Number of Deviations Found,, k Sample Size, n 0 20 25 30 35 40 45 50 55 60 65 70 75 80 90 100 14.0 11.3 9.6 83 8.3 7.3 6.5 5.9 5.4 49 4.9 4.6 4.2 4.0 3.7 33 3.3 3.0 1 21.7 17.7 14.9 12 9 12.9 11.4 10.2 9.2 8.4 77 7.7 7.1 6.6 6.2 5.8 52 5.2 4.7 2 3 4 5 6 7 8 9 10 28.3 23.2 19.6 17 0 17.0 15.0 13.4 12.1 11.1 10 2 10.2 9.4 8.8 8.2 7.7 69 6.9 6.2 34.4 28.2 23.9 20 7 20.7 18.3 16.4 14.8 13.5 12 5 12.5 11.5 10.8 10.1 9.5 84 8.4 7.6 40.2 33.0 28.0 24 3 24.3 21.5 19.2 17.4 15.9 14 7 14.7 13.6 12.7 11.8 11.1 99 9.9 9.0 45.6 37.6 31.9 27 8 27.8 24.6 22.0 19.9 18.2 16 8 16.8 15.5 14.5 13.6 12.7 11 4 11.4 10.3 50.8 42.0 35.8 31 1 31.1 27.5 24.7 22.4 20.5 18 8 18.8 17.5 16.3 15.2 14.3 12 8 12.8 11.5 55.9 46.3 39.4 34 4 34.4 30.4 27.3 24.7 22.6 20 8 20.8 19.3 18.0 16.9 15.9 14 2 14.2 12.8 60.7 50.4 43.0 37 5 37.5 33.3 29.8 27.1 24.8 22 8 22.8 21.2 19.7 18.5 17.4 15 5 15.5 14.0 65.4 54.4 46.6 40 6 40.6 36.0 32.4 29.4 26.9 24 8 24.8 23.0 21.4 20.1 18.9 16 9 16.9 15.2 69.9 58.4 50.0 43 7 43.7 38.8 34.8 31.6 28.9 26 7 26.7 24.7 23.1 21.6 20.3 18 2 18.2 16.4 Example: • Sample size = 100 • Number of deviations found = 3 • Most likely population deviation rate is 3/100 = 0.03 • Upper 5% limit = 0.076 • Evaluation can be depicted as a probability distribution with a peak at 0.03 and 95th percentile at 0.076. 29 In Excel (Sampling Guide, Technical Notes), BETAINV(1−risk,1+k,n−k) = BETAINV(95%,1+3,100−3) = 0.076 Guidance For Small Population Test Levels (AICPA Sampling Guide Table 3.5) Table T bl 3.5 35 Small Population Sample Size Table Controll Frequency C F and d Population Size Quarterly Q l (4) Monthly (12) Semimonthly y (24) ( ) Weekly (52) Sample S l Size 2 2–4 3–8 5–9 30 Compact MUS Sample Size Table (AICPA Sampling Guide Table C.2) Confidence factors for monetary unit sample size design Ratio of Expected to Tolerable Misstatement 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 0.40 0.45 0.50 0.55 0.60 Step Risk of Incorrect Acceptance 5% 10% 3.00 3.31 3.68 4.11 4.63 5.24 6.00 6 92 6.92 8.09 9.59 11.54 14.18 17.85 2.31 2.52 2.77 3.07 3.41 3.83 4.33 4 95 4.95 5.72 6.71 7.99 9.70 12.07 15% 20% 25% 30% 35% 37% 50% 1.90 2.06 2.25 2.47 2.73 3.04 3.41 3 86 3.86 4.42 5.13 6.04 7.26 8.93 1.61 1.74 1.89 2.06 2.26 2.49 2.77 3 12 3.12 3.54 4.07 4.75 5.64 6.86 1.39 1.49 1.61 1.74 1.90 2.09 2.30 2 57 2.57 2.89 3.29 3.80 4.47 5.37 1.21 1.29 1.39 1.49 1.62 1.76 1.93 2 14 2.14 2.39 2.70 3.08 3.58 4.25 1.05 1.12 1.20 1.28 1.38 1.50 1.63 1 79 1.79 1.99 2.22 2.51 2.89 3.38 1.00 1.06 1.13 1.21 1.30 1.41 1.53 1 67 1.67 1.85 2.06 2.32 2.65 3.09 0.70 0.73 0.77 0.82 0.87 0.92 0.99 1 06 1.06 1.14 1.25 1.37 1.52 1.70 Sample Size 1. Determine allowable Risk of Incorrect Acceptance Example 37% 2. Determine Tolerable Misstatement (%) 3% 3. Determine the Ratio of Expected p Misstatement to Tolerable Misstatement 0.20 4. Look up Factor 1.30 5. Calculate Sample Size 1.30/0.03 = 44 Factor Tolerable Misstatement % Dual-purpose p p samples p This table may also be used to determine the sample size for a dual-purpose sample, in which case the more stringent of the two purposes would be used to determine the total 31 sample size. MUS Evaluations: Projected Misstatement And Upper Limit AICPA Sampling Guide Table C.3 MUS: Confidence factors for sample evaluation (abbreviated table) Risk of Incorrect Acceptance Number of Overstatements, k 5% 3.00 4.75 6.30 7.76 9.16 10.52 11.85 13.15 14.44 15.71 16.97 0 1 2 3 4 5 6 7 8 9 10 10% 2.31 3.89 5.33 6.69 8.00 9.28 10.54 11.78 13.00 14.21 15.41 15% 1.90 3.38 4.73 6.02 7.27 8.50 9.71 10.90 12.08 13.25 14.42 20% 25% 1.61 3.00 4.28 5.52 6.73 7.91 9.08 10.24 11.38 12.52 13.66 1.39 2.70 3.93 5.11 6.28 7.43 8.56 9.69 10.81 11.92 13.02 30% 1.21 2.44 3.62 4.77 5.90 7.01 8.12 9.21 10.31 11.39 12.47 35% 1.05 2.22 3.35 4.46 5.55 6.64 7.72 8.79 9.85 10.92 11.98 37% 1.00 2.14 3.25 4.35 5.43 6.50 7.57 8.63 9.68 10.74 11.79 50% 0.70 1.68 2.68 3.68 4.68 5.68 6.67 7.67 8.67 9.67 10.67 Example • Sample design and results – S Sampling li interval i l = $1,000 $1 000 – Number of overstatements = 3 – Allowable risk = 5% • Sample evaluation $’000 95% 5% ▲ $3,000 ▲ $7,760 – – – – Projected misstatement is 3 × $1,000 $1 000 = $3 $3,000 000 Factor = 7.76 Upper 5% limit is $1,000 × 7.76 = $7,760 Calculation a bit more complicated when partial errors are encountered • Evaluation can be depicted as a probability distribution with peak at $3,000 and 95th percentile at $7,760 32 In Excel (Sampling Guide, Technical Notes): GAMMAINV(1−risk,1+k,SamplingInterval) = GAMMAINV(95%,1+3,1000) = 7760 Trevor Stewart, Deloitte (Retired), Rutgers University Laura Schweitzer, PricewaterhouseCoopers Jeanne Yamamura, Mark Bailey & Co. CURRENT SAMPLING PRIORITIES AND BEST PRACTICES Reliance On Internal Controls • • Design and implementation assessment is required: Essential to understanding the business Tests of operating effectiveness are required if a controls reliance strategy is implemented (which depends on D&I). – Also required for an assertion regarding controls (AT 501 or AS 5) • • Controls reliance is pretty much essential for large, complex entities with high transaction volumes volumes, such as financial institutions . What controls to test – The “important” ones – Risk assessment: Likelihood and magnitude of possible misstatement • The role of “walk-throughs” discussed in Audit Sampling Guide, §3.25 – – – – • Design and implementation Operating effectiveness Automated IT environment with good general controls versus manual environment How much assurance? In the end, the auditor’s assessment of RMM (= IR × CR) is a professional judgment, informed in part by the results of sampling. 34 Audit Sampling The application of an audit procedure to less than 100% of the items … for the purpose of evaluating some characteristic • • Statistical sampling p g Any approach to sampling that has the following characteristics: – Random selection of sample, and – Use U off probability b bili theory h to evaluate l sample l results, l including measurement of sampling risk Types of test – Control tests • Attribute sampling most commonly used • But, MUS may be more suitable for dual-purpose tests – Substantive tests • MUS: Monetary unit sampling • Classic variables sampling – Dual-purpose tests • S Separate t tests t t (control ( t l andd substantive) b t ti ) applied li d to t same selected sample item • MUS may be most useful selection method • • • • Non-statistical sampling p g Audit sampling that is nonstatistical SAS 111 states, “… nonstatistical sampling … ordinarily … would result in a sample size comparable to the sample size from an efficiently designed statistical sample, considering the same sampling parameters.” Various approaches often d i d from derived f statistical t ti ti l sampling Sample size penalties often built in to account for nonstatistical selection and evaluation 35 Population Definition A population that is not defined properly can lead to misleading results. Consider the following: • What is the time period of interest? • Is the population available electronically? • What is the sampling unit (for example, transaction)? • Are population data available for the testable unit (e.g., (e g transaction transaction, journal entry)? • Is the population accurate and complete? • Does the population include items that are not of interest? • Are data available for stratification purposes? Sampling Basics PwC March 2011 36 Appropriate Sample Designs There are many appropriate sample designs • Often, a simple random sample is used • A stratified random sample may be used: - To increase the precision of the sample results, or - When estimates are required for sub-groups of the population. • Dollar Dollar-unit unit sampling - Population items with larger dollar values have a higher probability of selection. • Cluster/multi-stage Cluster/multi stage sampling - Cluster and multi-stage sampling may be useful when population data are available at a various levels (for example, data are available at the journal entry level, level but testing occurs at a transaction level), level) or when there are multiple locations, contracts, etc. Sampling Basics PwC March 2011 37 Sample Selection Methods Various sample selection methods include: • Random number generator (readily available in multiple software packages) • Systematic sampling techniques in which every nth item is selected gp place is determined after a random starting • Dollar unit sampling uses a random starting place and a systematic sampling technique in which every nth dollar is selected. Sampling Basics PwC March 2011 38 SOX Requirements • Sarbanes-Oxley Act of 2002 • Management required to: – Perform a formal assessment of ICFR – Include tests that confirm the design and operating effectiveness of controls • Auditors required to: – Evaluate management’s assessment process – Obtain reasonable assurance that no material weaknesses exist as of the assessment date 39 The Role Of Sampling • Management – Assesses whether controls operating effectively as of assessment date – May use samples to verify that controls operating effectively – Question then arises: How many need to be tested? – Related question re-testing of internal controls “fixed” during year 40 The Role Of Sampling (Cont.) • Auditors – Obtain evidence to verify that control has operated effectively for a “sufficient” period of time – Will typically yp y use samples p to test – Same question: How many need to be tested? • Management’s Management s assessment process affects the auditor’s auditor s testing. testing • If process was performed properly and documented sufficiently, auditors dit may be b able bl to t reduce d their th i testing. t ti 41 Sampling For Smaller Firms A dC And Companies i Widespread misunderstandings exist 1. Selection of specific items vs. audit sampling Example: – Small audit client – Substantive audit (no planned reliance on internal controls) – Selection of sample of 30 cash disbursements to test operating expenses • Auditor ud to selects se ects repair epa and a d maintenance a te a ce items, te s, investment est e t expense items and the remainder “other” items • This is not a case of audit sampling! 42 Sampling For Smaller Firms A d Companies And C i (Cont.) (C t ) Widespread misunderstandings exist (Cont.) 2. Use of “haphazard selection” – By definition, selection without conscious bias – Used in error when selecting items from specific accounts believed to be more likely to contain misstatement 43 Sample Size Determination • • • Switch to non-statistical sampling Related changes in sample sizes – Smaller (and smaller and smaller) – Arbitrary Documentation differences 44 SAS 111 (AU 350) • An auditor who applies non-statistical sampling uses professional jjudgment g to relate [[the identified]] factors in determining g the appropriate sample size. Ordinarily, this would result in a sample size comparable to the sample size resulting from an efficient and effectively designed statistical sample, using the same sampling parameters. 45 SAS 111 (AU 350), Cont. • Factors to be considered (and documented) for test of controls – Tolerable rate of deviations – Likely rate of deviations – Allowable risk of assessing control risk too low 46 SAS 111 (AU 350), Cont. Example: Assume 10% risk of assessing control risk too low • A sample size of 30 implies: – Tolerable rate between 7% and 8% and expected population error rate = 0.0% OR – Tolerable rate between 10% and 15% and expected population error rate = 0.25% • A sample size of 60 implies: – Tolerable rate between 3% and 4% and expected population error rate = 0.0% OR – Tolerable rate between 6% and 7% and expected population error rate = 0.25% 47 Practical Guidance For Auditors A dC And Companies i • Plan up-front what you are going to do – Wholly substantive approach • Directed testing or audit sampling • If non-statistical sample, document factors and rationale for sample size determination – Testing internal controls • Which controls? • If testable, how frequently are they performed? – Document! 48 Training And Understanding • Use of statistical sampling software or pre-printed forms • Adoption of non-statistical sampling • Tendency to believe that no knowledge necessary! 49 Lyn Graham, CPA, Bentley University Laura Schweitzer, PricewaterhouseCoopers Trevor Stewart, Rutgers g Universityy Jeanne Yamamura, Mark Bailey & Co. FREQUENTLY Q FACED ISSUES F Frequently l Faced F d Questions/Issues Q i /I Is a projection from the sample to the population required, even if the misstatement found is small in amount? • ― Thoughts from today’s today s speakers Can auditors look to the sample projection or deviation rates or misstatements, in order to assess the severity of control deficiencies? • ― Thoughts from today’s speakers What is the greatest misunderstanding in the area of the economics of sampling? • ― Thoughts from today’s speakers 51 Frequently Faced Questions/Issues (Cont.) Can I extrapolate dollars in error, using an attribute sample? • ― Thoughts from today’s speakers C I replace Can l sample l it items?? • ― Thoughts from today’s speakers What happens if the population is incorrectly defined (i.e., (i e the population includes items it shouldn’t or excludes a portion)? • ― Thoughts from today’s speakers What do I do with the sample results? • ― Thoughts Th h ffrom today’s d ’ speakers k 52
